[Crash-utility] Module load patch for crash-4.0-3.17

Castor Fu Castor.Fu at 3pardata.com
Fri Jan 19 23:46:54 UTC 2007 

That's great!  I wonder if it would have been better to walk through
the info which is stored by CONFIG_KALLSYMS.  That would probably
work better in the s390x case... However, as bugzilla says,
"worksforme".
 
    -castor

________________________________

From: anderson at redhat.com [mailto:anderson at redhat.com] 
Sent: Thursday, January 18, 2007 7:27 AM
To: Discussion list for crash utility usage, maintenance and
development; Castor Fu
Subject: Re: [Crash-utility] Module load patch for crash-4.0-3.17


  
Hey Castor, 

This also looks good on ppc64. 

I'm slowly convincing myself that that this facility should be 
executed by default -- but with an option to turn it *off*...    ;-) 

Dave 
  

Castor Fu wrote: 

	  
	Finding the overrun wasn't actually that hard.  It's also fixed
in the current GDB tree.
	
	I've attached a patch which fixes the problem in symfile.c.  The
point of this patch
	is to fix loading kernel modules symbol information on 2.6 for
those who have not
	been following this.
	
	Hopefully this will work on other platforms too....
	
	   -castor
	
	
________________________________

	From: crash-utility-bounces at redhat.com
[mailto:crash-utility-bounces at redhat.com] On Behalf Of Castor Fu 
	Sent: Wednesday, January 17, 2007 7:49 AM 
	To: Discussion list for crash utility usage, maintenance and
development; Discussion list for crash utility usage, maintenance and
development 
	Subject: RE: [Crash-utility] test results of latest
4.0-3.16.sym.patch (ia64) 
	 

	Hi Dave: 

	I reproduced the problem on an x86 system by creating a module
with a bunch 
	of sections. 

	I then found the following in
gdb-6.1/gdb/symfile.c:add_symbol_table_command() 
	  

	    num_sec_opts = 16; 

	with additional code for xreallocing if it turned out to have
too many 
	sections. 

	This seems to be the code which is broken.  I'm loath to figure
out exactly 
	what it is...  I'll put together a patch against 4.0-3.17 which
jacks this 
	up, and probably print a warning if we exceed the count. 

	Thanks for digging so far into this. 

	   -castor 

	-----Original Message----- 
	From: crash-utility-bounces at redhat.com on behalf of Dave
Anderson 
	Sent: Thu 1/4/2007 8:22 AM 
	To: Discussion list for crash utility usage, maintenance and
development 
	Subject: Re: [Crash-utility] test results of latest
4.0-3.16.sym.patch (ia64) 
	  

	Hi Castor, 

	Another FYI re: the xrealloc() crash.  The problem appears 
	to be specific to gdb. 

	I captured the "add-symbol-file" command string and saved 
	it in an input file.  Then I brought crash up and executed 
	the input file, which simply passes the suspect command line 
	directly to gdb, and it crashes on its own: 

	crash> < /tmp/junk 
	crash> add-symbol-file
/lib/modules/2.6.18-1.2767.el5/kernel/net/ipv6/ipv6.ko
0xa00000021ed605b0 -s .exit.text 0xa00000021edb49a0 -s .rodata
0xa00000021edbd4c8 -s __ksymtab_strings 0xa00000021edbdc08 -s __versions
0xa00000021edbdf98 -s .data 0xa00000021edd6a20 -s .data.rel.ro
0xa00000021edd6c00 -s __ksymtab_gpl 0xa00000021edd6df8 -s __kcrctab_gpl
0xa00000021edd6ed8 -s .data.rel 0xa00000021edd6f48 -s .data.rel.local
0xa00000021ee39940 -s .data.rel.ro.local 0xa00000021ee3a9c0 -s
.data.read_mostly 0xa00000021ee3a9e0 -s __ksymtab 0xa00000021ee3aa60 -s
__kcrctab 0xa00000021ee3ac30 -s .gnu.linkonce.this_module
0xa00000021ee3ad80 -s .sdata 0xa00000021ee5d730 -s .bss
0xa00000021ee5b000 -s .sbss 0xa00000021ee5e8b8 
	add_symbol_file_command: calling xrealloc w/argcnt: 49 arg:
[0xa00000021ee5d730]... 
	*** glibc detected *** ./crash: realloc(): invalid next size:
0x6000000001921fe0 *** 
	======= Backtrace: ========= 
	/lib/libc.so.6.1[0x20000000002f2a70] 
	/lib/libc.so.6.1(realloc-0x1cb0b0)[0x20000000002f5e20] 
	./crash(xmrealloc+0x1fffffffffee6e20)[0x40000000003a7d00] 
	./crash[0x40000000002ff500] 
	./crash[0x40000000004221e0] 
	./crash(cmd_func+0x1ffffffffff61610)[0x4000000000422500] 
	./crash(execute_command+0x1fffffffffee25f0)[0x40000000003a34f0] 
	
./crash(gdb_command_funnel+0x1fffffffffe2feb0)[0x40000000002f0dc0] 
	./crash(gdb_interface+0x1fffffffffcd7590)[0x40000000001984b0] 
	./crash(gdb_pass_through+0x1fffffffffcd6cb0)[0x4000000000197be0]

	./crash(cmd_gdb+0x2000000000151068)[0x400000000019bbc0] 
	./crash(exec_command+0x1fffffffffb99db0)[0x400000000005acf0] 
	./crash(exec_input_file+0x1fffffffffd86d40)[0x4000000000247c90] 
	./crash[0x400000000005b420] 
	./crash(exec_command+0x1fffffffffb99e50)[0x400000000005ad90] 
	./crash(main_loop+0x1fffffffffb9a2e0)[0x400000000005a8e0] 
	
./crash(current_interp_command_loop+0x200000000001fd60)[0x40000000004e0c
c0] 
	./crash[0x40000000003199c0] 
	./crash[0x400000000039f370] 
	./crash[0x40000000003a4260] 
	./crash(catch_errors+0x1fffffffffee33b0)[0x40000000003a4320] 
	./crash[0x400000000031a930] 
	./crash[0x400000000039f370] 
	./crash[0x40000000003a4260] 
	./crash(catch_errors+0x1fffffffffee33b0)[0x40000000003a4320] 
	./crash(gdb_main+0x1fffffffffe58960)[0x40000000003198e0] 
	./crash(gdb_main_entry+0x1fffffffffe589f0)[0x4000000000319980] 
	./crash(gdb_main_loop+0x1fffffffffcd54d0)[0x4000000000196470] 
	./crash(main+0x1fffffffffb99820)[0x400000000005a330] 
	/lib/libc.so.6.1(__libc_start_main-0x2818f0)[0x200000000023f6c0]

	./crash(_start+0x1fffffffffb95240)[0x4000000000056200] 
	======= Memory map: ======== 
	00000000-00004000 r--p 00000000 00:00 0 
	2000000000000000-2000000000038000 r-xp 00000000 fd:00 10256390
/lib/ld-2.5.so 
	2000000000044000-2000000000050000 rw-p 00034000 fd:00 10256390
/lib/ld-2.5.so 
	2000000000050000-2000000000114000 r-xp 00000000 fd:00 10256405
/lib/libm-2.5.so 
	2000000000114000-2000000000120000 ---p 000c4000 fd:00 10256405
/lib/libm-2.5.so 
	2000000000120000-2000000000124000 rw-p 000c0000 fd:00 10256405
/lib/libm-2.5.so 
	2000000000124000-20000000001b0000 r-xp 00000000 fd:00 10883077
/usr/lib/libncurses.so.5.5 
	20000000001b0000-20000000001bc000 ---p 0008c000 fd:00 10883077
/usr/lib/libncurses.so.5.5 
	20000000001bc000-20000000001cc000 rw-p 00088000 fd:00 10883077
/usr/lib/libncurses.so.5.5 
	20000000001cc000-20000000001d0000 rw-p 20000000001cc000 00:00 0 
	20000000001d0000-20000000001d8000 r-xp 00000000 fd:00 10256403
/lib/libdl-2.5.so 
	20000000001d8000-20000000001e4000 ---p 00008000 fd:00 10256403
/lib/libdl-2.5.so 
	20000000001e4000-20000000001e8000 rw-p 00004000 fd:00 10256403
/lib/libdl-2.5.so 
	20000000001e8000-200000000020c000 r-xp 00000000 fd:00 10882711
/usr/lib/libz.so.1.2.3 
	200000000020c000-2000000000218000 ---p 00024000 fd:00 10882711
/usr/lib/libz.so.1.2.3 
	2000000000218000-200000000021c000 rw-p 00020000 fd:00 10882711
/usr/lib/libz.so.1.2.3 
	200000000021c000-2000000000480000 r-xp 00000000 fd:00 10256397
/lib/libc-2.5.so 
	2000000000480000-200000000048c000 ---p 00264000 fd:00 10256397
/lib/libc-2.5.so 
	200000000048c000-2000000000498000 rw-p 00260000 fd:00 10256397
/lib/libc-2.5.so 
	2000000000498000-20000000004d8000 rw-p 2000000000498000 00:00 0 
	20000000004d8000-2000000003c1c000 r--p 00000000 fd:00 10882710
/usr/lib/locale/locale-archive 
	2000000003c1c000-2000000003c2c000 rw-p 2000000003c1c000 00:00 0 
	2000000003c38000-2000000003c44000 r-xp 00000000 fd:00 10256427
/lib/libthread_db-1.0.so 
	2000000003c44000-2000000003c50000 ---p 0000c000 fd:00 10256427
/lib/libthread_db-1.0.so 
	2000000003c50000-2000000003c54000 rw-p 00008000 fd:00 10256427
/lib/libthread_db-1.0.so 
	2000000003c54000-2000000003c58000 rw-p 2000000003c54000 00:00 0 
	2000000003c6c000-2000000003da0000 rw-p 2000000003c6c000 00:00 0 
	2000000003da0000-2000000003dbc000 r-xp 00000000 fd:00 10884674
/usr/lib/libunwind.so.7.0.0 
	2000000003dbc000-2000000003dc8000 ---p 0001c000 fd:00 10884674
/usr/lib/libunwind.so.7.0.0 
	2000000003dc8000-2000000003dcc000 rw-p 00018000 fd:00 10884674
/usr/lib/libunwind.so.7.0.0 
	2000000003dcc000-2000000003df0000 rw-p 2000000003dcc000 00:00 0 
	2000000003e00000-2000000003e08000 r--s 00000000 fd:00 10977539
/usr/lib/gconv/gconv-modules.cache 
	2000000003e08000-2000000003e18000 rw-p 2000000003e08000 00:00 0 
	2000000003e1c000-2000000006edc000 rw-p 2000000003e1c000 00:00 0 
	2000000006ee8000-2000000006f04000 r-xp 00000000 fd:00 10256386
/lib/libgcc_s-4.1.1-20061130.so.1 
	2000000006f04000-2000000006f10000 ---p 0001c000 fd:00 10256386
/lib/libgcc_s-4.1.1-20061130.so.1 
	2000000006f10000-2000000006f14000 rw-p 00018000 fd:00 10256386
/lib/libgcc_s-4.1.1-20061130.so.1 
	2000000006f14000-2000000006f24000 rw-p 2000000006f14000 00:00 0 
	2000000008000000-2000000008024000 rw-p 2000000008000000 00:00 0 
	2000000008024000-200000000c000000 ---p 2000000008024000 00:00 0 
	4000000000000000-40000000007e0000 r-xp 00000000 fd:00 9633909
/var/tmp/crash-4.0-3.16/crash 
	600000000000c000-600000000006c000 rw-p 007dc000 fd:00 9633909
/var/tmp/crash-4.0-3.16/crash 
	600000000006c000-6000000001fc0000 rw-p 600000000006c000 00:00 0
[heap] 
	60000fff7fffc000-60000fff80004000 rw-p 60000fff7fffc000 00:00 0 
	60000ffffe068000-60000ffffe0bc000 rw-p 60000ffffe068000 00:00 0
[stack] 
	a000000000000000-a000000000020000 ---p 00000000 00:00 0
[vdso] 
	Aborted 
	  
	  
	  
	
________________________________

	--
	Crash-utility mailing list
	Crash-utility at redhat.com
	https://www.redhat.com/mailman/listinfo/crash-utility

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20070119/94003ee5/attachment.htm>

More information about the Crash-utility mailing list