I am getting following Oops message while testing on a device which is running on Linux Kernel 3.4.5 and ARM processor.I am unable to trace the issue.
If you look at call stack , you would see it starting from ret_fast_syscall() , now actually sysrq for Crash has been triggered inside the code but i am not getting from where.How can i find that. I have Lauterbach installed but no idea from where to find which part of kernel code has actually triggered this SysRq.
[50728.239318] C0 [ sh] SysRq : Trigger a crash
[50728.239501] C0 [ sh] **************** READ GIC status
[50728.239654] C0 [ sh] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[50728.239776] C0 [ sh] pgd = ebc9c000
[50728.239929] C0 [ sh] [00000000] *pgd=00000000
[50728.240081] C0 [ sh] Internal error: Oops: 805 [#1] PREEMPT SMP ARM
[50728.240234] C0 [ sh] kona_fb: die notifier invoked
[50728.240356] C0 [ sh] Modules linked in: bcmdhd dm_crypt(O) moc_crypto(PO) moc_platform_mod(O) texfat(PO)
[50728.241088] C0 [ sh] CPU: 0 Tainted: P W O (3.4.5-g4192471-dirty #116)
[50728.241271] C0 [ sh] PC is at sysrq_handle_crash+0x14/0x20
[50728.241424] C0 [ sh] LR is at __handle_sysrq+0xa0/0x14c
[50728.241516] C0 [ sh] pc : [<c026ad48>] lr : [<c026b210>] psr: 60000093
[50728.241516] C0 [ sh] sp : ebd0ff20 ip : 0000000c fp : 4003a404
[50728.241821] C0 [ sh] r10: 4070002c r9 : edbc2f0c r8 : 00000000
[50728.241912] C0 [ sh] r7 : 60000013 r6 : 00000063 r5 : 00000007 r4 : c0a26b90
[50728.242065] C0 [ sh] r3 : 00000001 r2 : 00000000 r1 : c07ab3a2 r0 : 00000063
[50728.242248] C0 [ sh] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[50728.242401] C0 [ sh] Control: 10c53c7d Table: adc9c06a DAC: 00000015
[50728.242492] C0 [ sh]
.................. (Register Contents).............
[50728.284851] C0 [ sh] Stack: (0xebd0ff20 to 0xebd10000)
[50728.284942] C0 [ sh] ff20: 00000002 c026b2bc ec2a4ef0 ebd0ff88 00000002 c026b2e0 edbc2ec0 c014c840
[50728.285125] C0 [ sh] ff40: 00000002 ec2a4ef0 4070002c ebd0ff88 00000002 ebd0e000 00000000 c0109d24
[50728.285308] C0 [ sh] ff60: ec2a4ef0 4070002c ec2a4ef0 4070002c 00000000 00000000 00000002 c0109f5c
[50728.285491] C0 [ sh] ff80: 00000001 00000000 00000000 00000000 00000003 00000002 00000001 00000004
[50728.285675] C0 [ sh] ffa0: c000e304 c000e140 00000003 00000002 00000001 4070002c 00000002 ffffffff
[50728.285858] C0 [ sh] ffc0: 00000003 00000002 00000001 00000004 4070002c 00000000 406ffc84 4003a404
[50728.286010] C0 [ sh] ffe0: 40035f38 bea5e710 40020257 40150e44 20000010 00000001 00000000 00000000
[50728.286224] C0 [ sh] [<c026ad48>] (sysrq_handle_crash+0x14/0x20) from [<c026b210>] (__handle_sysrq+0xa0/0x14c)
***[50728.286376] C0 [ sh] [<c026b210>] (__handle_sysrq+0xa0/0x14c) from [<c026b2e0>] (write_sysrq_trigger+0x24/0x34)
[50728.286560] C0 [ sh] [<c026b2e0>] (write_sysrq_trigger+0x24/0x34) from [<c014c840>] (proc_reg_write+0x80/0x94)
[50728.286682] C0 [ sh] [<c014c840>] (proc_reg_write+0x80/0x94) from [<c0109d24>] (vfs_write+0xb0/0x128)
[50728.286865] C0 [ sh] [<c0109d24>] (vfs_write+0xb0/0x128) from [<c0109f5c>] (sys_write+0x38/0x64)
[50728.287048] C0 [ sh] [<c0109f5c>] (sys_write+0x38/0x64) from [<c000e140>] (ret_fast_syscall+0x0/0x48)***
[50728.287200] C0 [ sh] Code: e3a03001 e5823000 f57ff04f e3a02000 (e5c23000)
[50728.287384] C0 [ sh] ---[ end trace 1b75b31a2719ed7e ]---
[50728.287475] C0 [ sh] Kernel panic - not syncing: Fatal exception
[50728.239318] C0 [ sh] SysRq : Trigger a crash
Someone at userland triggered a crash as you would do via echo c > /proc/sysrq-trigger.
Related
Im learning to develop and backport drivers and Im new to this.
I am wondering how to debug this issue. I found that there is some usage of NULL pointer but I dont know how to find it. This debug trace doesn't shows me where it is in the driver code. And I dont know how to start.
I succeeded to backport mcp251xfd driver to 4.9 linux and it works, I succeeded to read data with candump but when I do reboot this happens: ( and sometimes happens on bringing up the interface)
[ 35.383520] Unable to handle kernel NULL pointer dereference at virtual address 000000c8
[ 35.392667] pgd = ffffff80094a1000
[ 35.396502] [000000c8] *pgd=000000007f7fe003, *pud=000000007f7fe003, *pmd=0000000000000000
[ 35.405833] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 35.412105] Modules linked in: vin_v4l2 ov8858_r2a_4lane vin_io videobuf2_dma_contig gt9xxnew_ts sprdbt_tty sprdwl_ng uwe5622_bsp_sdio sunxi_gmac
[ 35.426863] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.9.170 #2
[ 35.432909] NOHZ: local_softirq_pending 08
[ 35.433034] NOHZ: local_softirq_pending 08
[ 35.433125] NOHZ: local_softirq_pending 08
[ 35.447419] Hardware name: sun50iw10 (DT)
[ 35.451931] task: ffffffc03e1cc880 task.stack: ffffffc03e1e0000
[ 35.458608] PC is at test_and_set_bit+0x18/0x40
[ 35.463713] LR is at __netif_schedule+0x28/0x80
[ 35.468811] pc : [<ffffff80083fddb8>] lr : [<ffffff80087e5588>] pstate: 40400145
[ 35.477129] sp : ffffffc03f733d70
[ 35.480856] x29: ffffffc03f733d70 x28: 000000000002536] 3cf0 3b36d4a0 ffffffc0 3b2f6c80 ffffffc0 00000003 00000000 ffffffff 00000000
[ 35.591815] 3d10 0000000a 00000000 08e8f018 ffffff80 00000001 00000000 3f733d70 ffffffc0
[ 35.601089] 3d30 087e5588 ffffff80 3f733d70 ffffffc0 083fddb8 ffffff80 40400145 00000000
[ 35.610363] 3d50 3b36d000 ffffffc0 00000001 00000000 ffffffff 0000007f 3b36d4a0 ffffffc0
[ 35.619637] 3d70 3f733da0 ffffffc0 087e5610 ffffff80 3b2f6c00 ffffffc0 00000001 00000000
[ 35.628911] 3d90 3b2f6c00 ffffffc0 087e55fc ffffff80 3f733dc0 ffffffc0 088162f0 ffffff80
[ 35.638185] 3db0 3b36d000 ffffffc0 00000001 00000000 3f733e10 ffffffc0 08114920 ffffff80
[ 35.647459] 3dd0 00000101 00000000 3b36d4b8 ffffffc0 088161f4 ffffff80 088161f4 ffffff80
[ 35.656742]
[ 35.656742] X6: 0xffffffc03f733e68:
[ 35.662328] 3e68 08e93000 ffffff80 0920d000 ffffff80 09206000 ffffff80 09210000 ffffff80
[ 35.671603] 3e88 ffffffff 00000000 00000101 00000000 08114c1c ffffff80 3f733f30 ffffffc0
[ 35.680876] 3ea8 08081438 ffffff80 09205188 ffffff80 00000001 00000000 00000002 00000000
[ 35.690149] 3ec8 09412e80 ffffff80 00000282 00000000 08e8f018 ffffff80 00000000 00000000
[ 35.699422] 3ee8 0841cb98 ffffff80 09205188 ffffff80 00000001 00000000 00000002 00000000
[ 35.708694] 3f08 09412e80 ffffff80 00000282 00000000 08081328 ffffff80 3f733f30 ffffffc0
[ 35.717968] 3f28 000409aa 00000000 3f733fc0 ffffffc0 080aa3a8 ffffff80 09412e80 ffffff80
[ 35.727242] 3f48 00000005 00000000 08cf4000 ffffff80 00000000 00000000 08e98000 ffffff80
[ 35.736535]
[ 35.736535] X21: 0xffffffc03b2f6b80:
[ 35.742218] 6b80 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.751490] 6ba0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.760762] 6bc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.770034] 6be0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0000000000000 00000000 00000000 00000000
[ 35.831355] d440 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.840625] d460 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.849897] d480 00000000 00000000 00000000 00000000 00000000 00000000 00000064 00000000
[ 35.859169] d4a0 00310030 0000012c 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.868441] d4c0 3f734ff0 ffffffc0 fffecaff 00000000 088161f4 ffffff80 3b36d000 ffffffc0
[ 35.877714] d4e0 18000003 ffffffff 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.886987] d500 08ea3fdc ffffff80 00000000 00000000 00000000 00000000 3b36d518 ffffffc0
[ 35.896264]
[ 35.896264] X23: 0xffffffc03b2f6c00:
[ 35.901947] 6c00 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.911219] 6c20 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.920491] 6c40 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.929763] 6c60 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.939038] 6c80 00010001 ffffffff 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.948310] 6ca0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.957583] 6cc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.966856] 6ce0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 35.976137]
[ 35.976137] X29: 0xffffffc03f733cf0:
[ 35.981821] 3cf0 3b36d4a0 ffffffc0 3b2f6c80 ffffffc0 00000003 00000000 ffffffff 00000000
[ 35.991093] 3d10 0000000a 00000000 08e8f018 ffffff80 00000001 00000000 3f733d70 ffffffc0
[ 36.000367] 3d30 087e5588 ffffff80 3f733d70 ffffffc0 083fddb8 ffffff80 40400145 00000000
[ 36.009640] 3d50 3b36d000 ffffffc0 00000001 00000000 ffffffff 0000007f 3b36d4a0 ffffffc0
[ 36.018914] 3d70 3f733da0 ffffffc0 087e5610 ffffff80 3b2f6c00 ffffffc0 00000001 00000000
[ 36.028187] 3d90 3b2f6c00 ffffffc0 087e55fc ffffff80 3f733dc0 ffffffc0 088162f0 ffffff80
[ 36.037464] 3db0 3b36d000 ffffffc0 00000001 00000000 3f733e10 ffffffc0 08114920 ffffff80
[ 36.046737] 3dd0 00000101 00000000 3b36d4b8 ffffffc0 088161f4 ffffff80 088161f4 ffffff80
[ 36.056010]
[ 36.057689] Process swapper/3 (pid: 0, stack limit = 0xffffffc03e1e0000)
[ 36.065231] Stack: (0xffffffc03f733d70 to 0xffffffc03e1e4000)
[ 36.071694] Call trace:
[ 36.074449] Exception stack(0xffffffc03f733b80 to 0xffffffc03f733cb0)
[ 36.081705] 3b80: 0000000000000000 0000007fffffffff 00000000414a3000 ffffff80083fddb8
[ 36.090520] 3ba0: 0000000040400145 ffffffc03e21dda0 0000000000000000 ffffffc03f73b780
[ 36.099336] 3bc0: ffffffc03f733d30 0000000000000000 ffffffc03f733c00 0000000000000000
[ 36.108151] 3be0: 0000000000000000 0000000000000000 0000000000000000 0000000000000400
[ 36.116966] 3c00: 0000000000000018 0000000100000000 0000000000000001 0000000000000000
[ 36.125781] 3c20: 0000000000000000 ffffffc03e21df00 0000000000000006 00000000000409aa
[ 36.134597] 3c40: 0000000000000000 00000000000000c8 0000000000000001 0000000000000000
[ 36.143413] 3c60: 0000000000000001 000000000000000f ffffffc03f733ee8 0800000000000000
[ 36.152227] 3c80: 0000000000000001 0000000000000000 0000000000000004 000000000000000f
[ 36.161037] 3ca0: 0000000000000000 000000000000004c
[ 36.166536] [<ffffff80083fddb8>] test_and_set_bit+0x18/0x40
[ 36.172813] [<ffffff80087e5610>] netif_schedule_queue+0x30/0x40
[ 36.179482] [<ffffff80088162f0>] dev_watchdog+0xfc/0x278
[ 36.185467] [<ffffff8008114920>] call_timer_fn+0xa4/0x1c0
[ 36.191546] [<ffffff8008114b8c>] expire_timers+0x124/0x170
[ 36.197723] [<ffffff8008114c90>] run_timer_softirq+0xb8/0x188
[ 36.204192] [<ffffff8008081438>] __do_softirq+0x178/0x338
[ 36.210272] [<ffffff80080aa3a8>] irq_exit+0x90/0xd0
[ 36.215767] [<ffffff80000012 0000000000000000 000000000000002d
[ 36.270918] 3ea0: 000000000000001f 0000000000000000 ffffff800821c950 0000007faa340698
[ 36.279734] 3ec0: 0000007faa3caa70 ffffff800920df48 0000000000000003 0000000000000008
[ 36.288549] 3ee0: ffffff800920dfdc ffffffc03e1cc880 0000000000000000 0000000000000000
[ 36.297363] 3f00: 0000000000000000 0000000000000000 0000000000000000 ffffffc03e1e3f60
[ 36.306179] 3f20: ffffff800808577c ffffffc03e1e3f60 ffffff8008085780 0000000060400145
[ 36.314995] 3f40: ffffffc03e1cc880 ffffff800810c27c ffffffffffffffff ffffff8008085700
[ 36.323808] [<ffffff8008082b68>] el1_irq+0xe8/0x18c
[ 36.329302] [<ffffff8008085780>] arch_cpu_idle+0x98/0x178
[ 36.335385] [<ffffff80089fed18>] default_idle_call+0x28/0x30
[ 36.341759] [<ffffff80080f2394>] cpu_startup_entry+0xc4/0x104
[ 36.348231] [<ffffff8008091034>] secondary_start_kernel+0x1d0/0x1dc
[ 36.355285] [<0000000040a011b4>] 0x40a011b4
[ 36.360002] Code: d2800022 8b400c21 f9800031 9ac32044 (c85f7c22)
[ 36.366860] ---[ end trace a8e12e41d725d1cb ]---
[ 36.372057] Kernel panic - not syncing: Fatal exception in interrupt
[ 36.379202] SMP: stopping secondary CPUs
[ 36.383621] Kernel Offset: disabled
[ 36.387563] Memory Limit: none
[ 36.391016] Rebooting in 5 seconds..
Firstly I wasnt able to bring up the interface with similar problem and I readed that this is buffer overflow or double free. From the previous dump I saw in which function the problem happens and I commented this line -> kfree(ram); # 1034 line # this file --> https://github.com/minima34/mcp251xfd_4.9/blob/master/mcp251xfd/mcp251xfd-core.c
This allowed me to get my driver working but now I have this nasty issue, that blocked me and freaked me. This time I can't see where the problem happens and its confusing.
I think that the problem is that I commented kfree() in 1034 line but I dont know how to do it then.
I am trying to start an Oracle 11g database but it is failing with ORA-01092 and ORA-00600 errors:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Sep 11 15:21:30 2019
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup upgrade
ORACLE instance started.
Total System Global Area 430075904 bytes
Fixed Size 2176448 bytes
Variable Size 356518464 bytes
Database Buffers 67108864 bytes
Redo Buffers 4272128 bytes
Database mounted.
ORA-01092: ORACLE instance terminated. Disconnection forced
ORA-00600: internal error code, arguments: [4194], [], [], [], [], [], [], [],
[], [], [], []
Process ID: 5044
Session ID: 1 Serial number: 5
SQL> conn
Enter user-name: delhipilot
Enter password:
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Process ID: 0
Session ID: 0 Serial number: 0
SQL>
How can I start my database properly?
Here is an example of patching the system rollback segment header to avoid errors ORA-600 [4193] and ORA-600 [4194] during startup. Note that in this example the segment header is located in file 1 block 9 and the example in note 452620.1 is using file 1 block 2 as the segment header.
parnassusdata can also provide the recovery service.
It is a partial block dump for system rbs segment header file 1 block 9:
TRN CTL:: seq: 0x003a chd: 0x0017 ctl: 0x0052 inc: 0x00000000 nfb: 0x0001
mgc: 0x8002 xts: 0x0068 flg: 0x0001 opt: 2147483646 (0x7ffffffe)
uba: 0x00400197.003a.02 scn: 0x0000.004fbbf0
Version: 0x01
FREE BLOCK POOL::
uba: 0x00400197.003a.02 ext: 0x4 spc: 0x1dd2
uba: 0x00000000.0037.05 ext: 0x1 spc: 0x1d6c
uba: 0x00000000.0035.37 ext: 0x5 spc: 0x538
uba: 0x00000000.0000.00 ext: 0x0 spc: 0x0
1. Generate the bbed executable:
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk `pwd`/bbed
mv bbed $ORACLE_HOME/bin
2. Create file file.lis with the datafile where the system rollback segment header is stored:
file.lis has:
<relative file#> <datafile name> <size in bytes: v$datafile.bytes>
In our session file.lis contains:
1 /oradata/s102/system01.dbf 524288000
3. Create file bbed.par
bbed.par has:
MODE=EDIT
LISTFILE=<File name created in step2>
BLOCKSIZE=<db_block_size>
In our session bbed.par contains
MODE=EDIT
LISTFILE=file.lis
BLOCKSIZE=8192
4. Run bbed. Use password blockedit:
$ bbed parfile=bbed.par
Password:
BBED: Release 2.0.0.0.0 - Limited Production on Thu Sep 27 10:06:25 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
************* !!! For Oracle Internal Use only !!! ***************
BBED>
5. Go to Block where the system rollback segment header is stored. In our example it is block 9:
BBED> set block 9
BLOCK# 9
6. Run map to see the C structures for the block and the DBA:
BBED> map
File: /oradata/s102/system01.dbf (1)
Block: 9 Dba:0x00400009
------------------------------------------------------------
Unlimited Undo Segment Header
struct kcbh, 20 bytes #0
struct ktech, 72 bytes #20
struct ktemh, 16 bytes #92
struct ktetb[6], 48 bytes #108
struct ktuxc, 104 bytes #4148
struct ktuxe[255], 10200 bytes #4252
ub4 tailchk #8188
Note that dba=0x00400009 is file 1 block 9, so we are positioned in the correct block.
7. Print the structure ktuxc:
BBED> print ktuxc
struct ktuxc, 104 bytes #4148
struct ktuxcscn, 8 bytes #4148
ub4 kscnbas #4148 0x004fbbf1
ub2 kscnwrp #4152 0x0000
struct ktuxcuba, 8 bytes #4156
ub4 kubadba #4156 0x00400197
ub2 kubaseq #4160 0x003a
ub1 kubarec #4162 0x03
sb2 ktuxcflg #4164 1 (KTUXCFSK)
ub2 ktuxcseq #4166 0x003a
sb2 ktuxcnfb #4168 1
ub4 ktuxcinc #4172 0x00000000
sb2 ktuxcchd #4176 6
sb2 ktuxcctl #4178 23
ub2 ktuxcmgc #4180 0x8002
ub4 ktuxcopt #4188 0x7ffffffe
struct ktuxcfbp[0], 12 bytes #4192
struct ktufbuba, 8 bytes #4192
ub4 kubadba #4192 0x00400197
ub2 kubaseq #4196 0x003a
ub1 kubarec #4198 0x0c
sb2 ktufbext #4200 4
sb2 ktufbspc #4202 5630
8. Modify ktuxc.ktuxcnfb to 0x0000
BBED> set offset ktuxc.ktuxcnfb
OFFSET 4168
BBED> print
ktuxc.ktuxcnfb
--------------
sb2 ktuxcnfb #4168 1
BBED> modify 0x0000
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 4168 to 4679 Dba:0x00400009
------------------------------------------------------------------------
00000000 00000000 06001700 02800100 68000000 feffff7f 97014000 3a000c00
0400fe15 00000000 37000500 01006c1d 00000000 35003700 05003805 00000000
00000000 00000000 00000000 00000000 00000000 30000000 93014000 191f5300
00000000 09005f00 00000000 00000000 00000000 01000000 00000000 31000000
96014000 a03e5b00 00000000 09005c00 00000000 00000000 00000000 01000000
00000000 31000000 96014000 9e3e5b00 00000000 09000e00 00000000 00000000
00000000 01000000 00000000 30000000 93014000 f4bb4f00 00000000 09001600
00000000 00000000 00000000 01000000 00000000 31000000 96014000 c13a5b00
00000000 09004800 00000000 00000000 00000000 01000000 00000000 31000000
96014000 983e5b00 00000000 09006000 00000000 00000000 00000000 01000000
00000000 30000000 93014000 f2bb4f00 00000000 09001400 00000000 00000000
00000000 01000000 00000000 31000000 96014000 933e5b00 00000000 09006100
00000000 00000000 00000000 01000000 00000000 31000000 96014000 8d3e5b00
00000000 09004700 00000000 00000000 00000000 01000000 00000000 30000000
94014000 87d15900 00000000 09002100 00000000 00000000 00000000 01000000
00000000 30000000 94014000 211f5300 00000000 09001d00 00000000 00000000
<32 bytes per line>
9. Modify ktuxc.ktuxcfbp[0].ktufbuba to 0x00000000
BBED> set offset ktuxc.ktuxcfbp[0].ktufbuba
OFFSET 4192
BBED> print
ktuxc.ktuxcfbp[0].ktufbuba.kubadba
----------------------------------
ub4 kubadba #4192 0x00400197
BBED> modify 0x00000000
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 4192 to 4703 Dba:0x00400009
------------------------------------------------------------------------
00000000 3a000c00 0400fe15 00000000 37000500 01006c1d 00000000 35003700
05003805 00000000 00000000 00000000 00000000 00000000 00000000 30000000
93014000 191f5300 00000000 09005f00 00000000 00000000 00000000 01000000
00000000 31000000 96014000 a03e5b00 00000000 09005c00 00000000 00000000
00000000 01000000 00000000 31000000 96014000 9e3e5b00 00000000 09000e00
00000000 00000000 00000000 01000000 00000000 30000000 93014000 f4bb4f00
00000000 09001600 00000000 00000000 00000000 01000000 00000000 31000000
96014000 c13a5b00 00000000 09004800 00000000 00000000 00000000 01000000
00000000 31000000 96014000 983e5b00 00000000 09006000 00000000 00000000
00000000 01000000 00000000 30000000 93014000 f2bb4f00 00000000 09001400
00000000 00000000 00000000 01000000 00000000 31000000 96014000 933e5b00
00000000 09006100 00000000 00000000 00000000 01000000 00000000 31000000
96014000 8d3e5b00 00000000 09004700 00000000 00000000 00000000 01000000
00000000 30000000 94014000 87d15900 00000000 09002100 00000000 00000000
00000000 01000000 00000000 30000000 94014000 211f5300 00000000 09001d00
00000000 00000000 00000000 01000000 00000000 30000000 93014000 0d1f5300
<32 bytes per line>
BBED>
10. Disable the block Checksum by changing the kcbh.flg_kcbh-4 and kcbh.chkval_kcbh to 0x0000:
BBED> map
File: /oradata/s102/system01.dbf (1)
Block: 9 Dba:0x00400009
------------------------------------------------------------
Unlimited Undo Segment Header
struct kcbh, 20 bytes #0
struct ktech, 72 bytes #20
struct ktemh, 16 bytes #92
struct ktetb[6], 48 bytes #108
struct ktuxc, 104 bytes #4148
struct ktuxe[255], 10200 bytes #4252
ub4 tailchk #8188
BBED> print kcbh
struct kcbh, 20 bytes #0
ub1 type_kcbh #0 0x0e
ub1 frmt_kcbh #1 0xa2
ub1 spare1_kcbh #2 0x00
ub1 spare2_kcbh #3 0x00
ub4 rdba_kcbh #4 0x00400009
ub4 bas_kcbh #8 0x005b3f76
ub2 wrp_kcbh #12 0x0000
ub1 seq_kcbh #14 0x01
ub1 flg_kcbh #15 0x04 (KCBHFCKV)
ub2 chkval_kcbh #16 0xe264
ub2 spare3_kcbh #18 0x0000
BBED> set offset kcbh.flg_kcbh
OFFSET 15
BBED> print
kcbh.flg_kcbh
-------------
ub1 flg_kcbh #15 0x04 (KCBHFCKV)
BBED> modify 0x00
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 15 to 526 Dba:0x00400009
------------------------------------------------------------------------
0064e200 00000000 00000000 00000000 00000000 00060000 002f0000 00201000
00040000 00060000 00080000 00970140 00000000 00040000 00000000 00000000
00000000 00000000 00000000 00060000 00000000 00000000 00000000 400a0040
00070000 00110040 00080000 00810140 00080000 00890140 00080000 00910140
00080000 00990140 00080000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<32 bytes per line>
BBED> set offset kcbh.chkval_kcbh
OFFSET 16
BBED> print
kcbh.chkval_kcbh
----------------
ub2 chkval_kcbh #16 0xe264
BBED> modify 0x0000
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 16 to 527 Dba:0x00400009
------------------------------------------------------------------------
00000000 00000000 00000000 00000000 00000000 06000000 2f000000 20100000
04000000 06000000 08000000 97014000 00000000 04000000 00000000 00000000
00000000 00000000 00000000 06000000 00000000 00000000 00000040 0a004000
07000000 11004000 08000000 81014000 08000000 89014000 08000000 91014000
08000000 99014000 08000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<32 bytes per line>
11. Verify the the block has no corruptions:
BBED> verify
DBVERIFY - Verification starting
FILE = /oradata/s102/system01.dbf
BLOCK = 9
DBVERIFY - Verification complete
Total Blocks Examined : 1
Total Blocks Processed (Data) : 0
Total Blocks Failing (Data) : 0
Total Blocks Processed (Index): 0
Total Blocks Failing (Index): 0
Total Blocks Empty : 0
Total Blocks Marked Corrupt : 0
Total Blocks Influx : 0
12. exit, open the database and shrink the system rollback segment:
BBED> exit
[oracle#arem example]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.3.0 - Production on Thu Sep 27 10:28:00 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 167772160 bytes
Fixed Size 1260696 bytes
Variable Size 62915432 bytes
Database Buffers 100663296 bytes
Redo Buffers 2932736 bytes
Database mounted.
Database opened.
SQL> alter rollback segment system shrink;
Rollback segment altered.
SQL>
I'm trying to boot a Debian Wheezy Image, Ker 3.8 on my BeagleCore (a smaller version of BeagleBone) with TI AM335x Cortex-A8 processor.
I took the Debian Image from beagleboard site.
When I try to boot, on a serial interface for debug, I get this messages:
U-Boot SPL 2016.01-00001-g4eb802e (Jan 13 2016 - 11:14:31)
Trying to boot from MMC
bad magic
U-Boot 2016.01-00001-g4eb802e (Jan 13 2016 - 11:14:31 -0600), Build: jenkins-github_Bootloader-Builder-313
Watchdog enabled
I2C: ready
DRAM: 512 MiB
Reset Source: Power-on reset has occurred.
MMC: OMAP SD/MMC: 0, OMAP SD/MMC: 1
Using default environment
Net: <ethaddr> not set. Validating first E-fuse MAC
Could not get PHY for cpsw: addr 0
cpsw, usb_ether
Press SPACE to abort autoboot in 2 seconds
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0:1...
gpio: pin 56 (gpio 56) value is 0
gpio: pin 55 (gpio 55) value is 0
gpio: pin 54 (gpio 54) value is 0
gpio: pin 53 (gpio 53) value is 1
switch to partitions #0, OK
mmc0 is current device
gpio: pin 54 (gpio 54) value is 1
Checking for: /uEnv.txt ...
Checking for: /boot.scr ...
Checking for: /boot/boot.scr ...
Checking for: /boot/uEnv.txt ...
gpio: pin 55 (gpio 55) value is 1
2181 bytes read in 16 ms (132.8 KiB/s)
Loaded environment from /boot/uEnv.txt
Checking if uname_r is set in /boot/uEnv.txt...
gpio: pin 56 (gpio 56) value is 1
Running uname_boot ...
loading /boot/vmlinuz-3.8.13-bone79 ...
5644336 bytes read in 333 ms (16.2 MiB/s)
loading /boot/dtbs/3.8.13-bone79/am335x-boneblack.dtb ...
26118 bytes read in 24 ms (1 MiB/s)
loading /boot/initrd.img-3.8.13-bone79 ...
2905600 bytes read in 179 ms (15.5 MiB/s)
debug: [console=ttyO0,115200n8 capemgr.enable_partno=BB-UART1,BB-UART2,BB-UART4,BB-UART5 capemgr.disable_partno=BB-BONELT-HDMI,BB-BONELT-HDMIN root=UUID=4d8c9d4c-a16d-47ac-a32c-43d0155df072 ro rootfstype=ext4 rootwait coherent_pool=1M quiet init=/lib/systemd/systemd cape_universal=enable] ...
debug: [bootz 0x82000000 0x88080000:2c5600 0x88000000] ...
Kernel image # 0x82000000 [ 0x000000 - 0x562030 ]
## Flattened Device Tree blob at 88000000
Booting using the fdt blob at 0x88000000
Loading Ramdisk to 8fd3a000, end 8ffff600 ... OK
Loading Device Tree to 8fd30000, end 8fd39605 ... OK
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
[ 0.384810] omap2_mbox_probe: platform not supported
[ 0.540541] tps65217-bl tps65217-bl: no platform data provided
[ 0.604330] bone-capemgr bone_capemgr.9: slot #0: No cape found
[ 0.641437] bone-capemgr bone_capemgr.9: slot #1: No cape found
[ 0.678546] bone-capemgr bone_capemgr.9: slot #2: No cape found
[ 0.715656] bone-capemgr bone_capemgr.9: slot #3: No cape found
[ 0.741854] omap_hsmmc mmc.5: of_parse_phandle_with_args of 'reset' failed
[ 0.803809] pinctrl-single 44e10800.pinmux: pin 44e10854 already requested by 44e10800.pinmux; cannot claim for gpio-leds.8
[ 0.815463] pinctrl-single 44e10800.pinmux: pin-21 (gpio-leds.8) status -22
[ 0.822748] pinctrl-single 44e10800.pinmux: could not request pin 21 on device pinctrl-single
[ 0.893233] Unhandled fault: external abort on non-linefetch (0x1008) at 0xe0858c20
[ 0.901225] Internal error: : 1008 [#1] SMP THUMB2
[ 0.906217] Modules linked in:
[ 0.909405] CPU: 0 Not tainted (3.8.13-bone79 #1)
[ 0.914691] PC is at cpts_fifo_read.constprop.1+0x18/0xc4
[ 0.920317] LR is at cpts_systim_read+0x11/0x7c
[ 0.925040] pc : [<c0326468>] lr : [<c0326761>] psr: 000001b3
[ 0.925040] sp : df071db8 ip : 00000000 fp : de231664
[ 0.936993] r10: de231000 r9 : de231758 r8 : c084e0c0
[ 0.942440] r7 : 00000001 r6 : ffffffff r5 : 00000010 r4 : de231670
[ 0.949241] r3 : e0858c00 r2 : 00000001 r1 : de2316d0 r0 : de231670
[ 0.956039] Flags: nzcv IRQs off FIQs on Mode SVC_32 ISA Thumb Segment kernel
[ 0.963925] Control: 50c5387d Table: 80004019 DAC: 00000015
[ 0.969907] Process swapper/0 (pid: 1, stack limit = 0xdf070240)
[ 0.976163] Stack: (0xdf071db8 to 0xdf072000)
[ 0.980699] 1da0: e0858c00 de2316d0
[ 0.989219] 1dc0: de2316bc 35318bf5 00000000 0000001d c052e7a8 c0326761 de2316e8 de2316bc
[ 0.997740] 1de0: 35318bf5 c00611f1 de231670 20000113 de2316e8 c0326927 35318bf5 00000000
[ 1.006259] 1e00: 00000000 00000004 df0d5410 de231000 df0d5400 c0325bab df0d8ac0 de231540
[ 1.014775] 1e20: c0893bb8 0000002b de231540 df0d5400 df0d5410 00000005 00000000 df0d5410
[ 1.023298] 1e40: e0858800 e0858a00 e0858a20 e0858a40 e0858a60 e08588c0 e08588e0 00000008
[ 1.031813] 1e60: 00000001 0000003c 4a102000 4a102000 00002000 00000010 00000001 de231298
[ 1.040338] 1e80: e0858d00 0000000a 00000400 00000002 00000020 00000008 df0d5410 c094362c
[ 1.048868] 1ea0: df0d5410 c08b2c40 00000000 c0829039 00000102 c0846d70 00000000 c02c82b1
[ 1.057381] 1ec0: c02c82a1 c02c7753 00000000 df0d5410 c08b2c40 df0d5444 00000000 c02c78b3
[ 1.065896] 1ee0: c08b2c40 c02c7869 00000000 c02c6887 df049478 df0c6180 c08b2c40 c08a8090
[ 1.074421] 1f00: de23d140 c02c7247 c0753554 c08b2c40 c08b2c40 df070000 c08d4180 00000000
[ 1.082937] 1f20: c0829039 c02c7bb5 00000000 c0833968 df070000 c08d4180 00000000 c0829039
[ 1.091461] 1f40: 00000102 c000867f 00000007 00000007 c088bc98 c0833964 c0833968 00000007
[ 1.099978] 1f60: c0833948 c08d4180 c080d1c9 c0846d70 00000000 c080d6a3 00000007 00000007
[ 1.108503] 1f80: c080d1c9 c0d60fc0 00000000 c04ccfb1 00000000 00000000 00000000 00000000
[ 1.117013] 1fa0: 00000000 c04ccfb7 00000000 c000c8fd 00000000 00000000 00000000 00000000
[ 1.125537] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 1.134055] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[ 1.142587] [<c0326468>] (cpts_fifo_read.constprop.1+0x18/0xc4) from [<c0326761>] (cpts_systim_read+0x11/0x7c)
[ 1.153018] [<c0326761>] (cpts_systim_read+0x11/0x7c) from [<c00611f1>] (timecounter_init+0x11/0x1c)
[ 1.162545] [<c00611f1>] (timecounter_init+0x11/0x1c) from [<c0326927>] (cpts_register+0xf3/0x1b8)
[ 1.171894] [<c0326927>] (cpts_register+0xf3/0x1b8) from [<c0325bab>] (cpsw_probe+0x823/0x960)
[ 1.180877] [<c0325bab>] (cpsw_probe+0x823/0x960) from [<c02c82b1>] (platform_drv_probe+0x11/0x14)
[ 1.190222] [<c02c82b1>] (platform_drv_probe+0x11/0x14) from [<c02c7753>] (driver_probe_device+0x53/0x168)
[ 1.200282] [<c02c7753>] (driver_probe_device+0x53/0x168) from [<c02c78b3>] (__driver_attach+0x4b/0x4c)
[ 1.210093] [<c02c78b3>] (__driver_attach+0x4b/0x4c) from [<c02c6887>] (bus_for_each_dev+0x27/0x48)
[ 1.219521] [<c02c6887>] (bus_for_each_dev+0x27/0x48) from [<c02c7247>] (bus_add_driver+0xe3/0x168)
[ 1.228949] [<c02c7247>] (bus_add_driver+0xe3/0x168) from [<c02c7bb5>] (driver_register+0x3d/0xc4)
[ 1.238289] [<c02c7bb5>] (driver_register+0x3d/0xc4) from [<c000867f>] (do_one_initcall+0x1f/0xf4)
[ 1.247630] [<c000867f>] (do_one_initcall+0x1f/0xf4) from [<c080d6a3>] (kernel_init_freeable+0xc3/0x158)
[ 1.257516] [<c080d6a3>] (kernel_init_freeable+0xc3/0x158) from [<c04ccfb7>] (kernel_init+0x7/0x98)
[ 1.266951] [<c04ccfb7>] (kernel_init+0x7/0x98) from [<c000c8fd>] (ret_from_fork+0x11/0x34)
[ 1.275659] Code: 2701 f100 09e8 6823 (6a1a) 07d3
[ 1.280655] ---[ end trace b2036333b4d03ad2 ]---
[ 1.285687] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
With a Debian Jessie image, Ker 4.4, board is booting normally.
Any idea how to solve this, is kindly appreciated.
Thank you.
As per my knowledge there was some issue with CTPS driver in kernel V3.13 (forget the exact kernel version). So it was an open issue. May be with newer kernel version they have fixed it. If you have the source code then try by disabling the CTPS driver CONFIG_TI_CPTS=n.
I have a script that initializes a driver on startup, which worked beautifully before I enabled kernel tracing and recompiled the kernel to try and debug an issue with a piece of software. If I try to initialize the driver in any way (modprobe, insmod, etc) this output prints to the screen:
[ 26.263308] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 26.263322] IP: [<c108664d>] trace_module_notify+0x16b/0x20a
[ 26.263325] *pde = 00000000
[ 26.263329] Oops: 0000 [#1] PREEMPT SMP
[ 26.263335] Modules linked in: phddrv(O+)
[ 26.263343] Pid: 704, comm: insmod Tainted: G O 3.6.3-rt9 #21 Advanced Digital Logic, Inc CB4053/ADLS15PC
[ 26.263346] EIP: 0060:[<c108664d>] EFLAGS: 00010213 CPU: 0
[ 26.263350] EIP is at trace_module_notify+0x16b/0x20a
[ 26.263353] EAX: ee6e9274 EBX: f082550c ECX: ee6e920c EDX: f082550c
[ 26.263356] ESI: 00000000 EDI: ee6e92dc EBP: ee6ebf4c ESP: ee6ebf24
[ 26.263359] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 26.263362] CR0: 8005003b CR2: 00000000 CR3: 2f2ea000 CR4: 000007d0
[ 26.263365] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 26.263367] DR6: ffff0ff0 DR7: 00000400
[ 26.263371] Process insmod (pid: 704, ti=ee6ea000 task=ef218000 task.ti=ee6ea000)
[ 26.263372] Stack:
[ 26.263381] ee6e9274 ee6e9344 ee6e92dc ee6e920c ee6e9274 ee6e9344 c2086424 c15a5d58
[ 26.263388] 00000000 00000001 ee6ebf68 c1046d33 f082550c c15a51bc c15a3778 00000000
[ 26.263396] c15a3790 ee6ebf8c c1046fa9 fffffffd 00000000 f082550c 00000001 f082550c
[ 26.263397] Call Trace:
[ 26.263407] [<c1046d33>] notifier_call_chain+0x2b/0x4d
[ 26.263413] [<c1046fa9>] __blocking_notifier_call_chain+0x3c/0x51
[ 26.263419] [<c1046fcf>] blocking_notifier_call_chain+0x11/0x13
[ 26.263426] [<c10671b7>] sys_init_module+0x57/0x190
[ 26.263434] [<c13a3d10>] sysenter_do_call+0x12/0x26
[ 26.263489] Code: 00 c7 42 04 64 5d 5a c1 89 15 64 5d 5a c1 89 45 ec 8d 42 74 83 c2 0c 89 45 e8 89 55 e4 eb 19 57 8b 4d e4 89 da ff 75 ec ff 75 e8 <8b> 06 83 c6 04 e8 c2 fb ff ff 83 c4 0c 3b 75 f0 72 e2 eb 77 b8
[ 26.263495] EIP: [<c108664d>] trace_module_notify+0x16b/0x20a SS:ESP 0068:ee6ebf24
[ 26.263497] CR2: 0000000000000000
[ 26.267381] ---[ end trace 0000000000000002 ]---
Any hint as to what is going on would be greatly appreciated!
I got similar issue as yours (almost the same stack trace of panic).
The root cause on my side is that after I changed the kernel config (enable trace point) I only rebuilt the kernel bzImage but forgot to rebuilt the ko modules! That may cause some execution mismatch between the new kernel and old ko modules.
After rebuild and update both kernel image and ko modules, the issue is gone.
Somewhere in the driver there is a NULL pointer. A pointer variabile has value NULL and the driver is trying to use it.
myPtr->value; /* if myPtr is NULL, this will raise the kernel oops */
You have to debug the driver to find where and why there is a NULL pointer
I have already encountered some Oops in my developer's life and whereas I am familiar with some information that I can retrieve from these Oops, there are still pieces of information I can't understand and therefore, can't use to solve problems.
Below you will find an Oops example and I will describe what I can deduce from it. Then, I will ask what the remaining info can teach me about the problem.
[ 716.485951] BUG: unable to handle kernel paging request at fc132158
[ 716.485973] IP: [<fc1936e7>] ubi_change_vtbl_record+0x87/0x1c0 [ubi]
[ 716.485986] *pdpt = 00000000019e6001 *pde = 000000002c558067 *pte = 0000000000000000
[ 716.485997] Oops: 0002 [#1] SMP
[ 716.486004] Modules linked in: ubi(O) mtdchar nandsim nand mtd nand_ids nand_bch bch nand_ecc bnep rfcomm bluetooth parport_pc ppdev lp parport nfsd nfs_acl auth_rpcgss nfs fscache lockd sunrpc binfmt_misc dm_crypt snd_hda_codec_hdmi snd_hda_codec_analog kvm_intel snd_hda_intel snd_hda_codec snd_hwdep kvm snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event hid_generic snd_seq cdc_acm snd_timer snd_seq_device mei tpm_tis snd mac_hid serio_raw soundcore lpc_ich snd_page_alloc microcode coretemp usbhid hid nouveau usb_storage ttm drm_kms_helper drm floppy e1000e i2c_algo_bit mxm_wmi video wmi
[ 716.486128] Pid: 3994, comm: ubimkvol Tainted: G O 3.8.0-rc3+ #3 LENOVO 6239AS8/LENOVO
[ 716.486136] EIP: 0060:[<fc1936e7>] EFLAGS: 00010246 CPU: 0
[ 716.486144] EIP is at ubi_change_vtbl_record+0x87/0x1c0 [ubi]
[ 716.486151] EAX: 000000ac EBX: eb5ea000 ECX: 0000002b EDX: 00000000
[ 716.486157] ESI: eb4d1d74 EDI: fc132158 EBP: eb4d1d40 ESP: eb4d1d20
[ 716.486164] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 716.486170] CR0: 8005003b CR2: fc132158 CR3: 27542000 CR4: 000407f0
[ 716.486176] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 716.486183] DR6: ffff0ff0 DR7: 00000400
[ 716.486188] Process ubimkvol (pid: 3994, ti=eb4d0000 task=ec01d9b0 task.ti=eb4d0000)
[ 716.486195] Stack:
[ 716.486199] e755f000 eb4d1d2c c11cad11 eb4d1d34 eb543c00 eb5ea000 00000000 eb4d1e20
[ 716.486215] eb4d1e30 fc195412 e755f000 fc1adf01 eb5ea26c 00000002 0000009e eb5ea480
[ 716.486232] 00000002 e755f22c e755f2ac e755f000 eb4d1d74 2a000000 01000000 00000000
[ 716.486248] Call Trace:
[ 716.486257] [<c11cad11>] ? sysfs_create_file+0x21/0x30
[ 716.486266] [<fc195412>] ubi_create_volume+0x4b2/0x790 [ubi]
[ 716.486277] [<fc19967a>] ubi_cdev_ioctl+0x5da/0xac0 [ubi]
[ 716.486285] [<c117202a>] ? link_path_walk+0x5a/0x7d0
[ 716.486294] [<fc1990a0>] ? vol_cdev_ioctl+0x440/0x440 [ubi]
[ 716.486842] [<c1177e12>] do_vfs_ioctl+0x82/0x5b0
[ 716.487703] [<c1171ced>] ? final_putname+0x1d/0x40
[ 716.488564] [<c1171ced>] ? final_putname+0x1d/0x40
[ 716.489422] [<c1171ced>] ? final_putname+0x1d/0x40
[ 716.489891] [<c1171eb4>] ? putname+0x24/0x40
[ 716.489891] [<c1167239>] ? do_sys_open+0x169/0x1d0
[ 716.489891] [<c11783b0>] sys_ioctl+0x70/0x80
[ 716.489891] [<c16205cd>] sysenter_do_call+0x12/0x38
[ 716.489891] Code: ac 00 00 00 03 bb c8 04 00 00 f7 c7 01 00 00 00 0f 85 ee 00 00 00 f7 c7 02 00 00 00 0f 85 ca 00 00 00 89 c1 31 d2 c1 e9 02 a8 02 <f3> a5 74 0b 0f b7 16 66 89 17 ba 02 00 00 00 a8 01 74 07 0f b6
[ 716.489891] EIP: [<fc1936e7>] ubi_change_vtbl_record+0x87/0x1c0 [ubi] SS:ESP 0068:eb4d1d20
[ 716.489891] CR2: 00000000fc132158
[ 716.516453] ---[ end trace 473b15a7780e19ea ]---
It seems that the kernel wanted to access a wrong page. Now,
The Oops code 0002 tells me that it occurred while trying to read something in user-mode.
The Instruction Pointer is at ubi_change_vtbl_record, which means the offending instruction is located in this function.
I can deduce the path that lead to the faulting function from the
call trace (an ioctl launched from process ubimkvol)
From there, Is the "stack" a dump of the raw stack of the task ? I can see that some values mentioned are also function addresses found in the call trace. Then, I got fancy looking values like EAX, EBX ... DR7. I think they are CPU registers but still, I don't know what they really are.
Finally, the following line gets me lost :
[ 716.485986] *pdpt = 00000000019e6001 *pde = 000000002c558067 *pte = 0000000000000000
What are pdpt, pde and pte ? I feel they are information about the page fault but I could not retrieve further information after some googling around.
Yes, EAX, etc. are 32-bit x86 processor registers. pdpt (page directory pointer table), pde (page directory entry), and pte (page table entry) are all paging structures.
IP (also EIP for 32-bit or RIP for 64-bit processors) is the instruction pointer at the time of the Oops.
The stack is the raw stack for this processor. Each processor will have its own stack. Note that on this architecture the stack grows down (addresses start with 0xfxxxxxx).
Correct me if I am wrong but,
OOPS 0002 means no page found when writing in kernel mode:
bit 0 == 0 means no page found, 1 means a protection fault
bit 1 == 0 means read, 1 means write
bit 2 == 0 means kernel, 1 means user-mode