Interprete kernel Oops

From wiki.network-crawler.de
Jump to: navigation, search
  • Copy n paste the oops output into uups.txt. A Kernel oops looks s.th. like this:
Oops: kernel access of bad area, sig: 11
NIP: C20A1690 XER: 4000005A LR: C20A1660 SP: C0C23EC0 REGS: c0c23e10 TRAP: 0800    Not tainted
MSR: 00003030 EE: 0 PR: 0 FP: 1 ME: 1 IR/DR: 11
DEAR: 00FFFFF4, ESR: 00000000
TASK = c01338d0[0] 'swapper' Last syscall: 120
last math 00000000 last altivec 00000000
PLB0: bear= 0x00748001 acr=   0x00000000 besr=  0x00000000
PLB0 to OPB: bear= 0x64cb9039 besr0= 0x00000000 besr1= 0x00000000

GPR00: 00FFFFF4 C0C23EC0 5A5A5A5A C2019680 C201A340 00000000 005D33B1 00000001
GPR08: 00000000 00FFFFF4 00000000 C21543D0 005D78F2 5A5A5A5A 5A5A5A5A 5A5A5A5A
GPR16: 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A
GPR24: 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A C24FA000 5A5A5A5A 5A5A5A5A
Call backtrace:
C20A1660 C20B2CA0 C20465D4 C20409B0 C208E7C4 C2091BF8 C20918C0
C20118E0 C2011884
  • Install ksysmoops
  • Generate a kernel mapping or a module mapping (e.g. insmod -m module_name.o > module_name.o.map)
ksymoops -K -L -O -m module_name.o.map < oops.txt > oops.out
  • Output the oops.out e.g.
cat oops.out

This is what you get:

Oops: kernel access of bad area, sig: 11
NIP: C20A1690 XER: 4000005A LR: C20A1660 SP: C0C23EC0 REGS: c0c23e10 TRAP: 0800    Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
MSR: 00003030 EE: 0 PR: 0 FP: 1 ME: 1 IR/DR: 11
TASK = c01338d0[0] 'swapper' Last syscall: 120
last math 00000000 last altivec 00000000
GPR00: 00FFFFF4 C0C23EC0 5A5A5A5A C2019680 C201A340 00000000 005D33B1 00000001
GPR08: 00000000 00FFFFF4 00000000 C21543D0 005D78F2 5A5A5A5A 5A5A5A5A 5A5A5A5A
GPR16: 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A
GPR24: 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A 5A5A5A5A C24FA000 5A5A5A5A 5A5A5A5A
Call backtrace:
C20A1660 C20B2CA0 C20465D4 C20409B0 C208E7C4 C2091BF8 C20918C0
C20118E0 C2011884
Warning (Oops_read): Code line not seen, dumping what data is available


>>EIP; c20a1690 <MBM_MsgRelease+84/15c>   <=====

>>GPR11; c21543d0 <RTasks+2f0/1d1e0>

Trace; c20a1660 <MBM_MsgRelease+54/15c>
Trace; c20b2ca0 <xc_bfree+68/b4>
Trace; c20465d4 <CstClrOutput+f88/1254>
Trace; c20409b0 <CstReadAllInputs+24/3c>
Trace; c208e7c4 <TskUpdateInputs+288/490>
Trace; c2091bf8 <IsRunning+270/afc>
Trace; c20918c0 <IecTask+138/200>
Trace; c20118e0 Before first symbol
Trace; c2011884 Before first symbol

Short explanation

Trace; c20a1660 <MBM_MsgRelease+54/15c>

Means for example: IP was c20a1660 in function MBM_MsgRelease 0x54 bytes after the start of the function which has 0x15c bytes code