Linux kernel debug - RIP and RSP points to same address range

[Tony Mathew]

Hi All,

This is with respect to a linux kernel crash. 

Can someone tell me a scenario where  an RIP value is in the range os RSP's address?  Example RIP: 0xffffbe63d67937e0 and RSP: 0xffffbe63d6793798? . Usually RIP will be pointing to the text section that will have a different address range than that of stack pointer. 

**I don't have the crash dump with me**. I was asked this question by another person.

Regards,

Mathew

[Anil Kumar Pugalia]

Many reasons. But basically, some corruption in pointer values. For example, if there is call to a function through invalid function pointer. Or, buffer overflow causing an invalid address load in stack pointer, etc.

Regards
Anil

Passion: https://sysplay.in (Playing with Systems)

Tony Mathew wrote on 01/03/24 6:29 pm:

--
You received this message because you are subscribed to the Google Groups "SysPlay's Inside Linux" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inside_linux...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/CAAaR2_Lv5uN%2BFNOKYd5RTZ7ocS5_BnFU1Vo45guQ-e00RT3%2BMA%40mail.gmail.com.

[Tony Mathew]

Hi Anil Sir,

Right, I think may be some stack corruption. Hard to debug this as no "Call Trace:" printed.

Thanks!

Regards,

Tony

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/f326bb63-6151-4e0a-4d40-804b09f88d81%40sarika-pugs.com.

[Anil Kumar Pugalia]

Try to step through before the crash.

Regards
Anil

Passion: https://sysplay.in (Playing with Systems)

Tony Mathew wrote on 05/03/24 12:39 pm:

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/CAAaR2_K9j0SU8f3HxGfFP332%3DjpBbd604L%3D-GYt0p%2BLQzZSCdQ%40mail.gmail.com.