Query: EIP value in User mode exception frame
by Vivek Goyal
Hi Dave,
Thanks a lot for creating this list. This is definitely going to help.
I got a query right away. This is regarding the EIP displayed in "bt".
Have a look at following stack trace.
crash> bt
PID: 12632 TASK: ee01ea40 CPU: 3 COMMAND: "bash"
#0 [d829df20] crash_kexec at c013a4da
#1 [d829df28] __handle_sysrq at c0247e71
#2 [d829df54] write_sysrq_trigger at c01916d4
#3 [d829df6c] vfs_write at c015c7ca
#4 [d829df90] sys_write at c015c88c
#5 [d829dfb8] sysenter_entry at c0102da8
EAX: 00000004 EBX: 00000001 ECX: b7f18000 EDX: 00000002
DS: 007b ESI: 00000002 ES: 007b EDI: b7f18000
SS: 007b ESP: bfc1f334 EBP: bfc1f360
CS: 0073 EIP: ffffe410 ERR: 00000004 EFLAGS: 00000246
Here EIP value is "ffffe410" which is definitely not a user space address.
I am getting this value in all the kdump images I have taken.
Is it due to the fact because we are entring using sysenter. If yes then
how to get right EIP value.
Thanks
Vivek
19 years, 2 months
reason for being
by Dave Anderson
Welcome aboard -- even if you don't want to be on deck!
My arm's been twisted into creating this list for things like
crash usage questions, bug reports, patch postings, feature
requests, release announcements, and the like.
Actually the real impetus for this list comes from the upstream
kernel development of kexec/kdump facility as a generally-accepted
manner of saving kernel core dumps. And as such, the crash utility
will be updated to support the new kdump vmcore format, while
continuing support for netdump and diskdump, and with a little
help from my friends, LKCD.
If you are wondering, I have seeded the subscriber list with
several prolific crash users and developers. I'll also put a pointer
to this list in the crash.changelog file on my people site, which I'm
guessing may bring in several more. We shall see...
In any case, I won't be insulted if you unsubscribe immediately.
For those who do stick around, please feel free to post on this
list messages that you have previously sent directly to me.
Thanks,
Dave Anderson
19 years, 2 months