| name | analyze-oops |
| description | Analyze a kernel Oops from the printk buffer in a PearPC memory dump |
| allowed-tools | Bash, Read, Grep |
| argument-hint | ["dump-file"] |
Analyze Kernel Oops
Use scripts/debug/memdump.py to extract and analyze the Oops.
Steps
-
Extract the Oops:
python3 scripts/debug/memdump.py oops ${ARGUMENTS:-memdump_jit.bin}
-
Decode pt_regs (use the REGS address from the Oops output):
python3 scripts/debug/memdump.py regs DUMP_FILE REGS_ADDRESS
-
Disassemble around NIP and LR (convert VA to PA: PA = VA - 0xC0000000):
python3 scripts/debug/disasm_ppc.py DUMP_FILE PA_OF_NIP 16
python3 scripts/debug/disasm_ppc.py DUMP_FILE PA_OF_LR 16
-
Search for the NIP value in both dumps:
python3 scripts/debug/memdump.py find memdump_generic.bin NIP_VALUE
python3 scripts/debug/memdump.py find memdump_jit.bin NIP_VALUE
-
Check if NIP is a valid address:
- 0xC0xxxxxx = kernel code
- 0xBFxxxxxx = PROM virtual address (prom_mem_phys_to_virt)
- 0xFDxxxxxx = PCI I/O space (not executable)
Report: exception type, faulting address, caller, what the code was trying to do.