qcrash Code
Status: Beta
Brought to you by:
dragon_linux
Menu
▾
▴
Tree [r23] / History
Read Me
/* This is from OS Technotes */
Reading a Kernel Dump
If your application crashes with a kernel fault, the output tells you what happened at the time of the crash. Here's a sample:
Shutdown[0,0] S/C/F=11/1/11 C/D=f001517d/f00571ac state(c0)= now lock
[0]PID-TID= 1-1? P/T FL=00019001/08800000 "proc/boot/procnto-instr"
[0]ASPACE PID=7 PF=00001010 "proc/boot/devb-eide"
x86 context[efffcc28]:
0000: 08088cc8 b0359320 efff2c3c efffcc48 b0357f14 08088d10 efff2c10
000000f8
0020: b0323948 0000001d 00011296 efff2c24 00000099
instruction[b0323948]:
ff 08 75 0e 8b 02 83 c4 f4 83 c0 08 50 e8 8e f5 fe ff 8b 5d e8 c9 c3 90
55 89
stack[efff2c24]:
0000: b0357f14 00000003 08088cc8 b0317d3d b0357f14 b0359320 efff2c6c
b033f692
0000: 8088d10 b033f49c efff2c5c b033f678 b0357f14 00000003 00100102 00000003
Here's what each part means:
S/C/F=11/1/11
Signal, code, and fault codes; see these files:
* signal: /usr/include/signal.h
* code: /usr/include/sys/siginfo.h
* fault: /usr/include/sys/fault.h
To find out what happened, search signal.h for the signal code. This tells you the name of the signal. Then, look in siginfo.h for the signal name. In this example, code 11 in signal.h is a SIGSEGV; in siginfo.h, code 1 in the SIGSEGV section is:
SEGV_MAPERR 1 // Address not mapped
C/D
Location of the kernel's code and data.
state
The state of the kernel:
* now -- in the kernel
* lock -- nonpreemptible
* exit -- leaving kernel
* specret -- special return processing
* any number -- the interrupt nesting level.
[x]PID-TID=y-z
The process ID and thread ID. On CPU x (think SMP), process y was running thread z when the crash occurred.
P/T FL
Process and thread flags. To find out which flags are set, look in /usr/nto/include/sys/neutrino.h. The process flags are in the form _NTO_PF_*, and the thread flags are in the form _NTO_TF_*.
[x]ASPACE PID=y
On CPU x, the address space for process y was active. This line appears only when the process is different from the one in the PID-TID line.
PF
The process flags for the ASPACE PID. In the sample above, devb-eide wasn't running, but its address space was active.
context
The register set. You can find the list of registers in /usr/nto/include/cpu/context.h, where cpu is the appropriate CPU-specific directory.
instruction
The instruction on which the error occurred.
stack
The contents of the stack.
/* ==========================================================================*/
1)Now it can be compiled on Linux, Qnx 6.3, Qnx 6.4.
2)It requires the tools: objdump, it should be put in the PATH. In latest version it will try nto$(ARCH)-objdump because in 6.4 objdump doesn't support multi arch anymore and in Linux default it won't install the multi arch binutils. So it means you have to install QNX development tools on Linux or QNX.
3)It requires storage space to generate procnto's disassembly file and it also needs space to store new elf file to dump the assembly for instructions.
If the procnto is not stripped, it can find the exceptional instruction in image and dump the disassembly code for the instructions around.
4)Now it supports backtrace for arm,ppc,sh,x86 but not mips because Qnx 6.4 no mips support any more. It takes me time to read the mips assembly to know how mips stack layout works.
5)It can dump assembly for the instructions now but only armle, mipsbe, ppcbe,shle,x86
100)how to run it?
(1)analysis kerneldump.txt and reading symbol from procnto, put analysis to kerneldump_explain.txt
qsymoops -f kerneldump.txt -s procnto > kerneldump_explain.txt
(2)first case will generate a temp file(objdump -d -r procnto > xxxx) and if xxxx is big, when you want to run qsymoops again if you didn't unlink the xxxx temp file you will save time.
/* -r reserve the temp file and will use more */
qsymoops -f kerneldump.txt -s procnto -r > kerneldump_explain.txt
/* -t xxxx use the alredy generated disass file to read symbols */
qsymoops -f kerneldump.txt -t xxxx > kerneldump_explain.txt
dragon
