openwrt平台用户态进程非法内存访问奔溃了,如何使用gdb定位到代码行呢?
1 使用-g选项编译程序,开启内核core dump支持,运行程序,并使程序奔溃,将core文件拷贝出来
$ cd /tmp
$ ulimit -c unlimited
$ echo "/tmp/core-%e-%s-%u-%g-%p-%t" > /proc/sys/kernel/core_pattern
$ ./isp-dp -v
[1]- Segmentation fault (core dumped) ./isp-dp -v
$ tftp -p 192.168.3.100 -l core-isp-dp-11-0-0-13015-168844130
2 在openwrt编译环境,准备带debug info的rootfs
可以使用openwrt编译的rootfs,路径为:build_dir/target-mipsel_24kc_musl/root-ramips/
但是最关键的是,需要使用带debug info的ld。否则,backtrace失败:
(gdb) bt
#0 0x778bdeec in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
带debug info的ld,在toolchain目录下,拷贝到rootfs
$ cp staging_dir/toolchain-mipsel_24kc_gcc-7.3.0_musl/lib/ld-musl-mipsel-sf.so.1 \
build_dir/target-mipsel_24kc_musl/root-ramips/lib/ld-musl-mipsel-sf.so.1
2 在openwrt编译环境,使用gdb打开程序和core dump文件
$ /work/ra71/staging_dir/toolchain-mipsel_24kc_gcc-7.3.0_musl/bin/mipsel-openwrt-linux-gdb isp-d
p /work/tftproot/core-isp-dp-11-0-0-13015-1688441309
使用set sysroot指定rootfs
(gdb) set sysroot /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/lib/libubox.so...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/lib/libubus.so...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/lib/libuci.so...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/lib/libblobmsg_json.so...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/usr/lib/libiwinfo.so...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/usr/lib/libcurl.so.4...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/usr/lib/libjson-c.so.2...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/lib/libgcc_s.so.1...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/lib/ld-musl-mipsel-sf.so.1...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/usr/lib/libssl.so.1.0.0...(no debugging symbols found)...done.
Reading symbols from /work/ra71/build_dir/target-mipsel_24kc_musl/root-ramips/usr/lib/libcrypto.so.1.0.0...(no debugging symbols found)...done.
使用backtrace查看异常栈
(gdb) bt
#0 __stpncpy (d=0x434414 <wifi+756> "", s=0x0, n=32) at src/string/stpncpy.c:18
#1 0x778be8e4 in strncpy (d=0x434414 <wifi+756> "", s=<optimized out>, n=32) at src/string/strncpy.c:7
#2 0x00406018 in wifi_set_main_ap (ctx=ctx@entry=0x437d70, s=s@entry=0x437ed0, ifname=ifname@entry=0x778f0fc0 "wl1",
a=a@entry=0x434390 <wifi+624>) at wifi.c:1231
#3 0x00408270 in wifi_load_ap (wifi=0x434120 <wifi>, s=0x437ed0, ctx=0x437d70) at wifi.c:1359
#4 wifi_load (wifi=0x434120 <wifi>) at wifi.c:1404
#5 wifi_get (flags=flags@entry=1) at wifi.c:1422
#6 0x004171b4 in aos_wifi_get (aos_wifi=aos_wifi@entry=0x7f834380) at aos/aos_wifi.c:97
#7 0x00411004 in getWifiInfo (ctx=0x777f1f50, obj=<optimized out>, req=0x7f834574, method=<optimized out>, msg=0x9e8044) at cli/andlink.c:894
#8 0x7781fa63 in ?? ()