Hi all
I am not a specialist in ix86 asm / architecture, therefore a question
here. Under 2.4.30 I've got an Oops below.
<1>Unable to handle kernel NULL pointer dereference at virtual address 00000000
c010c881
<1>*pde = 00000000
Oops: 0002
CPU: 0
EIP: 0010:[<c010c881>] Tainted: P
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010046
eax: 00000000 ebx: c0106df0 ecx: 00000000 edx: 84000018
esi: c02ac000 edi: c0106df0 ebp: c02adfbc esp: c02adf88
ds: 0018 es: 0018 ss: 0018
Process swapper (pid: 0, stackpage=c02ad000)
Stack: c0106df0 00000000 ceadc270 c02ac000 c0106df0 c02adfbc 00000000 c0100018
c02a0018 ffffffef c0106e16 00000010 00000246 c02adfd0 c0106e89 00000814
0009fe00 c0105000 c02adfd8 c010502a c02adff8 c02ae70e c022d6a0 0000f6e0
Call Trace: [<c0106df0>] [<c0106df0>] [<c0106e16>] [<c0106e89>] [<c0105000>]
[<c010502a>]
Code: 8e da 8e c2 89 e0 50 e8 73 8b 00 00 83 c4 04 e9 57 bf ff ff
EIP; c010c881 <apic_timer_interrupt+11/18> <=====
Trace; c0106df0 <default_idle+0/30>
Trace; c0106df0 <default_idle+0/30>
Trace; c0106e16 <default_idle+26/30>
Trace; c0106e89 <cpu_idle+41/54>
Trace; c0105000 <_stext+0/0>
Trace; c010502a <rest_init+2a/30>
Code; c010c881 <apic_timer_interrupt+11/18>
00000000 <_EIP>:
Code; c010c881 <apic_timer_interrupt+11/18> <=====
0: 8e da mov %edx,%ds <=====
Code; c010c883 <apic_timer_interrupt+13/18>
2: 8e c2 mov %edx,%es
Code; c010c885 <apic_timer_interrupt+15/18>
4: 89 e0 mov %esp,%eax
Code; c010c887 <apic_timer_interrupt+17/18>
6: 50 push %eax
Code; c010c888 <call_apic_timer_interrupt+0/10>
7: e8 73 8b 00 00 call 8b7f <_EIP+0x8b7f> c0115400 <smp_apic_timer_interrupt+0/d8>
Code; c010c88d <call_apic_timer_interrupt+5/10>
c: 83 c4 04 add $0x4,%esp
Code; c010c890 <call_apic_timer_interrupt+8/10>
f: e9 57 bf ff ff jmp ffffbf6b <_EIP+0xffffbf6b>
c01087ec <ret_from_intr+0/7>
<0>Kernel panic: Attempted to kill the idle task!
It is tainted as you see, but I just wanted to ask how this could happen
at all? How can writing the %ds cause a NULL-pointer dereference in
kernel? Actually, what I also don't understand is how %edx gets 0x84000018
in it since the whole function looks like this:
c010c870 <apic_timer_interrupt>:
c010c870: 6a ef push $0xffffffef
c010c872: fc cld
c010c873: 06 push %es
c010c874: 1e push %ds
c010c875: 50 push %eax
c010c876: 55 push %ebp
c010c877: 57 push %edi
c010c878: 56 push %esi
c010c879: 52 push %edx
c010c87a: 51 push %ecx
c010c87b: 53 push %ebx
c010c87c: ba 18 00 00 00 mov $0x18,%edx
c010c881: 8e da mov %edx,%ds
c010c883: 8e c2 mov %edx,%es
c010c885: 89 e0 mov %esp,%eax
c010c887: 50 push %eax
so, AFAICS it should be 0x18?
Thanks
Guennadi
---------------------------------
Guennadi Liakhovetski, Ph.D.
DSA Daten- und Systemtechnik GmbH
Pascalstr. 28
D-52076 Aachen
Germany
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
