メモリダンプを眺めてみる

必要に迫られまして、Cもアセンブラもサッパリなのにクラッシュダンプの解析を試みようかと思い立った今日この頃。

とりあえず稼働中のシステムのメモリでも眺めながら、纏めて勉強するかということで、まずはメモリダンプが見れるとこまで。


環境: MacBook (OS X 10.5.3) で VMware FusionCentOS 5.1


yumのリポジトリにはkernel-debuginfoパッケージが見当たらなかったので、ソースからリビルドするかなと思いつつ一応ググってみると http://debuginfo.centos.org にパッケージを発見しました。

kernel-debuginfoパッケージをインストール

$ wget http://debuginfo.centos.org/5/i386/kernel-debuginfo-2.6.18-53.el5.i686.rpm
$ wget http://debuginfo.centos.org/5/i386/kernel-debuginfo-common-2.6.18-53.el5.i686.rpm
$ sudo rpm -ivh kernel-debuginfo-common-2.6.18-53.el5.i686.rpm
$ sudo rpm -ivh kernel-debuginfo-2.6.18-53.el5.i686.rpm

crashコマンドを実行

3つ目の引数にvmcoreを指定すると、そのクラッシュダンプを解析する。指定しなかった場合は、稼働中システムのメモリ(/dev/mem)を参照する。

$ sudo crash /boot/System.map-2.6.18-53.1.21.el5 /usr/lib/debug/lib/modules/2.6.18-53.el5/vmlinux 

crash 4.0-4.6.1
Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.
 
GNU gdb 6.1
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...

  SYSTEM MAP: /boot/System.map-2.6.18-53.1.21.el5                      
DEBUG KERNEL: /usr/lib/debug/lib/modules/2.6.18-53.el5/vmlinux (2.6.18-53.el5)
    DUMPFILE: /dev/crash
        CPUS: 1
        DATE: Sat May 31 01:54:42 2008
      UPTIME: 00:39:07
LOAD AVERAGE: 0.08, 0.03, 0.01
       TASKS: 130
    NODENAME: cent51
     RELEASE: 2.6.18-53.1.21.el5
     VERSION: #1 SMP Tue May 20 09:34:18 EDT 2008
     MACHINE: i686  (2394 Mhz)
      MEMORY: 512 MB
         PID: 2868
     COMMAND: "crash"
        TASK: c6bec550  [THREAD_INFO: dbb7f000]
         CPU: 0
       STATE: TASK_RUNNING (ACTIVE)

crash> 

psしてみたり

crash> ps

   PID    PPID  CPU   TASK    ST  %MEM     VSZ    RSS  COMM
      0      0   0  c066d3c0  RU   0.0       0      0  [swapper]
      1      0   0  dfbc4aa0  IN   0.1    2044    640  init
      2      1   0  dfbc4550  IN   0.0       0      0  [migration/0]
      3      1   0  dfbc4000  IN   0.0       0      0  [ksoftirqd/0]
      4      1   0  dfbcbaa0  IN   0.0       0      0  [watchdog/0]
      5      1   0  dfbcb550  IN   0.0       0      0  [events/0]
      6      1   0  dfbcb000  IN   0.0       0      0  [khelper]
      7      1   0  dfed2aa0  IN   0.0       0      0  [kthread]
     10      7   0  dfeafaa0  IN   0.0       0      0  [kblockd/0]
     11      7   0  dfeaf550  IN   0.0       0      0  [kacpid]
     72      7   0  dfe78000  IN   0.0       0      0  [cqueue/0]
     75      7   0  dfe70000  IN   0.0       0      0  [khubd]
     77      7   0  dfe69550  IN   0.0       0      0  [kseriod]
    140      7   0  c178e550  IN   0.0       0      0  [pdflush]
    141      7   0  c178e000  RU   0.0       0      0  [pdflush]
    142      7   0  c1792aa0  IN   0.0       0      0  [kswapd0]

     〜以下省略〜

btしてみたり

crash> bt 1811
PID: 1811   TASK: c16bbaa0  CPU: 0   COMMAND: "syslogd"
 #0 [c1781b04] schedule at c06046b9
 #1 [c1781b6c] schedule_timeout at c0604d99
 #2 [c1781b90] do_select at c04803a3
 #3 [c1781e34] core_sys_select at c04806a6
 #4 [c1781f74] sys_select at c0480ca2
 #5 [c1781fb8] system_call at c0404ef8
    EAX: ffffffda  EBX: 00000001  ECX: bfcbe59c  EDX: 00000000 
    DS:  007b      ESI: 00000000  ES:  007b      EDI: 00000000
    SS:  007b      ESP: bfcbe4ec  EBP: bfcbea48
    CS:  0073      EIP: 0033f402  ERR: 0000008e  EFLAGS: 00000246 

ラジバンダリ

出力みても何がなんだかサッパリなので、週末はこいつをイジリ倒してみるかな。