Debian Linux 11 使用crash

前言

# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

# uname -r
5.10.0-31-amd64

一、环境安装

1.1 安装debug package

Debian Linux 11 的 /boot/System.map-5.10.0-31-amd64 和其他发行版不同，这个文件没有符号内容，需要我们自己下载对应的package。

# cat /boot/System.map-5.10.0-31-amd64
ffffffffffffffff B The real System.map is in the linux-image-<version>-dbg package

# apt install linux-image-$(uname -r)-dbg
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
下列【新】软件包将被安装：
  linux-image-5.10.0-31-amd64-dbg
升级了 0 个软件包，新安装了 1 个软件包，要卸载 0 个软件包，有 133 个软件包未被升级。
需要下载 801 MB 的归档。
解压缩后会消耗 5,804 MB 的额外空间。
获取:1 https://mirrors.aliyun.com/debian-security bullseye-security/main amd64 linux-image-5.10.0-31-amd64-dbg amd64 5.10.221-1 [801 MB]
已下载 801 MB，耗时 12分 0秒 (1,113 kB/s)
正在选中未选择的软件包 linux-image-5.10.0-31-amd64-dbg。
(正在读取数据库 ... 系统当前共安装有 179172 个文件和目录。)
准备解压 .../linux-image-5.10.0-31-amd64-dbg_5.10.221-1_amd64.deb  ...
正在解压 linux-image-5.10.0-31-amd64-dbg (5.10.221-1) ...
正在设置 linux-image-5.10.0-31-amd64-dbg (5.10.221-1) ...

# ls -l /lib/debug/boot/
System.map-5.10.0-31-amd64  vmlinux-5.10.0-31-amd64

# cat /lib/debug/boot/System.map-5.10.0-31-amd64 | head -5
0000000000000000 D __per_cpu_start
0000000000000000 D fixed_percpu_data
00000000000001de A kexec_control_code_size
0000000000001000 D cpu_debug_store
0000000000002000 D irq_stack_backing_store

# file /lib/debug/boot/vmlinux-5.10.0-31-amd64
/lib/debug/boot/vmlinux-5.10.0-31-amd64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7cc843ffdcc57976d25b57b47feaa8cb555625c8, with debug_info, not stripped

vmlinux-5.10.0-31-amd64 是带调试信息的vmlinux镜像。

1.2 安装crash

# apt-get install crash

二、使用crash

这篇文章详细的描述了crash的使用，请参考：Linux crash调试（一）

# crash

crash 7.2.9
Copyright (C) 2002-2020  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.

GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu"...

WARNING: kernel relocated [652MB]: patching 104931 gdb minimal_symbol values

      KERNEL: /usr/lib/debug/lib/modules/5.10.0-31-amd64/vmlinux
    DUMPFILE: /proc/kcore
        CPUS: 4
        DATE: Sat Sep 14 20:13:45 CST 2024
      UPTIME: 00:54:07
LOAD AVERAGE: 0.52, 0.25, 0.10
       TASKS: 595
    NODENAME: debian
     RELEASE: 5.10.0-31-amd64
     VERSION: #1 SMP Debian 5.10.221-1 (2024-07-14)
     MACHINE: x86_64  (3407 Mhz)
      MEMORY: 4 GB
         PID: 74067
     COMMAND: "crash"
        TASK: ffff8c0111a1c800  [THREAD_INFO: ffff8c0111a1c800]
         CPU: 2
       STATE: TASK_RUNNING (ACTIVE)

crash>

crash> dis sys_call_table
0xffffffffaaa002e0 <sys_call_table>:    nop
crash> rd -64 0xffffffffaaa002e0
ffffffffaaa002e0:  ffffffffa9edc690                    ........
crash> dis ffffffffa9edc690
0xffffffffa9edc690 <__x64_sys_read>:    nopl   0x0(%rax,%rax,1) [FTRACE NOP]
0xffffffffa9edc695 <__x64_sys_read+5>:  mov    0x60(%rdi),%rdx
0xffffffffa9edc699 <__x64_sys_read+9>:  mov    0x68(%rdi),%rsi
0xffffffffa9edc69d <__x64_sys_read+13>: mov    0x70(%rdi),%rdi
0xffffffffa9edc6a1 <__x64_sys_read+17>: jmpq   0xffffffffa9edc5b0 <ksys_read>
0xffffffffa9edc6a6 <__x64_sys_read+22>: nopw   %cs:0x0(%rax,%rax,1)
crash>
crash> rd -64 0xffffffffaaa002e8
ffffffffaaa002e8:  ffffffffa9edc7b0                    ........
crash> dis ffffffffa9edc7b0
0xffffffffa9edc7b0 <__x64_sys_write>:   nopl   0x0(%rax,%rax,1) [FTRACE NOP]
0xffffffffa9edc7b5 <__x64_sys_write+5>: mov    0x60(%rdi),%rdx
0xffffffffa9edc7b9 <__x64_sys_write+9>: mov    0x68(%rdi),%rsi
0xffffffffa9edc7bd <__x64_sys_write+13>:        mov    0x70(%rdi),%rdi
0xffffffffa9edc7c1 <__x64_sys_write+17>:        jmpq   0xffffffffa9edc6d0 <ksys_write>
0xffffffffa9edc7c6 <__x64_sys_write+22>:        nopw   %cs:0x0(%rax,%rax,1)

crash> struct task_struct
struct task_struct {
    struct thread_info thread_info;
    volatile long state;
    void *stack;
    refcount_t usage;
    unsigned int flags;
    unsigned int ptrace;
    int on_cpu;
    struct __call_single_node wake_entry;
    unsigned int cpu;
    unsigned int wakee_flips;
    unsigned long wakee_flip_decay_ts;
    struct task_struct *last_wakee;
    int recent_used_cpu;
    int wake_cpu;
    int on_rq;
    int prio;
    int static_prio;
    int normal_prio;
    unsigned int rt_priority;
    const struct sched_class *sched_class;
    struct sched_entity se;
    struct sched_rt_entity rt;
    struct task_group *sched_task_group;
    struct sched_dl_entity dl;
    struct hlist_head preempt_notifiers;
    unsigned int btrace_seq;
    unsigned int policy;
    int nr_cpus_allowed;
    const cpumask_t *cpus_ptr;
    cpumask_t cpus_mask;
    int trc_reader_nesting;
    int trc_ipi_to_cpu;
    union rcu_special trc_reader_special;