Thursday, July 17, 2014

GNU crash utility commands help text part 2

Continuation of part-1 .........

There is an excellent help documentation for 'crash' utility available at this link :

http://people.redhat.com/anderson/help.html

However, I put all these documentation in a two pages here.

 18. ) Documentation for crash command list:


NAME
  list - linked list

SYNOPSIS
  list [[-o] offset] [-e end] [-s struct[.member[,member]]] [-H] start

DESCRIPTION
  This command dumps the contents of a linked list.  The entries in a linked
  list are typically data structures that are tied together in one of two
  formats:

  1. A starting address points to a data structure; that structure contains
     a member that is a pointer to the next structure, and so on.  The list
     typically ends when a "next" pointer value contains one of the
     following:

       a. a NULL pointer.
       b. a pointer to the start address.
       c. a pointer to the first item pointed to by the start address.
       d. a pointer to its containing structure.
 
  2. Most Linux lists are linked via embedded list_head structures contained
     within the data structures in the list.  The linked list is headed by an
     external LIST_HEAD, which is simply a list_head structure initialized to
     point to itself, signifying that the list is empty:

       struct list_head {
           struct list_head *next, *prev;
       };

       #define LIST_HEAD_INIT(name) { &(name), &(name) }
       #define LIST_HEAD(name) struct list_head name = LIST_HEAD_INIT(name)

     In the case of list_head-type lists, the "next" pointer is the address
     of the embedded list_head structure in the next structure, and not the
     address of the structure itself.  The list typically ends when the
     list_head's next pointer points back to the LIST_HEAD address.

  This command can handle both types of linked list; in both cases the list
  of addresses that are dumped are the addresses of the data structures
  themselves.

  The arguments are as follows:

  [-o] offset  The offset within the structure to the "next" pointer
               (default is 0).  If non-zero, the offset may be entered
               in either of two manners:

               1. In "structure.member" format; the "-o" is not necessary.
               2. A number of bytes; the "-o" is only necessary on processors
                  where the offset value could be misconstrued as a kernel
                  virtual address.

       -e end  If the list ends in a manner unlike the typical manners that
               are described above, an explicit ending address value may be
               entered.
    -s struct  For each address in list, format and print as this type of
               structure; use the "struct.member" format in order to display
               a particular member of the structure.  To display multiple
               members of a structure, use a comma-separated list of members.

  The meaning of the "start" argument, which can be expressed either
  symbolically or in hexadecimal format, depends upon whether the -H option
  is pre-pended or not:

      start  The address of the first structure in the list.
   -H start  The address of the list_head structure, typically expressed
             symbolically, but also can be an expression evaluating to the
             address of the starting list_head structure.

EXAMPLES
  Note that each task_struct is linked to its parent's task_struct via the
  p_pptr member:

    crash> struct task_struct.p_pptr
    struct task_struct {
       [136] struct task_struct *p_pptr;
    }

  That being the case, given a task_struct pointer of c169a000, show its
  parental hierarchy back to the "init_task" (the "swapper" task):

    crash> list task_struct.p_pptr c169a000
    c169a000
    c0440000
    c50d0000
    c0562000
    c0d28000
    c7894000
    c6a98000
    c009a000
    c0252000

  Given that the "task_struct.p_pptr" offset is 136 bytes, the same
  result could be accomplished like so:

    crash> list 136 c169a000
    c169a000
    c0440000
    c50d0000
    c0562000
    c0d28000
    c7894000
    c6a98000
    c009a000
    c0252000

  The list of currently-registered file system types are headed up by a
  struct file_system_type pointer named "file_systems", and linked by
  the "next" field in each file_system_type structure.  The following
  sequence displays the structure address followed by the name and
  fs_flags members of each registered file system type:

    crash> p file_systems
    file_systems = $1 = (struct file_system_type *) 0xc03adc90
    crash> list file_system_type.next -s file_system_type.name,fs_flags 0xc03adc90
    c03adc90
      name = 0xc02c05c8 "rootfs",
      fs_flags = 0x30,
    c03abf94
      name = 0xc02c0319 "bdev",
      fs_flags = 0x10,
    c03acb40
      name = 0xc02c07c4 "proc",
      fs_flags = 0x8,
    c03e9834
      name = 0xc02cfc83 "sockfs",
      fs_flags = 0x10,
    c03ab8e4
      name = 0xc02bf512 "tmpfs",
      fs_flags = 0x20,
    c03ab8c8
      name = 0xc02c3d6b "shm",
      fs_flags = 0x20,
    c03ac394
      name = 0xc02c03cf "pipefs",
      fs_flags = 0x10,
    c03ada74
      name = 0xc02c0e6b "ext2",
      fs_flags = 0x1,
    c03adc74
      name = 0xc02c0e70 "ramfs",
      fs_flags = 0x20,
    c03ade74
      name = 0xc02c0e76 "hugetlbfs",
      fs_flags = 0x20,
    c03adf8c
      name = 0xc02c0f84 "iso9660",
      fs_flags = 0x1,
    c03aec14
      name = 0xc02c0ffd "devpts",
      fs_flags = 0x8,
    c03e93f4
      name = 0xc02cf1b9 "pcihpfs",
      fs_flags = 0x28,
    e0831a14
      name = 0xe082f89f "ext3",
      fs_flags = 0x1,
    e0846af4
      name = 0xe0841ac6 "usbdevfs",
      fs_flags = 0x8,
    e0846b10
      name = 0xe0841acf "usbfs",
      fs_flags = 0x8,
    e0992370
      name = 0xe099176c "autofs",
      fs_flags = 0x0,
    e2dcc030
      name = 0xe2dc8849 "nfs",
      fs_flags = 0x48000,

  In some kernels, the system run queue is a linked list headed up by the
  "runqueue_head", which is defined like so:

    static LIST_HEAD(runqueue_head);

  The run queue linking is done with the "run_list" member of the task_struct:

    crash> struct task_struct.run_list
    struct task_struct {
        [60] struct list_head run_list;
    }

  Therefore, to view the list of task_struct addresses in the run queue,
  either of the following commands will work:

    crash> list task_struct.run_list -H runqueue_head
    f79ac000
    f7254000
    f7004000
    crash> list 60 -H runqueue_head
    f79ac000
    f7254000
    f7004000

  Lastly, in some kernel versions, the vfsmount structures of the mounted
  filesystems are linked by the LIST_HEAD "vfsmntlist", which uses the
  mnt_list list_head of each vfsmount structure in the list.  To dump each
  vfsmount structure in the list, append the -s option:

    crash> list -H vfsmntlist vfsmount.mnt_list -s vfsmount
    c3fc9e60
    struct vfsmount {
      mnt_hash = {
        next = 0xc3fc9e60,
        prev = 0xc3fc9e60
      },
      mnt_parent = 0xc3fc9e60,
      mnt_mountpoint = 0xc3fc5dc0,
      mnt_root = 0xc3fc5dc0,
      mnt_instances = {
        next = 0xc3f60a74,
        prev = 0xc3f60a74
      },
      mnt_sb = 0xc3f60a00,
      mnt_mounts = {
        next = 0xf7445e08,
        prev = 0xf7445f88
      },
      mnt_child = {
        next = 0xc3fc9e88,
        prev = 0xc3fc9e88
      },
      mnt_count = {
        counter = 209
      },
      mnt_flags = 0,
      mnt_devname = 0xc8465b20 "/dev/root",
      mnt_list = {
        next = 0xf7445f9c,
        prev = 0xc02eb828
      },
      mnt_owner = 0
    }
    f7445f60
    struct vfsmount {
    ...



 19. ) Documentation for crash command log:


NAME
  log - dump system message buffer

SYNOPSIS
  log [-m]

DESCRIPTION
  This command dumps the kernel log_buf contents in chronological order.
 
    -m  Display the message log level preceding each message.

EXAMPLES
  Dump the kernel message buffer:

    crash> log
    Linux version 2.2.5-15smp (root@mclinux1) (gcc version egcs-2.91.66 19990
    314/Linux (egcs-1.1.2 release)) #1 SMP Thu Aug 26 11:04:37 EDT 1999
    Intel MultiProcessor Specification v1.4
        Virtual Wire compatibility mode.
    OEM ID: DELL     Product ID: WS 410       APIC at: 0xFEE00000
    Processor #0 Pentium(tm) Pro APIC version 17
    Processor #1 Pentium(tm) Pro APIC version 17
    I/O APIC #2 Version 17 at 0xFEC00000.
    Processors: 2
    mapped APIC to ffffe000 (fee00000)
    mapped IOAPIC to ffffd000 (fec00000)
    Detected 447696347 Hz processor.
    Console: colour VGA+ 80x25
    Calibrating delay loop... 445.64 BogoMIPS
    ...
      8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface.
      MII transceiver found at address 24, status 782d.
      Enabling bus-master transmits and whole-frame receives.
    Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
    nfsd_init: initialized fhcache, entries=256
    ...

  Do the same thing, but also show the log level preceding each message:

    crash> log -m
    <4>Linux version 2.2.5-15smp (root@mclinux1) (gcc version egcs-2.91.66 19990
    314/Linux (egcs-1.1.2 release)) #1 SMP Thu Aug 26 11:04:37 EDT 1999
    <4>Intel MultiProcessor Specification v1.4
    <4>    Virtual Wire compatibility mode.
    <4>OEM ID: DELL     Product ID: WS 410       APIC at: 0xFEE00000
    <4>Processor #0 Pentium(tm) Pro APIC version 17
    <4>Processor #1 Pentium(tm) Pro APIC version 17
    <4>I/O APIC #2 Version 17 at 0xFEC00000.
    <4>Processors: 2
    <4>mapped APIC to ffffe000 (fee00000)
    <4>mapped IOAPIC to ffffd000 (fec00000)
    <4>Detected 447696347 Hz processor.
    <4>Console: colour VGA+ 80x25
    <4>Calibrating delay loop... 445.64 BogoMIPS
    ...
    <6>  8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface.
    <6>  MII transceiver found at address 24, status 782d.
    <6>  Enabling bus-master transmits and whole-frame receives.
    <6>Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
    <7>nfsd_init: initialized fhcache, entries=256
    ...



 20. ) Documentation for crash command mach:


NAME
  mach - machine specific data

SYNOPSIS
  mach [-cm]

DESCRIPTION
  This command displays data specific to a machine type.

    -c  Display each cpu's cpuinfo structure (x86, x86_64 and ia64 only).
        Display each cpu's x8664_pda structure (x86_64 only),
        Display the hwrpb_struct, and each cpu's percpu_struct (alpha only).
    -m  Display the physical memory map (x86, x86_64 and ia64 only).

EXAMPLES
    crash> mach
           MACHINE TYPE: i686
            MEMORY SIZE: 512 MB
                   CPUS: 2
        PROCESSOR SPEED: 1993 Mhz
                     HZ: 100
              PAGE SIZE: 4096
    KERNEL VIRTUAL BASE: c0000000
    KERNEL VMALLOC BASE: e0800000
      KERNEL STACK SIZE: 8192

  Display the system physical memory map:

    crash> mach -m
          PHYSICAL ADDRESS RANGE         TYPE
    0000000000000000 - 00000000000a0000  E820_RAM
    00000000000f0000 - 0000000000100000  E820_RESERVED
    0000000000100000 - 000000001ff75000  E820_RAM
    000000001ff75000 - 000000001ff77000  E820_NVS
    000000001ff77000 - 000000001ff98000  E820_ACPI
    000000001ff98000 - 0000000020000000  E820_RESERVED
    00000000fec00000 - 00000000fec90000  E820_RESERVED
    00000000fee00000 - 00000000fee10000  E820_RESERVED
    00000000ffb00000 - 0000000100000000  E820_RESERVED



 21. ) Documentation for crash command mod:


NAME
  mod - module information and loading of symbols and debugging data

SYNOPSIS
  mod -s module [objfile] | -d module | -S [directory] | -D | -r | -R | -o | -g

DESCRIPTION
  With no arguments, this command displays basic information of the currently
  installed modules, consisting of the module address, name, size, the
  object file name (if known), and whether the module was compiled with
  CONFIG_KALLSYMS.

  The arguments are concerned with with the loading or deleting of symbolic
  and debugging data from a module's object file.  A modules's object file
  always contains symbolic data (symbol names and addresses), but contains
  debugging data only if the module was compiled with the -g CFLAG.  In
  addition, the module may have compiled with CONFIG_KALLSYMS, which means
  that the module's symbolic data will have been loaded into the kernel's
  address space when it was installed.  If the module was not compiled with
  CONFIG_KALLSYMS, then only the module's exported symbols will be loaded
  into the kernel's address space.  Therefore, for the purpose of this
  command, it should noted that a kernel module may have been compiled in
  one of following manners:

  1. If the module was built without CONFIG_KALLSYMS and without the -g CFLAG,
     then the loading of the module's additional non-exported symbols can
     be accomplished with this command.
  2. If the module was built with CONFIG_KALLSYMS, but without the -g CFLAG,
     then there is no benefit in loading the symbols from the module object
     file, because all of the module's symbols will have been loaded into the
     kernel's address space when it was installed.
  3. If the module was built with CONFIG_KALLSYMS and with the the -g CFLAG,
     then the loading of the module's debugging data can be accomplished
     with this command.
  4. If the module was built without CONFIG_KALLSYMS but with the -g CFLAG,
     then the loading of the both module's symbolic and debugging data can
     be accomplished with this command.

  -s module [objfile]  Loads symbolic and debugging data from the object file
                       for the module specified.  If no objfile argument is
                       appended, a search will be made for an object file
                       consisting of the module name with a .o or .ko suffix,
                       starting at the /lib/modules/ directory on
                       the host system.  If an objfile argument is appended,
                       then that file will be used.
            -d module  Deletes the symbolic and debugging data of the module
                       specified.
       -S [directory]  Load symbolic and debugging data from the object file
                       for all loaded modules.  For each module, a search
                       will be made for an object file consisting of the
                       module name with a .o or.ko suffix, starting at the
                       /lib/modules/ directory of the host system.
                       If a directory argument is appended, then the search
                       will be restricted to that directory.
                   -D  Deletes the symbolic and debugging data of all modules.
                   -r  Passes the -readnow flag to the embedded gdb module,
                       which will override the two-stage strategy that it uses
                       for reading symbol tables from module object files.
                   -R  Reinitialize module data. All currently-loaded symbolic
                       and debugging data will be deleted, and the installed
                       module list will be updated (live system only).
                   -g  When used with -s or -S, add a module object's section
                       start and end addresses to its symbol list.
                   -o  Load module symbols with old mechanism.

  After symbolic and debugging data have been loaded, backtraces and text
  disassembly will be displayed appropriately.  Depending upon the processor
  architecture, data may also printed symbolically with the "p" command;
  at a minimum, the "rd" command may be used with module data symbols.

  If crash can recognize that the set of modules has changed while running a
  session on a live kernel, the module data will be reinitialized the next
  time this command is run; the -r option forces the reinitialization.

EXAMPLES
  Display the currently-installed modules:

    crash> mod
     MODULE   NAME         SIZE  OBJECT FILE
    c8019000  soundcore    2788  (not loaded)
    c801b000  soundlow      336  (not loaded)
    c801d000  sound       59864  (not loaded)
    c802d000  ad1848      15728  (not loaded)
    c8032000  uart401      6000  (not loaded)
    c8035000  cs4232       2472  (not loaded)
    c8043000  opl3        11048  (not loaded)
    c8047000  3c59x       18152  (not loaded)
    c804d000  sunrpc      53796  (not loaded)
    c805c000  lockd       31528  (not loaded)
    c8065000  nfsd       151896  (not loaded)
    c8092000  nfs         29752  (not loaded)

  Display the currently-installed modules on a system where all modules were
  compiled with CONFIG_KALLSYMS:

    crash> mod
     MODULE   NAME              SIZE  OBJECT FILE
    e080d000  jbd              57016  (not loaded)  [CONFIG_KALLSYMS]
    e081e000  ext3             92360  (not loaded)  [CONFIG_KALLSYMS]
    e0838000  usbcore          83168  (not loaded)  [CONFIG_KALLSYMS]
    e0850000  usb-uhci         27532  (not loaded)  [CONFIG_KALLSYMS]
    e085a000  ehci-hcd         20904  (not loaded)  [CONFIG_KALLSYMS]
    e0865000  input             6208  (not loaded)  [CONFIG_KALLSYMS]
    e086a000  hid              22404  (not loaded)  [CONFIG_KALLSYMS]
    e0873000  mousedev          5688  (not loaded)  [CONFIG_KALLSYMS]
    e0878000  keybdev           2976  (not loaded)  [CONFIG_KALLSYMS]
    e08fd000  cdrom            34144  (not loaded)  [CONFIG_KALLSYMS]
    e0909000  ide-cd           35776  (not loaded)  [CONFIG_KALLSYMS]
    e0915000  scsi_mod        117928  (not loaded)  [CONFIG_KALLSYMS]
    e0935000  ide-scsi         12752  (not loaded)  [CONFIG_KALLSYMS]
    e093c000  microcode         5248  (not loaded)  [CONFIG_KALLSYMS]
    e0943000  sr_mod           18136  (not loaded)  [CONFIG_KALLSYMS]
    e0956000  floppy           59056  (not loaded)  [CONFIG_KALLSYMS]
    e0966000  sg               38060  (not loaded)  [CONFIG_KALLSYMS]
    e0971000  ip_tables        16544  (not loaded)  [CONFIG_KALLSYMS]
    e097d000  iptable_filter    2412  (not loaded)  [CONFIG_KALLSYMS]
    e097f000  e1000            76096  (not loaded)  [CONFIG_KALLSYMS]
    e09ba000  autofs           13780  (not loaded)  [CONFIG_KALLSYMS]
    e09c1000  parport          39072  (not loaded)  [CONFIG_KALLSYMS]
    e09ce000  lp                9220  (not loaded)  [CONFIG_KALLSYMS]
    e09d4000  parport_pc       19204  (not loaded)  [CONFIG_KALLSYMS]
    e09e2000  agpgart          59128  (not loaded)  [CONFIG_KALLSYMS]
    e0a1a000  radeon          117156  (not loaded)  [CONFIG_KALLSYMS]
    e2dc7000  sunrpc           91996  (not loaded)  [CONFIG_KALLSYMS]
    e2de1000  lockd            60624  (not loaded)  [CONFIG_KALLSYMS]
    e2df3000  nfs              96880  (not loaded)  [CONFIG_KALLSYMS]

  Load the symbolic and debugging data of all modules:

    crash> mod -S
     MODULE   NAME         SIZE  OBJECT FILE
    c8019000  soundcore    2788  /lib/modules/2.2.5-15/misc/soundcore.o
    c801b000  soundlow      336  /lib/modules/2.2.5-15/misc/soundlow.o
    c801d000  sound       59864  /lib/modules/2.2.5-15/misc/sound.o
    c802d000  ad1848      15728  /lib/modules/2.2.5-15/misc/ad1848.o
    c8032000  uart401      6000  /lib/modules/2.2.5-15/misc/uart401.o
    c8035000  cs4232       2472  /lib/modules/2.2.5-15/misc/cs4232.o
    c8043000  opl3        11048  /lib/modules/2.2.5-15/misc/opl3.o
    c8047000  3c59x       18152  /lib/modules/2.2.5-15/net/3c59x.o
    c804d000  sunrpc      53796  /lib/modules/2.2.5-15/misc/sunrpc.o
    c805c000  lockd       31528  /lib/modules/2.2.5-15/fs/lockd.o
    c8065000  nfsd       151896  /lib/modules/2.2.5-15/fs/nfsd.o
    c8092000  nfs         29752  /lib/modules/2.2.5-15/fs/nfs.o
   
  Load the symbolic and debugging data of the soundcore module from its
  known location:

    crash> mod -s soundcore
     MODULE   NAME         SIZE  OBJECT FILE
    c8019000  soundcore    2788  /lib/modules/2.2.5-15/misc/soundcore.o
   
  Delete the current symbolic and debugging data of the soundcore module,
  and then re-load it from a specified object file:

    crash> mod -d soundcore
    crash> mod -s soundcore /tmp/soundcore.o
     MODULE   NAME         SIZE  OBJECT FILE
    c8019000  soundcore    2788  /tmp/soundcore.o

  After installing a new kernel module on a live system, reinitialize the
  installed module list:

    crash> !insmod mdacon
    crash> mod
    mod: NOTE: modules have changed on this system -- reinitializing
     MODULE   NAME         SIZE  OBJECT FILE
    c8019000  soundcore    2788  (not loaded)
    c801b000  soundlow      336  (not loaded)
    c801d000  sound       59864  (not loaded)
    c802d000  ad1848      15728  (not loaded)
    c8032000  uart401      6000  (not loaded)
    c8035000  cs4232       2472  (not loaded)
    c8043000  opl3        11048  (not loaded)
    c8047000  3c59x       18152  (not loaded)
    c804d000  sunrpc      53796  (not loaded)
    c805c000  lockd       31528  (not loaded)
    c8065000  nfs         29752  (not loaded)
    c806e000  autofs       9316  (not loaded)
    c8072000  nfsd       151896  (not loaded)
    c80a1000  mdacon       3556  (not loaded)



 22. ) Documentation for crash command mount:


NAME
  mount - mounted filesystem data

SYNOPSIS
  mount [-f] [-i] [-n pid|task] [vfsmount|superblock|devname|dirname|inode]

DESCRIPTION
  This command displays basic information about the currently-mounted
  filesystems.  The per-filesystem dirty inode list or list of open
  files for the filesystem may also be displayed.

     -f  dump dentries and inodes for open files in each filesystem.
     -i  dump all dirty inodes associated with each filesystem; only
         supported on kernels with super_block.s_dirty linked list.

  For kernels supporting namespaces, the -n option may be used to
  display the mounted filesystems with respect to the namespace of a
  specified task:

     -n pid   a process PID.
     -n task  a hexadecimal task_struct pointer.

  Specific filesystems may be selected using the following forms:

    vfsmount  hexadecimal address of filesystem vfsmount structure.
  superblock  hexadecimal address of filesystem super_block structure.
     devname  device name of filesystem.
     dirname  directory where filesystem is mounted.
       inode  hexadecimal address of an open inode of a filesystem.

EXAMPLES
  Display mounted filesystem data:

    crash> mount
    VFSMOUNT SUPERBLK TYPE   DEVNAME         DIRNAME
    c0089ea0 c0088a00 ext2   /dev/root       /   
    c0089cf0 c0088c00 proc   /proc           /proc
    c0089e10 c0088800 ext2   /dev/sda5       /boot
    c0089d80 c0088600 ext2   /dev/sda6       /usr
    c0089f30 c0088400 devpts none            /dev/pts
    c3f4b010 c0088200 ext2   /dev/sda1       /home
    c6bf3d10 c0088000 nfs    home:/home1     /home1
    c49b90a0 c43a2a00 nfs    home:/usr/local /usr/local

  Display the open files associated with each mounted filesystem:

    crash> mount -f
    VFSMOUNT SUPERBLK TYPE   DEVNAME         DIRNAME
    c7fb2b80 c7fb3200 ext2   /dev/root       /
    OPEN FILES:
     DENTRY    INODE    TYPE  PATH
    c6d02200  c6d0f7a0  REG   usr/X11R6/lib/libX11.so.6.1
    c6d02100  c6d0f9e0  REG   usr/X11R6/lib/libXext.so.6.3
    c6d02000  c6d0fc20  REG   usr/X11R6/lib/libICE.so.6.3
    c6d02680  c6d0f320  REG   usr/X11R6/bin/xfs
    c7106580  c70c5440  CHR   dev/psaux
    ...

  Display the dirty inodes associated with each mounted filesystem:

    crash> mount -i
    VFSMOUNT SUPERBLK TYPE   DEVNAME         DIRNAME
    c0089ea0 c0088a00 ext2   /dev/root       /           
    DIRTY INODES
    c7ad4008
    c2233438
    c72c4008
    c7d6b548
    c3af1a98
    c7d6b768
    c3c4e228
    ...

  Display the mounted filesystem containing inode c5000aa8:

    crash> mount c5000aa8
    VFSMOUNT SUPERBLK TYPE   DEVNAME         DIRNAME
    c0089f30 c0088600 ext2   /dev/sda6       /usr




 23. ) Documentation for crash command net:


NAME
  net - network command

SYNOPSIS
  net [-a] [[-s | -S] [-R ref] [pid | taskp]] [-n addr]

DESCRIPTION
  Display various network related data:

      -a  display the ARP cache.
      -s  display open network socket/sock addresses, their family and type,
          and for INET and INET6 families, their source and destination
          addresses and ports.
      -S  displays open network socket/sock addresses followed by a dump
          of both structures.
  -n addr translates an IPv4 address expressed as a decimal or hexadecimal
          value into a standard numbers-and-dots notation.
  -R ref  socket or sock address, or file descriptor.
     pid  a process PID.
   taskp  a hexadecimal task_struct pointer.

  If no arguments are entered, the list of network devices, names and IP
  addresses are displayed.  The -R option, typically invoked from "foreach net",
  and in conjunction with the -s or -S options, searches for references to a
  socket address, sock address, or a file descriptor; if found, only the
  referenced fd/socket/sock data will be displayed.

EXAMPLES
  Display the network device list:

    crash> net
     DEVICE   NAME   IP ADDRESS(ES)
    c0249f20  lo     127.0.0.1
    c7fe6d80  eth0   10.1.8.20

  Dump the ARP cache:

    crash> net -a
    IP ADDRESS      HW TYPE    HW ADDRESS         DEVICE  STATE
    0.0.0.0         UNKNOWN    00 00 00 00 00 00  lo      40 (NOARP)
    192.168.1.1     ETHER      00:50:54:fe:ef:23  eth0    04 (STALE)
    192.168.1.10    ETHER      00:90:27:9c:6c:79  eth0    02 (REACHABLE)
    192.168.1.118   ETHER      00:c0:4f:60:00:e2  eth0    02 (REACHABLE)
  
  Display the sockets for PID 2517, using both -s and -S output formats:

    crash> net -s 2517
    PID: 2517   TASK: c1598000  CPU: 1   COMMAND: "rlogin"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     3  c57375dc  c1ff1850  INET:STREAM      10.1.8.20-1023      10.1.16.62-513
   
    crash> net -S 2517
    PID: 2517   TASK: c1598000  CPU: 1   COMMAND: "rlogin"
    FD   SOCKET     SOCK
     3  c57375dc  c1ff1850
   
    struct socket {
      state = SS_CONNECTED,
      flags = 131072,
      ops = 0xc023f820,
      inode = 0xc5737540,
      fasync_list = 0x0,
      file = 0xc58892b0,
      sk = 0xc1ff1850,
      wait = 0xc14d9ed4,
      type = 1,
      passcred = 0 '\000',
      tli = 0 '\000'
    }
    struct sock {
      sklist_next = 0xc1ff12f0,
      sklist_prev = 0xc216bc00,
      bind_next = 0x0,
      bind_pprev = 0xc0918448,
      daddr = 1041236234,
      rcv_saddr = 336068874,
      dport = 258,
      num = 1023,
      bound_dev_if = 0,
      next = 0x0,
      pprev = 0xc0286dd4,
      state = 1 '\001',
      zapped = 0 '\000',
      sport = 65283,
      family = 2,
      reuse = 0 '\000',
      ...
   Translate the rcv_saddr from above into dotted-decimal notation:

    crash> net -n 1041236234
    10.1.16.62

  From "foreach", find all tasks with references to socket c08ea3cc:

    crash> foreach net -s -R c08ea3cc
    PID: 2184   TASK: c7026000  CPU: 1   COMMAND: "klines.kss"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2200   TASK: c670a000  CPU: 1   COMMAND: "kpanel"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2201   TASK: c648a000  CPU: 1   COMMAND: "kbgndwm"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 19294  TASK: c250a000  CPU: 0   COMMAND: "prefdm"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2194   TASK: c62dc000  CPU: 1   COMMAND: "kaudioserver"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2195   TASK: c6684000  CPU: 1   COMMAND: "maudio"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2196   TASK: c6b58000  CPU: 1   COMMAND: "kwmsound"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2197   TASK: c6696000  CPU: 0   COMMAND: "kfm"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2199   TASK: c65ec000  CPU: 0   COMMAND: "krootwm"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 694    TASK: c1942000  CPU: 0   COMMAND: "prefdm"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 698    TASK: c6a2c000  CPU: 1   COMMAND: "X"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   
    PID: 2159   TASK: c4a5a000  CPU: 1   COMMAND: "kwm"
    FD   SOCKET     SOCK    FAMILY:TYPE         SOURCE-PORT     DESTINATION-PORT
     5  c08ea3cc  c50d3c80  INET:STREAM        0.0.0.0-1026         0.0.0.0-0
   



 24. ) Documentation for crash command p:


NAME
  p - print the value of an expression

SYNOPSIS
  p [-x|-d][-u] expression

DESCRIPTION
  This command passes its arguments on to gdb "print" command for evaluation.

    expression   The expression to be evaluated.
            -x  override default output format with hexadecimal format.
            -d  override default output format with decimal format.
            -u  the expression evaluates to a user address reference.

  The default output format is decimal, but that can be changed at any time
  with the two built-in aliases "hex" and "dec".  Alternatively, there
  are two other built-in aliases, "px" and "pd", which force the command
  output to be displayed in hexadecimal or decimal, without changing the
  default mode.

EXAMPLES
  Print the contents of jiffies:

    crash> p jiffies
    jiffies = $6 = 166532620
    crash> px jiffies
    jiffies = $7 = 0x9ed174b
    crash> pd jiffies
    jiffies = $8 = 166533160

  Print the contents of the vm_area_struct "init_mm":

    crash> p init_mm
    init_mm = $5 = {
      mmap = 0xc022d540,
      mmap_avl = 0x0,
      mmap_cache = 0x0,
      pgd = 0xc0101000,
      count = {
        counter = 0x6
      },
      map_count = 0x1,
      mmap_sem = {
        count = {
          counter = 0x1
        },
        waking = 0x0,
        wait = 0x0
      },
      context = 0x0,
      start_code = 0xc0000000,
      end_code = 0xc022b4c8,
      start_data = 0x0,
      end_data = 0xc0250388,
      start_brk = 0x0,
      brk = 0xc02928d8,
      start_stack = 0x0,
      arg_start = 0x0,
      arg_end = 0x0,
      env_start = 0x0,
      env_end = 0x0,
      rss = 0x0,
      total_vm = 0x0,
      locked_vm = 0x0,
      def_flags = 0x0,
      cpu_vm_mask = 0x0,
      swap_cnt = 0x0,
      swap_address = 0x0,
      segments = 0x0
    }

No comments:

Post a Comment