一、準備環境 1)獲取crash工具。註意區分版本(arm/arm64/x86_64)。 2)獲取對應軟體版本的符號表文件(如vmlinux),可以將該文件放置 crash工具同一目錄下。 3)獲取sysdump文件,並把所有sysdump文件追加到一個文件sysdump.core中: 4)使用cr ...
一、準備環境
1)獲取crash工具。註意區分版本(arm/arm64/x86_64)。
2)獲取對應軟體版本的符號表文件(如vmlinux),可以將該文件放置 crash工具同一目錄下。
3)獲取sysdump文件,並把所有sysdump文件追加到一個文件sysdump.core中:
cat sysdump.core.* > sysdump.core
4)使用crash工具解析之前生成出來的sysdump.core文件:
crash_arm -m phys_base=0x80000000 vmlinux sysdump.core
或:crash vmlinux sysdump.core
二、crash常見命令
分析sysdump的入口界面如下(包括panic描述及PID等):
XXXX/demo$ ./crash_arm64 vmlinux sysdump.core
crash_arm64 7.2.3++
Copyright (C) 2002-2017 Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation
Copyright (C) 1999-2006 Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited
Copyright (C) 2006, 2007 VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011 NEC Corporation
Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions. Enter "help copying" to see the conditions.
This program has absolutely no warranty. Enter "help warranty" for details.
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=x86_64-unknown-linux-gnu --target=aarch64-elf-linux"...
KERNEL: vmlinux
DUMPFILE: sysdump.core
CPUS: 8 [OFFLINE: 7]
DATE: Sun Jan 1 08:03:20 2012
UPTIME: 00:00:00
LOAD AVERAGE: 0.00, 0.00, 0.00
TASKS: 198
NODENAME: (none)
RELEASE: 4.4.147+
VERSION: #1 SMP PREEMPT Wed Mar 20 21:09:11 CST 2019
MACHINE: aarch64 (unknown Mhz)
MEMORY: 2 GB
PANIC: "Kernel panic - not syncing: add for panic"
PID: 244
COMMAND: "kworker/u16:5"
TASK: ffffffc07b412880 [THREAD_INFO: ffffffc07b412880]
CPU: 2
STATE: TASK_RUNNING (PANIC)
crash_arm64> help
* extend mach runq tree
alias files mod search union
ascii foreach mount set vm
bpf fuser net sha1 vtop
bt gdb p sig waitq
btop help ps struct whatis
compare ipcs pte swap wr
dev irq ptob sym q
dis kmem ptov sys
eval list rd task
exit log repeat timer
crash_arm64 version: 7.2.3++ gdb version: 7.6
For help on any command above, enter "help <command>".
For help on input options, enter "help input".
For help on output options, enter "help output".
crash_arm64>
其中經常用的有:log,ps,sys,mount,sym,rd/wr,bt等。
1)使用sys命令查看系統概況。
2)使用log > kernel.log將kernel log重定向到文件中。
3)使用kmem –i查看記憶體使用狀況。
4)使用ps命令檢查進程狀態。
>表示活躍的進程, RU代表為運行中的進程,IN為可中斷進程,UN為不可中斷進程。例如:
crash_arm64> ps
PID PPID CPU TASK ST %MEM VSZ RSS COMM
> 0 0 0 ffffff8008fdf750 RU 0.0 0 0 [swapper/0]
> 0 0 1 ffffffc07d190d80 RU 0.0 0 0 [swapper/1]
0 0 2 ffffffc07d191b00 RU 0.0 0 0 [swapper/2]
> 0 0 3 ffffffc07d192880 RU 0.0 0 0 [swapper/3]
> 0 0 4 ffffffc07d193600 RU 0.0 0 0 [swapper/4]
> 0 0 5 ffffffc07d194380 RU 0.0 0 0 [swapper/5]
0 0 6 ffffffc07d195100 RU 0.0 0 0 [swapper/6]
> 0 0 7 ffffffc07d195e80 RU 0.0 0 0 [swapper/7]
1 0 4 ffffffc07d148000 UN 0.0 0 0 [swapper/0]
2 0 1 ffffffc07d148d80 IN 0.0 0 0 [kthreadd]
3 2 0 ffffffc07d149b00 IN 0.0 0 0 [ksoftirqd/0]
4 2 0 ffffffc07d14a880 IN 0.0 0 0 [kworker/0:0]
5 2 0 ffffffc07d14b600 IN 0.0 0 0 [kworker/0:0H]
> 6 2 6 ffffffc07d14c380 RU 0.0 0 0 [kworker/u16:0]
7 2 0 ffffffc07d14d100 IN 0.0 0 0 [rcu_preempt]
8 2 0 ffffffc07d14de80 IN 0.0 0 0 [rcu_sched]
9 2 0 ffffffc07d14ec00 IN 0.0 0 0 [rcu_bh]
40 2 0 ffffffc07d558000 IN 0.0 0 0 [suspend_sys_syn]
41 2 0 ffffffc07d558d80 IN 0.0 0 0 [perf]
42 2 0 ffffffc07d7d8000 IN 0.0 0 0 [irq/6-70500000.]
43 2 4 ffffffc07d7d8d80 IN 0.0 0 0 [kworker/4:1]
44 2 0 ffffffc07d7d9b00 IN 0.0 0 0 [irq/7-70600000.]
45 2 0 ffffffc07d7da880 IN 0.0 0 0 [irq/8-70800000.]
46 2 0 ffffffc07d7db600 IN 0.0 0 0 [irq/9-70900000.]
47 2 0 ffffffc07d2f0d80 IN 0.0 0 0 [writeback]
48 2 0 ffffffc07d7dc380 IN 0.0 0 0 [crypto]
49 2 0 ffffffc07d7dd100 IN 0.0 0 0 [bioset]
50 2 0 ffffffc07d7dde80 IN 0.0 0 0 [kblockd]
52 2 0 ffffffc07c070000 IN 0.0 0 0 [spi0]
53 2 0 ffffffc07c070d80 IN 0.0 0 0 [spi5]
54 2 0 ffffffc07d2f1b00 IN 0.0 0 0 [edac-poller]
55 2 0 ffffffc07c071b00 IN 0.0 0 0 [system]
56 2 0 ffffffc07c072880 IN 0.0 0 0 [carveout_fb]
57 2 0 ffffffc07c073600 IN 0.0 0 0 [carveout_camera]
58 2 0 ffffffc07c074380 UN 0.0 0 0 [mbox-send-threa]
59 2 0 ffffffc07d2f2880 IN 0.0 0 0 [devfreq_wq]
60 2 0 ffffffc07d2f3600 IN 0.0 0 0 [cfg80211]
61 2 0 ffffffc07c075100 IN 0.0 0 0 [irq/57-spi5.0]
238 2 0 ffffffc07b410d80 IN 0.0 0 0 [adaptive_ts_not]
241 2 1 ffffffc07b462880 IN 0.0 0 0 [mmcqd/1]
242 2 2 ffffffc07b411b00 IN 0.0 0 0 [kworker/u16:3]
243 2 3 ffffffc07b04a880 IN 0.0 0 0 [kworker/u16:4]
> 244 2 2 ffffffc07b412880 RU 0.0 0 0 [kworker/u16:5]
245 2 0 ffffffc07b04b600 IN 0.0 0 0 [kworker/u16:6]
5)使用bt
直接bt或bt加pid,比如想查看panic的進程,從入口界面看到panic的pid為244(或從ps中活躍進程看):
crash_arm64> bt
PID: 244 TASK: ffffffc07b412880 CPU: 2 COMMAND: "kworker/u16:5"
#0 [ffffffc07b4c7a80] sysdump_enter at ffffff800846ba40
#1 [ffffffc07b4c7ae0] panic at ffffff80081885b4
#2 [ffffffc07b4c7bc0] verity_verify_level at ffffff800867abc8
#3 [ffffffc07b4c7c40] verity_hash_for_block at ffffff800867b5d8
#4 [ffffffc07b4c7c90] verity_work at ffffff800867ba0c
#5 [ffffffc07b4c7d70] process_one_work at ffffff80080c18dc
#6 [ffffffc07b4c7dc0] worker_thread at ffffff80080c1cf0
#7 [ffffffc07b4c7e20] kthread at ffffff80080c7f8c
6)使用dis <addr|symbol>,對給定地址進行反彙編。
比如函數調用棧的一個地址ffffff800867abc8 :
crash_arm64> dis -l ffffff800867abc8
/space/builder/repo/TEMP_BUILD_11657/kernel4.4/drivers/md/dm-verity-target.c: 312
0xffffff800867abc8 <verity_verify_level+576>: bl 0xffffff80081884e0 <panic>
7)使用sym <addr|symbol> 顯示symbol源碼位置。
如下是堆棧中verity_verify_level或地址ffffff800867abc8的信息:
crash_arm64> sym verity_verify_level
ffffff800867a988 (t) verity_verify_level /space/builder/repo/TEMP_BUILD_11657/kernel4.4/drivers/md/dm-verity-target.c: 262
crash_arm64> sym ffffff800867abc8
ffffff800867abc8 (t) verity_verify_level+576 /space/builder/repo/TEMP_BUILD_11657/kernel4.4/drivers/md/dm-verity-target.c: 312
註意:
1)sym可以查找帶關鍵字的符號,如:sym digest。
2)常見符號類型有t、T、r、R、d、D、b等(具體含義待確認):
t:static函數
T:extern函數(T代表代碼區)
r:static只讀變數?
R:extern只讀變數?(R代表只讀數據區)
d:static變數?
D:extern變數? (D代表初始化數據區)
b:static變數(B代表非初始化數據區)
8)結構體和變數:
查看結構體成員,struct加上結構體名就可以查看結構體的成員,如struct dm_verity:
若要查看結構體中所有成員的值,先找到對應地址,再使用struct <結構體名> <結構體變數地址>。
比如網上的一個例子(https://blog.csdn.net/chm880910/article/details/80329350),
task_struct變數地址為ffffffff81a8d020,執行 struct task_struct ffffffff81a8d020結果:
struct task_struct {
state = 0,
stack = 0xffffffff81a00000,
usage = {
counter = 2
},
flags = 2097408,
執行 struct task_struct 查看結構體成員:
struct task_struct {
volatile long int state;
void *stack;
atomic_t usage;
unsigned int flags;
執行 struct -o task_struct 查看結構體成員及偏移:
struct task_struct {
[0] volatile long int state;
[8] void *stack;
[16] atomic_t usage;
[20] unsigned int flags;
9)讀取記憶體rd/修改記憶體wr。
註意:指針變數的地址需要兩次sym找到地址。
