ubuntu上的崩溃转储:vmlinuz或崩溃文件不是支持的文件格式

Question

我试图使用crash实用程序分析我的ubuntu机器上的崩溃转储,如下所示

$ sudo crash /boot/System.map-3.2.0-23-generic-pae /boot/vmlinuz-3.2.0-23-generic-pae _usr_sbin_ietd.0.crash

但它返回错误

crash: /boot/vmlinuz-3.2.0-23-generic-pae: not a supported file format

根据崩溃实用程序语法,我正确地提供了参数

crash <system-map-file> <vmlinux-file> coredump

我在这里做错了什么？

更新:

启动目录中的vmlinuz文件似乎是bzimage压缩的

$ file vmlinuz-3.2.0-23-generic-pae 
vmlinuz-3.2.0-23-generic-pae: Linux kernel x86 boot executable bzImage, version 3.2.0-23-generic-pae (buildd@palmer) #36-Ubuntu SMP Tue Apr 10 , RO-rootFS, swap_dev 0x4, Normal VGA
$ 

Answer 1

根据@ lurker的评论vmlinuz是压缩的,可以使用下面的命令解压缩(来自vmllinuz或bzImage的Extract vmlinux)

$ sudo dd if=vmlinuz-3.2.0-23-generic-pae skip=`grep -a -b -o -m 1 -P '\x1f\x8b\x08\x00' vmlinuz-3.2.0-23-generic-pae| cut -d: -f 1` bs=1 | zcat > /tmp/vmlinux
    4998324+0 records in
    4998324+0 records out
    4998324 bytes (5.0 MB) copied, 201.859 s, 24.8 kB/s

    gzip: stdin: decompression OK, trailing garbage ignored

现在出错了

crash:/var/crash/_usr_sbin_ietd.0.crash:不支持的文件格式

我们还需要从崩溃报告中提取核心转储文件,apport-unpack如下所示(从这里)

@ubuntu:/tmp$ sudo apport-unpack 
Usage: /usr/bin/apport-unpack <report> <target directory>

@ubuntu:/tmp$ sudo apport-unpack /var/crash/_usr_sbin_ietd.0.crash /var/crash/
ERROR: Destination directory exists and is not empty.
@ubuntu:/tmp$ 

@ubuntu:/tmp$ sudo mkdir coretest

@ubuntu:/tmp$ sudo apport-unpack /var/crash/_usr_sbin_ietd.0.crash /tmp/coretest/
@ubuntu:/tmp$ cd coretest/
@ubuntu:/tmp/coretest$ 

@ubuntu:/tmp/coretest$ ls
Architecture  Date           ExecutablePath       ProblemType  ProcCwd      ProcMaps    Signal  UserGroups
CoreDump      DistroRelease  ExecutableTimestamp  ProcCmdline  ProcEnviron  ProcStatus  Uname

@ubuntu:/tmp/coretest$ ls -lt
total 384
-rw-r--r-- 1 root root      4 May 29 00:13 Architecture
-rw-r--r-- 1 root root     24 May 29 00:13 Date
-rw-r--r-- 1 root root     12 May 29 00:13 DistroRelease
-rw-r--r-- 1 root root     10 May 29 00:13 ExecutableTimestamp
-rw-r--r-- 1 root root 339968 May 29 00:13 CoreDump
-rw-r--r-- 1 root root      5 May 29 00:13 ProblemType
-rw-r--r-- 1 root root     66 May 29 00:13 ProcEnviron
-rw-r--r-- 1 root root    969 May 29 00:13 ProcMaps
-rw-r--r-- 1 root root    737 May 29 00:13 ProcStatus
-rw-r--r-- 1 root root      2 May 29 00:13 Signal
-rw-r--r-- 1 root root     31 May 29 00:13 Uname
-rw-r--r-- 1 root root     14 May 29 00:13 ExecutablePath
-rw-r--r-- 1 root root     14 May 29 00:13 ProcCmdline
-rw-r--r-- 1 root root      1 May 29 00:13 ProcCwd
-rw-r--r-- 1 root root      0 May 29 00:13 UserGroups
@ubuntu:/tmp/coretest$ cd CoreDump
bash: cd: CoreDump: Not a directory
@ubuntu:/tmp/coretest$ sudo crash /tmp/vmlinux /boot/System.map-3.2.0-23-generic-pae /tmp/coretest/CoreDump 

crash 6.1.6
Copyright (C) 2002-2013  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.

GNU gdb (GDB) 7.3.1
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...

crash: /tmp/vmlinux: no debugging data available

@ubuntu:/tmp/coretest$ 

对于安装按照"没有可用的调试数据",需要一些debuginfo软包(PROGRAMNAME-DBG或将progname-dbgsym)这个环节,这一个

有关下载内核的debuginfo包的步骤,请参阅https://askubuntu.com/questions/197016/how-to-install-a-package-that-c​​ontains-ubuntu-kernel-debug-symbols

但是,添加GPG密钥(如下所示)的步骤对于下载工作至关重要

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ECDCAD72428D7C01

您应该收到消息

公钥"Ubuntu Debug Symbol Archive自动签名密钥"已导入

而不是"未改变"的状态.如果在此步骤中显示"未更改",则您将无法下载debuginfo包.

在这种情况下尝试使用http 80端口导入GPG密钥作为(此处)

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10