ramdump crash工具

原創 这个ID洒家要了 2020-04-16 01:34

一.怎麼抓取kernel ramdump

 

1.手機準備

代碼的根目錄 執行

python vendor/xiaomi/securebootsigner/Qualcomm/tools/debugpolicy.py
然後會自動重啓
第二步
重啓之後 需要有root
adb root
adb shell "echo 1 > /sys/module/msm_poweroff/parameters/download_mode"
如何確認是否打開 download mode
adb shell "cat /sys/module/msm_poweroff/parameters/download_mode"
返回值是就可以了
如果重啓手機了,需要重新執行第二步
復現之後 如果是底層重啓,手機會進入黑屏狀態,連上linux lsusb 查看 會有一個 900e 或者 9091的設備
此時用高通qpst configuration dump 就行了。(裝好qpst 打開 qpst configuration 手機連接電腦,如果是900e的話,會自動抓 dump的)
備註:因爲很多watchdog問題都是線程D狀態引起的,所以我們再分析類似問題的時候是需要ramdump的,我們再測試的時候最好setprop persist.sys.crashOnWatchdog true. 這樣的話,發生watchdog問題的時候會自動進入到抓ramdump的模式下,然後就能最大限度的保留現場,以便後續分析。

2.qpst環境搭建

安裝包下載路徑:
http://note.youdao.com/noteshare?id=4b317b88f46638ec8af54953864f7116
分別解壓安裝:
1.qpst.win.2.7_installer_00472.4.zip
2.qxdm.win.4.0_installer_00210.1.zip
3.QUD.WIN.1.1+Installer-10039.2.rar

 

二.怎麼分析kernel ramdump

1.crash工具安裝

首先需要安裝一改crash工具,安裝包下載鏈接:
http://note.youdao.com/noteshare?id=3253867a92a3315187eb8f1b22703924

解壓後,把工具的路徑配置到環境變量中:export PATH=$PATH:/home/pzc/tools/qcrash

 

2.怎麼加載ramdump

我們抓到的ramdump的文件大概如下:

  1. pzc@pzc-K56CM:~/log/C8/c8-ramdump$ ls
  2. CODERAM.BIN   DDRCS1_0.BIN  dump_info.txt  IPA_HRAM.BIN  IPA_SRAM.BIN  logcat.bin  PART_BIN.BIN  PMON_HIS.BIN  vmlinux-ee0535c
  3. DATARAM.BIN   DDRCS1_1.BIN  IPA_DICT.BIN   IPA_IRAM.BIN  lastkmsg.txt  MSGRAM.BIN  PIMEM.BIN     RST_STAT.BIN
  4. DDRCS0_0.BIN  DDR_DATA.BIN  IPA_DRAM.BIN   IPA_MBOX.BIN  load.cmm      OCIMEM.BIN  PMIC_PON.BIN  tz_log.txt

第一步:

 

  1. pzc@pzc-K56CM:~/log/C8/c8-ramdump$ hexdump  -e '16/4 "%08x " "\n"' -s 0x03f6d4 -n 8 OCIMEM.BIN
  2. 94800000 0000000a

 

取得--kaslr 的地址:94800000 0000000a

第二步:

確保--kaslr 後跟的地址正確:0xa94800000

 

  1. pzc@pzc-K56CM:~/log/C8/c8-ramdump$ crash64 vmlinux-ee0535c DDRCS0_0.BIN@0x0000000080000000,DDRCS1_0.BIN@0x0000000100000000,DDRCS1_1.BIN@0x0000000180000000 --kaslr 0xa94800000
  2.  
  3. crash64 7.1.9
  4. Copyright (C) 2002-2016  Red Hat, Inc.
  5. Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
  6. Copyright (C) 1999-2006  Hewlett-Packard Co
  7. Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
  8. Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
  9. Copyright (C) 2005, 2011  NEC Corporation
  10. Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
  11. Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
  12. This program is free software, covered by the GNU General Public License,
  13. and you are welcome to change it and/or distribute copies of it under
  14. certain conditions.  Enter "help copying" to see the conditions.
  15. This program has absolutely no warranty.  Enter "help warranty" for details.
  16.  
  17. GNU gdb (GDB) 7.6
  18. Copyright (C) 2013 Free Software Foundation, Inc.
  19. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  20. This is free software: you are free to change and redistribute it.
  21. There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  22. and "show warranty" for details.
  23. This GDB was configured as "--host=x86_64-unknown-linux-gnu --target=aarch64-elf-linux"...
  25. please wait... (patching 161877 gdb minimal_symbol values)

 

2.分析ramdump

等待大概兩分鐘就會進入調試模式:

  1. WARNING: cannot determine starting stack frame for task ffffffce2f11cb00
  2.       KERNEL: vmlinux-ee0535c           
  3.    DUMPFILES: /var/tmp/ramdump_elf_uvwal1 [temporary ELF header]
  4.               DDRCS0_0.BIN
  5.               DDRCS1_0.BIN
  6.               DDRCS1_1.BIN
  7.         CPUS: 8
  8.         DATE: Thu Jan  4 09:26:45 2018
  9.       UPTIME: 00:02:09
  10. LOAD AVERAGE: 6.68, 2.96, 1.12
  11.        TASKS: 2833
  12.     NODENAME: localhost
  13.      RELEASE: 4.4.21-perf-g91f9a92-00622-gee0535c
  14.      VERSION: #1 SMP PREEMPT Thu Dec 21 03:26:45 CST 2017
  15.      MACHINE: aarch64  (unknown Mhz)
  16.       MEMORY: 5.7 GB
  17.        PANIC: "Unable to handle kernel NULL pointer dereference at virtual address 00000200"
  18.          PID: 0
  19.      COMMAND: "swapper/0"
  20.         TASK: ffffff8a9ec15750  (1 of 8)  [THREAD_INFO: ffffff8a9ec00000]
  21.          CPU: 0
  22.        STATE: TASK_RUNNING 
  23.      WARNING: panic task not found
  24.  
  25.  
  26. crash64>

我們可以看當前存在的D狀態的進程:

  1. crash64> ps | grep "UN"
  2.      59      2   1  ffffffce34ddbe80  UN   0.0       0      0  [kworker/u16:1]
  3.     163      2   0  ffffffcd35344b00  UN   0.0       0      0  [mdss_dsi_event]
  4.     326      2   3  ffffffce33031900  UN   0.0       0      0  [irq/265-synapti]
  5.     431      2   0  ffffffcd349bf080  UN   0.0       0      0  [mmc-cmdqd/0]
  6.     501      2   2  ffffffcd3451e400  UN   0.0       0      0  [msm-core:sampli]
  7.     692      1   0  ffffffce2f11d780  UN   0.5  184732  41064  surfaceflinger

切換到326進程:

  1. crash64> set 326
  2.     PID: 326
  3. COMMAND: "irq/265-synapti"
  4.    TASK: ffffffce33031900  [THREAD_INFO: ffffffcd34fec000]
  5.     CPU: 3
  6.   STATE: TASK_UNINTERRUPTIBLE 
  7. crash64>

查看當前進程的調用棧:

  1. crash64> bt
  2. PID: 326    TASK: ffffffce33031900  CPU: 3   COMMAND: "irq/265-synapti"
  3.  #0 [ffffffcd34fef360] __switch_to at ffffff8a9c885560
  4.  #1 [ffffffcd34fef390] __schedule at ffffff8a9d6ecd18
  5.  #2 [ffffffcd34fef3f0] schedule at ffffff8a9d6ed07c
  6.  #3 [ffffffcd34fef410] do_exit at ffffff8a9c8a3d7c
  7.  #4 [ffffffcd34fef480] die at ffffff8a9c88864c
  8.  #5 [ffffffcd34fef4d0] __do_kernel_fault at ffffff8a9c8991a0
  9.  #6 [ffffffcd34fef500] do_translation_fault at ffffff8a9c8975dc
  10.  #7 [ffffffcd34fef540] do_mem_abort at ffffff8a9c880ad8
  11.  #8 [ffffffcd34fef720] el1_da at ffffff8a9c883cf8
  12.      PC: ffffff8a9c8bc178  [kthread_data+4]
  13.      LR: ffffff8a9c8f74a8  [irq_thread_dtor+68]
  14.      SP: ffffffcd34fef720  PSTATE: 60000145
  15.     X29: ffffffcd34fef720  X28: ffffffcd34fec000  X27: 0000000000000005
  16.     X26: 0000000000000001  X25: ffffff8a9ec05000  X24: ffffffcd34fef7d0
  17.     X23: ffffff8a9ec17000  X22: 0000000000000000  X21: ffffff8a9ef8f000
  18.     X20: ffffffce33031900  X19: ffffffce33031900  X18: 0000000000000010
  19.     X17: 000000000000000e  X16: 0000000000000007  X15: ffffff8a9d8c0000
  20.     X14: 2d6d64742d696164  X13: 00000000001c1f9e  X12: 0000000000989680
  21.     X11: 0000000041acdf40  X10: ffffffce3d4ffc78   X9: ffffffce3d4ffc88
  22.      X8: ffffffcd34f4f320   X7: 0000000000000000   X6: 0000000000000004
  23.      X5: 00000000036399ed   X4: ffffffce33032018   X3: 0000000000000000
  24.      X2: 0000000000000000   X1: ffffff8a9c8f7464   X0: 0000000000000000
  25.  #9 [ffffffcd34fef740] task_work_run at ffffff8a9c8ba24c
  26. #10 [ffffffcd34fef770] do_exit at ffffff8a9c8a4074
  27. #11 [ffffffcd34fef7e0] die at ffffff8a9c88864c
  28. #12 [ffffffcd34fef830] __do_kernel_fault at ffffff8a9c8991a0
  29. #13 [ffffffcd34fef860] do_page_fault at ffffff8a9c8974d0
  30. #14 [ffffffcd34fef8d0] do_translation_fault at ffffff8a9c897574
  31. #15 [ffffffcd34fef910] do_mem_abort at ffffff8a9c880ad8
  32. #16 [ffffffcd34fefaf0] el1_da at ffffff8a9c883cf8
  33.      PC: ffffff8a9cfca228  [synaptics_rmi4_add_and_update_tp_data+36]
  34.      LR: ffffff8a9cfa9ff0  [input_event+524]
  35.      SP: ffffffcd34fefaf0  PSTATE: 80000005
  36.     X29: ffffffcd34fefaf0  X28: 0000000000000000  X27: 0000000000000005
  37.     X26: 0000000000000001  X25: ffffffcd34849000  X24: 0000000000000003
  38.     X23: ffffff8a9ec06000  X22: 0000000000000036  X21: ffffffcd34fefbf8
  39.     X20: ffffff8a9ec06000  X19: ffffffcd34848800  X18: 0000000000000060
  40.     X17: 000000000000000e  X16: 0000000000000007  X15: ffffff8a9d8c0000
  41.     X14: 0000000000000000  X13: 00000000001b1c92  X12: 0000000000989680
  42.     X11: 0000000040ffdb77  X10: 00000000000008c0   X9: ffffffcd34fec000


好了,環境搭建和初步的調試就是這樣了,具體問題再具體分析吧。後邊會說一個分析的實例

https://blog.csdn.net/aa787282301/article/details/79431214

https://blog.csdn.net/aa787282301/article/details/81413242

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章