有时我们有这样的需求,想查看某个进程的内核栈里的全部内容,介绍下面的几种做法:
方法1:得到进程的栈底地址以及栈大小,然后使用rd指令读取
- 使用mach指令获取内核栈的大小
crash> mach | grep SIZE MEMORY SIZE: 64 GB PAGE SIZE: 4096 KERNEL STACK SIZE: 16384 IRQ STACK SIZE: 16384 DOUBLEFAULT STACK SIZE: 8192 NMI STACK SIZE: 8192 DEBUG STACK SIZE: 8192 MCE STACK SIZE: 8192 VC STACK SIZE: 8192
上面KERNEL STACK SIZE
表示的就是内核栈的大小,这里是16KB
- 获取进程的内核栈栈底
就以出发宕机的CPU上当时运行的进程为例。
crash> task -R stack PID: 80876 TASK: ffff9519080da880 CPU: 42 COMMAND: "bash" stack = 0xffffa4e249fb4000,
- 读取
rd命令默认是按8字节为单位,所以16KB的话,需要读取2KB,也就是0x800,此外,加入-s选项,这样可以将内核栈里的函数符号翻译成符号名加偏移的格式。
点击查看代码
方法2:直接使用bt -r
指令
点击查看代码
方法3:还是使用bt -T/t
指令
方法2使用bt指令把内核栈的内容全部输出了出来,输出内容中有很多没有用的内容,此外,bt还提供了-T/t
参数,这样会把内核栈里可以解析的部分打印出来
crash> bt -T PID: 80876 TASK: ffff9519080da880 CPU: 42 COMMAND: "bash" [ffffa4e249fb7578] vsnprintf at ffffffffb9f4b8a4 [ffffa4e249fb75d0] sprintf at ffffffffb9f4bb6e [ffffa4e249fb7630] __sprint_symbol at ffffffffb91fbf34 [ffffa4e249fb7688] symbol_string at ffffffffb9f48185 [ffffa4e249fb7758] number at ffffffffb9f464e2 [ffffa4e249fb77d8] number at ffffffffb9f464e2 [ffffa4e249fb7848] number at ffffffffb9f464e2 [ffffa4e249fb78b8] vsnprintf at ffffffffb9f4b776 [ffffa4e249fb7910] sprintf at ffffffffb9f4bb6e [ffffa4e249fb7948] desc_read_finalized_seq at ffffffffb919d0b7 [ffffa4e249fb7970] _prb_read_valid at ffffffffb919d3ac [ffffa4e249fb79a0] _raw_spin_trylock at ffffffffb9f71743 [ffffa4e249fb7a00] prb_read_valid at ffffffffb919e0d7 [ffffa4e249fb7a10] console_emit_next_record.constprop.0 at ffffffffb9199f83 [ffffa4e249fb7a48] desc_read_finalized_seq at ffffffffb919d0b7 [ffffa4e249fb7a50] append_elf_note at ffffffffb91fdb37 [ffffa4e249fb7a88] crash_save_cpu at ffffffffb91ff6b4 [ffffa4e249fb7c00] machine_kexec at ffffffffb90839cc [ffffa4e249fb7c58] __crash_kexec at ffffffffb91fe047 [ffffa4e249fb7ce0] __crash_kexec at ffffffffb91fe075 [ffffa4e249fb7d18] panic at ffffffffb910c471 [ffffa4e249fb7d40] _printk at ffffffffb91987e0 [ffffa4e249fb7d98] sysrq_handle_crash at ffffffffb99d2596 [ffffa4e249fb7da0] __handle_sysrq at ffffffffb99d2b16 [ffffa4e249fb7dd0] write_sysrq_trigger at ffffffffb99d31b4 [ffffa4e249fb7de0] proc_reg_write at ffffffffb94ea8e6 [ffffa4e249fb7de8] preempt_count_add at ffffffffb914c8e7 [ffffa4e249fb7df8] vfs_write at ffffffffb94404d7 [ffffa4e249fb7e90] ksys_write at ffffffffb94409eb [ffffa4e249fb7ec8] do_syscall_64 at ffffffffb9f5618b [ffffa4e249fb7ed8] do_user_addr_fault at ffffffffb909706f [ffffa4e249fb7f28] exc_page_fault at ffffffffb9f5b4c0 [ffffa4e249fb7f50] entry_SYSCALL_64_after_hwframe at ffffffffba0000aa RIP: 00007fa6120e0164 RSP: 00007ffe5cf89778 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa6120e0164 RDX: 0000000000000002 RSI: 0000564e2104fae0 RDI: 0000000000000001 RBP: 00007ffe5cf897a0 R8: 0000000000001428 R9: 0000000100000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 R13: 0000564e2104fae0 R14: 00007fa6121b4780 R15: 0000000000000002 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b
可以看到,把machine_kexec栈帧上面的内存中可以解析成函数名的也打印了出来,对比一下不加-T/t
参数的方式:
crash> bt PID: 80876 TASK: ffff9519080da880 CPU: 42 COMMAND: "bash" #0 [ffffa4e249fb7c00] machine_kexec at ffffffffb90839cc #1 [ffffa4e249fb7c58] __crash_kexec at ffffffffb91fe047 #2 [ffffa4e249fb7d18] panic at ffffffffb910c471 #3 [ffffa4e249fb7d98] sysrq_handle_crash at ffffffffb99d2596 #4 [ffffa4e249fb7da0] __handle_sysrq at ffffffffb99d2b16 #5 [ffffa4e249fb7dd0] write_sysrq_trigger at ffffffffb99d31b4 #6 [ffffa4e249fb7de0] proc_reg_write at ffffffffb94ea8e6 #7 [ffffa4e249fb7df8] vfs_write at ffffffffb94404d7 #8 [ffffa4e249fb7e90] ksys_write at ffffffffb94409eb #9 [ffffa4e249fb7ec8] do_syscall_64 at ffffffffb9f5618b #10 [ffffa4e249fb7f50] entry_SYSCALL_64_after_hwframe at ffffffffba0000aa RIP: 00007fa6120e0164 RSP: 00007ffe5cf89778 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa6120e0164 RDX: 0000000000000002 RSI: 0000564e2104fae0 RDI: 0000000000000001 RBP: 00007ffe5cf897a0 R8: 0000000000001428 R9: 0000000100000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 R13: 0000564e2104fae0 R14: 00007fa6121b4780 R15: 0000000000000002 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b