Generation of OOPS messages
Post on analyzing the OOP process on the Internet. Read it later.
Http://blog.sina.com.cn/s/blog_3e4774e30100ooey.html
Oops message example
1. Reference NULL pointer
Unable to handle kernel Null Pointer Dereference at virtual address 00000000
Printing EIP:
D083a064
Oops: 0002 [#1]
SMP
CPU: 0
EIP: 0060: [<d083a064>] not tainted
Eflags: 00010246 (2.6.6)
EIP is at faulty_write + 0x4/0x10 [faulty]
Eax: 00000000 EBX: 00000000 ECx: 00000000 edX: 00000000
ESI: cf8b2460 EDI: cf8b2480 EBP: 00000005 ESP: c31c5f74
DS: 007b ES: 007b SS: 0068
Process bash (PID: 2086, threadinfo = c31c4000 task = cfa0a6c0)
STACK: c0150558 cf8b2460 080e9408 00000005 cf8b2480 00000000 cf8b2460 cf8b2460
Fffffff7 080e9408 c31c4000 c0150682 cf8b2460 080e9408 00000005 cf8b2480
00000000 00000001 00000005 c0103f8f 00000001 080e9408 00000005 00000005
Call trace:
[<C0150558>] vfs_write + 0xb8/0x130
[<C0150682>] sys_write + 0x42/0x70
[<C0103f8f>] syscall_call + 0x7/0xb
Code: 89 15 00 00 00 00 C3 90 8d 74 26 00 83 EC 0C B8 00 A6 83 D0
This error message is obvious. It refers to a null pointer, which is located in the last four bytes of faulty_write.
2. the stack is damaged.
EIP: 0010: [<00000000>]
Unable to handle kernel paging request at virtual address ffffffff
Printing EIP:
Ffffffff
Oops: 0000 [#5]
SMP
CPU: 0
EIP: 0060: [<ffffffff>] not tainted
Eflags: 00010296 (2.6.6)
EIP is at 0 xffffffff
Eax: 0000000c EBX: ffffffff ECx: 00000000 edX: bfffda7c
ESI: cf434f00 EDI: ffffffff EBP: 00002000 ESP: c27fff78
DS: 007b ES: 007b SS: 0068
Process head (PID: 2331, threadinfo = c27fe000 task = c3226150)
STACK: ffffffff bfffda70 00002000 cf434f20 00000001 00000286 cf434f00 fffffff7
Bfffda70 c27fe000 c0150612 cf434f00 bfffda7000002000 cf434f20 00000000
00000003 00002000 c0103f8f 00000003 bfffda70 00002000 00002000 bfffda70
Call trace:
[<C0150612>] sys_read + 0x42/0x70
[<C0103f8f>] syscall_call + 0x7/0xb
Code:Bad EIP Value.
This error message is obscure. A virtual address cannot be found. EIP is a mess.
The Call trace is incomplete and only sys_read is indicated.
The source code that causes the error is:
Ssize_t faulty_read (struct file * filp, char _ User * Buf,
Size_t count, loff_t * POS)
{
Int ret;
Char stack_buf [4];
/* Let's try a buffer overflow */
Memset (stack_buf, 0xff, 20 );
If (count> 4)
Count = 4;/* Copy 4 bytes to the user */
Ret = copy_to_user (BUF, stack_buf, count );
If (! RET)
Return count;
Return ret;
}
This error occurs when memset destroys the stack.
Locate error location using oops message
These two examples are good online.
Http://www.jishuziyuan.com/archive/myxemu/8252895.html
Http://blog.chinaunix.net/uid-26318308-id-3395285.html
There is also an email from the old Linus family.
Http://yarchive.net/comp/linux/oops_decoding.html
1. compiled source code
GDB vmlinux
(GDB) B * func + offset
Or
(GDB) L * func + offset
2. Check the compiled source code with objdump.
Objdump-s net/CORE/dev. O>/tmp/dev. s
Then count by yourself...
3. Check the compiled source code with addr2line.
Addr2line-e vmlinux func + offset
Calculate the value, or directly use the oops value.
4. No compiled source code, only messages
Where is the output oops message in the code?
In x86 systems, the die function is in arch/x86/kernel/dumpstack. c