Dheeraj Sangamkar wrote:
Hi,
I am using crash 4.0-2.30 on an ia64 machine.
The memory dump of the stack shows parameters on the stack, one of which
is a user space pointer.
e00000014c930ed8: __gp v+4643276848
e00000014c930ee8: 60000fffffffb390 00000000000000ff
e00000014c930ef8: v+4643276864 v+5579701608
e00000014c930f08: sys_readlink+480 0000000000000792
OR
e00000014c930ed8: a0000001009bb820 e000000114c2c830 .......0.......
e00000014c930ee8: 60000fffffffb390 00000000000000ff .......`........
e00000014c930ef8: e000000114c2c840 e00000014c937d68 @.......h}.L....
e00000014c930f08: a00000010013da60 0000000000000792 `...............
I want to find what the parameter v+4643276848/e000000114c2c830 points to.
I used rd to print this but I dont see what I expect. (Used "rd
e000000114c2c830 10")
What's the right way to inspect that memory?
That is the right way. I'm not sure what you mean when you
say that it's a "user space pointer", but e000000114c2c830 is
a simple, region 7, unity-mapped, kernel virtual address, so to
read it, crash is simply stripping the e000000000000000 identifier
off of the virtual address, and physical address 114c2c830 is being
read from the dump or live system.
If you want function arguments, on the ia64 try "bt -f", which
gathers them from the backing store area of the kernel stack.
Dave