标签：crash guest 0.000000 mem 虚拟机 BIOS Copyright dump

场景

如果虚拟机没有开启kdump，或者卡死了，那么可以进入qemu的monitor模式将虚机的内存保存到文件中，然后使用crash工具进行分析。

示例

启动虚拟机，然后按ctrl+a c进入monitor，查看帮助

(qemu) help dump-guest-memory
dump-guest-memory [-p] [-d] [-z|-l|-s|-w] filename [begin length] -- dump guest memory into file 'filename'.
                        -p: do paging to get guest's memory mapping.
                        -d: return immediately (do not wait for completion).
                        -z: dump in kdump-compressed format, with zlib compression.
                        -l: dump in kdump-compressed format, with lzo compression.
                        -s: dump in kdump-compressed format, with snappy compression.
                        -w: dump in Windows crashdump format (can be used instead of ELF-dump converting),
                            for Windows x64 guests with vmcoreinfo driver only.
                        begin: the starting physical address.
                        length: the memory size, in bytes.

保存虚机的全部内存，采用zlib压缩

(qemu) dump-guest-memory -z guest.img

$ ls -lh guest.img
-rwxrwxrwx 1 root root 241M Sep 22 05:17 guest.img

使用crash工具进行分析

$ crash guest.img linux-6.2/vmlinux

crash 8.0.3
Copyright (C) 2002-2022  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011, 2020-2022  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
Copyright (C) 2015, 2021  VMware, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.

GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...

please wait... (determining panic task)
      KERNEL: linux-6.2/vmlinux
    DUMPFILE: guest.img  [PARTIAL DUMP]
        CPUS: 8
        DATE: Fri Sep 22 05:16:53 PDT 2023
      UPTIME: 00:01:12
LOAD AVERAGE: 0.39, 0.14, 0.05
       TASKS: 181
    NODENAME: ubuntu-vm
     RELEASE: 6.2.0+
     VERSION: #4 SMP PREEMPT_DYNAMIC Mon Aug 14 02:28:01 PDT 2023
     MACHINE: x86_64  (3194 Mhz)
      MEMORY: 8 GB
       PANIC: ""
         PID: 0
     COMMAND: "swapper/0"
        TASK: ffffffff8362cac0  (1 of 8)  [THREAD_INFO: ffffffff8362cac0]
         CPU: 0
       STATE: TASK_RUNNING (ACTIVE)
     WARNING: panic task not found

crash>

查看dmesg：

crash> dmesg
[    0.000000] Linux version 6.2.0+ (pengdl@ubuntu) (gcc (Ubuntu 8.4.0-3ubuntu2) 8.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #4 SMP PREEMPT_DYNAMIC Mon Aug 14 02:28:01 PDT 2023
[    0.000000] Command line: noinitrd rootfstype=ext4 root=/dev/vda rw console=ttyS0 crashkernel=1G  nokaslr
[    0.000000] x86/fpu: x87 FPU will use FXSAVE
[    0.000000] signal: max sigframe size: 1440
[    0.000000] BIOS-provided physical RAM map:
[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[    0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000bffdcfff] usable
[    0.000000] BIOS-e820: [mem 0x00000000bffdd000-0x00000000bfffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000023fffffff] usable
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] SMBIOS 2.8 present.
[    0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[    0.000000] Hypervisor detected: KVM
[    0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
[    0.000004] kvm-clock: using sched offset of 1180034822 cycles
[    0.000009] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[    0.000040] tsc: Detected 3194.004 MHz processor
[    0.001718] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
...

标签：crash,guest,0.000000,mem,虚拟机,BIOS,Copyright,dump
From： https://www.cnblogs.com/pengdonglin137/p/17723303.html

使用qemu来dump虚拟机的内存，然后用crash来分析

场景

示例

相关文章

赞助商

阅读排行