[Crash-utility] Unable to switch stack frames while using crash

Dave Anderson anderson at redhat.com
Wed Jun 15 18:51:39 UTC 2011 


----- Original Message -----

> First I would update your crash utility so that you have the exception
> frame dump that was a result of the page fault, because it's possible that
> the tty structure pointer is in the register dump. But anyway, without
> knowing the kernel version, it's hard to pinpoint exactly which instruction
> in n_tty_read() generated the page fault. Was the bad address generated
> because the tty structure pointer was NULL? And again, with an updated
> crash utility, you'll get more information w/respect to the register
> contents at the time of the page fault, and also you might get some help
> finding it with "bt -F". I'm not sure where the tty structure gets
> allocated from -- is it statically-allocated, or is it allocated from
> one of the "size-xxx" slab caches, etc...

BTW, looking at the other guy's report, whose backtrace did contain
the page fault exception frame, you can see that the page fault was
generated upon the execution of the instruction at ffffffff811f03b3,
which is n_tty_read+1420:

    ...
    #9 [ffff88031ce75cf0] page_fault at ffffffff812d7425
    [exception RIP: n_tty_read+1420]
    RIP: ffffffff811f03b3  RSP: ffff88031ce75da8  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff8802cbd54a68  RCX: 000000000061c044
    RDX: 0000000000000005  RSI: ffff88031ce75e87  RDI: ffff8802cbd54d1c
    RBP: ffff88031ce75eb8   R8: 0000000000000000   R9: 0000000000000000
    R10: 0000000000616680  R11: 0000000000000246  R12: 000000000061c044
    R13: ffff8802cbd54800  R14: 0000000000000000  R15: 7fffffffffffffff
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018 
    #10 [ffff88031ce75ec0] tty_read at ffffffff811ebf7e
    ...

To find out the line of code that generated the page fault, enter this:

  crash> dis -rl n_tty_read+1420

The disassembly will start at the beginning of n_tty_read() and stop at 
the instruction above that actually caused the page fault, and you will
also see the source-file/line-number information above that.
  
I checked a few sample kernels, but none of them seem to have a fault-able
instruction exactly at the exception RIP of n_tty_read+1420, but I'm sure
that if you look at your particular kernel source tree, it will make sense.

Dave

More information about the Crash-utility mailing list