анализируйте данные аварийного дампа Linux или работающую систему (Analyze Linux crash dump data or a live system)
Команды (Commands)
Each crash command generally falls into one of the following
categories:
Symbolic display
Displays of kernel text/data, which take full advantage of
the power of gdb to format and display data structures
symbolically.
System state
The majority of crash commands consist of a set of
"kernel-aware" commands, which delve into various kernel
subsystems on a system-wide or per-task basis.
Utility functions
A set of useful helper commands serving various purposes,
some simple, others quite powerful.
Session control
Commands that control the crash session itself.
The following alphabetical list consists of a very simple
overview of each crash command. However, since individual
commands often have several options resulting in significantly
different output, it is suggested that the full description of
each command be viewed by executing crash -h <command>, or during
a crash session by simply entering help command.
* "pointer to" is shorthand for either the struct or union
commands. It displays the contents of a kernel structure
or union.
alias creates a single-word alias for a command.
ascii displays an ascii chart or translates a numeric value into
its ascii components.
bt displays a task's kernel-stack backtrace. If it is given
the -a option, it displays the stack traces of the active
tasks on all CPUs. It is often used with the foreach
command to display the backtraces of all tasks with one
command.
btop translates a byte value (physical offset) to its page
number.
dev displays data concerning the character and block device
assignments, I/O port usage, I/O memory usage, and PCI
device data.
dis disassembles memory, either entire kernel functions, from
a location for a specified number of instructions, or from
the start of a function up to a specified memory location.
eval evaluates an expression or numeric type and displays the
result in hexadecimal, decimal, octal and binary.
exit causes crash to exit.
extend dynamically loads or unloads crash shared object extension
modules.
files displays information about open files in a context.
foreach
repeats a specified command for the specified (or all)
tasks in the system.
fuser displays the tasks using the specified file or socket.
gdb passes its argument to the embedded gdb module. It is
useful for executing gdb commands that have the same name
as crash commands.
help alone displays the command menu; if followed by a command
name, a full description of a command, its options, and
examples are displayed. Its output is far more complete
and useful than this man page.
ipcs displays data about the System V IPC facilities.
irq displays data concerning interrupt request numbers and
bottom-half interrupt handling.
kmem displays information about the use of kernel memory.
list displays the contents of a linked list.
log displays the kernel log_buf contents in chronological
order.
mach displays data specific to the machine type.
mod displays information about the currently installed kernel
modules, or adds or deletes symbolic or debugging
information about specified kernel modules.
mount displays information about the currently-mounted
filesystems.
net display various network related data.
p passes its arguments to the gdb "print" command for
evaluation and display.
ps displays process status for specified, or all, processes
in the system.
pte translates the hexadecimal contents of a PTE into its
physical page address and page bit settings.
ptob translates a page frame number to its byte value.
ptov translates a hexadecimal physical address into a kernel
virtual address.
q is an alias for the "exit" command.
rd displays the contents of memory, with the output formatted
in several different manners.
repeat repeats a command indefinitely, optionally delaying a
given number of seconds between each command execution.
runq displays the tasks on the run queue.
search searches a range of user or kernel memory space for given
value.
set either sets a new context, or gets the current context for
display.
sig displays signal-handling data of one or more tasks.
struct displays either a structure definition or the contents of
a kernel structure at a specified address.
swap displays information about each configured swap device.
sym translates a symbol to its virtual address, or a static
kernel virtual address to its symbol -- or to a symbol-
plus-offset value, if appropriate.
sys displays system-specific data.
task displays the contents of a task_struct.
tree displays the contents of a red-black tree or a radix tree.
timer displays the timer queue entries, both old- and new-style,
in chronological order.
union is similar to the struct command, except that it works on
kernel unions.
vm displays basic virtual memory information of a context.
vtop translates a user or kernel virtual address to its
physical address.
waitq walks the wait queue list displaying the tasks which are
blocked on the specified wait queue.
whatis displays the definition of structures, unions, typedefs or
text/data symbols.
wr modifies the contents of memory on a live system. It can
only be used if /dev/mem is the device file being used to
access system RAM, and should obviously be used with great
care.
When crash is invoked with a Xen hypervisor binary as the
NAMELIST, the command set is slightly modified. The *, alias,
ascii, bt, dis, eval, exit, extend, gdb, help, list, log, p, pte,
rd, repeat, search, set, struct, sym, sys, union, whatis, wr and
q commands are the same as above. The following commands are
specific to the Xen hypervisor:
domain displays the contents of the domain structure for
selected, or all, domains.
doms displays domain status for selected, or all, domains.
dumpinfo
displays Xen dump information for selected, or all, cpus.
pcpus displays physical cpu information for selected, or all,
cpus.
vcpus displays vcpu status for selected, or all, vcpus.
