How to debug kernel traps while executing the C program in Linux

Question

While executing the c program in linux the dmesg shows

traps: unpackcpb[27729] general protection fault ip:7f4f2576cb85 sp:7ffe72081130 error:0 in libc-2.28.so[7f4f256fb000+1b9000]

unpackcpb is a very old program written in 2013, and now iam compiling it. while executing it gives Segmentation fault (core dumped)

/*
 * =====================================================================================
 *
 *       Filename:  cpbtool.c
 *
 *    Description:  一个分解酷派刷机文件.cpb文件的程序
 *
 *        Version:  1.0
 *        Created:  2013年05月07日 18时55分53秒
 *       Revision:  none
 *       Compiler:  clang
 *
 *         Author:  linkscue (scue), 
 *   Organization:  不告诉你。
 *
 * =====================================================================================
 */


#include    <stdio.h>
#include    <stdlib.h>
#include <string.h>

#define u8 unsigned char
#define u32 unsigned int
#define u16 unsigned short

typedef struct {
    u8 cp_magic[4];                             /* coolpad file magic */
    u8 cp_version[32];                          /* coolpad head version */
    u8 model[32];                               /* coolpad phone model */
    u8 flag_p2[16];                             /* alway is P2 string */
    u8 version[64];                             /* phone version or rom name */
    u8 file_form[256];                          /* where the rom come from */
    u8 information[12];                         /* some information, but unkown */
    u32 image_offset;                           /* entrance offset of image */
    u32 cpb_filesize;                           /* the size of whole cpb file */
    u8 reverse[128];                            /* never use, remain for future */
    u32 checksum;                               /* here maybe is a checksum */
} cpb_head;

typedef struct {                                /* 76 bytes */
    u8 filename[64];                            /* image filename */
    u32 image_offset;                           /* image offset */
    u32 image_size;                             /* image filesize */
    u32 checksum;                               /* here maybe is a checksum */
} image_t;

//分解文件函数；
void splitFile(char *file){

    FILE *fd = NULL;
    FILE *ft = NULL;
    int i=0,imagecount=0;
    cpb_head header;
    image_t images[10];
    printf("\n");
    printf("Welcome to use unpackcpb tool by scue@ATX(bbs.anzhi.com), 2013-05-09, weibo.com/scue.\n");
    printf("\n");

    if ( (fd=fopen(file,"rb")) == NULL ) {      /* 打开文件进行操作 */
        printf ( "Extract cpb file, open %s failure!\n", file );
        exit(1);
    }

    fread(&header, sizeof(header), 1, fd);
    for ( i=0; ( ftell(fd) < (header.image_offset) ); i++ ){
        fread(&images[i], sizeof(image_t), 1, fd);
        imagecount++;
    }
    //开始解压数据；
    int size=0,n=0,count=0,offset=0;
    unsigned char imagename[32]="";
    unsigned char buffer[4]="";              /* 创建缓冲区 */
    for( i=0; i < imagecount; i++ ){
        strncpy(imagename, images[i].filename, sizeof(imagename));
        /*-----------------------------------------------------------------------------
         *  从这里开始，不同的酷派手机，
         *  可能会被穿插入一部分未知的字节数，要视情况对offset的值进行修改，
         *  提示一点，所有的Android手机，boot.img的MAGIC必须是‘ANDROID!’。
         *-----------------------------------------------------------------------------*/
        offset=images[i].image_offset;
        size=images[i].image_size;
        if ( size != 0 ) {
            if ( ( ft=fopen(imagename,"wb") ) == NULL ){
                printf("Extract cpb file, open %s failure!\n",imagename);
            }
            fseek( fd, offset, SEEK_SET);                /* 跳转至数据段 */
            printf("Extract: %-15s offset: 0x%08x  size: %d\n",imagename, offset, size);
            n=0;count=0;
            while ( count < size )  {
                n  = fread(buffer,1, sizeof(buffer), fd);
                fwrite(buffer, n, 1, ft);
                count+=n;
            }
        }
    }
    fclose(fd);
//    printf("Extract cpb file done!\n");
}

/* 
 * ===  FUNCTION  ======================================================================
 *         Name:  main
 *  Description:  仅分解.cpb文件，不含重新制作.cpb文件的部分
 *                在一些酷派手机固件中，官方会把文件结尾的一部分内容，穿插至cpb文件中
 *                穿插的部分字节不确定，所以要视不同的酷派手机固件重写这个cpbtool.c程序
 * =====================================================================================
 */
int main ( int argc, char *argv[] )
{
    if (argc==1) {
        printf("usage:%s cpb file.\n", argv[0]);
        exit(0);
    }
    
//    printf("argc is %d\n",argc);
    char *cpb;
    cpb=argv[1];
    splitFile(cpb);

    return EXIT_SUCCESS;
}

hex dump first page of the cpb file is

00000000   43 50 01 08  33 36 30 30  49 00 00 00  00 00 00 00  CP..3600I.......
00000010   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
00000020   00 00 00 00  36 2E 30 2E  30 32 35 2E  50 30 2E 31  ....6.0.025.P0.1
00000030   36 31 30 31  37 2E 33 36  30 30 49 00  00 00 00 00  61017.3600I.....
00000040   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
00000050   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
00000060   00 00 00 00  16 29 0D 25  58 35 54 2B  21 43 2C 26  .....).%X5T+!C,&
00000070   56 4E 31 14  36 2E 4C 05  08 24 14 5C  3E 1A 50 5E  VN1.6.L..$.\>.P^
00000080   13 04 4E 29  2E 5B 1F 56  60 43 1E 1E  22 4A 14 14  ..N).[.V`C.."J..
00000090   05 45 5C 3B  43 45 10 4C  05 24 14 13  0E 00 0D 21  .E\;CE.L.$.....!
000000A0   39 2B 1A 03  23 39 59 1F  19 47 0D 3B  62 22 50 03  9+..#9Y..G.;b"P.
000000B0   37 48 0E 17  00 00 00 49  48 C0 8C 29  EF 3F 7D F7  7H.....IH..).?}.
000000C0   B5 F4 78 47  A4 DB D0 E2  71 3C F7 A6  44 52 7D 0B  ..xG....q<..DR}.
000000D0   95 B0 2A 7F  E0 32 9F C8  93 D3 43 83  27 A0 CA 4A  ..*..2....C.'..J
000000E0   DA F0 DB BF  D0 6C 3D 4C  1B 45 40 1D  7D F4 A7 76  .....l=L.E@.}..v
000000F0   BB 24 BD 1C  A9 22 B0 61  6D 61 D7 0F  CD 78 F7 83  .$...".ama...x..
00000100   16 00 00 00  00 00 00 49  48 11 22 CE  46 90 1C DE  .......IH.".F...
00000110   9D AE 4B 48  71 71 1D 2C  51 3C 85 14  7A EE 7C A5  ..KHqq.,Q<..z.|.
00000120   58 CB 79 14  D4 B1 44 60  32 73 B7 0B  FD F4 76 02  X.y...D`2s....v.
00000130   E1 09 D0 D9  52 6B CB 1D  91 99 A5 11  42 02 29 36  ....Rk......B.)6
00000140   BB 1C 8A 8E  82 47 F9 CC  FB 15 D1 C0  EE 5B E8 34  .....G.......[.4
00000150   A4 00 00 00  EC E5 3D 2A  31 2D 01 25  42 35 18 2E  ......=*1-.%B5..
00000160   0C 58 66 43  08 10 79 1B  78 0F 21 45  48 30 2C 40  .XfC..y.x.!EH0,@

Can anyone give clue of how to solve this

thanks

Answer 1

There are a few ways to debug this. One way is to sprinkle printfs into the code to determine which libc call is causing the crash. This should be pretty straightforward with a small program like this. Add a printf before each libc call, and the last printf you see is the call which caused the crash. After this, print out the arguments which are being passed to that libc call. It is likely that the program is passing a bad pointer to the call and this is causing the crash.

Another way is to load the core dump in gdb and see where things went wrong. This process is described here: Core dump file analysis. In gdb, you can use the "bt" command to print a backtrace of the function calls leading to the crash.