NOTE: ksymoops is useless on 2.6. Please use the Oops in its original format
(from dmesg, etc). Ignore any references in this or other docs to "decoding
-the Oops" or "running it through ksymoops". If you post an Oops fron 2.6 that
+the Oops" or "running it through ksymoops". If you post an Oops from 2.6 that
has been run through ksymoops, people will just tell you to repost it.
Quick Summary
(1) Hand copy the text from the screen and type it in after the machine
has restarted. Messy but it is the only option if you have not
- planned for a crash.
+ planned for a crash. Alternatively, you can take a picture of
+ the screen with a digital camera - not nice, but better than
+ nothing. If the messages scroll off the top of the console, you
+ may find that booting with a higher resolution (eg, vga=791)
+ will allow you to read more of the text. (Caveat: This needs vesafb,
+ so won't help for 'early' oopses)
(2) Boot with a serial console (see Documentation/serial-console.txt),
run a null modem to a second machine and capture the output there
using your favourite communication program. Minicom works well.
-(3) Patch the kernel with one of the crash dump patches. These save
- data to a floppy disk or video rom or a swap partition. None of
- these are standard kernel patches so you have to find and apply
- them yourself. Search kernel archives for kmsgdump, lkcd and
- oops+smram.
+(3) Use Kdump (see Documentation/kdump/kdump.txt),
+ extract the kernel ring buffer from old memory with using dmesg
+ gdbmacro in Documentation/kdump/gdbmacros.txt.
Full Information
and do a replace of spaces to "\x" - that's what I do, as I'm too lazy
to write a program to automate this all).
+Alternatively, you can use the shell script in scripts/decodecode.
+Its usage is: decodecode < oops.txt
+
+The hex bytes that follow "Code:" may (in some architectures) have a series
+of bytes that precede the current instruction pointer as well as bytes at and
+following the current instruction pointer. In some cases, one instruction
+byte or word is surrounded by <> or (), as in "<86>" or "(f00d)". These
+<> or () markings indicate the current instruction pointer. Example from
+i386, split into multiple lines for readability:
+
+Code: f9 0f 8d f9 00 00 00 8d 42 0c e8 dd 26 11 c7 a1 60 ea 2b f9 8b 50 08 a1
+64 ea 2b f9 8d 34 82 8b 1e 85 db 74 6d 8b 15 60 ea 2b f9 <8b> 43 04 39 42 54
+7e 04 40 89 42 54 8b 43 04 3b 05 00 f6 52 c0
+
Finally, if you want to see where the code comes from, you can do
cd /usr/src/linux
6: 'B' if a page-release function has found a bad page reference or
some unexpected page flags.
+ 7: 'U' if a user or user application specifically requested that the
+ Tainted flag be set, ' ' otherwise.
+
+ 8: 'D' if the kernel has died recently, i.e. there was an OOPS or BUG.
+
+ 9: 'A' if the ACPI table has been overridden.
+
+ 10: 'W' if a warning has previously been issued by the kernel.
+
The primary reason for the 'Tainted: ' string is to tell kernel
debuggers if this is a clean kernel or if anything unusual has
occurred. Tainting is permanent: even if an offending module is