Vivek Goyal wrote: > Hi Dave, > > Thanks a lot for creating this list. This is definitely going to help. > > I got a query right away. This is regarding the EIP displayed in "bt". > Have a look at following stack trace. > > crash> bt > PID: 12632 TASK: ee01ea40 CPU: 3 COMMAND: "bash" > #0 [d829df20] crash_kexec at c013a4da > #1 [d829df28] __handle_sysrq at c0247e71 > #2 [d829df54] write_sysrq_trigger at c01916d4 > #3 [d829df6c] vfs_write at c015c7ca > #4 [d829df90] sys_write at c015c88c > #5 [d829dfb8] sysenter_entry at c0102da8 > EAX: 00000004 EBX: 00000001 ECX: b7f18000 EDX: 00000002 > DS: 007b ESI: 00000002 ES: 007b EDI: b7f18000 > SS: 007b ESP: bfc1f334 EBP: bfc1f360 > CS: 0073 EIP: ffffe410 ERR: 00000004 EFLAGS: 00000246 > > Here EIP value is "ffffe410" which is definitely not a user space address. > I am getting this value in all the kdump images I have taken. > > Is it due to the fact because we are entring using sysenter. If yes then > how to get right EIP value. > It's most definitely due to the user of sysenter entry point instead of via the system_call entry point. Since we (Red Hat) don't use that interface, I've never looked at how it works exactly. For sysenter, I see that the user-mode pt_regs EIP is the same for all user-mode entries (ffffe410). This differes from when the system_call entry point is used, where the pt_regs EIP value contains the user-space address that generated the system call, which is typically in a library. So, as far as the kernel is concerned, the EIP value of ffffe410 is "right", since the exception frame dump is supposed to show the actual pt_regs contents. I'm open to suggestions, but it would have to be an addendum to the user-process bt output shown above. But given that even in the system_call interface the user-mode address is almost always in a library, I've always found it fairly useless. Dave > > Thanks > Vivek > > -- > Crash-utility mailing list > Crash-utility@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/crash-utility
