When presented with a segfault like this:
segfault at 0 ip b7a64b57 sp bf8fda58 error 4 in libc-2.9.so[b79f1000+13f000] |
tl;dr
Problem happened within libc-2.9.so at 0x73b57 in the function strncmp because of a user-mode read access error trying to access 0x0 (NULL)
Process
Instruction
Find the offending instruction by subtracting the offset, the xxx part of [xxx+yyy] from the ip:
instruction = ip - offset eg: 0x73b57 = 0xb7a64b57 - 0xb79f1000 |
Function
Then from the code we need to list symbols from the object file
$ nm -D -n libc-2.9.so |
We now see that the faulting instruction is greater then strncmp but not into strncpy. Resulting in the problem with a strncmp call.
$ nm -D -n libc-2.9.so | grep 073 ... 000739d0 T strnlen 00073a90 T strncat 00073b30 T strncmp 00073c30 T strncpy 00073d00 W rindex ... |
Error Code
As for what happened we can use the error code bit lookup from this table:
bit 0 == 0: no page found 1: protection fault bit 1 == 0: read access 1: write access bit 2 == 0: kernel-mode access 1: user-mode access bit 3 == 1: use of reserved bit detected bit 4 == 1: fault was an instruction fetch |
Our error 4 or 0b0100 becomes:
- no page found
- read access
- user-mode access
At Pointer
We can also see that the segfault has occurred at or trying to access address 0x0 (NULL).
Work appropriate from:
http://coredump.io/blog/2012/02/23/debugging-segfaults-from-logs-to-gdb/
http://www.enodev.fr/posts/decode-segfault-errors-in-dmesg.html
http://www.doulos.com/knowhow/arm/Embedded_Linux_Debugging_User_Space_Seg_Faults/