Hi,

> This looks like an error to me. According to the above errno value, you
> tried to read a file that's not there? But maybe it's just a stall errno
> value as we don't reset it prior to calling read(). To clarify, can you
> please provide the output of running 'strace crash ....'?


Please found below strace,read size only 232,it's less then "SAFE_NETDUMP_ELF_HEADER_SIZE".

open("DDRCS0_0.BIN", O_RDONLY)          = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=2147483648, ...}) = 0
open("DDRCS1_0.BIN", O_RDONLY)          = 4
fstat(4, {st_mode=S_IFREG|0744, st_size=2147483648, ...}) = 0
open("/var/tmp/ramdump_elf_viw34m", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
write(5, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\4\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 232) = 232
close(5)                                = 0
open("/var/tmp/ramdump_elf_viw34m", O_RDWR) = 5
read(5, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\4\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 304) = 232
dup(2)                                  = 6
fcntl(6, F_GETFL)                       = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat(6, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
write(6, "/var/tmp/ramdump_elf_viw34m: ELF"..., 72/var/tmp/ramdump_elf_viw34m: ELF header read: No such file or directory
) = 72
close(6)                                = 0
close(5)                                = 0
write(1, "crash: malformed ELF file: /var/"..., 55crash: malformed ELF file: /var/tmp/ramdump_elf_viw34m
) = 55
write(1, "\nUsage:\n\n", 9
Usage:

)             = 9
write(1, "  crash [OPTION]... NAMELIST MEM"..., 68  crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS] (dumpfile form)
) = 68
write(1, "  crash [OPTION]... [NAMELIST]  "..., 64  crash [OPTION]... [NAMELIST]              (live system form)
) = 64
write(1, "\n", 1
)                       = 1
write(1, "Enter \"crash -h\" for details.\n", 30Enter "crash -h" for details.
) = 30
unlink("/var/tmp/ramdump_elf_viw34m")   = 0
exit_group(1)                           = ?
+++ exited with 1 +++

Anyhow,this change introduces a regression to the code that's following, which
assumes the full 'size' was read, like the sanity checks for finding the
PT_NOTE program header. So you should either update 'size' so it mirrors
the actual bytes read or double-check that the kdump file you're trying
> to analyze is actually a real one.

After apply the patch,issue is gone,so it's not kdump files problem.
How about below patch set?

commit 8daecb704fa37a17e3c5294e35e593bfc1545016
Author: Qianli Zhao <zhaoqianli@xiaomi.com>
Date:   Mon Nov 30 17:17:32 2020 +0800

    netdump: bugfix for read elf header
    
    Without the patch,errors may occur in reading the ELF header,
    causing the parsing to fail.header file size may smaller than
    SAFE_NETDUMP_ELF_HEADER_SIZE
    
    Signed-off-by: Qianli Zhao <zhaoqianli@xiaomi.com>

diff --git a/netdump.c b/netdump.c
index c76d9dd..2e3e255 100644
--- a/netdump.c
+++ b/netdump.c
@@ -142,7 +142,7 @@ is_netdump(char *file, ulong source_query)
                if (!read_flattened_format(fd, 0, eheader, size))
                        goto bailout;
        } else {
-               if (read(fd, eheader, size) != size) {
+               if ((size = read(fd, eheader, size)) < MIN_NETDUMP_ELF_HEADER_SIZE) {
                        sprintf(buf, "%s: ELF header read", file);
                        perror(buf);
                        goto bailout;



From: crash-utility-bounces@redhat.com <crash-utility-bounces@redhat.com> on behalf of Mathias Krause <minipli@grsecurity.net>
Sent: Monday, November 30, 2020 20:28
To: Qianli Zhao; crash-utility@redhat.com
Subject: [External Mail][????] Re: [Crash-utility] [PATCH] netdump: bugfix for read elf header
 
Hi,

Am 30.11.20 um 11:56 schrieb Qianli Zhao:
> From: Qianli Zhao <zhaoqianli@xiaomi.com>
>
> Without the patch,errors may occur in reading the ELF header,
> causing the parsing to fail.
>
> Signed-off-by: Qianli Zhao <zhaoqianli@xiaomi.com>
> ---
> When i use crash to parsing a kdump,i got below error.
> This error occurs because of the read header less then SAFE_NETDUMP_ELF_HEADER_SIZE,
> But can read MIN_NETDUMP_ELF_HEADER_SIZE bytes from the file correctly.
> this issue is introduced due to commit:f42db6a33f0e0652df7cce8506352745b4794287
>
> crash 7.2.9
> Copyright (C) 2002-2020  Red Hat, Inc.
> Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
> Copyright (C) 1999-2006  Hewlett-Packard Co
> Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
> Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
> Copyright (C) 2005, 2011  NEC Corporation
> Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
> Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
> This program is free software, covered by the GNU General Public License,
> and you are welcome to change it and/or distribute copies of it under
> certain conditions.  Enter "help copying" to see the conditions.
> This program has absolutely no warranty.  Enter "help warranty" for details.


> /var/tmp/ramdump_elf_B2R4cQ: ELF header read: No such file or directory
> crash: malformed ELF file: /var/tmp/ramdump_elf_B2R4cQ

This looks like an error to me. According to the above errno value, you
tried to read a file that's not there? But maybe it's just a stall errno
value as we don't reset it prior to calling read(). To clarify, can you
please provide the output of running 'strace crash ....'?

>
> Usage:
>
>   crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS]   (dumpfile form)
>   crash [OPTION]... [NAMELIST]                         (live system form)
>
> Enter "crash -h" for details.
>
> ---
>  netdump.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/netdump.c b/netdump.c


> diff --git a/netdump.c b/netdump.c
> index c76d9dd..cb0af41 100644
> --- a/netdump.c
> +++ b/netdump.c
> @@ -142,7 +142,7 @@ is_netdump(char *file, ulong source_query)
>                if (!read_flattened_format(fd, 0, eheader, size))
>                        goto bailout;
>        } else {
> -             if (read(fd, eheader, size) != size) {
> +             if (read(fd, eheader, size) < MIN_NETDUMP_ELF_HEADER_SIZE) {

size -- which is set to SAFE_NETDUMP_ELF_HEADER_SIZE here -- is only 128
bytes more than MIN_NETDUMP_ELF_HEADER_SIZE. This means, if the above
change really fixes your issue, you're trying to open a very small file
that barely carries any useful information beside its header. Anyhow,
this change introduces a regression to the code that's following, which
assumes the full 'size' was read, like the sanity checks for finding the
PT_NOTE program header. So you should either update 'size' so it mirrors
the actual bytes read or double-check that the kdump file you're trying
to analyze is actually a real one.

Thanks,
Mathias

>                        sprintf(buf, "%s: ELF header read", file);
>                        perror(buf);
>                        goto bailout;
>


--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility

#/******本邮件及其附件含有小米公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件! This e-mail and its attachments contain confidential information from XIAOMI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!******/#