which file cause my kernel to crash

Question

I had a kernel crash on a Redhat 6.

I want to retreive which file was openend

reading the dump I see

crash> bt
 (...)
 #8 [ffff8805050d7dc0] page_fault at ffffffff814ef845
    [exception RIP: configfs_readdir+244]
    RIP: ffffffffa0422444  RSP: ffff8805050d7e78  RFLAGS: 00010282
    RAX: 0000000000000000  RBX: ffff880814a738d0  RCX: ffff880814a738c8
    RDX: 0000000000000006  RSI: ffff880814a73830  RDI: ffffffffa04486d0
    RBP: ffff8805050d7ed8   R8: ffff880814a738d0   R9: 0000000000000004
    R10: 00000000000000a8  R11: 0000000000000246  R12: ffff8804cf782b00
    R13: ffffffffa04486d0  R14: ffff8802087039d0  R15: ffff8802087039d8
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff8805050d7ee0] vfs_readdir at ffffffff8118a670
 (...)
 crash > bt -f
 (...)
 #9 [ffff8805050d7ee0] vfs_readdir at ffffffff8118a670
    ffff8805050d7ee8: ffff8805050d7f28 ffffffff81176652
    ffff8805050d7ef8: 0000000000001000 00000000009ca848
    ffff8805050d7f08: ffff8804cf782b00 0000000000008000
    ffff8805050d7f18: 0000000000000000 00000000009ca820
    ffff8805050d7f28: ffff8805050d7f78 ffffffff8118a7f9

I look at vfs_readdir

crash> whatis vfs_readdir
int vfs_readdir(struct file *, filldir_t, void *);

Then searching for the file (address ffff8805050d7f28 picked from top of stack at #9 )

crash> struct file ffff8805050d7f28
struct file {
  f_u = {
    fu_list = {
      next = 0xffff8805050d7f78,
      prev = 0xffffffff8118a7f9
    },
    fu_rcuhead = {
      next = 0xffff8805050d7f78,
      func = 0xffffffff8118a7f9 <sys_getdents+137>
    }
  },
  f_path = {
    mnt = 0x9ca878,
    dentry = 0x9ca860
  },
  f_op = 0xffffffea00007fd0,
  f_lock = {
    raw_lock = {
      slock = 578155200
    }
  },

At this point, I can go no further, how can I get string from f_path struct ?

I want to convert

  f_path = {
    mnt = 0x9ca878,
    dentry = 0x9ca860
  },

to strings

reading the struct, file owner is -1, effective uid didn't map to a known user.
from crash, files command show only 2 regular file

EDIT: as requested

crash> p  ffff8805050d7f28
No symbol "ffff8805050d7f28" in current context.
p: gdb request failed: p ffff8805050d7f28
crash> p *(struct file) ffff8805050d7f28
No symbol "ffff8805050d7f28" in current context.
p: gdb request failed: p *(struct file) ffff8805050d7f28

Maybe you need to install `kernel-debug` or `kernel-debuginfo` (unfortunately I don't remember which is which) package and try again? — 0andriy, Mar 09 '15 at 19:19

which file cause my kernel to crash

0 Answers0