Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.23. crash

An updated crash package that fixes various bugs is now available for Red Hat Enterprise Linux 5
The crash package provides a self-contained tool that can be used to investigate live systems, and kernel core dumps created from the netdump, diskdump, kdump, and Xen/KVM "virsh dump" facilities from Red Hat Enterprise Linux.

Bug Fixes

The crash package has been upgraded to upstream version 5.1.8, which provides a number of enhancements and bug fixes over the previous version.
On AMD64 and Intel 64 architectures, the "bt" command failed when the shutdown NMI was issued to a 32-bit task that had executed a "sysenter" instruction and the RSP still contained the zero value loaded from the MSR_IA32_SYSENTER_ESP register. Consequently, the backtrace issued the following warning message:
"WARNING: possibly bogus exception frame"
and was unable to make a transition from the NMI exception stack back to the process stack. With this update, the underlying source code has been modified to address this issue, and the aforementioned command no longer fails.
On AMD64 and Intel 64 architectures, the "bt" command failed with several backtrace errors for non-crashing active tasks:
"bt: cannot resolve stack trace"
This was due to a failure to properly transition from the shutdown NMI stack back to the process stack. This update fixes these errors, and executing the "bt" command on non-crashing active tasks works as expected.
KVM virtual systems contain an I/O hole in the physical memory region from 0xe0000000 to 0x100000000 (3.5 GB to 4 GB). If a guest is provisioned with more than 3.5 GB of RAM, then the memory above 3.5 GB is "pushed up" to start at 0x100000000 (4 GB). However, the "ram" device headers in the KVM dumpfiles do not reflect that. As a result, numerous error messages were displayed during invocation, and the session would often fail. With this update, the crash utility takes the I/O hole into account despite the fact that the "ram" device headers in KVM dumpfiles do not; consequently, error messages are no longer displayed during invocation.
The KVM I/O hole size is currently set to either 1 GB or 512 MB, but its setting is hardwired into the Qemu code that was used to create the dumpfile. The dumpfile is a "savevm" file that is designed to be used for guest migration, and since inter-version save/load operations are not supported, the I/O hole information does not have to be encoded into the dumpfile. Prior to this update, the I/O hole for dumpfiles created by older Qemu version was not being set to 1GB, so if the KVM guest was configured with more than 3GB of memory, the crash session would typically display numerous "read error" messages during session initialization. With this update, the crash session does not return any error messages during session initialization.
All users of crash are advised to upgrade to this updated package, which resolves these issues.