All geek questions in one place

Crash dump on ubuntu: vmlinuz or crash file is not supported by file format

I am trying to analyze a crash dump on my ubuntu machine using crash utility as below

 $ sudo crash /boot/System.map-3.2.0-23-generic-pae /boot/vmlinuz-3.2.0-23-generic-pae _usr_sbin_ietd.0.crash

But it returns an error like

 crash: /boot/vmlinuz-3.2.0-23-generic-pae: not a supported file format

According to the syntax of the crash utility, I correctly presented the arguments

 crash <system-map-file> <vmlinux-file> coredump

What am I doing wrong here?

UPDATE:

The vmlinuz file in the boot directory looks like compressed bzimage

 $ file vmlinuz-3.2.0-23-generic-pae vmlinuz-3.2.0-23-generic-pae: Linux kernel x86 boot executable bzImage, version 3.2.0-23-generic-pae ( buildd@palmer ) #36-Ubuntu SMP Tue Apr 10 , RO-rootFS, swap_dev 0x4, Normal VGA $
+6
source share
2 answers

According to comments by @lurker vmlinuz is compressed and can be uncompressed using the command below (from Extract vmlinux from vmlinuz or bzImage )

 $ sudo dd if=vmlinuz-3.2.0-23-generic-pae skip=`grep -a -b -o -m 1 -P '\x1f\x8b\x08\x00' vmlinuz-3.2.0-23-generic-pae| cut -d: -f 1` bs=1 | zcat > /tmp/vmlinux 4998324+0 records in 4998324+0 records out 4998324 bytes (5.0 MB) copied, 201.859 s, 24.8 kB/s gzip: stdin: decompression OK, trailing garbage ignored

Now for the error

crash: /var/crash/_usr_sbin_ietd.0.crash: unsupported file format

we also need to extract the kernel dump file from the crash report using apport-unpack as shown below ( from here )

 @ubuntu:/tmp$ sudo apport-unpack Usage: /usr/bin/apport-unpack <report> <target directory> @ubuntu:/tmp$ sudo apport-unpack /var/crash/_usr_sbin_ietd.0.crash /var/crash/ ERROR: Destination directory exists and is not empty. @ubuntu:/tmp$ @ubuntu:/tmp$ sudo mkdir coretest @ubuntu:/tmp$ sudo apport-unpack /var/crash/_usr_sbin_ietd.0.crash /tmp/coretest/ @ubuntu:/tmp$ cd coretest/ @ubuntu:/tmp/coretest$ @ubuntu:/tmp/coretest$ ls Architecture Date ExecutablePath ProblemType ProcCwd ProcMaps Signal UserGroups CoreDump DistroRelease ExecutableTimestamp ProcCmdline ProcEnviron ProcStatus Uname @ubuntu:/tmp/coretest$ ls -lt total 384 -rw-r--r-- 1 root root 4 May 29 00:13 Architecture -rw-r--r-- 1 root root 24 May 29 00:13 Date -rw-r--r-- 1 root root 12 May 29 00:13 DistroRelease -rw-r--r-- 1 root root 10 May 29 00:13 ExecutableTimestamp -rw-r--r-- 1 root root 339968 May 29 00:13 CoreDump -rw-r--r-- 1 root root 5 May 29 00:13 ProblemType -rw-r--r-- 1 root root 66 May 29 00:13 ProcEnviron -rw-r--r-- 1 root root 969 May 29 00:13 ProcMaps -rw-r--r-- 1 root root 737 May 29 00:13 ProcStatus -rw-r--r-- 1 root root 2 May 29 00:13 Signal -rw-r--r-- 1 root root 31 May 29 00:13 Uname -rw-r--r-- 1 root root 14 May 29 00:13 ExecutablePath -rw-r--r-- 1 root root 14 May 29 00:13 ProcCmdline -rw-r--r-- 1 root root 1 May 29 00:13 ProcCwd -rw-r--r-- 1 root root 0 May 29 00:13 UserGroups @ubuntu:/tmp/coretest$ cd CoreDump bash: cd: CoreDump: Not a directory @ubuntu:/tmp/coretest$ sudo crash /tmp/vmlinux /boot/System.map-3.2.0-23-generic-pae /tmp/coretest/CoreDump crash 6.1.6 Copyright (C) 2002-2013 Red Hat, Inc. Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation Copyright (C) 1999-2006 Hewlett-Packard Co Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited Copyright (C) 2006, 2007 VA Linux Systems Japan KK Copyright (C) 2005, 2011 NEC Corporation Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc. Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. This program is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Enter "help copying" to see the conditions. This program has absolutely no warranty. Enter "help warranty" for details. GNU gdb (GDB) 7.3.1 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... crash: /tmp/vmlinux: no debugging data available @ubuntu:/tmp/coretest$

For "No debugging data available," you need the debuginfo packages (program_name-dbg or progname-dbgsym) installed by this link and this is one

The steps for downloading debuginfo packages for the kernel are mentioned in the question https://askubuntu.com/questions/197016/how-to-install-a-package-that-contains-ubuntu-kernel-debug-symbols

However, the step of adding a GPG key (as shown below) is critical for the boot to work.

 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ECDCAD72428D7C01

You should receive a message like

public key "Ubuntu Debug Symbol Archive Auto Signature Key" imported

not the status of "not changed." If β€œunchanged” is written in this step, you will not be able to download the debuginfo package.

In this case, try importing the GPG key using the http 80 as port ( here )

 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
+7
source

vmlinuz is a compressed file, but an uncompressed vmlinux file is required for failure, which is compiled with the -g option.
Make sure your kernel is compiled with the -g option, and then you can get the uncompressed vmlinux file from the compressed vmlinuz using the following method:
1. od -t x1 -A d vmlinuz | grep "1f 8b 08" od -t x1 -A d vmlinuz | grep "1f 8b 08"
eg. you get the result:
0018352 ac fe ff ff 1f 8b 08 00 00 00 00 00 00 02 03 ec fd
2. Calculate the offset at "1f 8b 08": 0018352 + 4 = 0018356.
3. Use dd to unpack vmlinuz:
dd if=vmlinuz bs=1 skip=18356 | zcat > vmlinux
Now you get the uncompressed vmlinux kernel file. Congratulations!

+2
source

Source: https://habr.com/ru/post/988113/

More articles:


All Articles