Extracting information of zombie process stack from a live kernel
core
Shrikanth Kamath
shrikanth07 at gmail.com
Sun Mar 15 23:30:59 PDT 2009
I have a live core of kernel and it lists the struct proc of the zombie
process, is there a way to
extract info on what code it was executing from the struct proc, can we
inspect the proc
structure to get info about the zombie process stack or is it 'invalidated'
and cannot be reliable.
I tried the following on the live core, having the zombie proc structure
(kgdb) p ((struct proc *)0xc3ce6440)->p_state
$66 = PRS_ZOMBIE
(kgdb) p ((struct proc *)0xc3ce6440)->p_threads
$67 = {tqh_first = 0xc38e7820, tqh_last = 0xc38e7828}
(kgdb) p /x ((struct thread *)0xc38e7820)->td_pcb->pcb_ebp
$68 = 0xdc641c9c
(kgdb) btr 0xdc641c9c
frame 0 at 0xdc641c9c: ebp dc641ca0, eip 0xdc641d04: add %al,(%eax)
frame 1 at 0xdc641ca0: ebp dc641d04, eip 0xdc641d04: add %al,(%eax)
(kgdb)
But does not make sense, how can I figure out what was the last code snippet
that the zombie
process was executing ? Any known macros ?
Am working on a JUNOS running on a FreeBSD 6.x version.
More information about the freebsd-i386
mailing list