一、宕机主机启动项中/boot/vmlinuz与debug工具生成的vmlinux的md5值是否一致?
#### 3、通过build ID检查安装的debug和内核是否匹配: ``` # eu-readelf -n /boot/vmlinuz-3.10.0-1160.88.1.el7.x86_64 Note section [ 2] '.notes' of 380 bytes at offset 0x9cd284: Owner Data size Type Xen 6 <unknown>: 6 Xen 4 <unknown>: 7 Xen 8 <unknown>: 5 Xen 8 <unknown>: 3 Xen 8 <unknown>: 1 Xen 8 <unknown>: 2 Xen 42 <unknown>: 10 Xen 4 <unknown>: 9 Xen 8 <unknown>: 8 Xen 16 <unknown>: 13 Xen 4 <unknown>: 14 Xen 8 <unknown>: 12 Xen 8 <unknown>: 4 GNU 20 GNU_BUILD_ID Build ID: 833f63306e8dc910424b14e7d2438d2697c6f7b0 # # file /usr/lib/debug/usr/lib/modules/3.10.0-1160.88.1.el7.x86_64/vmlinux /usr/lib/debug/usr/lib/modules/3.10.0-1160.88.1.el7.x86_64/vmlinux: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=833f63306e8dc910424b14e7d2438d2697c6f7b0, not stripped
注意:当主机当前使用的内核vmlinux MD5值,与debug工具生成的vmlinux md5值一样,才能通过crash进行反编译,解析当时主机内核函数调用的真实情况;
二、crash工具使用vmlinux内核解析宕机文件vmcore
指定相应版本的vmlinux分析vmcore文件: ``` # crash vmcore /usr/lib/debug/lib/modules/3.10.0-514.el7.x86_64/vmlinux
标签:Crash,lib,Xen,vmlinux,vmcore,Linux,debug,64 From: https://www.cnblogs.com/gkhost/p/18205154