Linux反彙編根據程式崩潰堆疊資訊定位問題2

2021-09-24 19:32:37 字數 4632 閱讀 7278

程序崩潰列印

ifotond: unhandled page fault (11) at 0x00000000, code 0x017


pgd = c5770000


[00000000] *pgd=85cd8835, *pte=00000000, *ppte=00000000


cpu: 0 pid: 14275 comm: ifotond not tainted 4.9.11 #1


hardware name: freescale i.mx6 ultralite (device tree)


task: c447aec0 task.stack: c5730000


pc is at 0xb6c46cf8


lr is at 0x63f28


pc :     lr : [<00063f28>]    psr: a0000030


sp : bee21b68  ip : 000781ec  fp : bee21c5c


r10: 00077528  r9 : 01d7ec99  r8 : 00000fa8


r7 : 00000000  r6 : 00000001  r5 : 00000001  r4 : 0007ab3c


r3 : 00000000  r2 : b6fad000  r1 : 00000000  r0 : 00000000


flags: nzcv  irqs on  fiqs on  mode user_32  isa thumb  segment user


control: 10c53c7d  table: 85770059  dac: 00000055


cpu: 0 pid: 14275 comm: ifotond not tainted 4.9.11 #1


hardware name: freescale i.mx6 ultralite (device tree)


(unwind_backtrace) from  (show_stack+0x18/0x1c)


(show_stack) from  (__do_user_fault+0x84/0xcc)


(__do_user_fault) from  (do_page_fault+0x270/0x314)


(do_page_fault) from  (do_dataabort+0x3c/0xbc)


(do_dataabort) from  (__dabt_usr+0x3c/0x40)


exception stack(0xc5731fb0 to 0xc5731ff8)


1fa0:                                     00000000 00000000 b6fad000 00000000


1fc0: 0007ab3c 00000001 00000001 00000000 00000fa8 01d7ec99 00077528 bee21c5c


1fe0: 000781ec bee21b68 00063f28 b6c46cf8 a0000030 ffffffff
63e08: e92d4bf0 push

63e0c: e28db01c add fp, sp, #28

63e10: e24dd0d8 sub sp, sp, #216 ; 0xd8

63e14: e52de004 push ; (str lr, [sp, #-4]!)

63e18: fafeb305 blx 10a34 <__gnu_mcount_nc>

63e1c: e30a4b3c movw r4, #43836 ; 0xab3c

63e20: e3404007 movt r4, #7

63e24: e5d45000 ldrb r5, [r4]

63e28: e3550000 cmp r5, #0

63e34: e24bd01c sub sp, fp, #28

63e38: e8bd8bf0 pop

63e3c: ebffbdf7 bl 53620 63e40: e3500000 cmp r0, #0

63e4c: ebff03e0 bl 24dd4 63e50: e5d03030 ldrb r3, [r0, #48] ; 0x30

63e54: e3530000 cmp r3, #0

63e60: e5c46000 strb r6, [r4]

63e64: ebffbde1 bl 535f0 63e68: e1a07000 mov r7, r0

63e6c: ebffbdaf bl 53530 63e70: e1a08000 mov r8, r0

63e74: ebffbdd1 bl 535c0 63e78: e1a09000 mov r9, r0

63e7c: ebffbdc3 bl 53590 63e80: ebffbdb6 bl 53560 63e84: e1a01005 mov r1, r5

63e88: e3a02064 mov r2, #100 ; 0x64

63e8c: e24b00e4 sub r0, fp, #228 ; 0xe4

63e90: ebfe97f8 bl 9e78 <_init+0x1ec>

63e94: e58d9000 str r9, [sp]

63e98: e3061fc4 movw r1, #28612 ; 0x6fc4

63e9c: e1a02007 mov r2, r7

63ea0: e1a03008 mov r3, r8

63ea4: e3401007 movt r1, #7

63ea8: e24b00e4 sub r0, fp, #228 ; 0xe4

63eac: ebfe9911 bl a2f8 <_init+0x66c>

63eb0: e3041560 movw r1, #17760 ; 0x4560

63eb4: e24b00e4 sub r0, fp, #228 ; 0xe4

63eb8: e3401007 movt r1, #7

63ebc: ebfe98aa bl a16c <_init+0x4e0>

63ec0: e2507000 subs r7, r0, #0

63ecc: e3700001 cmn r0, #1

63ed8: e3a01000 mov r1, #0

63edc: e24b0080 sub r0, fp, #128 ; 0x80

63ee0: e3a05001 mov r5, #1

63ee4: ebfe97e3 bl 9e78 <_init+0x1ec>

63ee8: e24b101c sub r1, fp, #28

63eec: e30307b8 movw r0, #14264 ; 0x37b8

63ef0: e1a02005 mov r2, r5

63ef4: e3a03000 mov r3, #0

63ef8: e56150c9 strb r5, [r1, #-201]! ; 0xc9

63efc: e3400006 movt r0, #6

63f00: ebfef1a7 bl 205a4 63f04: e3060f48 movw r0, #28488 ; 0x6f48

63f08: e1a02005 mov r2, r5

63f0c: e3a01000 mov r1, #0

63f10: e3400007 movt r0, #7

63f14: ebfe9849 bl a040 <_init+0x3b4>

63f18: e3a03000 mov r3, #0

63f1c: e1a00007 mov r0, r7

63f20: e5c43000 strb r3, [r4]

-> 63f24: ebfe97c4 bl 9e3c <_init+0x1b0>

63f30: e3032ca4 movw r2, #15524 ; 0x3ca4

63f34: e3403007 movt r3, #7

63f38: e3402006 movt r2, #6

63f3c: e1a01006 mov r1, r6

63f40: e5830004 str r0, [r3, #4]

63f44: e1a00003 mov r0, r3

63f48: e5832000 str r2, [r3]

63f4c: ebfe989e bl a1cc <_init+0x540>

可以看出是bl    9e3c <_init+0x1b0>出現了問題,但由於**中新增了goto語句,導致反彙編結果不是很明朗,所以需要慢慢來分析一下。

printf("ent down! path is %s err is %d\n ", path, error);

只能用最笨的方法,刪除某乙個系統呼叫**然後反彙編看哪句指令消失,這樣就定位出**是pclose(fp);引起宕機,檢視**發現是fp為null導致,由於下面**導致:

file *fp = popen(tmp, "r");


if(!fp)


end:


file_down_finish(null, download_error);


pclose(fp);
這裡就真相大白了,popen失敗了必死。

C 反彙編揭秘1 乙個簡單的C 程式反彙編解析

本系列主要從彙編角度研究c 語言機制和彙編的對應關係。第一篇自然應該從最簡單的開始。c 的源 如下 class my class void method int n my class private int m member int tmain int argc,tchar argv 可以直接deb...

Linux程式崩潰core使用(續)

linux檢視呼叫堆疊的資訊,只是需要更改linux設定,使程式崩潰時候產生core檔案。然後gdb除錯即可。1產生core檔案方法 產生coredump的條件,首先需要確認當前會話的ulimit c,若為0,則不會產生對應的coredump,需要進行修改和設定。ulimit c unlimited...

Linux下的C 程式崩潰時列印崩潰資訊

在某些極端情況下,原本正常執行的程式發生了崩潰。這時候想通過除錯是很難發現出錯的地方的,所以在崩潰時列印出錯點的呼叫堆疊是十分有必要的。使用的命令 catchsegv program args 例如 我們的程式是test,則可在控制台輸入 catchsegv test 如果使用gcc g 編譯tes...