How to check the backtrace of a "USER process" in the Linux Kernel Crash Dump

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Biswajit on Stack Overflow See other posts from Stack Overflow or by Biswajit
Published on 2011-11-09T10:33:57Z Indexed on 2012/09/21 15:38 UTC
Read the original article Hit count: 302

Filed under:
|
|
|

I was trying to debug a USER Process in Linux Crash Dump.

The normal steps to go to the crash dump are:

  1. Go to the path where the dump is located.
  2. Use the command crash kernel_link dump.201104181135.

Where kernel_link is a soft link I have created for vmlinux image.

Now you will be in the CRASH prompt. If you run the command foreach <PID Of the process> bt Eg:

crash> **foreach 6920 bt**

**PID: 6920   TASK: ffff88013caaa800  CPU: 1   COMMAND: **"**climmon**"****

 #0 [ffff88012d2cd9c8] **schedule** at ffffffff8130b76a
 #1 [ffff88012d2cdab0] **schedule_timeout** at ffffffff8130bbe7
 #2 [ffff88012d2cdb50] **schedule_timeout_uninterruptible** at ffffffff8130bc2a
 #3 [ffff88012d2cdb60] **__alloc_pages_nodemask** at ffffffff810b9e45
 #4 [ffff88012d2cdc60] **alloc_pages_curren**t at ffffffff810e1c8c
 #5 [ffff88012d2cdc90] **__page_cache_alloc** at ffffffff810b395a
 #6 [ffff88012d2cdcb0] **__do_page_cache_readahead** at ffffffff810bb592
 #7 [ffff88012d2cdd30] **ra_submit** at ffffffff810bb6ba
 #8 [ffff88012d2cdd40] **filemap_fault** at ffffffff810b3e4e
 #9 [ffff88012d2cdda0] **__do_fault** at ffffffff810caa5f
 #10 [ffff88012d2cde50] **handle_mm_fault** at ffffffff810cce69
 #11 [ffff88012d2cdf00] **do_page_fault** at ffffffff8130f560
 #12 [ffff88012d2cdf50] **page_fault** at ffffffff8130d3f5

    RIP: 00007fd02b7e9071  RSP: 0000000040e86ea0  RFLAGS: 00010202
    RAX: 0000000000000000  RBX: 0000000000000000  RCX: 00007fd02b7e9071
    RDX: 0000000000000000  RSI: 0000000000000000  RDI: 0000000040e86ec0
    RBP: 0000000040e87140   R8: 0000000000000800   R9: 0000000000000000
    R10: 0000000000000000  R11: 0000000000000202  R12: 00007fff16ec43d0
    R13: 00007fd02bcadf00  R14: 0000000040e87950  R15: 0000000000001000
    ORIG_RAX: ffffffffffffffff  CS: 0033  SS: 002b

If you check the above backtrace it shows the kernel functions used for scheduling/handling page fault but not the functions that were executed in the USER process (here eg. climmon). So I am not able to debug this process as I am not able to see the functions executed in that process. Can any one help me with this case?

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about linux

Related posts about crash

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle