[Crash-utility] User-land backtrace?
Dave Anderson
anderson at redhat.com
Wed Feb 24 17:21:29 UTC 2010
----- "Gallus" <gall.cwpl at gmail.com> wrote:
> On 24 February 2010 13:45, Dave Anderson <anderson at redhat.com> wrote:
> > Right -- you should see the user-space return-address values starting
> > from the point shown in the ESP (386) or RSP (x86_64) value shown
> > in the kernel entry-point exception frame. Although the first few
> > frames will typically be in a user library instead of the binary.
> >
> > Dave
>
> Here is the bt:
> #0 [f672de20] schedule at c0616008
> #1 [f672de98] schedule_timeout at c061675c
> #2 [f672debc] do_futex at c0438ea7
> #3 [f672df80] sys_futex at c0439942
> #4 [f672dfb8] system_call at c0404f10
> EAX: 000000f0 EBX: 0a50db84 ECX: 00000000 EDX: 00000b73
> DS: 007b ESI: bfd90dd8 ES: 007b EDI: 00000b73
> SS: 007b ESP: bfd90dd0 EBP: bfd90e24
> CS: 0073 EIP: 00f14402 ERR: 000000f0 EFLAGS: 00200206
>
>
> I then do "rd -u bfd90dd0 16" and search for the addresses in the
> binary, but they're not found. Is ESP's value the one that I should be
> reading from?
That's right. That is the stack value that will be restored upon
return to user-space, and the EIP will be restored to 00f14402.
One thing to make sure of is that when you do the "rd -u", you
have set the crash utility to the context of the task whose "bt"
output you're showing. "rd -u" will read the user space of the
current task (i.e., the task shown if you do a "set" command).
Dave
More information about the Crash-utility
mailing list