linux panic 空指针使用举例

1，配置,后面补充

2，挂死后串口抓取日志，分析日志查看打印：

$3.341914$ Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008

$3.350363$ mmc0: SDHCI controller on fe310000.sdhci $fe310000.sdhci$ using ADMA

$3.376962$ Mem abort info:

$3.377859$ ESR = 0x96000005

$3.378136$ EC = 0x25: DABT (current EL), IL = 32 bits

$3.378615$ SET = 0, FnV = 0

$3.378891$ EA = 0, S1PTW = 0

$3.379167$ Data abort info:

$3.379421$ ISV = 0, ISS = 0x00000005

$3.379765$ CM = 0, WnR = 0

$3.380030$ $0000000000000008$ user address but active_mm is swapper

$3.380592$ Internal error: Oops: 96000005 $#1$ SMP

$3.381028$ Modules linked in:

$3.381310$ CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.10.160 #10

$3.381857$ Hardware name: Rockchip RK3568 KICKPI K1B Board (DT)

$3.382384$ pstate: 60c00009 (nZCv daif +PAN +UAO -TCO BTYPE=--)

$3.382918$ pc : rfkill_wlan_probe+0x518/0x63c

$3.383309$ lr : rfkill_wlan_probe+0x514/0x63c

$3.383699$ sp : ffffffc00a74bb20

$3.383998$ x29: ffffffc00a74bb20 x28: 0000000000000000

$3.384468$ x27: ffffffc0097bf648 x26: ffffffc0097bf648

$3.384939$ x25: ffffffc009ae6b90 x24: ffffffc00a5c05b0

$3.385410$ x23: ffffffc00a713000 x22: ffffff8003a1fb00

$3.385880$ x21: ffffffc0097bf4c8 x20: 0000000000000000

$3.386351$ x19: ffffff8003435c00 x18: 0000000000000030

$3.386822$ x17: 0000000000800d0f x16: 00000000000050ba

$3.387292$ x15: ffffffffffffffff x14: ffffffc08a74b817

$3.387763$ x13: 0000000000000006 x12: ffffffc00a74b81f

$3.388233$ x11: fffffffffffca178 x10: ffffffc00a3a6a30

$3.388704$ x9 : ffffffc0080bec14 x8 : ffffffc00a2f6a30

$3.389174$ x7 : ffffffc00a3a6a30 x6 : 0000000000000000

$3.389645$ x5 : 0000000000017ff4 x4 : 0000000000000000

$3.390115$ x3 : 0000000000000000 x2 : 0000000000000000

$3.390586$ x1 : ffffff8002f38000 x0 : 0000000000000000

$3.391057$ Call trace:

$3.391279$ rfkill_wlan_probe+0x518/0x63c

$3.391649$ platform_drv_probe+0x58/0xac

$3.392005$ really_probe+0x10c/0x510

$3.392328$ driver_probe_device+0x74/0x15c

$3.392696$ device_driver_attach+0xbc/0xcc

$3.393064$ __driver_attach+0x118/0x190

$3.393409$ bus_for_each_dev+0x74/0xd0

$3.393754$ driver_attach+0x28/0x30

$3.394076$ bus_add_driver+0x124/0x240

$3.394421$ driver_register+0x7c/0x124

$3.394765$ __platform_driver_register+0x4c/0x54

$3.395181$ rfkill_wlan_init+0x3c/0x44

$3.395525$ rfkill_rk_init+0x2c/0x48

$3.395849$ do_one_initcall+0x60/0x26c

$3.396195$ kernel_init_freeable+0x270/0x2e0

$3.396585$ kernel_init+0x18/0x114

$3.396897$ ret_from_fork+0x10/0x24

2，查看PC指针

查看rfkill_wlan_probe+0x518/0x63c处挂死，可以看出具体问题哦在rfkill_wlan_probe函数

3，查看代码符号表地址 nm vmlinux | grep rfkill_wlan_probe

ffffffc0094bc5c8 t rfkill_wlan_probe

4，分析代码，查看挂死在哪一行代码

lark@ubuntu:~/Public/rk356x-linux/rk356x-linux/prebuilts/gcc/linux-x86/aarch64/gcc-arm-10.3-2021.07-x86_64-aarch64-none-linux-gnu/bin$ ./aarch64-none-linux-gnu-addr2line -e ../../../../../../../rk356x-linux/kernel/vmlinux ffffffc0094bc5c8 -f -C

生成结果

rfkill_wlan_probe

rfkill-wlan.c:861

可以查看到

pdata = NULL;

if (!pdata->mregulator.power_ctrl_by_pmu)

可以看到代码pdata为空指针后继续使用。

补充：addr2line 没有抓到相应的符号表，如果查看符号表

(1) gcc/aarch64-none-linux-gnu-gcc编译的时候加上-g

(2) strip 命令从 XCOFF 对象文件中有选择地除去行号信息、重定位信息、调试段、typchk 段、注释段、文件头以及所有或部分符号表。

strip // Discard symbols from object files.

--strip-all //Remove all symbols.

--strip-debug //Remove debugging symbols only.

makefile举例说明：

package: $(EXECUTABLE)

保留调试信息

objcopy --only-keep-debug $(EXECUTABLE)$ (DEBUGFILE)

剥离可执行文件中的符号信息

strip --strip-debug --strip-unneeded $(EXECUTABLE)

添加调试链接到可执行文件

objcopy --add-gnu-debuglink= $(DEBUGFILE)$ (EXECUTABLE)