-bash/zsh: crash: command not found # Windows (WSL2) sudo apt-get update sudo apt-get install crash # Debian apt-get install crash # Ubuntu apt-get install crash # Arch Linux pacman -S crash # Kali Linux apt-get install crash # CentOS yum install crash # Fedora dnf install crash # OS X brew install crash # Dockerfile dockerfile.run/crash
crash 命令是一个交互式分析状态的工具，用于分析 Linux 故障转储数据或实时系统。
crash [OPTION]... NAMELIST MEMORY-IMAGE (dumpfile form) crash [OPTION]... [NAMELIST] (live system form)
NAMELIST This is a pathname to an uncompressed kernel image (a vmlinux file), or a Xen hypervisor image (a xen-syms file) which has been compiled with the "-g" option. If using the dumpfile form, a vmlinux file may be compressed in either gzip or bzip2 formats. MEMORY-IMAGE A kernel core dump file created by the netdump, diskdump, LKCD kdump, xendump or kvmdump facilities. If a MEMORY-IMAGE argument is not entered, the session will be invoked on the live system, which typically requires root privileges because of the device file used to access system RAM. By default, /dev/crash will be used if it exists. If it does not exist, then /dev/mem will be used; but if the kernel has been configured with CONFIG_STRICT_DEVMEM, then /proc/kcore will be used. It is permissible to explicitly enter /dev/crash, /dev/mem or /proc/kcore. mapfile If the NAMELIST file is not the same kernel that is running (live system form), or the kernel that was running when the system crashed (dumpfile form), then the System.map file of the original kernel should be entered on the command line. -h [option] --help [option] Without an option argument, display a crash usage help message. If the option argument is a crash command name, the help page for that command is displayed. If it is the string "input", a page describing the various crash command line input options is displayed. If it is the string "output", a page describing command line output options is displayed. If it is the string "all", then all of the possible help messages are displayed. After the help message is displayed, crash exits. -s Proceed directly to the "crash>" prompt without displaying any version, GPL, or crash initialization data during startup. -i file Execute the command(s) contained in file prior to displaying the "crash>" prompt for interactive user input. -d num Set the internal debug level. The higher the number, the more debugging data will be printed when crash initializes and runs. -S Use /boot/System.map as the mapfile. -e vi | emacs Set the readline(3) command line editing mode to "vi" or "emacs". The default editing mode is "vi". -f Force the usage of a compressed vmlinux file if its original name does not start with "vmlinux". -k Indicate that the NAMELIST file is an LKCD "Kerntypes" debuginfo file. -t Display the system-crash timestamp and exit. -L Attempt to lock all of its virtual address space into memory by calling mlockall(MCL_CURRENT|MCL_FUTURE) during initialization. If the system call fails, an error message will be displayed, but the session continues. -c tty-device Open the tty-device as the console used for debug messages. -p page-size If a processor's page size cannot be determined by the dumpfile, and the processor default cannot be used, use page-size. -m option=value --machdep option=value Pass an option and value pair to machine-dependent code. These architecture-specific option/pairs should only be required in very rare circumstances: X86_64: physbase=<physical-address> irq_eframe_link=<value> max_physmem_bits=<value> vm=orig (pre-2.6.11 virtual memory address ranges) vm=2.6.11 (2.6.11 and later virtual memory address ranges) vm=xen (Xen kernel virtual memory address ranges) vm=xen-rhel4 (RHEL4 Xen kernel virtual address ranges) PPC64: vm=orig vm=2.6.14 (4-level page tables) IA64: phys_start=<physical-address> init_stack_size=<size> vm=4l (4-level page tables) ARM: physbase=<physical-address> -x Automatically load extension modules from a particular directory. If a directory is specified in the CRASH_EXTENSIONS shell environment variable, then that directory will be used. Otherwise /usr/lib64/crash/extensions (64-bit architectures) or /usr/lib/crash/extensions (32-bit architectures) will be used; if they do not exist, then the ./extensions directory will be used. --memory_module modname Use the modname as an alternative kernel module to the crash.ko module that creates the /dev/crash device. --memory_device device Use device as an alternative device to the /dev/crash, /dev/mem or /proc/kcore devices. --no_kallsyms Do not use kallsyms-generated symbol information contained within kernel module object files. --no_modules Do not access or display any kernel module related information. --no_ikconf Do not attempt to read configuration data that was built into kernels configured with CONFIG_IKCONFIG. --no_data_debug Do not verify the validity of all structure member offsets and structure sizes that it uses. --no_kmem_cache Do not initialize the kernel's slab cache infrastructure, and commands that use kmem_cache-related data will not work. --no_elf_notes Do not use the registers from the ELF NT_PRSTATUS notes saved in a compressed kdump header for backtraces. --kmem_cache_delay Delay the initialization of the kernel's slab cache infrastructure until it is required by a run-time command. --readnow Pass this flag to the embedded gdb module, which will override its two-stage strategy that it uses for reading symbol tables from the NAMELIST. --smp Specify that the system being analyzed is an SMP kernel. -v --version Display the version of the crash utility, the version of the embedded gdb module, GPL information, and copyright notices. --cpus number Specify the number of cpus in the SMP system being analyzed. --osrelease dumpfile Display the OSRELEASE vmcoreinfo string from a kdump dumpfile header. --hyper Force the session to be that of a Xen hypervisor. --p2m_mfn pfn When a Xen Hypervisor or its dom0 kernel crashes, the dumpfile is typically analyzed with either the Xen hypervisor or the dom0 kernel. It is also possible to analyze any of the guest domU kernels if the pfn_to_mfn_list_list pfn value of the guest kernel is passed on the command line along with its NAMELIST and the dumpfile. --xen_phys_start physical-address Supply the base physical address of the Xen hypervisor's text and static data for older xendump dumpfiles that did not pass that information in the dumpfile header. --zero_excluded If a kdump dumpfile has been filtered to exclude various types of non-essential pages, any attempt to read them will fail. With this flag, reads from any of those pages will return zero-filled memory. --no_panic Do not attempt to find the task that was running when the kernel crashed. Set the initial context to that of the "swapper" task on cpu 0. --more Use /bin/more as the command output scroller, overriding the default of /usr/bin/less and any settings in either ./.crashrc or $HOME/.crashrc. --less Use /usr/bin/less as the command output scroller, overriding any settings in either ./.crashrc or $HOME/.crashrc. --hex Set the default command output radix to 16, overriding the default radix of 10, and any radix settings in either ./.crashrc or $HOME/.crashrc. --dec Set the default command output radix to 10, overriding any radix settings in either ./.crashrc or $HOME/.crashrc. This is the default radix setting. --CRASHPAGER Use the output paging command defined in the CRASHPAGER shell environment variable, overriding any settings in either ./.crashrc or $HOME/.crashrc. --no_scroll Do not pass run-time command output to any scrolling command. --no_crashrc Do not execute the commands in either $HOME/.crashrc or ./.crashrc. --mod directory When loading the debuginfo data of kernel modules with the mod -S command, search for their object files in directory instead of in the standard location. --reloc size When analyzing live x86 kernels that were configured with a CONFIG_PHYSICAL_START value that is larger than its CONFIG_PHYSICAL_ALIGN value, then it will be necessary to enter a relocation size equal to the difference between the two values. --minimal Bring up a session that is restricted to the log, dis, rd, sym, eval, set and exit commands. This option may provide a way to extract some minimal/quick information from a corrupted or truncated dumpfile, or in situations where one of the several kernel subsystem initialization routines would abort the crash session. --kvmhost [32|64] When examining an x86 KVM guest dumpfile, this option specifies that the KVM host that created the dumpfile was an x86 (32-bit) or an x86_64 (64-bit) machine, overriding the automatically determined value. --kvmio <size> override the automatically-calculated KVM guest I/O hole size.