initialization. In the unlikely case where the ordering of module
symbol name strings does not match the order of the kernel_symbol
structures, a faulty module symbol list entry may be created that
contains a bogus name string.
(sebastien.piechurski@bull.net)
to the kernel text symbol in a backtrace is contained within the
"[PC: <address> [<symbol+offset>]" line of an exception frame
dump. Without the patch, the reference will only be picked up if
the PC's hexadecimal address value is used.
(anderson@redhat.com)
to the kernel text symbol in a backtrace is contained within the
"[exception RIP: <symbol+offset>]" line of an exception frame
dump. Without the patch, the reference will only be picked up if
the exception RIP's hexadecimal value is used.
(anderson@redhat.com)
unlikely case where the symbol's name string is composed entirely of
hexadecimal characters. For example, without the patch, "dis f"
fails with the error message "dis: WARNING: f: no associated kernel
symbol found" followed by "0xf: Cannot access memory at address 0xf".
(anderson@redhat.com)
unlikely case where the symbol's name string is composed entirely of
hexadecimal characters. For example, without the patch, "sym e820"
fails with the error message "sym: invalid address: e820".
(anderson@redhat.com)
"bt" option, which can be accessed using "bt -o", and where "bt -O"
will toggle the original and optional methods as the default. The
original backtrace method has adopted two changes/features from
the optional method:
(1) ORIG_X0 and SYSCALLNO registers are not displayed in kernel
exception frames.
(2) stackframe entry text locations are modified to be the PC
address of the branch instruction instead of the subsequent
"return" PC address contained in the stackframe link register.
Accordingly, these are the essential differences between the original
and optional methods:
(1) optional: the backtrace will start with the IPI exception frame
located on the process stack.
(2) original: the starting point of backtraces for the active,
non-crashing, tasks, will continue to have crash_save_cpu()
on the IRQ stack as the starting point.
(3) optional: the exception entry stackframe adjusted to be located
farther down in the IRQ stack.
(4) optional: bt -f does not display IRQ stack memory above the
adjusted exception entry stackframe.
(5) optional: may display "(Next exception frame might be wrong)".
(takahiro.akashi@linaro.org, anderson@redhat.com)
Linux 4.7 kernel commit dcb0b5575d24 that changed the bit index for
the TRACE_EVENT_FL_TRACEPOINT flag. Without the patch, the "extend"
command fails to load the trace.so module, with the error message
"extend: /path/to/crash/extensions/trace.so: no commands registered:
shared object unloaded". The patch reads the flag's enum value
dynamically instead of using a hard-coded value.
(namhyung@gmail.com)
attached to it. While kernel threads typically do not have an
mm_struct referencing a user-space virtual address space, they can
either temporarily reference one for a user-space copy operation, or
in the case of KVM "vhost" kernel threads, keep a reference to the
user space of the "quem-kvm" task that created them. Without the
patch, they will be mistaken for user tasks; the "bt" command will
display an invalid kernel-entry exception frame that indicates
"[exception RIP: unknown or invalid address]", the "ps" command
will not enclose the command name with brackets, and the "ps -[uk]"
and "foreach [user|kernel]" options will show the kernel thread as
a user task.
(anderson@redhat.com)
all tasks for evidence of stack overflows. It does so by verifying
the thread_info.task address, ensuring the thread_info.cpu value is
a valid cpu number, and checking the end of the stack for the
STACK_END_MAGIC value.
(anderson@redhat.com)
option when a duplicate entry is encountered. Without the patch,
the error message shows the address of the radix_tree_node that
contains the duplicate entry, for example, "tree: duplicate tree
entry: <radix_tree_node>". It has been changed to also display
the radix_tree_node.slots[] array index and the duplicate entry
value, for example, "tree: duplicate tree entry: radix_tree_node:
<radix_tree_node> slots[<index>]: <entry>".
(anderson@redhat.com)
page tables in crash-7.1.5, which fails to translate user space
virtual addresses. Without the patch, "vtop <user-space address>"
fails to translate all user-space addresses, and any command that
needs to either translate or read user-space memory, such as "vm -p",
"ps -a", and "rd -u" will fail.
(anderson@redhat.com)
could be identified because of the "randomize_modules" kernel symbol,
and if it existed, the "--kaslr=<offset>" and/or "--kaslr=auto"
options were unnecessary. Since the "randomize_modules" symbol was
removed in Linux 4.1, this patch has replaced the KASLR identifier
with the "module_load_offset" symbol, which was also introduced in
Linux 3.15, but still remains.
(anderson@redhat.com)
layout and associated KASLR support that was introduced in Linux 4.6.
The kernel text and static data has been moved from unity-mapped
memory into the vmalloc region, and its start address can be
randomized if CONFIG_RANDOMIZE_BASE is configured. Related support
is being put into the kernel's kdump code, the kexec-tools package,
and makedumpfile(8); with that in place, the analysis of Linux 4.6
ARM64 dumpfiles with or without KASLR enabled should work normally
by entering "crash vmlinux vmcore". On live systems, Linux 4.6 ARM64
kernels will only work automatically if CONFIG_RANDOMIZE_BASE is not
configured. Unfortunately, if CONFIG_RANDOMIZE_BASE is configured
on a live system, two --machdep command line arguments are required,
at least for the time being. The arguments are:
--machdep phys_offset=<base physical address>
--machdep kimage_voffset=<kernel kimage_voffset value>
Without the patch, any attempt to analyze a Linux 4.6 ARM64 kernel
fails during initialization with a stream of "read error" messages
followed by "crash: vmlinux and vmcore do not match!".
(takahiro.akashi@linaro.org)
are not configured with CONFIG_FUNCTION_GRAPH_TRACER. Without the
patch, backtraces that originate from a per-cpu IRQ stack will dump
an invalid exception frame before transitioning to the process stack.
(anderson@redhat.com)
use per-cpu IRQ stacks. Without the patch, if an active non-crashing
task was running in user space when it received the shutdown IPI from
the crashing task, the "-- <IRQ stack> ---" transition marker from
the IRQ stack to the process stack is not displayed, and a message
indicating "bt: WARNING: arm64_unwind_frame: on IRQ stack: oriq_sp:
<address> fp: 0 (?)" gets displayed.
(anderson@redhat.com)
called panic(). Without the patch, the backtrace may fail with a
message such as "bt: WARNING: corrupt prstatus? pstate=0x20000000,
but no user frame found" followed by "bt: WARNING: cannot determine
starting stack frame for task <address>". The pstate register
warning will still be displayed (as it is essentially a kdump bug),
but the backtrace will proceed normally.
(anderson@redhat.com)
renamed the page._count member to page._refcount. Without the patch,
certain "kmem" commands fail with the "kmem: invalid structure member
offset: page_count".
(anderson@redhat.com)
has appended a NULL entry as the final member of the pageflag_names[]
array. Without the patch, a message that indicates "crash: failed to
read pageflag_names entry" is displayed during session initialization
in Linux 4.6 kernels.
(andrej.skvortzov@gmail.com)
sections used for live migration of KVM guests, which are seen in
the "kvmdump" format generated if "virsh dump" is used without the
"--memory-only" option.
(pagupta@redhat.com)
--memory-only" facility if the guest kernel was not configured with
CONFIG_KEXEC, or CONFIG_KEXEC_CORE in Linux 4.3 and later kernels.
Without the patch, the crash session fails during initialization with
the message "crash: cannot resolve kexec_crash_image".
(hirofumi@mail.parknet.co.jp)
are specified by the QEMU mem-path argument of a memory-backend-file
object. This allows the running of a live crash session against a
QEMU guest from the host machine. In this example, the /tmp/MEM file
on a QEMU host represents the guest's physical memory:
$ qemu-kvm ...other-options... \
-object memory-backend-file,id=MEM,size=128m,mem-path=/tmp/MEM,share=on \
-numa node,memdev=MEM -m 128
and a live session run can be run against the guest kernel like so:
$ crash <path-to-guest-vmlinux> live:/tmp/MEM@0
By prepending the ramdump image name with "live:", the crash session will
act as if it were running a normal live session.
(oleg@redhat.com)
version supports running against a live kernel. Compressed kdump
support is also here, but the crash dump support for the kernel,
kexec-tools, and makedumpfile is still pending. Initial work was
done by Karl Volz with help from Bob Picco.
(dave.kleikamp@oracle.com)
pte_present() function, which checks for either _PAGE_PRESENT or
_PAGE_PROTNONE to be set. Without the patch, user pages whose PTE
does not have _PAGE_PRESENT bit set are misconstrued as SWAP pages
with an "(unknown swap location") along with a bogus OFFSET value.
(anderson@redhat.com)
Without the patch, if a freelist pointer is corrupt, the address of
the slab page being referenced may not be displayed by the error
message, showing something like: "kmem: kmalloc-32: slab: 0 invalid
freepointer: 6e652f323a302d74".
(hirofumi@mail.parknet.co.jp)
Without the patch, the count displayed in the ALLOCATED column may
be too large, and the "kmem -S" display of allocated/free status of
individual objects may be incorrect.
(hirofumi@mail.parknet.co.jp)
of major(), minor() and makedev(). These functions are defined
in the sys/sysmacros.h header, not sys/types.h. Linux C libraries
are updating to drop the implicit include, so we need to include
it explicitly.
(vapier@gentoo.org)
version of the gdb-7.6.patch in a pre-existing build directory.
Without the patch, it is possible that a previously-applied patch
could be applied a second time without the fuzz restriction.
(anderson@redhat.com)
option searches for data structures of a specified size or within a
range of specified sizes. The -m option searches for data structures
that contain a member of a given type. If a structure contains
another structure, the members of the embedded structure will also
be subject to the search. The type string may be a substring of the
data type name. The output displays the size and name of the data
structure.
(Alexandr_Terekhov@epam.com, anderson@redhat.com)
previous patch:
memory.c: In function ‘count_cpu_partial’:
memory.c:17958: warning: comparison is always false due to limited
range of data type
memory.c: In function ‘count_partial’:
memory.c:18729: warning: comparison is always false due to limited
range of data type
(anderson@redhat.com)
kmem_cache shown by "kmem -s" in kernels configured with CONFIG_SLUB.
Without the patch, the values under the ALLOCATED column may be too
large because cached per-cpu objects are counted as allocated.
(vinayakm.list@gmail.com)
address is the highest text symbol value in a kernel module. Without
the patch, the disassembly may continue past the end of the function,
or may show nothing at all. The patch utilizes in-kernel kallsyms
symbol size information instead of disassembling until reaching the
address of the next symbol in the module.
(anderson@redhat.com)
this kernel commit for Linux 4.5 and later kernels:
commit 8244062ef1e54502ef55f54cced659913f244c3e
modules: fix longstanding /proc/kallsyms vs module insertion race.
Without the patch, the crash session fails during initialization
with the error message: "crash: invalid structure member offset:
module_num_symtab".
(anderson@redhat.com)
cpu_possible_mask, cpu_present_mask and cpu_active_mask symbols in
the kernel commit for Linux 4.5 and later kernels for when the
crash session is brought up with "crash -d<debug-level>". Without
the patch, the cpus found in each mask are displayed like this
example:
cpu_possible_(null): cpus: 0 1 2 3 4 5 6 7
cpu_present_(null): cpus: 0 1
cpu_online_(null): cpus: 0 1
cpu_active_(null): cpus: 0 1
The "(null)" string segments above should read "mask".
(anderson@redhat.com)
are generated by the following files, when building X86_64 in a
Fedora Rawhide environment with gcc-6.0.0:
gdb-7.6/gdb/ada-lang.c
gdb-7.6/gdb/linux-record.c
gdb-7.6/gdb/inflow.c
gdb-7.6/gdb/printcmd.c
gdb-7.6/gdb/c-typeprint.c
Without the patch, warnings in the gdb-7.6/gdb directory are not
treated as errors, and are non-fatal to the build.
(anderson@redhat.com)
which were introduced in Linux 4.5 by this commit:
commit 132cd887b5c54758d04bf25c52fa48f45e843a30
arm64: Modify stack trace and dump for use with irq_stack
Without the patch, if an active task was operating on its per-cpu
IRQ stack on dumpfiles generated by kdump, its backtrace would start
at the exception frame that was laid down on the process stack.
This patch also adds support for "bt -E" to search IRQ stacks for
exception frames, and the "mach" command displays the addresses
of each per-cpu IRQ stack.
(anderson@redhat.com)
