I have found the following fragment in the Linux kernel (not the corresponding C code though), somewhere during the start up phase. You can clearly see the 0F 0B parts, which stand for the UD2 opcode (IDA refused to disassemble).
There are some possible usages for this opcode explained here and here. In this case, however, the opcodes after this instruction don’t really make sense.
JavaScript
x
seg000:000C059E test edx, edxseg000:000C05A0 jnz short loc_C05AAseg000:000C05A0 ; --------------------------------------------------seg000:000C05A2 db 0Fhseg000:000C05A3 db 0Bhseg000:000C05A4 db 73hseg000:000C05A5 db 0seg000:000C05A6 db 86h ; åseg000:000C05A7 db 4Ah ; Jseg000:000C05A8 db 27h ; 'seg000:000C05A9 db 0C0h ; +seg000:000C05AA ; --------------------------------------------------seg000:000C05AAseg000:000C05AA loc_C05AA: seg000:000C05AA cmp eax, [edi+4]seg000:000C05AD jbe short loc_C05B7seg000:000C05AD ; --------------------------------------------------seg000:000C05AF db 0Fhseg000:000C05B0 db 0Bhseg000:000C05B1 db 75hseg000:000C05B2 db 0seg000:000C05B3 db 86hseg000:000C05B4 db 4Ah ; Jseg000:000C05B5 db 27h ; 'seg000:000C05B6 db 0C0h ; +seg000:000C05B7 ; --------------------------------------------------seg000:000C05B7seg000:000C05B7 loc_C05B7: seg000:000C05B7 add ecx, 0FFFhseg000:000C05BD shr esi, 0Chseg000:000C05C0 shr ecx, 0Chseg000:000C05C3 sub ecx, esiseg000:000C05C5 cmp ecx, ebxseg000:000C05C7 jnb short loc_C05E9seg000:000C05C9 lea esi, [esi+0]seg000:000C05D0seg000:000C05D0 loc_C05D0: seg000:000C05D0 mov edx, [edi+8]seg000:000C05D3 btr [edx], ecxseg000:000C05D6 sbb eax, eaxseg000:000C05D8 test eax, eaxseg000:000C05DA jnz short loc_C05E4seg000:000C05DA ; ------------------------------------------------seg000:000C05DC db 0Fhseg000:000C05DD db 0Bhseg000:000C05DE db 7Fhseg000:000C05DF db 0seg000:000C05E0 db 86h ; åseg000:000C05E1 db 4Ah ; Jseg000:000C05E2 db 27h ; 'seg000:000C05E3 db 0C0h ; +seg000:000C05E4 ; -------------------------------------------------seg000:000C05E4seg000:000C05E4 loc_C05E4: seg000:000C05E4 inc ecxAdvertisement
Answer
It’s the BUG() macro from include/asm-i386/bug.h.
JavaScript
/* * Tell the user there is some problem. * The offending file and line are encoded after the "officially * undefined" opcode for parsing in the trap handler. */#ifdef CONFIG_DEBUG_BUGVERBOSE#define BUG() __asm__ __volatile__( "ud2n" "t.word %c0n" "t.long %c1n" : : "i" (__LINE__), "i" (__FILE__))For example, the one at 0C05AF is for file with name at 0xC0274A86 and line number 117 (0x75).