Oops Code
Oops: 0002 [#1] PREEMPT SMP
This is the error code value in hex. Each bit has a significance of its own:
- bit 0 == 0 means no page found, 1 means a protection fault
- bit 1 == 0 means read, 1 means write
- bit 2 == 0 means kernel, 1 means user-mode
- [#1] — this value is the number of times the Oops occurred. Multiple Oops can be triggered as a cascading effect of the first one.
http://www.linuxforu.com/2011/01/understanding-a-kernel-oops
CPU: 1 PID: 162 Comm: surfaceflinger Tainted: G W O 3.10.20-262458-ge1b992c #1
This denotes on which CPU the error occurred.
The Tainted flag points to P here. Each flag has its own meaning. A few other flags, and their meanings, picked up from kernel/panic.c:
- P — Proprietary module has been loaded.
- F — Module has been forcibly loaded.
- S — SMP with a CPU not designed for SMP.
- R — User forced a module unload.
- M — System experienced a machine check exception.
- B — System has hit bad_page.
- U — Userspace-defined naughtiness.
- A — ACPI table overridden.
- W — Taint on warning.
http://www.linuxforu.com/2011/01/understanding-a-kernel-oops
5 # options: set env. variable AFLAGS=options to pass options to "as";
6 # e.g., to decode an i386 oops on an x86_64 system, use:
7 # AFLAGS=--32 decodecode < 386.oops
Decode Code
# scripts/decodecode
$ cd kernel_src_folder
$ scripts/decode code < oops.txt
or
$ echo "Code: 16 01 00 00 39 45 08 72 60 8b 3d 40 09 fb c1 89 5d d4 eb \
27 90 8d 74 26 00 8b 4e 18 81 f9 fc c3 de c1 0f 84 e9 00 00 00 8d 71 \
e8 <8b> 49 e8 39 c1 0f 83 db 00 00 00 3b 45 08 77 20 8d 04 17 89 cb" \
| scripts/decodecode
Output as below:
All code
========
0: 16 (bad)
1: 01 00 add %eax,(%rax)
3: 00 39 add %bh,(%rcx)
5: 45 08 72 60 or %r14b,0x60(%r10)
9: 8b 3d 40 09 fb c1 mov -0x3e04f6c0(%rip),%edi # 0xffffffffc1fb094f
f: 89 5d d4 mov %ebx,-0x2c(%rbp)
12: eb 27 jmp 0x3b
14: 90 nop
15: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi
19: 8b 4e 18 mov 0x18(%rsi),%ecx
1c: 81 f9 fc c3 de c1 cmp $0xc1dec3fc,%ecx
22: 0f 84 e9 00 00 00 je 0x111
28: 8d 71 e8 lea -0x18(%rcx),%esi
2b:* 8b 49 e8 mov -0x18(%rcx),%ecx <-- trapping instruction
2e: 39 c1 cmp %eax,%ecx
30: 0f 83 db 00 00 00 jae 0x111
36: 3b 45 08 cmp 0x8(%rbp),%eax
39: 77 20 ja 0x5b
3b: 8d 04 17 lea (%rdi,%rdx,1),%eax
3e: 89 cb mov %ecx,%ebx
Code starting with the faulting instruction
===========================================
0: 8b 49 e8 mov -0x18(%rcx),%ecx
3: 39 c1 cmp %eax,%ecx
5: 0f 83 db 00 00 00 jae 0xe6
b: 3b 45 08 cmp 0x8(%rbp),%eax
e: 77 20 ja 0x30
10: 8d 04 17 lea (%rdi,%rdx,1),%eax
13: 89 cb mov %ecx,%ebx
Where to Get Code
“Code: …” comes from kernel log Oops.
[166357.529863] BUG: unable to handle kernel paging request at ffffffe8
[166357.529901] IP: [<c131ef5a>] alloc_vmap_area.isra.20+0x12a/0x2c0
[166357.529924] *pdpt = 0000000001f1c001 *pde = 0000000001f20067 *pte = 0000000000000000
[166357.529950] Oops: 0000 [#1] PREEMPT SMP
[166357.529973] Modules linked in: atomisp_css2300 lm3554 mt9m114 ov8830 compat(O) rmi4 st_drv videobuf_vmalloc videobuf_core matrix(O) hdmi_audio pvrsgx wl12xx(O) mac80211(O) cfg80211(O) wl12xx_sdio(O) pnwdisp
[166357.530079] CPU: 1 PID: 6779 Comm: iptables Tainted: G W O 3.10.20-262458-ge1b992c #1
[166357.530090] Hardware name: Intel Corporation CloverTrail/FFRD, BIOS 406 2013.10.16:10.18.10
[166357.530102] task: cd195110 ti: cd5b8000 task.ti: cd5b8000
[166357.530117] EIP: 0060:[<c131ef5a>] EFLAGS: 00010213 CPU: 1
[166357.530134] EIP is at alloc_vmap_area.isra.20+0x12a/0x2c0
[166357.530145] EAX: e8db4000 EBX: 00000000 ECX: 00000000 EDX: e8db2000
[166357.530154] ESI: ffffffe8 EDI: 00001000 EBP: cd5b9dcc ESP: cd5b9d98
[166357.530165] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[166357.530175] CR0: 80050033 CR2: ffffffe8 CR3: 0d5b6000 CR4: 000007f0
[166357.530185] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[166357.530195] DR6: ffff0ff0 DR7: 00000400
[166357.530204] Stack:
[166357.530212] cd5b9dcc c132b08a 00002000 c75ca600 00000000 00000000 dec00000 ffffffff
[166357.530261] dec00000 00000001 c75ca180 00000022 00000001 cd5b9dec c131f177 ffbfe000
[166357.530304] 000080d2 00001000 ffbfe000 80000000 ffffffff cd5b9e20 c131fe47 dec00000
[166357.530354] Call Trace:
[166357.530371] [<c132b08a>] ? kmem_cache_alloc_trace+0xaa/0x170
[166357.530388] [<c131f177>] __get_vm_area_node.isra.21+0x87/0x160
[166357.530402] [<c131fe47>] __vmalloc_node_range+0x57/0x200
[166357.530417] [<c18c3da6>] ? do_ipt_get_ctl+0x1a6/0x320
[166357.530431] [<c1320052>] __vmalloc_node+0x62/0x70
[166357.530445] [<c18c3da6>] ? do_ipt_get_ctl+0x1a6/0x320
[166357.530459] [<c1320278>] vzalloc+0x38/0x40
[166357.530473] [<c18c3da6>] ? do_ipt_get_ctl+0x1a6/0x320
[166357.530488] [<c18c3da6>] do_ipt_get_ctl+0x1a6/0x320
[166357.530503] [<c1460fc7>] ? avc_has_perm_flags+0xc7/0x170
[166357.530521] [<c1862d10>] nf_getsockopt+0x40/0x60
[166357.530536] [<c1883804>] ip_getsockopt+0x84/0xc0
[166357.530551] [<c18a2982>] raw_getsockopt+0x32/0xb0
[166357.530567] [<c1830e77>] sock_common_getsockopt+0x27/0x40
[166357.530582] [<c183035e>] SyS_getsockopt+0x6e/0xe0
[166357.530598] [<c1830be9>] SyS_socketcall+0x2b9/0x300
[166357.530615] [<c14b88b8>] ? trace_hardirqs_on_thunk+0xc/0x10
[166357.530631] [<c195e698>] syscall_call+0x7/0xb
[166357.530642] Code: 16 01 00 00 39 45 08 72 60 8b 3d 40 09 fb c1 89 5d d4 eb 27 90 8d 74 26 00 8b 4e 18 81 f9 fc c3 de c1 0f 84 e9 00 00 00 8d 71 e8 <8b> 49 e8 39 c1 0f 83 db 00 00 00 3b 45 08 77 20 8d 04 17 89 cb
[166357.530945] EIP: [<c131ef5a>] alloc_vmap_area.isra.20+0x12a/0x2c0 SS:ESP 0068:cd5b9d98
[166357.530971] CR2: 00000000ffffffe8
Oops Tracing
Tainted kernels from kernel/Documentation/oops-tracing.txt
222 Tainted kernels:
223
224 Some oops reports contain the string 'Tainted: ' after the program
225 counter. This indicates that the kernel has been tainted by some
226 mechanism. The string is followed by a series of position-sensitive
227 characters, each representing a particular tainted value.
228
229 1: 'G' if all modules loaded have a GPL or compatible license, 'P' if
230 any proprietary module has been loaded. Modules without a
231 MODULE_LICENSE or with a MODULE_LICENSE that is not recognised by
232 insmod as GPL compatible are assumed to be proprietary.
233
234 2: 'F' if any module was force loaded by "insmod -f", ' ' if all
235 modules were loaded normally.
236
237 3: 'S' if the oops occurred on an SMP kernel running on hardware that
238 hasn't been certified as safe to run multiprocessor.
239 Currently this occurs only on various Athlons that are not
240 SMP capable.
241
242 4: 'R' if a module was force unloaded by "rmmod -f", ' ' if all
243 modules were unloaded normally.
244
245 5: 'M' if any processor has reported a Machine Check Exception,
246 ' ' if no Machine Check Exceptions have occurred.
247
248 6: 'B' if a page-release function has found a bad page reference or
249 some unexpected page flags.
250
251 7: 'U' if a user or user application specifically requested that the
252 Tainted flag be set, ' ' otherwise.
253
254 8: 'D' if the kernel has died recently, i.e. there was an OOPS or BUG.
255
256 9: 'A' if the ACPI table has been overridden.
257
258 10: 'W' if a warning has previously been issued by the kernel.
259 (Though some warnings may set more specific taint flags.)
260
261 11: 'C' if a staging driver has been loaded.
262
263 12: 'I' if the kernel is working around a severe bug in the platform
264 firmware (BIOS or similar).
265
266 13: 'O' if an externally-built ("out-of-tree") module has been loaded.
267
268 The primary reason for the 'Tainted: ' string is to tell kernel
269 debuggers if this is a clean kernel or if anything unusual has
270 occurred. Tainting is permanent: even if an offending module is
271 unloaded, the tainted value remains to indicate that the kernel is not
272 trustworthy.
Steps
1. Download vmlinux.bz2
2. bunzip vmlinux.bz2
3. objdump -C -S vmlinux > vmlinux.s
4. grep -n ffffffff8206b829 vmlinux.s (RIP address)
5. sed -n 'mmmm,nnnnnp' vmlinux.s | vim -