Re: [Crash-utility] problem with crash utility in ubuntu
----- Original Message -----
I tried to use crash without entering the system.map or the vmlinux
since the live system use the same kernel but I got this output:
root@o:/home/amer# crash
crash 4.1.0
Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Red Hat,
Inc.
Copyright (C) 2004, 2005, 2006 IBM Corporation
Copyright (C) 1999-2006 Hewlett-Packard Co
Copyright (C) 2005, 2006 Fujitsu Limited
Copyright (C) 2006, 2007 VA Linux Systems Japan K.K.
Copyright (C) 2005 NEC Corporation
Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public
License,
and you are welcome to change it and/or distribute copies of it under
certain conditions. Enter "help copying" to see the conditions.
This program has absolutely no warranty. Enter "help warranty" for
details.
crash: cannot find booted kernel -- please enter namelist argument
Usage:
crash [-h [opt]][-v][-s][-i file][-d num] [-S] [mapfile] [namelist]
[dumpfile]
Ok, so your Ubuntu system does not put the vmlinux, or you have not
put the vmlinux file in one of the several "known" locations.
when I enter the system.map and the vmlinux , it works perfectly and
it reads from the /dev/crash. but if I specify the /dev/crash in the
argument like this:
root@o:/home/amer/Desktop# crash /boot/System.map-2.6.32-25-generic
vmlinux /dev/crash (or dd /dev/crash > image.dd)
I got this output:
crash: /dev/crash: not a supported file format
First, you're using a version of the crash utility (4.1.0) that is
well over two years old. Using "/dev/crash" on the command line has
never been supported until crash-5.1.1, which was only released 12/23/10.
5.1.1 - Fix for the potential to miss tasks when walking the pid_hash table
... [ cut ] ...
- Fix to allow "/dev/crash" to be entered on the command line for live
sessions. Because it is used automatically if it exists, it is never
necessary to enter it on the command line. However, if it is used,
without the patch, the session fails during initializaion with the
error message "crash: /dev/crash: No such file or directory" if the
crash.ko driver is a module (RHEL4/RHEL5), or "crash: /dev/crash:
not a supported file format" if the driver is built into the kernel
(RHEL6).
(anderson(a)redhat.com)
I don't know If I'm missing something ,but the link below shows that
dd /dev/crash > image.dd can work in crash
http://gleeda.blogspot.com/2009/08/devcrash-driver.html
Well, that refers to a patched derivative of the crash utility.
I can assure you that using the output of a bunch of bytes
with no header has *never* been supported as a dumpfile type from
the versions posted upstream at http://people.redhat.com/anderson.
Note that in that blog, there is this:
Now let's test the newly obtained memory dump to see if it works.
I'm going to use the RH Crash Utility with the volatile patch which you can find
here:
# ./crash -f /boot/System.map-2.6.27-14-generic /usr/src/linux-source-2.6.27/vmlinux
crash.dd --volatile
crash 4.0-8.9
Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Red Hat, Inc.
...
I can also assure you that the upstream crash utility has never had
a "--volatile" command line argument, so perhaps that "volatile
patch"
has something to do with it?
Dave
Thanks for help Dave, and looking forward to your feedback,
Amer