crash 分析 vmcore 的常用命令

之前做的笔记。

----------------------------
怎么知道一个函数是属于哪个模块的

[exception RIP: secure_socket_connect+189]
RIP: ffffffffa029f4ed

crash> sym ffffffffa029f4ed
ffffffffa029f4ed (t) secure_socket_connect+189 [secure_os]

----------------------------

看汇编指令
#6 [ffff880935bfb960] divide_error at ffffffff8100bfbb
[exception RIP: hpsa_scsi_queue_command+1670]
RIP: ffffffffa0048d96 RSP: ffff880935bfba18 RFLAGS: 00010006
RAX: 0000000000000000 RBX: ffff88006f900280 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b
RBP: ffff880935bfbab8 R8: 0000000000000000 R9: 0000000000000000
R10: 000000006f900280 R11: 0000000000000007 R12: ffff884016e3ddc0
R13: 0000000000000008 R14: ffff880b38247000 R15: ffff88204fbe0000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018

> dis -rl ffffffffa0048d96

----------------------------

虚拟地址转物理地址 Virtual Address -> Physical Address

crash> vtop ffff880078bc8000 <--- cr2 VIRTUAL PHYSICAL ffff880078bc8000 78bc8000 https://access.redhat.com/solutions/1379213 ---------------------------- 列出整个 linked list crash> slab ffff884000931000
struct slab {
list = {
next = 0xffff88401e5c1000,
prev = 0xffff883fffb6f000
},
(......)
}

crash> list -H 0xffff88401e5c1000

----------------------------

查看 kernel memory 的类型

crash> kmem ffff884000931000
kmem: size-64: partial list: slab: ffff888024f7e000 bad inuse counter: 4294967295
CACHE NAME OBJSIZE ALLOCATED TOTAL SLABS SSIZE
ffff88407fc40100 size-64 64 23121 23482 398 4k
SLAB MEMORY TOTAL ALLOCATED FREE
ffff884000931000 ffff884000931140 59 11 48

----------------------------

从 stack 里找变量的值

crash> dis -r ixgbe_poll+0xc4 | head -n 20
0xffffffffa01d8560 : push %rbp
0xffffffffa01d8561 : mov %rsp,%rbp
0xffffffffa01d8564 : push %r15
0xffffffffa01d8566 : push %r14
0xffffffffa01d8568 : push %r13
0xffffffffa01d856a : push %r12
0xffffffffa01d856c : push %rbx

crash> bt -f
[exception RIP: ixgbe_poll+0xc4]
RIP: ffffffffa01d8624 RSP: ffff880190c03db0 RFLAGS: 00010286
RAX: 0000000000000200 RBX: ffffc90049dc5020 RCX: ffff8880276b9840
RDX: 0000000000000100 RSI: 0000000000000040 RDI: ffff8880276b9840
RBP: ffff880190c03e50 R8: ffff880190c18588 R9: ffff88802637bce0
R10: ffff88802760d808 R11: 0000000000000000 R12: 00000000ffffff56
R13: ffff8880247a1560 R14: ffffffffffffffff R15: ffff8880276b9b80
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
ffff880190c03d08: ffff8880276b9b80 ffffffffffffffff
ffff880190c03d18: ffff8880247a1560 00000000ffffff56
ffff880190c03d28: ffff880190c03e50 ffffc90049dc5020
ffff880190c03d38: 0000000000000000 ffff88802760d808
ffff880190c03d48: ffff88802637bce0 ffff880190c18588
ffff880190c03d58: 0000000000000200 ffff8880276b9840
ffff880190c03d68: 0000000000000100 0000000000000040
ffff880190c03d78: ffff8880276b9840 ffffffffffffffff
ffff880190c03d88: ffffffffa01d8624 0000000000000010
ffff880190c03d98: 0000000000010286 ffff880190c03db0
ffff880190c03da8: 0000000000000018 ffffffff81036f3d
0x78
ffff880190c03db8: ffff880190c03dc8 ffffffff810134f9
0x70 0x68
ffff880190c03dc8: ffff880190c03e08 ffffffff810b344d
0x60 0x58
ffff880190c03dd8: ffff880190c15ac8 ffff884024be06e0
0x50 0x48
ffff880190c03de8: 0000004000000000 ffff8880276b9840
0x40 0x38
ffff880190c03df8: 01ff880190c03e08 ffff884024be06e0
0x30 0x28
ffff880190c03e08: ffff8880276b9800 00000000810b7c5c
0x20 0x18
ffff880190c03e18: 0000010000000000 ffff880190c15b80
0x10 0x08
ffff880190c03e28: ffff8880276b9840 0000000000000000
%rbx (napi_struct) %r12
ffff880190c03e38: 0000000000000000 000000000000012c
%r13 %r14
ffff880190c03e48: ffff880190c18580 ffff880190c03eb0
%r15 %rbp
ffff880190c03e58: ffffffff81481e53
%rip
#9 [ffff880190c03e58] net_rx_action at ffffffff81481e53
ffff880190c03e60: ffffffff810ab873 0000000000000040
ffff880190c03e70: 00000001002b2364 ffff880190c18588
ffff880190c03e80: 0000000000000000 0000000000000001
ffff880190c03e90: ffffffff81a85098 0000000000000018
ffff880190c03ea0: 0000000000000100 0000000000000003
ffff880190c03eb0: ffff880190c03f30 ffffffff81085a85
#10 [ffff880190c03eb8] __do_softirq at ffffffff81085a85

----------------------------

查看 UN 进程
crash> ps -m | grep UN

列出所有 UN 进程的 bt

crash> foreach UN bt

----------------------------
查看某个进程的 task_struct

crash> task crash> task

----------------------------
查看某个 struct 的结构和偏移量
struct thread_info {
[0x0] struct task_struct *task;
[0x8] struct exec_domain *exec_domain;
[0x10] __u32 flags;
[0x14] __u32 status;
[0x18] __u32 cpu;
[0x1c] int preempt_count;
[0x20] mm_segment_t addr_limit;
[0x28] struct restart_block restart_block;
[0x58] void *sysenter_return;
[0x60] unsigned int sig_on_uaccess_error : 1;
[0x60] unsigned int uaccess_err : 1;
}
SIZE: 0x68

直接看某个结构里的某个值. 后面的地址是这个 task_struct 的起始位置。
crash> task_struct.static_prio ffff8fd235754100
static_prio = 120

----------------------------