Re: crash cannot read the symbols

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I tried to use crash just to read the vmlinux file without debug info.
So I used crash not correctly.
Since this is used for linux 2.4 I cannot simply get a core dump file.
In 2.6 it's relatively easy to get a core dump, the same isn't true for linux 2.4 I guess?
Thanks,

Reinoud.

-----Original Message-----
From: crash-utility-bounces@xxxxxxxxxx [mailto:crash-utility-bounces@xxxxxxxxxx] On Behalf Of Dave Anderson
Sent: Wednesday, September 21, 2011 6:00 AM
To: Discussion list for crash utility usage, maintenance and development
Subject: Re:  crash cannot read the symbols



----- Original Message -----
> Hmm, the /dev/mem does not reflect the kernel and symbols I am trying 
> to read, because I do not have a core dump of the crash.
> I just tried to read the kernel and modules in crash to read it.

I think we have a basic misunderstanding -- although I'm not sure...

The crash utility requires two pieces:

 (1) a vmlinux file built with debuginfo data, and
 (2) a memory source -- which can be either:
     (a) a kernel core dump, or 
     (b) a device driver to access physical memory on a live system.

If analyzing a kernel core dump, the vmlinux must be the same kernel version that was running when the system crashed.

If analyzing a live system, the vmlinux must be the same kernel that is running on the live system.

When running against a core dump, the crash utility needs at least two arguments:

  $ crash vmlinux vmcore

When running against a live system, you can simply enter:

  $ crash vmlinux

because the crash utility will try to find the correct device driver, which is typically /dev/mem.  If /dev/mem is restricted to its first 1MB of physical memory, you can try to use /proc/kcore:

  $ crash vmlinux /proc/kcore

Or if that doesn't work, you can create your own /dev/crash kernel module for physical memory access.  I don't know whether the sample /dev/crash memory driver supplied with the crash utility sources will compile cleanly in a 2.4 kernel environment -- it may require some tweaking.  In the crash-5.1.8/memory_driver sub-directory, there is the memory driver's crash.c file, a Makefile, and this README file:

>  For live system analysis, the physical memory source must be one  of 
> the following devices:
>
>    /dev/mem
>    /proc/kcore
>    /dev/crash
>
>  If the live system kernel was configured with CONFIG_STRICT_DEVMEM,  
> then /dev/mem cannot be used.
>
>  If the live system kernel was configured without CONFIG_PROC_KCORE,  
> or if /proc/kcore is non-functional, then /proc/kcore cannot be used.
>
>  The third alternative is this /dev/crash driver.  Presuming that  
> /lib/modules/`uname -r`/build points to a kernel build tree or  kernel 
> "devel" package tree, the module can simply be built and  installed 
> like so:
>
>    # make
>    ...
>    # insmod crash.ko
>
>  Once installed, the /dev/crash driver will be used by default for  
> live system crash sessions.

So when you say "the /dev/mem does not reflect the kernel and symbols I am trying to read", by that I understand you to mean that the vmlinux file that you built is not the same kernel version as is running on your host machine.  If that is true, then the crash utility is not an appropriate tool for looking at your new vmlinux -- again, the crash utility expects a memory source where the vmlinux is currently running, or a core dump of the system that was running it when it crashed.

You could do this:

  $ gdb vmlinux

and then poke around the kernel's static text and data as they are initially loaded into memory.  But the crash utility cannot be used that way.

Dave

--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility

--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility


[Index of Archives]     [Fedora Development]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]

 

Powered by Linux