Hi List,
While working on a kernel module, I am getting OOPs and was trying to
debug it using the crash tool.
Can you please help me understanding an disassembled code snippet.
A brief about the situation:
(This is a x86_64 machine I am working on, running SLES10 SP1)
Following is the code where OOPs is occuring:
----8<-----
Unable to handle kernel NULL pointer dereference at 0000000000000620 RIP
[...]
Pid: 12208, comm: testpil Tainted: G U 2.6.16.46-0.12-smp #1
RIP: 0010:[<ffffffff801212a7>] <ffffffff801212a7>{page_to_pfn+25}
RSP: 0018:ffff8101eedf9200 EFLAGS: 00010217
RAX: 6db6db6db6db6db7 RBX: 00000000000000d0 RCX: ffff8100d2b8a880
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8100b9bc3ec0
RBP: ffff81011a4ea1c0 R08: 000000000000c040 R09: 0000000000000000
R10: 00000000e1e1e1e1 R11: 0000000000000007 R12: 000000000000c040
R13: 0000000000001000 R14: ffff8101fa1a50c0 R15: 0000000000001000
FS: 00002ab6d4bd76d0(0000) GS:ffffffff803be000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000620 CR3: 00000001ec424000 CR4: 00000000000006e0
[...]
Stack: ffffffff802a1901 0000000000004040 0000000000000009 ffff8100b9bc3ec0
000005dc00000010 00000014000005dc ffff8101fa1a50c0 ffff8101fa1a50c0
000000000000c040 0000000000001000
----8<-----
Through crash tool, found that following is the asm code where the fault occurs.
------8<-----
0xffffffff8012128e <page_to_pfn>: mov (%rdi),%rax
0xffffffff80121291 <page_to_pfn+3>: shr $0x38,%rax
0xffffffff80121295 <page_to_pfn+7>: mov 0xffffffff803d54e0(,%rax,8),%rdx
0xffffffff8012129d <page_to_pfn+15>: mov $0x6db6db6db6db6db7,%rax
0xffffffff801212a7 <page_to_pfn+25>: sub 0x620(%rdx),%rdi
------8<-----
which is equivalent to (on NUMA machine):
-----8<------
unsigned long page_to_pfn(struct page *page)
{
return (long)(((page) - page_zone(page)->zone_mem_map) +
page_zone(page)->zone_start_pfn);
}
where page_zone is:
static inline struct zone *page_zone(struct page *page)
{
return zone_table[(page->flags >> ZONETABLE_PGSHIFT) &
ZONETABLE_MASK];
}
-----8<------
Also, the address of the zone_table is:
----8<-----
crash> sym zone_table
ffffffff803d54e0 (D) zone_table
----8<----
All I can infer is that in the line "sub 0x620(%rdx),%rdi", %rdx is
pointing to NULL
(As visible from the register state)
My doubts are:
1) What does the instruction "mov 0xffffffff803d54e0(,%rax,8), %rdx" imply?
2) for "RIP: 0010:[<ffffffff801212a7>] " what does "0010" mean?
3) Does "EFLAGS: 00010217" signify any error value, and if it does,
how to interpret it?
Thanks for any help,
Shreyansh
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
