January 2007 - Crash-utility - Crash Utility List Archives

handling missing kdump pages in diskdump format

by Bob Montgomery

I've been experimenting with the makedumpfile utility for kdump on ia64. One of my experiments was to verify that a page that should have been missing indeed was missing. I used crash 4.0-3.8 to look for a user page that should have been omitted from the dump. crash> x/xg 0xe0000040fc00c000 0xe0000040fc00c000: 0x0000000000000000 On a full dump from makedumpfile as well as on a straight copy of vmcore, crash reports this: crash> x/xg 0xe0000040fc00c000 0xe0000040fc00c000: 0x00010102464c457f The dumpfiles created by makedumpfile appear to crash as diskdump files, and crash appears to excuse missing pages and report 0x0 contents here: diskdump.c:read_diskdump, line 454: if (!page_is_dumpable(pfn)) { memset(bufptr, 0, cnt); return cnt; Shouldn't there be some indication that a requested page is missing as opposed to being legitimately full of zeros? Bob Montgomery

17 years, 10 months

5
9
0 / 0

RE: [Crash-utility] Module load patch for crash-4.0-3.17

by Castor Fu

That's great! I wonder if it would have been better to walk through the info which is stored by CONFIG_KALLSYMS. That would probably work better in the s390x case... However, as bugzilla says, "worksforme". -castor ________________________________ From: anderson(a)redhat.com [mailto:anderson@redhat.com] Sent: Thursday, January 18, 2007 7:27 AM To: Discussion list for crash utility usage, maintenance and development; Castor Fu Subject: Re: [Crash-utility] Module load patch for crash-4.0-3.17 Hey Castor, This also looks good on ppc64. I'm slowly convincing myself that that this facility should be executed by default -- but with an option to turn it *off*... ;-) Dave Castor Fu wrote: Finding the overrun wasn't actually that hard. It's also fixed in the current GDB tree. I've attached a patch which fixes the problem in symfile.c. The point of this patch is to fix loading kernel modules symbol information on 2.6 for those who have not been following this. Hopefully this will work on other platforms too.... -castor ________________________________ From: crash-utility-bounces(a)redhat.com [mailto:crash-utility-bounces@redhat.com] On Behalf Of Castor Fu Sent: Wednesday, January 17, 2007 7:49 AM To: Discussion list for crash utility usage, maintenance and development; Discussion list for crash utility usage, maintenance and development Subject: RE: [Crash-utility] test results of latest 4.0-3.16.sym.patch (ia64) Hi Dave: I reproduced the problem on an x86 system by creating a module with a bunch of sections. I then found the following in gdb-6.1/gdb/symfile.c:add_symbol_table_command() num_sec_opts = 16; with additional code for xreallocing if it turned out to have too many sections. This seems to be the code which is broken. I'm loath to figure out exactly what it is... I'll put together a patch against 4.0-3.17 which jacks this up, and probably print a warning if we exceed the count. Thanks for digging so far into this. -castor -----Original Message----- From: crash-utility-bounces(a)redhat.com on behalf of Dave Anderson Sent: Thu 1/4/2007 8:22 AM To: Discussion list for crash utility usage, maintenance and development Subject: Re: [Crash-utility] test results of latest 4.0-3.16.sym.patch (ia64) Hi Castor, Another FYI re: the xrealloc() crash. The problem appears to be specific to gdb. I captured the "add-symbol-file" command string and saved it in an input file. Then I brought crash up and executed the input file, which simply passes the suspect command line directly to gdb, and it crashes on its own: crash> < /tmp/junk crash> add-symbol-file /lib/modules/2.6.18-1.2767.el5/kernel/net/ipv6/ipv6.ko 0xa00000021ed605b0 -s .exit.text 0xa00000021edb49a0 -s .rodata 0xa00000021edbd4c8 -s __ksymtab_strings 0xa00000021edbdc08 -s __versions 0xa00000021edbdf98 -s .data 0xa00000021edd6a20 -s .data.rel.ro 0xa00000021edd6c00 -s __ksymtab_gpl 0xa00000021edd6df8 -s __kcrctab_gpl 0xa00000021edd6ed8 -s .data.rel 0xa00000021edd6f48 -s .data.rel.local 0xa00000021ee39940 -s .data.rel.ro.local 0xa00000021ee3a9c0 -s .data.read_mostly 0xa00000021ee3a9e0 -s __ksymtab 0xa00000021ee3aa60 -s __kcrctab 0xa00000021ee3ac30 -s .gnu.linkonce.this_module 0xa00000021ee3ad80 -s .sdata 0xa00000021ee5d730 -s .bss 0xa00000021ee5b000 -s .sbss 0xa00000021ee5e8b8 add_symbol_file_command: calling xrealloc w/argcnt: 49 arg: [0xa00000021ee5d730]... *** glibc detected *** ./crash: realloc(): invalid next size: 0x6000000001921fe0 *** ======= Backtrace: ========= /lib/libc.so.6.1[0x20000000002f2a70] /lib/libc.so.6.1(realloc-0x1cb0b0)[0x20000000002f5e20] ./crash(xmrealloc+0x1fffffffffee6e20)[0x40000000003a7d00] ./crash[0x40000000002ff500] ./crash[0x40000000004221e0] ./crash(cmd_func+0x1ffffffffff61610)[0x4000000000422500] ./crash(execute_command+0x1fffffffffee25f0)[0x40000000003a34f0] ./crash(gdb_command_funnel+0x1fffffffffe2feb0)[0x40000000002f0dc0] ./crash(gdb_interface+0x1fffffffffcd7590)[0x40000000001984b0] ./crash(gdb_pass_through+0x1fffffffffcd6cb0)[0x4000000000197be0] ./crash(cmd_gdb+0x2000000000151068)[0x400000000019bbc0] ./crash(exec_command+0x1fffffffffb99db0)[0x400000000005acf0] ./crash(exec_input_file+0x1fffffffffd86d40)[0x4000000000247c90] ./crash[0x400000000005b420] ./crash(exec_command+0x1fffffffffb99e50)[0x400000000005ad90] ./crash(main_loop+0x1fffffffffb9a2e0)[0x400000000005a8e0] ./crash(current_interp_command_loop+0x200000000001fd60)[0x40000000004e0c c0] ./crash[0x40000000003199c0] ./crash[0x400000000039f370] ./crash[0x40000000003a4260] ./crash(catch_errors+0x1fffffffffee33b0)[0x40000000003a4320] ./crash[0x400000000031a930] ./crash[0x400000000039f370] ./crash[0x40000000003a4260] ./crash(catch_errors+0x1fffffffffee33b0)[0x40000000003a4320] ./crash(gdb_main+0x1fffffffffe58960)[0x40000000003198e0] ./crash(gdb_main_entry+0x1fffffffffe589f0)[0x4000000000319980] ./crash(gdb_main_loop+0x1fffffffffcd54d0)[0x4000000000196470] ./crash(main+0x1fffffffffb99820)[0x400000000005a330] /lib/libc.so.6.1(__libc_start_main-0x2818f0)[0x200000000023f6c0] ./crash(_start+0x1fffffffffb95240)[0x4000000000056200] ======= Memory map: ======== 00000000-00004000 r--p 00000000 00:00 0 2000000000000000-2000000000038000 r-xp 00000000 fd:00 10256390 /lib/ld-2.5.so 2000000000044000-2000000000050000 rw-p 00034000 fd:00 10256390 /lib/ld-2.5.so 2000000000050000-2000000000114000 r-xp 00000000 fd:00 10256405 /lib/libm-2.5.so 2000000000114000-2000000000120000 ---p 000c4000 fd:00 10256405 /lib/libm-2.5.so 2000000000120000-2000000000124000 rw-p 000c0000 fd:00 10256405 /lib/libm-2.5.so 2000000000124000-20000000001b0000 r-xp 00000000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001b0000-20000000001bc000 ---p 0008c000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001bc000-20000000001cc000 rw-p 00088000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001cc000-20000000001d0000 rw-p 20000000001cc000 00:00 0 20000000001d0000-20000000001d8000 r-xp 00000000 fd:00 10256403 /lib/libdl-2.5.so 20000000001d8000-20000000001e4000 ---p 00008000 fd:00 10256403 /lib/libdl-2.5.so 20000000001e4000-20000000001e8000 rw-p 00004000 fd:00 10256403 /lib/libdl-2.5.so 20000000001e8000-200000000020c000 r-xp 00000000 fd:00 10882711 /usr/lib/libz.so.1.2.3 200000000020c000-2000000000218000 ---p 00024000 fd:00 10882711 /usr/lib/libz.so.1.2.3 2000000000218000-200000000021c000 rw-p 00020000 fd:00 10882711 /usr/lib/libz.so.1.2.3 200000000021c000-2000000000480000 r-xp 00000000 fd:00 10256397 /lib/libc-2.5.so 2000000000480000-200000000048c000 ---p 00264000 fd:00 10256397 /lib/libc-2.5.so 200000000048c000-2000000000498000 rw-p 00260000 fd:00 10256397 /lib/libc-2.5.so 2000000000498000-20000000004d8000 rw-p 2000000000498000 00:00 0 20000000004d8000-2000000003c1c000 r--p 00000000 fd:00 10882710 /usr/lib/locale/locale-archive 2000000003c1c000-2000000003c2c000 rw-p 2000000003c1c000 00:00 0 2000000003c38000-2000000003c44000 r-xp 00000000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c44000-2000000003c50000 ---p 0000c000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c50000-2000000003c54000 rw-p 00008000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c54000-2000000003c58000 rw-p 2000000003c54000 00:00 0 2000000003c6c000-2000000003da0000 rw-p 2000000003c6c000 00:00 0 2000000003da0000-2000000003dbc000 r-xp 00000000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dbc000-2000000003dc8000 ---p 0001c000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dc8000-2000000003dcc000 rw-p 00018000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dcc000-2000000003df0000 rw-p 2000000003dcc000 00:00 0 2000000003e00000-2000000003e08000 r--s 00000000 fd:00 10977539 /usr/lib/gconv/gconv-modules.cache 2000000003e08000-2000000003e18000 rw-p 2000000003e08000 00:00 0 2000000003e1c000-2000000006edc000 rw-p 2000000003e1c000 00:00 0 2000000006ee8000-2000000006f04000 r-xp 00000000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f04000-2000000006f10000 ---p 0001c000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f10000-2000000006f14000 rw-p 00018000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f14000-2000000006f24000 rw-p 2000000006f14000 00:00 0 2000000008000000-2000000008024000 rw-p 2000000008000000 00:00 0 2000000008024000-200000000c000000 ---p 2000000008024000 00:00 0 4000000000000000-40000000007e0000 r-xp 00000000 fd:00 9633909 /var/tmp/crash-4.0-3.16/crash 600000000000c000-600000000006c000 rw-p 007dc000 fd:00 9633909 /var/tmp/crash-4.0-3.16/crash 600000000006c000-6000000001fc0000 rw-p 600000000006c000 00:00 0 [heap] 60000fff7fffc000-60000fff80004000 rw-p 60000fff7fffc000 00:00 0 60000ffffe068000-60000ffffe0bc000 rw-p 60000ffffe068000 00:00 0 [stack] a000000000000000-a000000000020000 ---p 00000000 00:00 0 [vdso] Aborted ________________________________ -- Crash-utility mailing list Crash-utility(a)redhat.com https://www.redhat.com/mailman/listinfo/crash-utility

18 years

1
0
0 / 0

Re: [Crash-utility] crash can not read ia64 lkcd v9 dump

by Alan Tyson

> But first I'll fix the header format which _is_ different in crash and > our SLES9 kernel (and klcdutils), and if it then doesn't work I'll > come back to the system maps. > > Thanks for your help! > > Regards, > Bernhard Bernhard, There are two changes rquired to fix up the header format for SLES9. One is NR_CPUS and the other is a missing fiels in the dump header. This may be of help, it' what I've been using: # cat sles9.patch diff -Nurp crash-4.0-3.13/defs.h crash-4.0-3.13-sles9/defs.h --- crash-4.0-3.13/defs.h 2006-11-27 18:41:27.000000000 +0000 +++ crash-4.0-3.13-sles9/defs.h 2006-12-01 14:55:39.727248386 +0000 @@ -68,7 +68,7 @@ #define NR_CPUS (32) #endif #ifdef IA64 -#define NR_CPUS (1024) +#define NR_CPUS (128) #endif #ifdef PPC64 #define NR_CPUS (128) diff -Nurp crash-4.0-3.13/lkcd_fix_mem.h crash-4.0-3.13-sles9/lkcd_fix_mem.h --- crash-4.0-3.13/lkcd_fix_mem.h 2006-11-27 18:41:27.000000000 +0000 +++ crash-4.0-3.13-sles9/lkcd_fix_mem.h 2006-12-01 14:55:39.727248386 +0000 @@ -266,6 +266,9 @@ typedef struct _dump_header_asm_s { /* the size of this header (in case we can't read it) */ uint32_t dha_header_size; + /* load address of the kernel (added by sles9 patch) */ + uint64_t dha_kernel_addr; + /* pointer to pt_regs */ // struct pt_regs *dha_pt_regs; // version 4 changed this uint64_t dha_pt_regs; diff -Nurp crash-4.0-3.13/.rh_rpm_package crash-4.0-3.13-sles9/.rh_rpm_package --- crash-4.0-3.13/.rh_rpm_package 1970-01-01 01:00:00.000000000 +0100 +++ crash-4.0-3.13-sles9/.rh_rpm_package 2006-12-01 14:55:39.733107761 +0000 @@ -0,0 +1 @@ +4.0-3.13-sles9 I hope this helps. Regards, Alan Tyson, HP Services.

18 years

4
5
0 / 0

[PATCH] Fix compile warnings

by Bernhard Walle

Hello, patch attached. Please consider to add the changes mainline. But please also check back all changes. Some comments: gdb/dwarf2-frame.c: - I think the buf += overwrites the ++, at least my tests with some test codes showed that. tools.c: - this is really strange, if index = 0, then the assignment doesn't make sense. If it's random, it also doesn't make sense. :) Didn't have time to dig into the whole logic of this hashtable. Regards, Bernhard

18 years

2
6
0 / 0

Module load patch for crash-4.0-3.17

by Castor Fu

Finding the overrun wasn't actually that hard. It's also fixed in the current GDB tree. I've attached a patch which fixes the problem in symfile.c. The point of this patch is to fix loading kernel modules symbol information on 2.6 for those who have not been following this. Hopefully this will work on other platforms too.... -castor ________________________________ From: crash-utility-bounces(a)redhat.com [mailto:crash-utility-bounces@redhat.com] On Behalf Of Castor Fu Sent: Wednesday, January 17, 2007 7:49 AM To: Discussion list for crash utility usage, maintenance and development; Discussion list for crash utility usage, maintenance and development Subject: RE: [Crash-utility] test results of latest 4.0-3.16.sym.patch (ia64) Hi Dave: I reproduced the problem on an x86 system by creating a module with a bunch of sections. I then found the following in gdb-6.1/gdb/symfile.c:add_symbol_table_command() num_sec_opts = 16; with additional code for xreallocing if it turned out to have too many sections. This seems to be the code which is broken. I'm loath to figure out exactly what it is... I'll put together a patch against 4.0-3.17 which jacks this up, and probably print a warning if we exceed the count. Thanks for digging so far into this. -castor -----Original Message----- From: crash-utility-bounces(a)redhat.com on behalf of Dave Anderson Sent: Thu 1/4/2007 8:22 AM To: Discussion list for crash utility usage, maintenance and development Subject: Re: [Crash-utility] test results of latest 4.0-3.16.sym.patch (ia64) Hi Castor, Another FYI re: the xrealloc() crash. The problem appears to be specific to gdb. I captured the "add-symbol-file" command string and saved it in an input file. Then I brought crash up and executed the input file, which simply passes the suspect command line directly to gdb, and it crashes on its own: crash> < /tmp/junk crash> add-symbol-file /lib/modules/2.6.18-1.2767.el5/kernel/net/ipv6/ipv6.ko 0xa00000021ed605b0 -s .exit.text 0xa00000021edb49a0 -s .rodata 0xa00000021edbd4c8 -s __ksymtab_strings 0xa00000021edbdc08 -s __versions 0xa00000021edbdf98 -s .data 0xa00000021edd6a20 -s .data.rel.ro 0xa00000021edd6c00 -s __ksymtab_gpl 0xa00000021edd6df8 -s __kcrctab_gpl 0xa00000021edd6ed8 -s .data.rel 0xa00000021edd6f48 -s .data.rel.local 0xa00000021ee39940 -s .data.rel.ro.local 0xa00000021ee3a9c0 -s .data.read_mostly 0xa00000021ee3a9e0 -s __ksymtab 0xa00000021ee3aa60 -s __kcrctab 0xa00000021ee3ac30 -s .gnu.linkonce.this_module 0xa00000021ee3ad80 -s .sdata 0xa00000021ee5d730 -s .bss 0xa00000021ee5b000 -s .sbss 0xa00000021ee5e8b8 add_symbol_file_command: calling xrealloc w/argcnt: 49 arg: [0xa00000021ee5d730]... *** glibc detected *** ./crash: realloc(): invalid next size: 0x6000000001921fe0 *** ======= Backtrace: ========= /lib/libc.so.6.1[0x20000000002f2a70] /lib/libc.so.6.1(realloc-0x1cb0b0)[0x20000000002f5e20] ./crash(xmrealloc+0x1fffffffffee6e20)[0x40000000003a7d00] ./crash[0x40000000002ff500] ./crash[0x40000000004221e0] ./crash(cmd_func+0x1ffffffffff61610)[0x4000000000422500] ./crash(execute_command+0x1fffffffffee25f0)[0x40000000003a34f0] ./crash(gdb_command_funnel+0x1fffffffffe2feb0)[0x40000000002f0dc0] ./crash(gdb_interface+0x1fffffffffcd7590)[0x40000000001984b0] ./crash(gdb_pass_through+0x1fffffffffcd6cb0)[0x4000000000197be0] ./crash(cmd_gdb+0x2000000000151068)[0x400000000019bbc0] ./crash(exec_command+0x1fffffffffb99db0)[0x400000000005acf0] ./crash(exec_input_file+0x1fffffffffd86d40)[0x4000000000247c90] ./crash[0x400000000005b420] ./crash(exec_command+0x1fffffffffb99e50)[0x400000000005ad90] ./crash(main_loop+0x1fffffffffb9a2e0)[0x400000000005a8e0] ./crash(current_interp_command_loop+0x200000000001fd60)[0x40000000004e0c c0] ./crash[0x40000000003199c0] ./crash[0x400000000039f370] ./crash[0x40000000003a4260] ./crash(catch_errors+0x1fffffffffee33b0)[0x40000000003a4320] ./crash[0x400000000031a930] ./crash[0x400000000039f370] ./crash[0x40000000003a4260] ./crash(catch_errors+0x1fffffffffee33b0)[0x40000000003a4320] ./crash(gdb_main+0x1fffffffffe58960)[0x40000000003198e0] ./crash(gdb_main_entry+0x1fffffffffe589f0)[0x4000000000319980] ./crash(gdb_main_loop+0x1fffffffffcd54d0)[0x4000000000196470] ./crash(main+0x1fffffffffb99820)[0x400000000005a330] /lib/libc.so.6.1(__libc_start_main-0x2818f0)[0x200000000023f6c0] ./crash(_start+0x1fffffffffb95240)[0x4000000000056200] ======= Memory map: ======== 00000000-00004000 r--p 00000000 00:00 0 2000000000000000-2000000000038000 r-xp 00000000 fd:00 10256390 /lib/ld-2.5.so 2000000000044000-2000000000050000 rw-p 00034000 fd:00 10256390 /lib/ld-2.5.so 2000000000050000-2000000000114000 r-xp 00000000 fd:00 10256405 /lib/libm-2.5.so 2000000000114000-2000000000120000 ---p 000c4000 fd:00 10256405 /lib/libm-2.5.so 2000000000120000-2000000000124000 rw-p 000c0000 fd:00 10256405 /lib/libm-2.5.so 2000000000124000-20000000001b0000 r-xp 00000000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001b0000-20000000001bc000 ---p 0008c000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001bc000-20000000001cc000 rw-p 00088000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001cc000-20000000001d0000 rw-p 20000000001cc000 00:00 0 20000000001d0000-20000000001d8000 r-xp 00000000 fd:00 10256403 /lib/libdl-2.5.so 20000000001d8000-20000000001e4000 ---p 00008000 fd:00 10256403 /lib/libdl-2.5.so 20000000001e4000-20000000001e8000 rw-p 00004000 fd:00 10256403 /lib/libdl-2.5.so 20000000001e8000-200000000020c000 r-xp 00000000 fd:00 10882711 /usr/lib/libz.so.1.2.3 200000000020c000-2000000000218000 ---p 00024000 fd:00 10882711 /usr/lib/libz.so.1.2.3 2000000000218000-200000000021c000 rw-p 00020000 fd:00 10882711 /usr/lib/libz.so.1.2.3 200000000021c000-2000000000480000 r-xp 00000000 fd:00 10256397 /lib/libc-2.5.so 2000000000480000-200000000048c000 ---p 00264000 fd:00 10256397 /lib/libc-2.5.so 200000000048c000-2000000000498000 rw-p 00260000 fd:00 10256397 /lib/libc-2.5.so 2000000000498000-20000000004d8000 rw-p 2000000000498000 00:00 0 20000000004d8000-2000000003c1c000 r--p 00000000 fd:00 10882710 /usr/lib/locale/locale-archive 2000000003c1c000-2000000003c2c000 rw-p 2000000003c1c000 00:00 0 2000000003c38000-2000000003c44000 r-xp 00000000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c44000-2000000003c50000 ---p 0000c000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c50000-2000000003c54000 rw-p 00008000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c54000-2000000003c58000 rw-p 2000000003c54000 00:00 0 2000000003c6c000-2000000003da0000 rw-p 2000000003c6c000 00:00 0 2000000003da0000-2000000003dbc000 r-xp 00000000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dbc000-2000000003dc8000 ---p 0001c000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dc8000-2000000003dcc000 rw-p 00018000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dcc000-2000000003df0000 rw-p 2000000003dcc000 00:00 0 2000000003e00000-2000000003e08000 r--s 00000000 fd:00 10977539 /usr/lib/gconv/gconv-modules.cache 2000000003e08000-2000000003e18000 rw-p 2000000003e08000 00:00 0 2000000003e1c000-2000000006edc000 rw-p 2000000003e1c000 00:00 0 2000000006ee8000-2000000006f04000 r-xp 00000000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f04000-2000000006f10000 ---p 0001c000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f10000-2000000006f14000 rw-p 00018000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f14000-2000000006f24000 rw-p 2000000006f14000 00:00 0 2000000008000000-2000000008024000 rw-p 2000000008000000 00:00 0 2000000008024000-200000000c000000 ---p 2000000008024000 00:00 0 4000000000000000-40000000007e0000 r-xp 00000000 fd:00 9633909 /var/tmp/crash-4.0-3.16/crash 600000000000c000-600000000006c000 rw-p 007dc000 fd:00 9633909 /var/tmp/crash-4.0-3.16/crash 600000000006c000-6000000001fc0000 rw-p 600000000006c000 00:00 0 [heap] 60000fff7fffc000-60000fff80004000 rw-p 60000fff7fffc000 00:00 0 60000ffffe068000-60000ffffe0bc000 rw-p 60000ffffe068000 00:00 0 [stack] a000000000000000-a000000000020000 ---p 00000000 00:00 0 [vdso] Aborted

18 years

2
2
0 / 0

[PATCH][RFC] dump-core: PFN-GMFN table and ELF formatify (was Re: [Xen-devel] xc_get_pfn_list() creates broken core files)

by Isaku Yamahata

I added PFN-GMFN table to xen dump format and made it ELF format based on John's patch. This patch isn't complete yet. I choise ELF format because note section can be exteneded easily. I suppose that anlysis tools (e.g. crash command) need more auxiliary infomation. TODO - Currently one program header per one page. It's possible to collapse program headers. - HVM domain - IA64 support On Thu, Nov 23, 2006 at 11:48:39PM +0000, John Levon wrote: > On Thu, Nov 23, 2006 at 11:33:59PM +0000, Keir Fraser wrote: > > > Rather than dump zero pages we could save a PFN-GMFN pair for each dumped > > page. These can all go at the start of the core file in place of the p2m. > > The dumped pages will then be in order of the PFN-GMFN pairs. > > I suppose we could do that; it would make reading things out a bit > harder though, since you couldn't just mmap() the table any more[1]. It > would be nice to be able to dump only up to the current ballooning > though. > > Something to consider for the new format, though we're going to be using > something similar to the patch I sent for our 3.0.3-based stuff and > leave HVM dumps as something for later. > > regards > john > > [1] which is slightly annoying anyway, since it's not page aligned. > > _______________________________________________ > Xen-devel mailing list > Xen-devel(a)lists.xensource.com > http://lists.xensource.com/xen-devel # HG changeset patch # User yamahata(a)valinux.co.jp # Date 1168851172 -32400 # Node ID 9b0918c4332ef93b4352abf80a7c33a3b82b469f # Parent 2b50acbdf01bfadbaab60a6d15a9f6a878d0224c Use the guest's own p2m table instead of xc_get_pfn_list(), which cannot handle PFNs with no MFN. Dump a zeroed page for PFNs with no MFN. Clearly deprecate xc_get_pfn_list(). Do not include a P2M table with HVM domains. Refuse to dump HVM until we can map its pages with PFNs. Signed-off-by: John Levon <john.levon(a)sun.com> PFN-GMFN table, ELF formatified. TODO: - Currently one program header per page. It's possible to collapse many program header. - HVM domain - IA64. PATCHNAME: xen_dump_core_elf Signed-off-by: Isaku Yamahata <yamahata(a)valinux.co.jp> diff -r 2b50acbdf01b -r 9b0918c4332e tools/libxc/xc_core.c --- a/tools/libxc/xc_core.c Sun Jan 14 17:22:24 2007 +0000 +++ b/tools/libxc/xc_core.c Mon Jan 15 17:52:52 2007 +0900 @@ -1,10 +1,18 @@ +/* + * Elf format, (pfn, gmfn) table support. + * Copyright (c) 2006 Isaku Yamahata <yamahata at valinux co jp> + * VA Linux Systems Japan K.K. + * + */ + #include "xg_private.h" +#include "xc_elf.h" +#include "xc_core.h" #include <stdlib.h> #include <unistd.h> /* number of pages to write at a time */ #define DUMP_INCREMENT (4 * 1024) -#define round_pgup(_p) (((_p)+(PAGE_SIZE-1))&PAGE_MASK) static int copy_from_domain_page(int xc_handle, @@ -21,107 +29,334 @@ copy_from_domain_page(int xc_handle, return 0; } +static int +map_p2m(int xc_handle, xc_dominfo_t *info, xen_pfn_t **live_p2m, + unsigned long *pfnp) +{ + /* Double and single indirect references to the live P2M table */ + xen_pfn_t *live_p2m_frame_list_list = NULL; + xen_pfn_t *live_p2m_frame_list = NULL; + shared_info_t *live_shinfo = NULL; + uint32_t dom = info->domid; + unsigned long max_pfn = 0; + int ret = -1; + int err; + + /* Map the shared info frame */ + live_shinfo = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, + PROT_READ, info->shared_info_frame); + + if ( !live_shinfo ) + { + PERROR("Couldn't map live_shinfo"); + goto out; + } + + max_pfn = live_shinfo->arch.max_pfn; + + if ( max_pfn < info->nr_pages ) + { + ERROR("max_pfn < nr_pages -1 (%lx < %lx", max_pfn, info->nr_pages - 1); + goto out; + } + + live_p2m_frame_list_list = + xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, PROT_READ, + live_shinfo->arch.pfn_to_mfn_frame_list_list); + + if ( !live_p2m_frame_list_list ) + { + PERROR("Couldn't map p2m_frame_list_list (errno %d)", errno); + goto out; + } + + live_p2m_frame_list = + xc_map_foreign_batch(xc_handle, dom, PROT_READ, + live_p2m_frame_list_list, + P2M_FLL_ENTRIES); + + if ( !live_p2m_frame_list ) + { + PERROR("Couldn't map p2m_frame_list"); + goto out; + } + + *live_p2m = xc_map_foreign_batch(xc_handle, dom, PROT_READ, + live_p2m_frame_list, + P2M_FL_ENTRIES); + + if ( !live_p2m ) + { + PERROR("Couldn't map p2m table"); + goto out; + } + + *pfnp = max_pfn; + + + ret = 0; + +out: + err = errno; + + if ( live_shinfo ) + munmap(live_shinfo, PAGE_SIZE); + + if ( live_p2m_frame_list_list ) + munmap(live_p2m_frame_list_list, PAGE_SIZE); + + if ( live_p2m_frame_list ) + munmap(live_p2m_frame_list, P2M_FLL_ENTRIES * PAGE_SIZE); + + errno = err; + return ret; +} + int xc_domain_dumpcore_via_callback(int xc_handle, uint32_t domid, void *args, dumpcore_rtn_t dump_rtn) { - unsigned long nr_pages; - xen_pfn_t *page_array = NULL; xc_dominfo_t info; - int i, nr_vcpus = 0; + int nr_vcpus = 0; char *dump_mem, *dump_mem_start = NULL; - struct xc_core_header header; vcpu_guest_context_t ctxt[MAX_VIRT_CPUS]; char dummy[PAGE_SIZE]; int dummy_len; - int sts; + int sts = -1; + + unsigned long filesz; + unsigned long i; + unsigned long j; + unsigned long nr_pages; + xen_pfn_t *p2m; + unsigned long max_pfn; + struct p2m *p2m_array = NULL; + unsigned long offset; + + Elf_Ehdr ehdr; + Elf_Phdr phdr; + struct xen_note note; + struct xen_core_header_desc core_header; if ( (dump_mem_start = malloc(DUMP_INCREMENT*PAGE_SIZE)) == NULL ) { PERROR("Could not allocate dump_mem"); - goto error_out; + goto out; } if ( xc_domain_getinfo(xc_handle, domid, 1, &info) != 1 ) { PERROR("Could not get info for domain"); - goto error_out; + goto out; + } + + if ( info.hvm ) + { + ERROR("Cannot dump HVM domains"); + goto out; } if ( domid != info.domid ) { PERROR("Domain %d does not exist", domid); - goto error_out; + goto out; } for ( i = 0; i <= info.max_vcpu_id; i++ ) if ( xc_vcpu_getcontext(xc_handle, domid, i, &ctxt[nr_vcpus]) == 0) nr_vcpus++; + if ( nr_vcpus == 0 ) + { + PERROR("No VCPU context could be grabbed"); + goto out; + } nr_pages = info.nr_pages; - - header.xch_magic = info.hvm ? XC_CORE_MAGIC_HVM : XC_CORE_MAGIC; - header.xch_nr_vcpus = nr_vcpus; - header.xch_nr_pages = nr_pages; - header.xch_ctxt_offset = sizeof(struct xc_core_header); - header.xch_index_offset = sizeof(struct xc_core_header) + - sizeof(vcpu_guest_context_t)*nr_vcpus; - dummy_len = (sizeof(struct xc_core_header) + - (sizeof(vcpu_guest_context_t) * nr_vcpus) + - (nr_pages * sizeof(xen_pfn_t))); - header.xch_pages_offset = round_pgup(dummy_len); - - sts = dump_rtn(args, (char *)&header, sizeof(struct xc_core_header)); - if ( sts != 0 ) - goto error_out; - + p2m_array = malloc(nr_pages * sizeof(struct p2m)); + if ( p2m_array == NULL ) + { + PERROR("Count not allocate p2m array"); + goto out; + } + + /* obtain p2m table */ + if ( !info.hvm ) + { + sts = map_p2m(xc_handle, &info, &p2m, &max_pfn); + if ( sts != 0 ) + goto out; + } + + memset(&ehdr, 0, sizeof(ehdr)); + ehdr.e_ident[EI_MAG0] = ELFMAG0; + ehdr.e_ident[EI_MAG1] = ELFMAG1; + ehdr.e_ident[EI_MAG2] = ELFMAG2; + ehdr.e_ident[EI_MAG3] = ELFMAG3; + ehdr.e_ident[EI_CLASS] = ELFCLASS; + + ehdr.e_ident[EI_DATA] = ELFDATA2LSB; /* XXX */ + //ehdr.e_ident[EI_DATA] = ELFDATA2MSB; + + ehdr.e_ident[EI_VERSION] = EV_CURRENT; + ehdr.e_ident[EI_OSABI] = ELFOSABI_LINUX; + ehdr.e_ident[EI_ABIVERSION] = EV_CURRENT; + + ehdr.e_type = ET_CORE; + ehdr.e_machine = +#if defined(__i386__) + EM_386 +#elif defined(__x86_64__) + EM_X86_64 +#else +# error "unsupported archtecture" +#endif + ; + + ehdr.e_version = EV_CURRENT; + ehdr.e_entry = 0; + ehdr.e_phoff = sizeof(ehdr); + ehdr.e_shoff = 0; +#ifndef ELF_CORE_EFLAGS +#define ELF_CORE_EFLAGS 0 +#endif + ehdr.e_flags = ELF_CORE_EFLAGS; + ehdr.e_ehsize = sizeof(ehdr); + ehdr.e_phentsize = sizeof(Elf_Phdr); + ehdr.e_phnum = nr_pages + 1; /* notes */ + ehdr.e_shentsize = 0; + ehdr.e_shnum = 0; + ehdr.e_shstrndx = 0; + sts = dump_rtn(args, (char*)&ehdr, sizeof(ehdr)); + if ( sts != 0 ) + goto out; + + /* create program header */ + offset = sizeof(ehdr); + + /* note section */ + offset += (1 + nr_pages) * sizeof(phdr); /* note section + nr_pages */ + filesz = sizeof(struct xen_core_header) + /* core header */ + sizeof(struct xen_note) + sizeof(ctxt[0]) * nr_vcpus + /* vcpu context */ + sizeof(struct xen_note_p2m) + sizeof(p2m_array[0]) * nr_pages; /* p2m table */ + + memset(&phdr, 0, sizeof(phdr)); + phdr.p_type = PT_NOTE; + phdr.p_flags = 0; + phdr.p_offset = offset; + phdr.p_vaddr = 0; + phdr.p_paddr = 0; + phdr.p_filesz = filesz; + phdr.p_memsz = 0; + phdr.p_align = 0; + + sts = dump_rtn(args, (char*)&phdr, sizeof(phdr)); + if ( sts != 0) + goto out; + + offset += filesz; + dummy_len = ROUNDUP(offset, PAGE_SHIFT) - offset; /* padding length */ + offset = ROUNDUP(offset, PAGE_SHIFT); + j = 0; + for (i = 0; i < max_pfn && j < nr_pages; i++) + { + if (p2m[i] == INVALID_P2M_ENTRY) + continue; + + memset(&phdr, 0, sizeof(phdr)); + phdr.p_type = PT_LOAD; + phdr.p_flags = PF_X | PF_W | PF_R; + phdr.p_offset = offset; + phdr.p_vaddr = 0; + phdr.p_paddr = i * PAGE_SIZE; + phdr.p_filesz = PAGE_SIZE; + phdr.p_memsz = PAGE_SIZE; + phdr.p_align = 0; + sts = dump_rtn(args, (char*)&phdr, sizeof(phdr)); + if ( sts != 0) + goto out; + + offset += PAGE_SIZE; + p2m_array[j].pfn = i; + p2m_array[j].gmfn = p2m[i]; + j++; + } + if ( j != nr_pages ) + PERROR("j(%ld) != nr_pages (%ld)", j, nr_pages); + + /* note section */ + memset(&note, 0, sizeof(note)); + note.namesz = strlen(XEN_NOTES) + 1; + strncpy(note.name, XEN_NOTES, sizeof(note.name)); + + /* note section:xen core header */ + note.descsz = sizeof(core_header); + note.type = NT_XEN_HEADER; + core_header.xch_magic = info.hvm ? XC_CORE_MAGIC_HVM : XC_CORE_MAGIC; + core_header.xch_nr_vcpus = nr_vcpus; + core_header.xch_nr_pages = nr_pages; + core_header.xch_page_size = PAGE_SIZE; + sts = dump_rtn(args, (char*)&note, sizeof(note)); + if ( sts != 0) + goto out; + sts = dump_rtn(args, (char*)&core_header, sizeof(core_header)); + if ( sts != 0) + goto out; + + /* note section:xen vcpu prstatus */ + note.descsz = sizeof(ctxt[0]) * nr_vcpus; + note.type = NT_XEN_PRSTATUS; + sts = dump_rtn(args, (char*)&note, sizeof(note)); + if ( sts != 0) + goto out; sts = dump_rtn(args, (char *)&ctxt, sizeof(ctxt[0]) * nr_vcpus); if ( sts != 0 ) - goto error_out; - - if ( (page_array = malloc(nr_pages * sizeof(xen_pfn_t))) == NULL ) - { - IPRINTF("Could not allocate memory\n"); - goto error_out; - } - if ( xc_get_pfn_list(xc_handle, domid, page_array, nr_pages) != nr_pages ) - { - IPRINTF("Could not get the page frame list\n"); - goto error_out; - } - sts = dump_rtn(args, (char *)page_array, nr_pages * sizeof(xen_pfn_t)); - if ( sts != 0 ) - goto error_out; - + goto out; + + /* note section:create p2m table */ + note.descsz = sizeof(p2m_array[0]) * nr_pages; + note.type = NT_XEN_P2M; + sts = dump_rtn(args, (char*)&note, sizeof(note)); + if ( sts != 0 ) + goto out; + sts = dump_rtn(args, (char *)p2m_array, sizeof(p2m_array[0]) * nr_pages); + if ( sts != 0 ) + goto out; + /* Pad the output data to page alignment. */ memset(dummy, 0, PAGE_SIZE); - sts = dump_rtn(args, dummy, header.xch_pages_offset - dummy_len); - if ( sts != 0 ) - goto error_out; - + sts = dump_rtn(args, dummy, dummy_len); + if ( sts != 0 ) + goto out; + + /* dump pages */ for ( dump_mem = dump_mem_start, i = 0; i < nr_pages; i++ ) { - copy_from_domain_page(xc_handle, domid, page_array[i], dump_mem); + copy_from_domain_page(xc_handle, domid, p2m_array[i].gmfn, dump_mem); dump_mem += PAGE_SIZE; if ( ((i + 1) % DUMP_INCREMENT == 0) || ((i + 1) == nr_pages) ) { sts = dump_rtn(args, dump_mem_start, dump_mem - dump_mem_start); if ( sts != 0 ) - goto error_out; + goto out; dump_mem = dump_mem_start; } } + sts = 0; + +out: + if ( p2m ) + { + if ( info.hvm ) + free( p2m ); + else + munmap(p2m, P2M_SIZE); + } free(dump_mem_start); - free(page_array); - return 0; - - error_out: - free(dump_mem_start); - free(page_array); - return -1; + free(p2m_array); + return sts; } /* Callback args for writing to a local dump file. */ diff -r 2b50acbdf01b -r 9b0918c4332e tools/libxc/xc_core.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/libxc/xc_core.h Mon Jan 15 17:52:52 2007 +0900 @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2006 Isaku Yamahata <yamahata at valinux co jp> + * VA Linux Systems Japan K.K. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#ifndef XC_CORE_H +#define XC_CORE_H + +#define XEN_NOTES "XEN CORE" + +/* Notes used in xen core*/ +#define NT_XEN_HEADER 7 +#define NT_XEN_PRSTATUS 8 +#define NT_XEN_P2M 9 + + +struct xen_note { + uint32_t namesz; + uint32_t descsz; + uint32_t type; + char name[12]; /* to hold XEN_NOTES and 64bit aligned. + * 8 <= sizeof(XEN_NOTES) < 12 + */ +}; + + +struct xen_core_header_desc { + uint64_t xch_magic; + uint64_t xch_nr_vcpus; + uint64_t xch_nr_pages; + uint64_t xch_page_size; +}; + +struct p2m { + xen_pfn_t pfn; + xen_pfn_t gmfn; +}; + + +struct xen_core_header { + struct xen_note note; + struct xen_core_header_desc core_header; +}; + +struct xen_note_prstatus { + struct xen_note note; + vcpu_guest_context_t ctxt[0]; +}; + +struct xen_note_p2m { + struct xen_note note; + struct p2m p2m[0]; +}; + +#endif /* XC_CORE_H */ + +/* + * Local variables: + * mode: C + * c-set-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff -r 2b50acbdf01b -r 9b0918c4332e tools/libxc/xenctrl.h --- a/tools/libxc/xenctrl.h Sun Jan 14 17:22:24 2007 +0000 +++ b/tools/libxc/xenctrl.h Mon Jan 15 17:52:52 2007 +0900 @@ -513,6 +513,10 @@ unsigned long xc_translate_foreign_addre unsigned long xc_translate_foreign_address(int xc_handle, uint32_t dom, int vcpu, unsigned long long virt); +/** + * DEPRECATED. Avoid using this, as it does not correctly account for PFNs + * without a backing MFN. + */ int xc_get_pfn_list(int xc_handle, uint32_t domid, xen_pfn_t *pfn_buf, unsigned long max_pfns); diff -r 2b50acbdf01b -r 9b0918c4332e tools/libxc/xg_private.h --- a/tools/libxc/xg_private.h Sun Jan 14 17:22:24 2007 +0000 +++ b/tools/libxc/xg_private.h Mon Jan 15 17:52:52 2007 +0900 @@ -119,6 +119,25 @@ typedef unsigned long l4_pgentry_t; (((_a) >> L4_PAGETABLE_SHIFT) & (L4_PAGETABLE_ENTRIES - 1)) #endif +#define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1)) + +/* Size in bytes of the P2M (rounded up to the nearest PAGE_SIZE bytes) */ +#define P2M_SIZE ROUNDUP((max_pfn * sizeof(xen_pfn_t)), PAGE_SHIFT) + +/* Number of xen_pfn_t in a page */ +#define fpp (PAGE_SIZE/sizeof(xen_pfn_t)) + +/* Number of entries in the pfn_to_mfn_frame_list_list */ +#define P2M_FLL_ENTRIES (((max_pfn)+(fpp*fpp)-1)/(fpp*fpp)) + +/* Number of entries in the pfn_to_mfn_frame_list */ +#define P2M_FL_ENTRIES (((max_pfn)+fpp-1)/fpp) + +/* Size in bytes of the pfn_to_mfn_frame_list */ +#define P2M_FL_SIZE ((P2M_FL_ENTRIES)*sizeof(unsigned long)) + +#define INVALID_P2M_ENTRY (~0UL) + struct domain_setup_info { uint64_t v_start; diff -r 2b50acbdf01b -r 9b0918c4332e tools/libxc/xg_save_restore.h --- a/tools/libxc/xg_save_restore.h Sun Jan 14 17:22:24 2007 +0000 +++ b/tools/libxc/xg_save_restore.h Mon Jan 15 17:52:52 2007 +0900 @@ -82,7 +82,6 @@ static int get_platform_info(int xc_hand */ #define PFN_TO_KB(_pfn) ((_pfn) << (PAGE_SHIFT - 10)) -#define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1)) /* @@ -95,25 +94,5 @@ static int get_platform_info(int xc_hand #define M2P_SIZE(_m) ROUNDUP(((_m) * sizeof(xen_pfn_t)), M2P_SHIFT) #define M2P_CHUNKS(_m) (M2P_SIZE((_m)) >> M2P_SHIFT) -/* Size in bytes of the P2M (rounded up to the nearest PAGE_SIZE bytes) */ -#define P2M_SIZE ROUNDUP((max_pfn * sizeof(xen_pfn_t)), PAGE_SHIFT) - -/* Number of xen_pfn_t in a page */ -#define fpp (PAGE_SIZE/sizeof(xen_pfn_t)) - -/* Number of entries in the pfn_to_mfn_frame_list */ -#define P2M_FL_ENTRIES (((max_pfn)+fpp-1)/fpp) - -/* Size in bytes of the pfn_to_mfn_frame_list */ -#define P2M_FL_SIZE ((P2M_FL_ENTRIES)*sizeof(unsigned long)) - -/* Number of entries in the pfn_to_mfn_frame_list_list */ -#define P2M_FLL_ENTRIES (((max_pfn)+(fpp*fpp)-1)/(fpp*fpp)) - /* Returns TRUE if the PFN is currently mapped */ #define is_mapped(pfn_type) (!((pfn_type) & 0x80000000UL)) - -#define INVALID_P2M_ENTRY (~0UL) - - - -- yamahata

18 years

3
7
0 / 0

test results of latest 4.0-3.16.sym.patch (ia64)

by Dave Anderson

Hi Castor, Testing this latest patch on an ia64, there is improvement over the original, but for one particular module, I get an abort that was generated from glibc that I have never encountered before. I saw it the first time when running "mod -S", and subsequently narrowed it down to the ipv6 module. Check this out: # ./crash crash 4.0-3.16 Copyright (C) 2002, 2003, 2004, 2005, 2006 Red Hat, Inc. Copyright (C) 2004, 2005, 2006 IBM Corporation Copyright (C) 1999-2006 Hewlett-Packard Co Copyright (C) 2005, 2006 Fujitsu Limited Copyright (C) 2006 VA Linux Systems Japan K.K. Copyright (C) 2005 NEC Corporation Copyright (C) 1999, 2002 Silicon Graphics, Inc. Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. This program is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Enter "help copying" to see the conditions. This program has absolutely no warranty. Enter "help warranty" for details. GNU gdb 6.1 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "ia64-unknown-linux-gnu"... KERNEL: /usr/lib/debug/lib/modules/2.6.18-1.2767.el5/vmlinux DUMPFILE: /dev/mem CPUS: 64 DATE: Wed Jan 3 10:43:04 2007 UPTIME: 01:40:46 LOAD AVERAGE: 0.15, 0.11, 0.17 TASKS: 629 NODENAME: altix3.lab.boston.redhat.com RELEASE: 2.6.18-1.2767.el5 VERSION: #1 SMP Wed Nov 29 17:38:14 EST 2006 MACHINE: ia64 (1500 Mhz) MEMORY: 122.5 GB PID: 10699 COMMAND: "crash" TASK: e00000b04e300000 [THREAD_INFO: e00000b04e301040] CPU: 7 STATE: TASK_RUNNING (ACTIVE) crash> mod -l MODULE NAME SIZE OBJECT FILE a00000021e189c00 ehci_hcd 204860 (not loaded) [CONFIG_KALLSYMS] a00000021e1bd100 uhci_hcd 185680 (not loaded) [CONFIG_KALLSYMS] a00000021e1efb00 ohci_hcd 179956 (not loaded) [CONFIG_KALLSYMS] a00000021e23cb00 dm_zero 134640 (not loaded) [CONFIG_KALLSYMS] a00000021e287700 jbd 262432 (not loaded) [CONFIG_KALLSYMS] a00000021e2b9580 sd_mod 170772 (not loaded) [CONFIG_KALLSYMS] a00000021e303380 qla1280 276848 (not loaded) [CONFIG_KALLSYMS] a00000021e374300 ext3 414624 (not loaded) [CONFIG_KALLSYMS] a00000021e3d9600 scsi_mod 387008 (not loaded) [CONFIG_KALLSYMS] a00000021e418980 mptbase 235792 (not loaded) [CONFIG_KALLSYMS] a00000021e44c780 scsi_transport_spi 183672 (not loaded) [CONFIG_KALLSYMS] a00000021e47ec80 mptscsih 176288 (not loaded) [CONFIG_KALLSYMS] a00000021e4ab700 mptspi 162536 (not loaded) [CONFIG_KALLSYMS] a00000021e4e1580 scsi_transport_fc 203748 (not loaded) [CONFIG_KALLSYMS] a00000021e5fcd00 dm_mod 253328 (not loaded) [CONFIG_KALLSYMS] a00000021e718e80 qla2xxx 1090472 (not loaded) [CONFIG_KALLSYMS] a00000021e825680 dm_mirror 187608 (not loaded) [CONFIG_KALLSYMS] a00000021e857480 autofs4 178336 (not loaded) [CONFIG_KALLSYMS] a00000021e884800 dm_snapshot 167224 (not loaded) [CONFIG_KALLSYMS] a00000021e8b1a00 lp 156512 (not loaded) [CONFIG_KALLSYMS] a00000021e8fdc00 cdrom 206776 (not loaded) [CONFIG_KALLSYMS] a00000021e935400 sg 203464 (not loaded) [CONFIG_KALLSYMS] a00000021e96f080 ide_cd 211824 (not loaded) [CONFIG_KALLSYMS] a00000021ea6bf80 tg3 362244 (not loaded) [CONFIG_KALLSYMS] a00000021eaa6780 parport 208284 (not loaded) [CONFIG_KALLSYMS] a00000021eacef00 button 144200 (not loaded) [CONFIG_KALLSYMS] a00000021eb10980 parport_pc 184504 (not loaded) [CONFIG_KALLSYMS] a00000021eb3e400 vfat 157504 (not loaded) [CONFIG_KALLSYMS] a00000021eb9a280 fat 239936 (not loaded) [CONFIG_KALLSYMS] a00000021ecd6880 sunrpc 468360 (not loaded) [CONFIG_KALLSYMS] a00000021ee3ad80 ipv6 1141140 (not loaded) [CONFIG_KALLSYMS] a00000021ee9f580 bluetooth 375704 (not loaded) [CONFIG_KALLSYMS] a00000021eeef880 l2cap 310456 (not loaded) [CONFIG_KALLSYMS] a00000021ef48680 rfcomm 347144 (not loaded) [CONFIG_KALLSYMS] a00000021ef97980 hidp 294256 (not loaded) [CONFIG_KALLSYMS] crash> mod -s ipv6 *** glibc detected *** ./crash: realloc(): invalid next size: 0x6000000001921fc0 *** ======= Backtrace: ========= /lib/libc.so.6.1[0x20000000002f2a70] /lib/libc.so.6.1(realloc-0x1cb0b0)[0x20000000002f5e20] ./crash(xmrealloc+0x1fffffffffee6c40)[0x40000000003a7b20] ./crash[0x40000000002ff3a0] ./crash[0x4000000000422000] ./crash(cmd_func+0x1ffffffffff61430)[0x4000000000422320] ./crash(execute_command+0x1fffffffffee2410)[0x40000000003a3310] ./crash(gdb_command_funnel+0x1fffffffffe2f900)[0x40000000002f0810] ./crash(gdb_interface+0x1fffffffffcd7590)[0x40000000001984b0] ./crash[0x4000000000235af0] ./crash(load_module_symbols+0x1fffffffffd748f0)[0x4000000000235820] ./crash[0x4000000000175820] ./crash(cmd_mod+0x2000000000129d68)[0x4000000000174930] ./crash(exec_command+0x1fffffffffb99db0)[0x400000000005acf0] ./crash(main_loop+0x1fffffffffb9a2e0)[0x400000000005a8e0] ./crash(current_interp_command_loop+0x200000000001fb90)[0x40000000004e0ae0] ./crash[0x4000000000319820] ./crash[0x400000000039f1d0] ./crash[0x40000000003a4080] ./crash(catch_errors+0x1fffffffffee31e0)[0x40000000003a4140] ./crash[0x400000000031a790] ./crash[0x400000000039f1d0] ./crash[0x40000000003a4080] ./crash(catch_errors+0x1fffffffffee31e0)[0x40000000003a4140] ./crash(gdb_main+0x1fffffffffe587d0)[0x4000000000319740] ./crash(gdb_main_entry+0x1fffffffffe58860)[0x40000000003197e0] ./crash(gdb_main_loop+0x1fffffffffcd54e0)[0x4000000000196470] ./crash(main+0x1fffffffffb99820)[0x400000000005a330] /lib/libc.so.6.1(__libc_start_main-0x2818e0)[0x200000000023f6c0] ./crash(_start+0x1fffffffffb95250)[0x4000000000056200] ======= Memory map: ======== 00000000-00004000 r--p 00000000 00:00 0 2000000000000000-2000000000038000 r-xp 00000000 fd:00 10256390 /lib/ld-2.5.so 2000000000044000-2000000000050000 rw-p 00034000 fd:00 10256390 /lib/ld-2.5.so 2000000000050000-2000000000114000 r-xp 00000000 fd:00 10256405 /lib/libm-2.5.so 2000000000114000-2000000000120000 ---p 000c4000 fd:00 10256405 /lib/libm-2.5.so 2000000000120000-2000000000124000 rw-p 000c0000 fd:00 10256405 /lib/libm-2.5.so 2000000000124000-20000000001b0000 r-xp 00000000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001b0000-20000000001bc000 ---p 0008c000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001bc000-20000000001cc000 rw-p 00088000 fd:00 10883077 /usr/lib/libncurses.so.5.5 20000000001cc000-20000000001d0000 rw-p 20000000001cc000 00:00 0 20000000001d0000-20000000001d8000 r-xp 00000000 fd:00 10256403 /lib/libdl-2.5.so 20000000001d8000-20000000001e4000 ---p 00008000 fd:00 10256403 /lib/libdl-2.5.so 20000000001e4000-20000000001e8000 rw-p 00004000 fd:00 10256403 /lib/libdl-2.5.so 20000000001e8000-200000000020c000 r-xp 00000000 fd:00 10882711 /usr/lib/libz.so.1.2.3 200000000020c000-2000000000218000 ---p 00024000 fd:00 10882711 /usr/lib/libz.so.1.2.3 2000000000218000-200000000021c000 rw-p 00020000 fd:00 10882711 /usr/lib/libz.so.1.2.3 200000000021c000-2000000000480000 r-xp 00000000 fd:00 10256397 /lib/libc-2.5.so 2000000000480000-200000000048c000 ---p 00264000 fd:00 10256397 /lib/libc-2.5.so 200000000048c000-2000000000498000 rw-p 00260000 fd:00 10256397 /lib/libc-2.5.so 2000000000498000-20000000004d8000 rw-p 2000000000498000 00:00 0 20000000004d8000-2000000003c1c000 r--p 00000000 fd:00 10882710 /usr/lib/locale/locale-archive 2000000003c1c000-2000000003c2c000 rw-p 2000000003c1c000 00:00 0 2000000003c38000-2000000003c44000 r-xp 00000000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c44000-2000000003c50000 ---p 0000c000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c50000-2000000003c54000 rw-p 00008000 fd:00 10256427 /lib/libthread_db-1.0.so 2000000003c54000-2000000003c58000 rw-p 2000000003c54000 00:00 0 2000000003c6c000-2000000003da0000 rw-p 2000000003c6c000 00:00 0 2000000003da0000-2000000003dbc000 r-xp 00000000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dbc000-2000000003dc8000 ---p 0001c000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dc8000-2000000003dcc000 rw-p 00018000 fd:00 10884674 /usr/lib/libunwind.so.7.0.0 2000000003dcc000-2000000003df0000 rw-p 2000000003dcc000 00:00 0 2000000003e00000-2000000003e08000 r--s 00000000 fd:00 10977539 /usr/lib/gconv/gconv-modules.cache 2000000003e08000-2000000003e18000 rw-p 2000000003e08000 00:00 0 2000000003e1c000-2000000006ecc000 rw-p 2000000003e1c000 00:00 0 2000000006ed8000-2000000006ef4000 r-xp 00000000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006ef4000-2000000006f00000 ---p 0001c000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f00000-2000000006f04000 rw-p 00018000 fd:00 10256386 /lib/libgcc_s-4.1.1-20061130.so.1 2000000006f04000-2000000006f14000 rw-p 2000000006f04000 00:00 0 2000000008000000-2000000008024000 rw-p 2000000008000000 00:00 0 2000000008024000-200000000c000000 ---p 2000000008024000 00:00 0 4000000000000000-40000000007e0000 r-xp 00000000 fd:00 9639915 /var/tmp/crash-4.0-3.16/crash 600000000000c000-600000000006c000 rw-p 007dc000 fd:00 9639915 /var/tmp/crash-4.0-3.16/crash 600000000006c000-6000000001ffc000 rw-p 600000000006c000 00:00 0 [heap] 60000fff7fffc000-60000fff80004000 rw-p 60000fff7fffc000 00:00 0 60000ffffecc0000-60000ffffed14000 rw-p 60000ffffecc0000 00:00 0 [stack] a000000000000000-a000000000020000 ---p 00000000 00:00 0 [vdso] Aborted # So I set debug to 3, and redirected the debug output to a file. It's big enough (866K) that I don't want to clutter up everybody's mailbox, so I copied it here: http://people.redhat.com/anderson/junk It reproduces the same debug output each time, which gets followed immediately by the glibc abort. Maybe it will contain some clues? Thanks, Dave

18 years

2
3
0 / 0

Re: crash can not read ia64 lkcd v9 dump

by Alan Tyson

Hi Bernard, * Bernhard Walle <bwalle suse de> [2007-01-17 10:08]: > However, that patch at least works for both SLES-10 and SLES-9 kernels > on IA-64 (I don't know why the position of dha_kernel_addr was > changed, sorry :)) and is better than recompiling crash. Maybe it also > helps you. It will be included at least in openSUSE 10.3 packages. Thank you for this. Do bear in mind that sles9's non-standard initialisation of jiffies to zero results in uptime being wrong. Also ps -t reports incorrect run time numbers too. Best wishes, Alan.

18 years

1
0
0 / 0

Why won't crash read 2.6.19.2 live system?

by Marc Milgram

I am stuck with trying to read access 2.6.19.2 when crash 4.0-3.17 starts. With debug turned on, I get: ... WARNING: cannot read linux_banner string /proc/version: Linux version 2.6.19.2MM2 (mmilgram@scipo) (gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)) #1 SMP Tue Jan 16 10:58:09 EST 2007 linux_banner: crash: kern/vmlinux and /dev/mem do not match! Usage: crash [-h [opt]][-v][-s][-i file][-d num] [-S] [mapfile] [namelist] [dumpfile] Enter "crash -h" for details. If I use the same copy of vmlinux and /dev/mem with gdb, I can read linux_banner: (gdb) p linux_banner $5 = "Linux version 2.6.19.2MM2 (mmilgram@scipo) (gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)) #1 SMP Tue Jan 16 10:58:09 EST 2007\n" I ran crash in gdb and found that read_dev_mem reads 1500 bytes of data from /dev/mem, but all the bytes are 0. Am I doing something wrong? Thanks in advance, Marc

18 years

1
1
0 / 0

Crash fails for 2.6.19.2 kernel

by Marc Milgram

I tried to use crash on a 2.6.19.2 dump, but it failed with the following complaint: crash: cannot resolve "system_utsname" I found that there is no longer a symbol by that name in 2.6.19.2. It appears to be referenced by init_urs_ns->name, but I didn't investigate fully. The important issue for me is that crash doesn't work. -Marc

18 years

2
2
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Crash-utility January 2007