Finding out which Linux process was executing when system locked up by evaluating CPU registers

I need to find out what is executing when my Linux (Debian) system hangs (x86 platform). I managed to ex开发者_JAVA百科tract the following information just before the system locked up:

es: 0x7B
cs: 0x73
ss: 0x7B
ds: 0x7B
fs: 0x0
gs: 0x33
ldtbase: 0x0
tr: 0x80
dr7: 0x400
dr6: 0xFFFF0FF0
eax: 0xBFBDE820
ecx: 0xA908F9A0
edx: 0xB708A000
ebx: 0xB71B5278
esp: 0xBFBDE730
ebp: 0xBFBDE838
esi: 0x9D36B58
edi: 0x9D50BB8
eip: 0xB71B13E8
eflags: 0x203206
cr3: 0x1E9DE000
cr0: 0x80050033

From the values of the segment registers, I know that when Linux hangs, it's on user-space mode. What I would like to find out is which process/library is causing the crash, and ideally which exact part of it.

By looking at CR3 and EIP, I should be able to get this information but I am getting confused. As far as I know, the virtual address 0xB71B13E8 is relative to the page table used (0x1E9DE000). Now, the instruction pointer points to a physical address, right? I think I should convert this (EIP value) to a virtual address which would be the offset of the page table pointed by CR3.

Could anyone please help me a bit on that?

Where did you extract the information from?

If this is a usermode crash/lockup, presumably this information is from a core dump (you can dump cores on the fly without necessarily killing the subject)

In that case, use gdb /usr/bin/myprogrambinary corefile

And navigate using gdb commands bt, info threads, info shared, thread apply all bt full etc

The usefulness of all this will greatly improve with debugging symbols for the various libraries installed on your system (depending on your distro, install the relevant *-dbg packages)