当前位置: 首页 > news >正文

crash常用命令

news 来源:原创 2025/6/17 17:55:55

bt -a 得到当前running的task的情况。但是得不到bt,可以用bt -T直接得到。

    crash> bt -a
    PID: 779      TASK: ffffff80eb4ca580  CPU: 0    COMMAND: "kworker/0:4H"
    bt: WARNING: cannot determine starting stack frame for task ffffff80eb4ca580

    PID: 1348     TASK: ffffff810f204b00  CPU: 1    COMMAND: "start"
    bt: WARNING: cannot determine starting stack frame for task ffffff810f204b00

    PID: 0        TASK: ffffff80c4a6cb00  CPU: 2    COMMAND: "swapper/2"
    bt: WARNING: cannot determine starting stack frame for task ffffff80c4a6cb00

    PID: 1347     TASK: ffffff80c70d0000  CPU: 3    COMMAND: "getprop"
    bt: WARNING: cannot determine starting stack frame for task ffffff80c70d0000

    PID: 1252     TASK: ffffff80ecd72580  CPU: 4    COMMAND: "storaged"
    bt: WARNING: cannot determine starting stack frame for task ffffff80ecd72580

    PID: 0        TASK: ffffff80c4a72580  CPU: 5    COMMAND: "swapper/5"
    bt: WARNING: cannot determine starting stack frame for task ffffff80c4a72580

    PID: 1280     TASK: ffffff81027f3840  CPU: 6    COMMAND: "update_engine"
    bt: WARNING: cannot determine starting stack frame for task ffffff81027f3840

    PID: 908      TASK: ffffff8104468000  CPU: 7    COMMAND: "binder:908_2"
    bt: WARNING: cannot determine starting stack frame for task ffffff8104468000

crash> bt
PID: 1280     TASK: ffffff81027f3840  CPU: 6    COMMAND: "update_engine"
bt: WARNING: cannot determine starting stack frame for task ffffff81027f3840
crash> bt -T (显示任务的整个栈中的所有文本符号,在回溯跟踪失败时有用)
PID: 1280     TASK: ffffff81027f3840  CPU: 6    COMMAND: "update_engine"
bt: WARNING: cannot determine starting stack frame for task ffffff81027f3840
  [ffffffc010c32de8] trace_clock_local at ffffffc00818ca14
  [ffffffc010c32e18] ring_buffer_lock_reserve at ffffffc00818f390
  [ffffffc010c32e48] vsnprintf at ffffffc008f48de0
  [ffffffc010c32ec8] sprintf at ffffffc008f4a550
  [ffffffc010c32fa8] __sprint_symbol at ffffffc00815757c
  [ffffffc010c32fe8] sprint_symbol_build_id at ffffffc008157614
  [ffffffc010c32ff0] el0t_64_sync at ffffffc008011584
  [ffffffc010c33008] symbol_string at ffffffc008f4bc14
  [ffffffc010c33028] number at ffffffc008f4a0a8
  [ffffffc010c33038] number at ffffffc008f4a0a8
  [ffffffc010c33048] __kmem_cache_alloc_node at ffffffc0082f8ca4
  [ffffffc010c330a8] virtqueue_get_buf_ctx at ffffffc00878c5b4
  [ffffffc010c330e8] virtqueue_get_buf at ffffffc00878c6c0
  [ffffffc010c33108] put_chars at ffffffc000f955d8 [virtio_console]
  [ffffffc010c33118] kfree at ffffffc0082a5d34
  [ffffffc010c33188] put_chars at ffffffc000f955d8 [virtio_console]
  [ffffffc010c331d8] hvc_console_print at ffffffc0087b6790
  [ffffffc010c33218] record_print_text at ffffffc0080ee210
  [ffffffc010c33268] prb_read_valid at ffffffc0080f02cc
  [ffffffc010c332d8] console_emit_next_record at ffffffc0080eed00
  [ffffffc010c33358] prb_read_valid at ffffffc0080f02cc
  [ffffffc010c333c8] console_unlock at ffffffc0080ec960
  [ffffffc010c333e8] vprintk_emit at ffffffc0080ec620
  [ffffffc010c33428] vprintk_emit at ffffffc0080ec6e4
  [ffffffc010c33478] dev_vprintk_emit at ffffffc008f5a5b0
  [ffffffc010c33538] dev_printk_emit at ffffffc008f5a654
  [ffffffc010c33548] dev_printk_emit at ffffffc008f5a654
  [ffffffc010c33580] cleanup_module at ffffffc00175203d [qcom_soc_wdt]
  [ffffffc010c335f8] __dev_printk at ffffffc00884da0c
  [ffffffc010c33608] _dev_err at ffffffc008f5a900
  [ffffffc010c33668] __const_udelay at ffffffc008f26bd4
  [ffffffc010c33698] qcom_wdt_trigger_bite at ffffffc00176dc48 [qcom_wdt_core]
  [ffffffc010c33718] do_vm_restart at ffffffc0018ba0e4 [msm_vm_poweroff]
  [ffffffc010c33740] __kmem_cache_free at ffffffc0082f94ec
  [ffffffc010c33778] atomic_notifier_call_chain at ffffffc008094308
  [ffffffc010c33788] do_kernel_restart at ffffffc0080967f4
  [ffffffc010c337c8] machine_restart at ffffffc008019f68
  [ffffffc010c337d8] emergency_restart at ffffffc0080965f4
  [ffffffc010c337f8] panic at ffffffc008f547b8
  [ffffffc010c33888] die at ffffffc008024bd4
  [ffffffc010c338a0] __kmem_cache_free at ffffffc0082f94ec
  [ffffffc010c33928] bug_handler at ffffffc008025fdc
  [ffffffc010c33948] __kmem_cache_free at ffffffc0082f94ec
  [ffffffc010c33968] brk_handler at ffffffc008016750
  [ffffffc010c33988] do_debug_exception at ffffffc00803f274
  [ffffffc010c33998] ct_nmi_enter at ffffffc008f5d748
  [ffffffc010c339b8] el1_dbg at ffffffc008f5b858
  [ffffffc010c339d0] __kmem_cache_free at ffffffc0082f94ec
  [ffffffc010c339f8] el1h_64_sync_handler at ffffffc008f5b65c
  [ffffffc010c33a28] el1h_64_sync at ffffffc008011298
  [ffffffc010c33a40] __arm64_sys_prctl at ffffffc0080824bc
  [ffffffc010c33ae0] __arm64_sys_prctl at ffffffc0080824bc
  [ffffffc010c33b20] kfree at ffffffc0082a5d34
  [ffffffc010c33b30] __kmem_cache_free at ffffffc0082f94ec
  [ffffffc010c33b58] __kmalloc at ffffffc0082a5920
  [ffffffc010c33b68] __kmem_cache_free at ffffffc0082f94ec
  [ffffffc010c33b98] __arm64_sys_prctl at ffffffc0080824bc
  [ffffffc010c33ba8] kfree at ffffffc0082a5d34
  [ffffffc010c33c08] __arm64_sys_prctl at ffffffc0080824b0
  [ffffffc010c33c18] __arm64_sys_prctl at ffffffc0080824bc
  [ffffffc010c33c48] do_mmap at ffffffc0082c6d88
  [ffffffc010c33d08] vm_mmap_pgoff at ffffffc008296c50
  [ffffffc010c33d78] ksys_mmap_pgoff at ffffffc0082c7cf8
  [ffffffc010c33dc8] invoke_syscall at ffffffc00802ed2c
  [ffffffc010c33e28] el0_svc_common at ffffffc00802ec6c
  [ffffffc010c33e48] do_el0_svc at ffffffc00802eb34
  [ffffffc010c33e78] el0_svc at ffffffc008f5bbfc
  [ffffffc010c33e88] el0t_64_sync_handler at ffffffc008f5bb84
  [ffffffc010c33ea8] el0t_64_sync at ffffffc008011584

还可以在当前进程的栈上搜索在内核模式和用户模式下可能的异常帧.
crash> bt -pe
PID: 1280     TASK: ffffff81027f3840  CPU: 6    COMMAND: "update_engine"

KERNEL-MODE EXCEPTION FRAME AT: ffffffc010c33a30
     PC: ffffffc0082f94ec  [__kmem_cache_free+1172]
     LR: ffffffc0082a5d34  [kfree+104]
     SP: ffffffc010c33b80  PSTATE: 60400005
    X29: ffffffc010c33ba0  X28: fffffffe046eafc0  X27: ffffff811babf880
    X26: ffffff811babf880  X25: 9b086d92827e1e65  X24: 0000000000000001
    X23: ffffff811babf880  X22: ffffffc0080824bc  X21: ffffff80c4802200
    X20: ffffff811babf880  X19: ffffff81027f3840  X18: ffffffc00ef03040
    X17: 0080000000000080  X16: 0000007fa8b37460  X15: 0000007fa8b3743e
    X14: 00007fa8b3746000  X13: 00737463656a626f  X12: 5f6c6c616d735f63
    X11: e4f6921399d5e6e5  X10: fffffffe046eafc0   X9: ffffff811babf880
     X8: 00000000000ed086   X7: 616d735f636f6c6c   X6: 615f63696e6f6962
     X5: ffffff811babf91f   X4: ffffff811babf89b   X3: 0000000000000000
     X2: ffffffc0080824bc   X1: ffffff811babf880   X0: ffffff80c4802200

USER-MODE EXCEPTION FRAME AT: ffffffc010c33eb0
     PC: 0000007fa8c60d08   LR: 0000007fa8c4a9b8   SP: 0000007fe597da40
    X29: 0000007fe597da40  X28: 0000000000003d2b  X27: 0000007fa8c8a0c0
    X26: 0000000000000000  X25: 0000000000000295  X24: 0000007fe597ed51
    X23: 00000000000001ff  X22: 0000007fa7985e00  X21: 0000000000000000
    X20: 0000007fa797d000  X19: 0000007fa8c9eee0  X18: 0000007fa83ba000
    X17: 0000007fa8c47f80  X16: 0000007fa8c85ec8  X15: 0000007fa8b3a000
    X14: 000000000000000f  X13: c3a5c85c97cb3127  X12: a4422eb13b126539
    X11: 4111ad04bde3bf81  X10: 0000000000000000   X9: 0000000000000028
     X8: 00000000000000a7   X7: 0000007fa7981004   X6: 0000000000000040
     X5: 0000000000000000   X4: 0000007fa8b3743e   X3: 0000000000001000
     X2: 0000007fa797d000   X1: 0000000000000000   X0: 0000000053564d41
    ORIG_X0: 0000000053564d41  SYSCALLNO: a7  PSTATE: 00000000

-E 选项在irq栈和异常栈中,搜索可能的异常帧。
search the IRQ stacks (x86, x86_64, arm64, and ppc64), and the exception stacks (x86_64) for possible exception frames; all other arguments except for -c will be ignored since this is 
crash> bt -pE
CPU 0 IRQ STACK:

KERNEL-MODE EXCEPTION FRAME AT: ffffffc0080031d8
     PC: ffffffc008f5b8d8  [el1h_64_irq_handler+24]
     LR: ffffffc008f5b988  [el1_interrupt+164]
     SP: ffffffc008003310  PSTATE: 00400005
    X29: ffffffc008003320  X28: ffffffc008f5b9a0  X27: ffffffc0080032d0
    X26: ffffffc008f5cbcc  X25: ffffffc0080032b0  X24: ffffff80eb4ca580
    X23: ffffffc0080100f8  X22: ffffff80eb4ca580  X21: ffffffc009e470d8
    X20: ffffffc0080689f8  X19: ffffffc0080032a0  X18: ffffffc0080f84c4
    X17: ffffffc008003270  X16: ffffffc0080bd3ec  X15: ffffffc008003270
    X14: ffffff80eb4ca580  X13: 0000000000000000  X12: 0000000000000000
    X11: ffffff8cd947c900  X10: ffffffc0080c5348   X9: ffffffc008003250
     X8: ffffffc0080f2388   X7: ffffffc008003240   X6: ffffff80c6d1b800
     X5: 000000000000000c   X4: 0000000000000000   X3: ffffff80eb4ca580
     X2: ffffffc0080f2368   X1: ffffffc008003240   X0: 0000000000000000

KERNEL-MODE EXCEPTION FRAME AT: ffffffc0080039a8
     PC: ffffffc008f5b8d8  [el1h_64_irq_handler+24]
     LR: ffffffc008f5b988  [el1_interrupt+164]
     SP: ffffffc008003ae0  PSTATE: 60400005
    X29: ffffffc008003af0  X28: ffffffc008f5b9a0  X27: ffffffc008003aa0
    X26: ffffffc008f5cbcc  X25: ffffffc008003a80  X24: ffffff80eb4ca580
    X23: ffffffc0080100f8  X22: ffffff80eb4ca580  X21: ffffffc009e470d8
    X20: ffffffc0080689f8  X19: ffffffc008003a70  X18: ffffffc0080f84c4
    X17: ffffffc008003a40  X16: ffffffc0080bd3ec  X15: ffffffc008003a40
    X14: ffffff80eb4ca580  X13: 0000000000000000  X12: 0000000000000000
    X11: ffffff8cd947c900  X10: ffffffc0080c5348   X9: ffffffc008003a20
     X8: ffffffc0080f2388   X7: ffffffc008003a10   X6: ffffff80eccc6000
     X5: 0000000000000004   X4: 00000000ffffffff   X3: ffffff80eb4ca580
     X2: ffffffc0080f2368   X1: ffffffc008003a10   X0: 0000000000000000

KERNEL-MODE EXCEPTION FRAME AT: ffffffc008003d60
     PC: ffffffc008611574  [blk_account_io_completion+84]
     LR: ffffffc0086110a8  [blk_update_request+124]
     SP: ffffffc008003eb0  PSTATE: 80400005
    X29: ffffffc008003eb0  X28: ffffffc009e37838  X27: 0000000000000004
    X26: 0000000000000010  X25: ffffffc009e660c0  X24: 0000000000000009
    X23: 0000000000000004  X22: 0000000000000102  X21: 0000000000000000
    X20: 0000000000001000  X19: ffffff80e992c780  X18: ffffffc008005038
    X17: 00000000c51bbd39  X16: 00000000c51bbd39  X15: 00000000000001a6
    X14: 0000000000000001  X13: 0000000000000010  X12: 00000031207fbcc0
    X11: 0000000000000000  X10: ffffff80cb9ae580   X9: 0000000000000002
     X8: ffffff80eb4ca580   X7: 7f7f7f7f7f7f7f7f   X6: fefefefefefefeff
     X5: 8080808080808080   X4: 0000000000100002   X3: 000000000000000c
     X2: 0000000000001000   X1: 0000000000001000   X0: ffffff80e992c780

CPU 1 IRQ STACK:

KERNEL-MODE EXCEPTION FRAME AT: ffffffc00800b958
     PC: ffffffc0080addc8  [update_load_avg+928]
     LR: ffffffc0080bcd50  [__update_load_avg_cfs_rq+72]
     SP: ffffffc00800ba70  PSTATE: 00000005
    X29: ffffffc00800ba50  X28: ffffff8cd94a8980  X27: ffffffc0080d1e50
    X26: ffffff81044bcbc0  X25: 000000023d8a9461  X24: 0000000000000000
    X23: ffffff8cd94a8980  X22: 0000000000000048  X21: 0000000000000000
    X20: 0000000000000000  X19: ffffff8cd94e1348  X18: ffffffc0080b48a8
    X17: ffffffc00800ba50  X16: ffffff80c9c93300  X15: ffffff80c9c93300
    X14: ffffff80c9c93320  X13: 0000000200000009  X12: ffffffc0080d21d8
    X11: ffffffc00800b9e0  X10: 0000000000000400   X9: ffffffc009e6b000
     X8: ffffff80c5019200   X7: 0000000000000400   X6: ffffffc0080d2140
     X5: ffffffc00800b9e0   X4: 0f7240496bd6fb00   X3: 0000000000000000
     X2: ffffffc00818f390   X1: 0000000000000400   X0: ffffffc0080d2510

CPU 2 IRQ STACK:(none found)

CPU 3 IRQ STACK:

KERNEL-MODE EXCEPTION FRAME AT: ffffffc00a113788
     PC: ffffffc008f5b8d8  [el1h_64_irq_handler+24]
     LR: ffffffc008f5b988  [el1_interrupt+164]
     SP: ffffffc00a1138c0  PSTATE: 00400005
    X29: ffffffc00a1138d0  X28: ffffffc008f5b9a0  X27: ffffffc00a113880
    X26: ffffffc008f5cbcc  X25: ffffffc00a113860  X24: ffffff80f94812c0
    X23: ffffffc0080100f8  X22: ffffff80f94812c0  X21: ffffffc009e470d8
    X20: ffffffc0080689f8  X19: ffffffc00a113850  X18: ffffffc0080f10e8
    X17: ffffffc00a113850  X16: ffffffc0080bd3ec  X15: ffffffc00a113820
    X14: ffffff80f94812c0  X13: 0000000000000003  X12: 0000000000000000
    X11: ffffff8cd94d0900  X10: ffffffc0080c5348   X9: ffffffc00a113800
     X8: ffffff80c6d1b800   X7: 000000000000000c   X6: ffffffc008b2c138
     X5: ffffffc00a113800   X4: ffffff8cd94d3680   X3: 000000027caeda57
     X2: ffffff8cd94d3738   X1: ffffff8cd94d3778   X0: ffffffc008136f14

CPU 4 IRQ STACK:

KERNEL-MODE EXCEPTION FRAME AT: ffffffc00a11b958
     PC: ffffffc0080addc8  [update_load_avg+928]
     LR: ffffffc0080bcd50  [__update_load_avg_cfs_rq+72]
     SP: ffffffc00a11ba70  PSTATE: 00000005
    X29: ffffffc00a11ba50  X28: ffffff8cd94fc980  X27: ffffffc0080d1e50
    X26: ffffff81027d3900  X25: 0000000237906e3b  X24: 0000000000000000
    X23: ffffff8cd94fc980  X22: 0000000000000048  X21: 0000000000000000
    X20: 0000000000000000  X19: ffffff8cd9519348  X18: ffffffc0080b48a8
    X17: ffffffc00a11ba50  X16: ffffff80eb7d2e00  X15: ffffff80eb7d2e00
    X14: ffffff80eb7d2e20  X13: 000000000000015e  X12: ffffffc0080d21d8
    X11: ffffffc00a11b9e0  X10: 000000000000015e   X9: ffffffc009e6b000
     X8: ffffff80c5019e00   X7: 000000000000015e   X6: ffffffc0080d2140
     X5: ffffffc00a11b9e0   X4: b018d580982b8a00   X3: 0000000000000000
     X2: ffffff80c9c2a100   X1: 000000000000015e   X0: ffffffc0080d2510

CPU 5 IRQ STACK:

KERNEL-MODE EXCEPTION FRAME AT: ffffffc00a1238d8
     PC: ffffffc0080addc8  [update_load_avg+928]
     LR: ffffffc0080bcd50  [__update_load_avg_cfs_rq+72]
     SP: ffffffc00a1239f0  PSTATE: 00000005
    X29: ffffffc00a1239d0  X28: ffffff8cd9518980  X27: ffffffc0080d1e50
    X26: ffffff81027d3900  X25: 0000000237288021  X24: 0000000000000000
    X23: ffffff8cd9518980  X22: 0000000000000048  X21: 0000000000000000
    X20: 0000000000000000  X19: ffffff8cd948d348  X18: ffffffc0080b48a8
    X17: ffffffc00a1239d0  X16: ffffff80eb7d2e00  X15: ffffff80eb7d2e00
    X14: ffffff80eb7d2e20  X13: 0000000200000009  X12: ffffffc0080d21d8
    X11: ffffffc00a123960  X10: 000000000000015e   X9: ffffffc009e6b000
     X8: ffffff80c501a400   X7: 000000000000015e   X6: ffffffc0080d2140
     X5: ffffffc00a123960   X4: 8ee8b239fc738a00   X3: 0000000000000000
     X2: ffffffc0080c5348   X1: ffffffc00a123910   X0: ffffffc0080d2510

CPU 6 IRQ STACK:(none found)

CPU 7 IRQ STACK:(none found)

如果是当前cpu上非active的task,则可以用bt -t.
小写t的作用是display all text symbols found from the last known stack location to the top of the stack.
大写T的作用是display all text symbols found from just above the task_struct or thread_info to the top of the stack.
crash> bt 1282
PID: 1282     TASK: ffffff810454b840  CPU: 1    COMMAND: "usbd"
 #0 [ffffffc010c4b910] __switch_to at ffffffc008f62ac4
 #1 [ffffffc010c4b960] __schedule at ffffffc008f632b4
 #2 [ffffffc010c4b9c0] schedule at ffffffc008f636d8
 #3 [ffffffc010c4b9e0] io_schedule at ffffffc008f63c1c
 #4 [ffffffc010c4baa0] folio_wait_bit_common at ffffffc008265654
 #5 [ffffffc010c4bc60] filemap_read at ffffffc0082679b8
 #6 [ffffffc010c4bcc0] generic_file_read_iter at ffffffc008267fac
 #7 [ffffffc010c4bd00] ext4_file_read_iter at ffffffc008421604
 #8 [ffffffc010c4bda0] vfs_read at ffffffc0083400e4
 #9 [ffffffc010c4bdf0] __arm64_sys_pread64 at ffffffc008340db8
#10 [ffffffc010c4be20] invoke_syscall at ffffffc00802ed28
#11 [ffffffc010c4be40] el0_svc_common at ffffffc00802ec68
#12 [ffffffc010c4be70] do_el0_svc at ffffffc00802eb30
#13 [ffffffc010c4be80] el0_svc at ffffffc008f5bbf8
#14 [ffffffc010c4bea0] el0t_64_sync_handler at ffffffc008f5bb80
#15 [ffffffc010c4bfe0] el0t_64_sync at ffffffc008011580
     PC: 00000074dc58ede8   LR: 00000074dc4c0730   SP: 0000007ff54d3280
    X29: 0000007ff54d3280  X28: 0000007ff54d33b0  X27: 000000000000fe06
    X26: 000000601938120d  X25: 00000074db2ab9c0  X24: 0000000000000ab7
    X23: 0000000000000000  X22: 0000000000000009  X21: 00000074db2b3a50
    X20: 0000000000023bd0  X19: 00000074db2b3a18  X18: 00000074dc0f0000
    X17: 00000074dc576280  X16: 00000074dc5b3ea0  X15: 0000000000000030
    X14: 0000000000000000  X13: 0000000000000000  X12: 0000000000000000
    X11: 0000000000006c15  X10: 0000000000000000   X9: 0000000000000030
     X8: 0000000000000043   X7: 00000074db2b5880   X6: 0000000000000030
     X5: 00000074db2b59b0   X4: 00000074db2b58b0   X3: 0000000000000000
     X2: 0000000000000040   X1: 00000074db2b3a50   X0: 0000000000000009
    ORIG_X0: 0000000000000009  SYSCALLNO: 43  PSTATE: 60001000
crash> bt -t 1282
PID: 1282     TASK: ffffff810454b840  CPU: 1    COMMAND: "usbd"
              START: __switch_to at ffffffc008f62ac8
  [ffffffc010c4b908] __switch_to at ffffffc008f62a80
  [ffffffc010c4b918] __schedule at ffffffc008f632b8
  [ffffffc010c4b968] schedule at ffffffc008f636dc
  [ffffffc010c4b9c8] io_schedule at ffffffc008f63c20
  [ffffffc010c4b9d8] __wake_up at ffffffc0080cadb4
  [ffffffc010c4b9e8] folio_wait_bit_common at ffffffc008265658
  [ffffffc010c4ba80] wake_page_function at ffffffc008265278
  [ffffffc010c4baa8] filemap_read at ffffffc0082679bc
  [ffffffc010c4bb18] proc_lookupfd at ffffffc0083f97e4
  [ffffffc010c4bc68] generic_file_read_iter at ffffffc008267fb0
  [ffffffc010c4bcc8] ext4_file_read_iter at ffffffc008421608
  [ffffffc010c4bd08] vfs_read at ffffffc0083400e8
  [ffffffc010c4bd18] vfs_read at ffffffc00833ffc0
  [ffffffc010c4bda8] __arm64_sys_pread64 at ffffffc008340dbc
  [ffffffc010c4bdf8] invoke_syscall at ffffffc00802ed2c
  [ffffffc010c4be28] el0_svc_common at ffffffc00802ec6c
  [ffffffc010c4be48] do_el0_svc at ffffffc00802eb34
  [ffffffc010c4be78] el0_svc at ffffffc008f5bbfc
  [ffffffc010c4be88] el0t_64_sync_handler at ffffffc008f5bb84
  [ffffffc010c4bea8] el0t_64_sync at ffffffc008011584
crash> bt -T 1282
PID: 1282     TASK: ffffff810454b840  CPU: 1    COMMAND: "usbd"
  [ffffffc010c4ade8] trace_clock_local at ffffffc00818ca14
  [ffffffc010c4ae18] ring_buffer_lock_reserve at ffffffc00818f390
  [ffffffc010c4ae88] rcu_nocb_do_flush_bypass at ffffffc00811b8c0
  [ffffffc010c4aeb8] rcu_nocb_flush_bypass at ffffffc0081117b4
  [ffffffc010c4aed8] __call_rcu_nocb_wake at ffffffc0081119a8
  [ffffffc010c4aef8] __call_rcu_common at ffffffc00810eae8
  [ffffffc010c4af18] kmem_cache_alloc at ffffffc0082f86d8
  [ffffffc010c4af58] mempool_alloc_slab at ffffffc00826ba28
  [ffffffc010c4af98] get_next_freq at ffffffc0080d2510
  [ffffffc010c4afc8] get_next_freq at ffffffc0080d2510
  [ffffffc010c4aff8] sugov_update_shared at ffffffc0080d2140
  [ffffffc010c4b028] sugov_update_shared at ffffffc0080d21d8
  [ffffffc010c4b058] attach_entity_load_avg at ffffffc0080b48a8
  [ffffffc010c4b0a0] sugov_update_shared at ffffffc0080d1e50
  [ffffffc010c4b0b8] __update_load_avg_cfs_rq at ffffffc0080bcd50
  [ffffffc010c4b0c8] update_load_avg at ffffffc0080addc8
  [ffffffc010c4b0e8] enqueue_task_fair at ffffffc0080b0dac
  [ffffffc010c4b108] enqueue_task_fair at ffffffc0080b0f9c
  [ffffffc010c4b128] __call_rcu_common at ffffffc00810e938
  [ffffffc010c4b148] get_next_freq at ffffffc0080d2510
  [ffffffc010c4b178] free_unref_page_commit at ffffffc0082ddcd4
  [ffffffc010c4b188] free_unref_page at ffffffc0082dd5ec
  [ffffffc010c4b198] free_unref_page at ffffffc0082dd56c
  [ffffffc010c4b1b8] __slab_free at ffffffc0082fd2f4
  [ffffffc010c4b1d8] kmem_cache_free at ffffffc0082f99b8
  [ffffffc010c4b218] __call_rcu_common at ffffffc00810e938
  [ffffffc010c4b238] call_rcu at ffffffc00810ee10
  [ffffffc010c4b268] __schedule at ffffffc008f632bc
  [ffffffc010c4b298] put_task_stack at ffffffc00805992c
  [ffffffc010c4b2a8] finish_task_switch at ffffffc0080a458c
  [ffffffc010c4b2b8] finish_task_switch at ffffffc0080a4594
  [ffffffc010c4b2c8] __schedule at ffffffc008f632bc
  [ffffffc010c4b2e8] kmem_cache_alloc at ffffffc0082f86d8
  [ffffffc010c4b358] virtqueue_add_sgs at ffffffc00878b1fc
  [ffffffc010c4b3b8] virtblk_add_req at ffffffc001090218 [virtio_blk]
  [ffffffc010c4b438] writel at ffffffc000f80500 [virtio_mmio]
  [ffffffc010c4b458] vm_notify at ffffffc000f81184 [virtio_mmio]
  [ffffffc010c4b488] virtqueue_notify at ffffffc00878c2b0
  [ffffffc010c4b498] virtio_queue_rq at ffffffc00108f8d8 [virtio_blk]
  [ffffffc010c4b4a8] virtio_queue_rq at ffffffc00108f8c8 [virtio_blk]
  [ffffffc010c4b4b8] blk_mq_dispatch_rq_list at ffffffc0086133ac
  [ffffffc010c4b568] blk_mq_do_dispatch_sched at ffffffc00861d77c
  [ffffffc010c4b608] __blk_mq_sched_dispatch_requests at ffffffc00861c8bc
  [ffffffc010c4b688] blk_mq_sched_dispatch_requests at ffffffc00861c78c
  [ffffffc010c4b6b8] __blk_mq_run_hw_queue at ffffffc008618a54
  [ffffffc010c4b6c8] __blk_mq_run_hw_queue at ffffffc008618a58
  [ffffffc010c4b6d8] __blk_mq_delay_run_hw_queue at ffffffc008613b74
  [ffffffc010c4b6f8] get_next_freq at ffffffc0080d2510
  [ffffffc010c4b728] sugov_update_shared at ffffffc0080d2140
  [ffffffc010c4b738] blk_mq_sched_insert_requests at ffffffc00861cdb0
  [ffffffc010c4b758] sugov_update_shared at ffffffc0080d21d8
  [ffffffc010c4b788] update_load_avg at ffffffc0080aded0
  [ffffffc010c4b7b8] sugov_update_shared at ffffffc0080d1e50
  [ffffffc010c4b7f8] trace_event_buffer_lock_reserve at ffffffc008196eb8
  [ffffffc010c4b858] trace_event_buffer_reserve at ffffffc0081aa8b4
  [ffffffc010c4b8a8] trace_event_raw_event_sched_switch at ffffffc00809d518
  [ffffffc010c4b8c8] __switch_to at ffffffc008f629f0
  [ffffffc010c4b8e8] __switch_to at ffffffc008f62a24
  [ffffffc010c4b908] __switch_to at ffffffc008f62a80
  [ffffffc010c4b918] __schedule at ffffffc008f632b8
  [ffffffc010c4b968] schedule at ffffffc008f636dc
  [ffffffc010c4b9c8] io_schedule at ffffffc008f63c20
  [ffffffc010c4b9d8] __wake_up at ffffffc0080cadb4
  [ffffffc010c4b9e8] folio_wait_bit_common at ffffffc008265658
  [ffffffc010c4ba80] wake_page_function at ffffffc008265278
  [ffffffc010c4baa8] filemap_read at ffffffc0082679bc
  [ffffffc010c4bb18] proc_lookupfd at ffffffc0083f97e4
  [ffffffc010c4bc68] generic_file_read_iter at ffffffc008267fb0
  [ffffffc010c4bcc8] ext4_file_read_iter at ffffffc008421608
  [ffffffc010c4bd08] vfs_read at ffffffc0083400e8
  [ffffffc010c4bd18] vfs_read at ffffffc00833ffc0
  [ffffffc010c4bda8] __arm64_sys_pread64 at ffffffc008340dbc
  [ffffffc010c4bdf8] invoke_syscall at ffffffc00802ed2c
  [ffffffc010c4be28] el0_svc_common at ffffffc00802ec6c
  [ffffffc010c4be48] do_el0_svc at ffffffc00802eb34
  [ffffffc010c4be78] el0_svc at ffffffc008f5bbfc
  [ffffffc010c4be88] el0t_64_sync_handler at ffffffc008f5bb84
  [ffffffc010c4bea8] el0t_64_sync at ffffffc008011584


手工解析stack获取bt方法如下。

可以struct task_struct ffffff8104468000 得到相关task的 stack bottom (起始地址),内核为每个task分配的stack默认是16K,即0x4000.
也可以bt -S 一个错误的值(0x10),crash会自动给出对应的stack。
crash> bt -S 0x10
PID: 1282     TASK: ffffff810454b840  CPU: 1    COMMAND: "usbd"
bt: non-process stack address for this task: 10
    (valid range: ffffffc010c48000 - ffffffc010c4c000)

然后根据FP找到的最深的栈帧,将地址+8得到LR,再用bt -S命令就可以得到trace。
-f - 显示栈帧的所有数据,可以通过该选项确定传递给函数的参数。
-F显示栈帧编号,且将可解析的符号解析出来。

crash> bt -S ffffffc010c33698 -f
PID: 1280     TASK: ffffff81027f3840  CPU: 6    COMMAND: "update_engine"
bt: WARNING: cannot determine starting stack frame for task ffffff81027f3840
 #0 [ffffffc010c33710] qcom_wdt_trigger_bite at ffffffc00176dc44 [qcom_wdt_core]
    ffffffc010c33710: ffffffc010c33770 ffffffc0018ba0e4
    ffffffc010c33720: ffffff81027f3840 ffffff811babf880
    ffffffc010c33730: ffffff811babf880 9b086d92827e1e65
    ffffffc010c33740: ffffffc0082f94ec 0000000000000003
    ffffffc010c33750: ffffff80c53480c0 0000000000000000
    ffffffc010c33760: 0000000000000000 0000000000000000
 #1 [ffffffc010c33770] do_vm_restart at ffffffc0018ba0e0 [msm_vm_poweroff]
    ffffffc010c33770: ffffffc010c33780 ffffffc008094308
 #2 [ffffffc010c33780] atomic_notifier_call_chain at ffffffc008094304
    ffffffc010c33780: ffffffc010c337c0 ffffffc0080967f4
    ffffffc010c33790: ffffffc010c33904 2f52d15b275ed800
    ffffffc010c337a0: ffffffc009e86000 0000000000000000
    ffffffc010c337b0: ffffffc00a062000 0000000000000000

crash> bt -S ffffffc010c33698 -F
PID: 1280     TASK: ffffff81027f3840  CPU: 6    COMMAND: "update_engine"
bt: WARNING: cannot determine starting stack frame for task ffffff81027f3840
 #0 [ffffffc010c33710] qcom_wdt_trigger_bite at ffffffc00176dc44 [qcom_wdt_core]
    ffffffc010c33710: ffffffc010c33770 do_vm_restart+44
    ffffffc010c33720: __kcfi_typeid_free_transhuge_page+-549695647087 __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33730: __kcfi_typeid_free_transhuge_page+-549273283887 9b086d92827e1e65
    ffffffc010c33740: __kmem_cache_free+1172 0000000000000003
    ffffffc010c33750: __kcfi_typeid_free_transhuge_page+-550723953903 0000000000000000
    ffffffc010c33760: 0000000000000000 0000000000000000
 #1 [ffffffc010c33770] do_vm_restart at ffffffc0018ba0e0 [msm_vm_poweroff]
    ffffffc010c33770: ffffffc010c33780 atomic_notifier_call_chain+104
 #2 [ffffffc010c33780] atomic_notifier_call_chain at ffffffc008094304
    ffffffc010c33780: ffffffc010c337c0 do_kernel_restart+36
    ffffffc010c33790: ffffffc010c33904 2f52d15b275ed800
    ffffffc010c337a0: algs+640         0000000000000000
    ffffffc010c337b0: initcall_debug   0000000000000000
 #3 [ffffffc010c337c0] do_kernel_restart at ffffffc0080967f0
    ffffffc010c337c0: ffffffc010c337d0 machine_restart+44
 #4 [ffffffc010c337d0] machine_restart at ffffffc008019f64
    ffffffc010c337d0: ffffffc010c337f0 emergency_restart+40
    ffffffc010c337e0: 0000000000000000 0000000000000000
 #5 [ffffffc010c337f0] emergency_restart at ffffffc0080965f0
    ffffffc010c337f0: ffffffc010c33880 panic+692
    ffffffc010c33800: ffffffc010c338b0 kallsyms_token_index+69005
    ffffffc010c33810: 0000000000000000 0000000000000000
    ffffffc010c33820: __kcfi_typeid_free_transhuge_page+-498846770879 __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33830: 0000000000000000 0000000000000a20
    ffffffc010c33840: ffffffc010c338d0 ffffffc010c33840
    ffffffc010c33850: 0000000000000000 00000000ffffffc8
    ffffffc010c33860: ffffffc010c338d0 ffffffc010c33840
    ffffffc010c33870: 0000000000000000 00000000ffffffc8
 #6 [ffffffc010c33880] panic at ffffffc008f547b4
    ffffffc010c33880: ffffffc010c33920 die+656
    ffffffc010c33890: 9b086d92827e1e65 ffffffc010c33904
    ffffffc010c338a0: __kmem_cache_free+1172 ffffffc010c33904
    ffffffc010c338b0: 0000000000000001 ffffffc010c33a30
    ffffffc010c338c0: 00000000000003c0 kallsyms_token_index+69005
    ffffffc010c338d0: ffffffc010c338a8 d421000000000000
    ffffffc010c338e0: 3030353430333464 3031306633366420
    ffffffc010c338f0: 6666666637312030 3031323464206133
    ffffffc010c33900: 3234642820303030 0020293030303031
    ffffffc010c33910: ffffff0000000000 2f52d15b275ed800
 #7 [ffffffc010c33920] die at ffffffc008024bd0
    ffffffc010c33920: ffffffc010c33960 bug_handler+72
    ffffffc010c33930: 0000000000000006 debug_fault_info
    ffffffc010c33940: __kcfi_typeid_free_transhuge_page+-549695647087 __kmem_cache_free+1172
    ffffffc010c33950: 00000000f2000800 ffffffc010c33a30
 #8 [ffffffc010c33960] bug_handler at ffffffc008025fd8
    ffffffc010c33960: ffffffc010c33980 brk_handler+148
    ffffffc010c33970: ffffffc010c33a30 ffffffc010c33a30
 #9 [ffffffc010c33980] brk_handler at ffffffc00801674c
    ffffffc010c33980: ffffffc010c339b0 do_debug_exception+164
    ffffffc010c33990: 00000000f2000800 ct_nmi_enter+140
    ffffffc010c339a0: __kcfi_typeid_free_transhuge_page+-498846796071 __kcfi_typeid_free_transhuge_page+-549695647087
#10 [ffffffc010c339b0] do_debug_exception at ffffffc00803f270
    ffffffc010c339b0: ffffffc010c339f0 el1_dbg+88
    ffffffc010c339c0: 0000000000000001 0000000060400005
    ffffffc010c339d0: __kmem_cache_free+1172 0000007fa797e000
    ffffffc010c339e0: 00000000f2000800 ffffffc010c33a30
#11 [ffffffc010c339f0] el1_dbg at ffffffc008f5b854
    ffffffc010c339f0: ffffffc010c33a20 el1h_64_sync_handler+60
    ffffffc010c33a00: ffffffc010c33b80 2f52d15b275ed800
    ffffffc010c33a10: __kcfi_typeid_free_transhuge_page+-549273283887 __kcfi_typeid_free_transhuge_page+-549695647087
#12 [ffffffc010c33a20] el1h_64_sync_handler at ffffffc008f5b658
    ffffffc010c33a20: ffffffc010c33b60 el1h_64_sync+104
    ffffffc010c33a30: __kcfi_typeid_free_transhuge_page+-550735774639 __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33a40: __arm64_sys_prctl+1992 0000000000000000
    ffffffc010c33a50: __kcfi_typeid_free_transhuge_page+-549273283860 __kcfi_typeid_free_transhuge_page+-549273283728
    ffffffc010c33a60: 615f63696e6f6962 616d735f636f6c6c
    ffffffc010c33a70: 00000000000ed086 __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33a80: fffffffe046eafc0 e4f6921399d5e6e5
    ffffffc010c33a90: 5f6c6c616d735f63 00737463656a626f
    ffffffc010c33aa0: 00007fa8b3746000 0000007fa8b3743e
    ffffffc010c33ab0: 0000007fa8b37460 0080000000000080
    ffffffc010c33ac0: ffffffc00ef03040 __kcfi_typeid_free_transhuge_page+-549695647087
    ffffffc010c33ad0: __kcfi_typeid_free_transhuge_page+-549273283887 __kcfi_typeid_free_transhuge_page+-550735774639
    ffffffc010c33ae0: __arm64_sys_prctl+1992 __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33af0: 0000000000000001 9b086d92827e1e65
    ffffffc010c33b00: __kcfi_typeid_free_transhuge_page+-549273283887 __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33b10: fffffffe046eafc0 ffffffc010c33ba0
    ffffffc010c33b20: kfree+104        ffffffc010c33b80
    ffffffc010c33b30: __kmem_cache_free+1172 0000000060400005
    ffffffc010c33b40: __kcfi_typeid_free_transhuge_page+-549273283759 2f52d15b275ed800
    ffffffc010c33b50: ffffffc010c33bc0 __kmalloc+228
#13 [ffffffc010c33b60] el1h_64_sync at ffffffc008011294
    ffffffc010c33b60: ffffffc010c33ba0 __kmem_cache_free+1172
    ffffffc010c33b70: 0000000000000000 __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33b80: 0000000000001000 __kcfi_typeid_free_transhuge_page+-550735774639
    ffffffc010c33b90: fffffffe046eafc0 __arm64_sys_prctl+1992
#14 [ffffffc010c33ba0] __kmem_cache_free at ffffffc0082f94e8
    ffffffc010c33ba0: ffffffc010c33c10 kfree+104
    ffffffc010c33bb0: __kcfi_typeid_free_transhuge_page+-549695647087 0000000000000000
    ffffffc010c33bc0: 000000000000001b __kcfi_typeid_free_transhuge_page+-549273283887
    ffffffc010c33bd0: 0000000000001000 __kcfi_typeid_free_transhuge_page+-549273283759
    ffffffc010c33be0: 0000007fa797d000 __kcfi_typeid_free_transhuge_page+-550303217903
    ffffffc010c33bf0: __kcfi_typeid_free_transhuge_page+-549695647087 0000000053564d41
    ffffffc010c33c00: ffffffc010c33dc0 __arm64_sys_prctl+1980
#15 [ffffffc010c33c10] kfree at ffffffc0082a5d30
    ffffffc010c33c10: ffffffc010c33dc0 __arm64_sys_prctl+1992
    ffffffc010c33c20: __kcfi_typeid_free_transhuge_page+-549695647087 0000000053564d41
    ffffffc010c33c30: 0000000000000000 0000000000000000
    ffffffc010c33c40: ffffffc010c33ce0 do_mmap+956
    ffffffc010c33c50: __kcfi_typeid_free_transhuge_page+-550303217903 0000000000000022
    ffffffc010c33c60: 0000000000000073 0000000000000003
    ffffffc010c33c70: 0000000000000003 0000007fa797d000
    ffffffc010c33c80: 0000000007fa797d 0000000000000000
    ffffffc010c33c90: 0000000000000073 ffffffc010c33d60
    ffffffc010c33ca0: 0000000000000000 0000000000000000
    ffffffc010c33cb0: 0000000000000000 0000000000000000
    ffffffc010c33cc0: 0000000000000000 0000000000000000
    ffffffc010c33cd0: 0000000000000000 0000000000000000
    ffffffc010c33ce0: 0000000000000000 0000000000000000
    ffffffc010c33cf0: 0000000000000000 2f52d15b275ed800
    ffffffc010c33d00: ffffffc010c33d70 vm_mmap_pgoff+452
    ffffffc010c33d10: 0000000000001000 __kcfi_typeid_free_transhuge_page+-550303217903
    ffffffc010c33d20: 0000007fa797d000 0000000000000000
    ffffffc010c33d30: 0000000000000003 0000000000000022
    ffffffc010c33d40: __kcfi_typeid_free_transhuge_page+-548810979775 fffffffe04dce8a8
    ffffffc010c33d50: ffffffc010c33d50 ffffffc010c33d50
    ffffffc010c33d60: 0000000000000000 2f52d15b275ed800
    ffffffc010c33d70: ffffffc010c33dd0 ksys_mmap_pgoff+168
    ffffffc010c33d80: 0000000000000000 0000000000000000
    ffffffc010c33d90: 0000000000000000 0000000000000000
    ffffffc010c33da0: 0000000000000000 0000000000000000
    ffffffc010c33db0: 2f52d15b275ed800 0000000000000003
#16 [ffffffc010c33dc0] __arm64_sys_prctl at ffffffc0080824b8
    ffffffc010c33dc0: ffffffc010c33e20 invoke_syscall+88
    ffffffc010c33dd0: __kcfi_typeid_free_transhuge_page+-549695647087 0000000000000000
    ffffffc010c33de0: 0000000000000000 0000000000000000
    ffffffc010c33df0: 0000000000000000 0000000000000000
    ffffffc010c33e00: 0000007fa8c60d08 __kcfi_typeid_free_transhuge_page+-549695647087
    ffffffc010c33e10: sys_call_table   ffffffc010c33eb0
#17 [ffffffc010c33e20] invoke_syscall at ffffffc00802ed28
    ffffffc010c33e20: ffffffc010c33e40 el0_svc_common+180
    ffffffc010c33e30: sys_call_table   ffffffc010c33eb0
#18 [ffffffc010c33e40] el0_svc_common at ffffffc00802ec68
    ffffffc010c33e40: ffffffc010c33e70 do_el0_svc+44
    ffffffc010c33e50: 00000000ffffffff 0000007fa797e000
    ffffffc010c33e60: __kcfi_typeid_free_transhuge_page+-549695647087 ffffffc010c33eb0
#19 [ffffffc010c33e70] do_el0_svc at ffffffc00802eb30
    ffffffc010c33e70: ffffffc010c33e80 el0_svc+44
#20 [ffffffc010c33e80] el0_svc at ffffffc008f5bbf8
    ffffffc010c33e80: ffffffc010c33ea0 el0t_64_sync_handler+104
    ffffffc010c33e90: ffffffcccf6ed000 0000000004000000
#21 [ffffffc010c33ea0] el0t_64_sync_handler at ffffffc008f5bb80
    ffffffc010c33ea0: ffffffc010c33fe0 el0t_64_sync+420
    ffffffc010c33eb0: 0000000053564d41 0000000000000000
    ffffffc010c33ec0: 0000007fa797d000 0000000000001000
    ffffffc010c33ed0: 0000007fa8b3743e 0000000000000000
    ffffffc010c33ee0: 0000000000000040 0000007fa7981004
    ffffffc010c33ef0: 00000000000000a7 0000000000000028
    ffffffc010c33f00: 0000000000000000 4111ad04bde3bf81
    ffffffc010c33f10: a4422eb13b126539 c3a5c85c97cb3127
    ffffffc010c33f20: 000000000000000f 0000007fa8b3a000
    ffffffc010c33f30: 0000007fa8c85ec8 0000007fa8c47f80
    ffffffc010c33f40: 0000007fa83ba000 0000007fa8c9eee0
    ffffffc010c33f50: 0000007fa797d000 0000000000000000
    ffffffc010c33f60: 0000007fa7985e00 00000000000001ff
    ffffffc010c33f70: 0000007fe597ed51 0000000000000295
    ffffffc010c33f80: 0000000000000000 0000007fa8c8a0c0
    ffffffc010c33f90: 0000000000003d2b 0000007fe597da40
    ffffffc010c33fa0: 0000007fa8c4a9b8 0000007fe597da40
    ffffffc010c33fb0: 0000007fa8c60d08 0000000000000000
    ffffffc010c33fc0: 0000000053564d41 00000000000000a7
    ffffffc010c33fd0: 0000000000000000 0000000000000000
#22 [ffffffc010c33fe0] el0t_64_sync at ffffffc008011580
     PC: 0000007fa8c60d08   LR: 0000007fa8c4a9b8   SP: 0000007fe597da40
    X29: 0000007fe597da40  X28: 0000000000003d2b  X27: 0000007fa8c8a0c0
    X26: 0000000000000000  X25: 0000000000000295  X24: 0000007fe597ed51
    X23: 00000000000001ff  X22: 0000007fa7985e00  X21: 0000000000000000
    X20: 0000007fa797d000  X19: 0000007fa8c9eee0  X18: 0000007fa83ba000
    X17: 0000007fa8c47f80  X16: 0000007fa8c85ec8  X15: 0000007fa8b3a000
    X14: 000000000000000f  X13: c3a5c85c97cb3127  X12: a4422eb13b126539
    X11: 4111ad04bde3bf81  X10: 0000000000000000   X9: 0000000000000028
     X8: 00000000000000a7   X7: 0000007fa7981004   X6: 0000000000000040
     X5: 0000000000000000   X4: 0000007fa8b3743e   X3: 0000000000001000
     X2: 0000007fa797d000   X1: 0000000000000000   X0: 0000000053564d41
    ORIG_X0: 0000000053564d41  SYSCALLNO: a7  PSTATE: 00000000

-------------------------------------------------------------------------------------

dis命令得到函数的汇编,加-s或者-l寻找代码行数。不过会出现不准的情况(可能是未定义的宏包起来的部分没算?)。
crash> dis ffffffc008196eb8
0xffffffc008196eb8 <trace_event_buffer_lock_reserve+376>:       cbz     x0, 0xffffffc008196ee4 <trace_event_buffer_lock_reserve+420>
crash> dis ffffffc008196eb8 -s
FILE: kernel/trace/trace.c
LINE: 953 (实际在2764行)

dis: ffffffc008196eb8: source code is not available

crash> dis ffffffc008196eb8 -l
out/android14-6.1/common/kernel/trace/trace.c: 953
0xffffffc008196eb8 <trace_event_buffer_lock_reserve+376>:       cbz     x0, 0xffffffc008196ee4 <trace_event_buffer_lock_reserve+420>

-------------------------------------------------------------------------------------

list -s list_head ffffff80c4802200
crash> whatis kmem_cache_node 先找到一个全局变量得到类型定义
struct kmem_cache *kmem_cache_node;
crash> struct kmem_cache
struct kmem_cache {
    struct kmem_cache_cpu *cpu_slab;
    slab_flags_t flags;
    unsigned long min_partial;
    unsigned int size;
    unsigned int object_size;
    struct reciprocal_value reciprocal_size;
    unsigned int offset;
    unsigned int cpu_partial;
    unsigned int cpu_partial_slabs;
    struct kmem_cache_order_objects oo;
    struct kmem_cache_order_objects min;
    gfp_t allocflags;
    int refcount;
    void (*ctor)(void *);
    unsigned int inuse;
    unsigned int align;
    unsigned int red_left_pad;
    const char *name;
    struct list_head list;
    struct kobject kobj;
    unsigned long random;
    unsigned int *random_seq;
    struct kasan_cache kasan_info;
    unsigned int useroffset;
    unsigned int usersize;
    struct kmem_cache_node *node[1];
}
SIZE: 256
crash> struct kmem_cache.list kmem_cache_node -o 找到list的offset
struct kmem_cache {
  [ffffffc00a0956c8] struct list_head list;
}
crash> list kmem_cache.list ffffffc00a0956c8
ffffffc00a0956c8
crash> list kmem_cache.list.next ffffffc00a0956c8
ffffffc00a093b20
ffffffffffffffff
crash> list kmem_cache.list ffffff80c4802000
ffffff80c4802000
ffffffc009f29940
ffffffc0082a7404
d000e400f9000508
list: invalid kernel virtual address: d000e400f9000570  type: "list entry"

crash> list -s list_head ffffffc009f29940
ffffffc009f29940
struct list_head {
  next = 0xffffff80fd5cd968,
  prev = 0xffffff80c4802068
}
ffffff80fd5cd968
struct list_head {
  next = 0xffffff80fd5d9768,
  prev = 0xffffffc009f29940 <slab_caches>
}
......

-------------------------------------------------------------------------------------

crash> struct kmem_cache ffffff80c4802200
struct kmem_cache {
  cpu_slab = 0xffffffc009e4aef0, percpu类型成员


crash>  struct kmem_cache_cpu 0xffffffc009e4aef0:6 查看cpu6上的具体内容
[6]: ffffff8cd9537ef0
struct kmem_cache_cpu {
  freelist = 0xffffff811babf880,
  tid = 996614,
  slab = 0xfffffffe046eafc0,
  partial = 0xfffffffe046edfc0,
  lock = {<No data fields>}
}

-------------------------------------------------------------------------------------

log -m 显示日志级别在<>中
[   11.676272] <5>Going down for vm restart now
[   11.676537] <0>Top irqs in last 7357 ms:
[   11.676705] <0>IRQ 11 [GICv3:arch_timer] - 10212 times
[   11.676904] <0>IRQ 50 [GICv3:virtio6] - 5808 times
[   11.677069] <0>IRQ 158 [GICv3:spi_geni] - 1683 times
[   11.677231] <0>IRQ 43 [GICv3:virtio38] - 1672 times
[   11.677391] <0>IRQ 51 [GICv3:virtio7] - 1507 times
[   11.677571] <3>msm_watchdog 17c10000.qcom,wdt: Cpu alive mask is 0
[   11.677773] <3>msm_watchdog 17c10000.qcom,wdt: Causing a QCOM Apps Watchdog bite!
[   11.678034] <3>msm_watchdog 17c10000.qcom,wdt: Wdog - STS: 0xffffffff, CTL: 0xffffffff, BARK TIME: 0xffffffff, BITE TIME: 0xffffffff

-------------------------------------------------------------------------------------

crash> mach
       MACHINE TYPE: aarch64
        MEMORY SIZE: 10.9 GB
               CPUS: 1
                 HZ: 250
          PAGE SIZE: 4096
KERNEL VIRTUAL BASE: ffffff8000000000
KERNEL MODULES BASE: ffffffc000000000
KERNEL VMALLOC BASE: ffffffc008000000
KERNEL VMEMMAP BASE: fffffffeffe00000
  KERNEL STACK SIZE: 16384
     IRQ STACK SIZE: 16384
         IRQ STACKS:
              CPU 0: ffffffc008000000
              CPU 1: ffffffc008008000
              CPU 2: ffffffc00a108000
              CPU 3: ffffffc00a110000
              CPU 4: ffffffc00a118000
              CPU 5: ffffffc00a120000
              CPU 6: ffffffc00a128000
              CPU 7: ffffffc00a130000
OVERFLOW STACK SIZE: 4096
    OVERFLOW STACKS:
              CPU 0: ffffff8cd947b100
              CPU 1: ffffff8cd9497100
              CPU 2: ffffff8cd94b3100
              CPU 3: ffffff8cd94cf100
              CPU 4: ffffff8cd94eb100
              CPU 5: ffffff8cd9507100
              CPU 6: ffffff8cd9523100
              CPU 7: ffffff8cd953f100

-------------------------------------------------------------------------------------

crash> ps -g xxx 查看指定进程下面有多少个线程
PID: 410      TASK: ffffff80c8ac8000  CPU: 2    COMMAND: "xxx"
  PID: 513      TASK: ffffff80ecf392c0  CPU: 6    COMMAND: "xxx"
  PID: 514      TASK: ffffff80ecf3ddc0  CPU: 5    COMMAND: "xxx.xx"
  PID: 515      TASK: ffffff80cb3b92c0  CPU: 6    COMMAND: "xxx.xx"
  PID: 554      TASK: ffffff80cb3ba580  CPU: 6    COMMAND: "xxx.xx"
  PID: 555      TASK: ffffff80cb3bddc0  CPU: 4    COMMAND: "xxx.xx"

-------------------------------------------------------------------------------------

物理地址虚拟地址相互转化
ptov 0x80000000
vtop 

-------------------------------------------------------------------------------------

指定读取数据的宽度
rd ffffff82b41b3240 -8 -o 16 -e ffffff82b41b32b8
rd ffffff82b41b3240 -32 -o 16 -e ffffff82b41b32b8

-------------------------------------------------------------------------------------

显示各个cpu上正在运行的任务已经跑了多长时间
crash> runq -m
 CPU 0: [0 00:00:00.038]  PID: 779    TASK: ffffff80eb4ca580  COMMAND: "kworker/0:4H"
 CPU 1: [0 00:00:00.000]  PID: 1348   TASK: ffffff810f204b00  COMMAND: "start"
 CPU 2: [0 00:00:11.672]  PID: 0      TASK: ffffff80c4a6cb00  COMMAND: "swapper/2"
 CPU 3: [0 00:00:00.000]  PID: 1347   TASK: ffffff80c70d0000  COMMAND: "getprop"
 CPU 4: [0 00:00:00.000]  PID: 1252   TASK: ffffff80ecd72580  COMMAND: "storaged"
 CPU 5: [0 00:00:11.672]  PID: 0      TASK: ffffff80c4a72580  COMMAND: "swapper/5"
 CPU 6: [0 00:00:00.085]  PID: 1280   TASK: ffffff81027f3840  COMMAND: "update_engine"
 CPU 7: [0 00:00:00.003]  PID: 908    TASK: ffffff8104468000  COMMAND: "binder:908_2"

-------------------------------------------------------------------------------------

搜索
Search the 4K page at c532c000 for all instances of 0xffffffff:
crash_arm64> search -s c532c000 -l 4096 ffffffff

search -u deadbeef
search -k -c "can't allocate memory" "Failure to"

-------------------------------------------------------------------------------------

知道一个结构体所在的地址,想查看这个结构体里面的成员。
struct task_struct.comm 0xffffff82b41b3240

显示结构体定义和各成员offset。
crash> struct -o sched_class
struct sched_class {
    [0] int uclamp_enabled;
    [8] void (*enqueue_task)(struct rq *, struct task_struct *, int);
   [16] void (*dequeue_task)(struct rq *, struct task_struct *, int);
   [24] void (*yield_task)(struct rq *);
   [32] bool (*yield_to_task)(struct rq *, struct task_struct *);
   [40] void (*check_preempt_curr)(struct rq *, struct task_struct *, int);
   [48] struct task_struct *(*pick_next_task)(struct rq *);
   [56] void (*put_prev_task)(struct rq *, struct task_struct *);
   [64] void (*set_next_task)(struct rq *, struct task_struct *, bool);
   [72] int (*balance)(struct rq *, struct task_struct *, struct rq_flags *);
   [80] int (*select_task_rq)(struct task_struct *, int, int);
   [88] struct task_struct *(*pick_task)(struct rq *);
   [96] void (*migrate_task_rq)(struct task_struct *, int);
  [104] void (*task_woken)(struct rq *, struct task_struct *);
  [112] void (*set_cpus_allowed)(struct task_struct *, const struct cpumask *, u32);
  [120] void (*rq_online)(struct rq *);
  [128] void (*rq_offline)(struct rq *);
  [136] struct rq *(*find_lock_rq)(struct task_struct *, struct rq *);
  [144] void (*task_tick)(struct rq *, struct task_struct *, int);
  [152] void (*task_fork)(struct task_struct *);
  [160] void (*task_dead)(struct task_struct *);
  [168] void (*switched_from)(struct rq *, struct task_struct *);
  [176] void (*switched_to)(struct rq *, struct task_struct *);
  [184] void (*prio_changed)(struct rq *, struct task_struct *, int);
  [192] unsigned int (*get_rr_interval)(struct rq *, struct task_struct *);
  [200] void (*update_curr)(struct rq *);
  [208] void (*task_change_group)(struct task_struct *);
}
SIZE: 216

-------------------------------------------------------------------------------------

sym -l 系统中所有的符号和他们的值
sym -m qcom_edac 查看指定ko模块的符号
sym -pn jiffies 显示指定符号前后的符号
sym -q init 显示所有包含指定字符串的符号
sys -c 显示所有的系统调用接口信息
sys config 查看系统中的所有CONFIG_XXX信息
timer 显示当前jiffies的值,有哪些定时任务等
timer -r 显示高精度定时器信息
whatis sched_class 查看数据结构的成员
whatis -r 192 显示所有大小为192字节的数据结构
whatis -r 256-512 显示所有大小在256~512字节之间的数据结构
whatis -r 256-512 -m task_struct 显示所有大小在256-512字节之间,且包含task_struct成员的数据结构类型


参考资料:

调试工具(二):crash(未完结) - DumpStack

相关文章:

  • JavaScripts API(应用程序编程接口)
  • 提问:鲜羊奶是解决育儿Bug的补丁吗?
  • 2025河北CCPC 题解(部分)
  • 人工智能如何协助老师做课题
  • A-9 OpenCasCade读取STEP文件中的NURBS曲面
  • MySQL日志文件有哪些?
  • PDF电子发票数据提取至Excel
  • AI时代新词-人工智能伦理审查(AI Ethics Review)
  • cannot access ‘/etc/mysql/debian.cnf‘: No such file or directory
  • Vue 核心技术与实战day04
  • LitCTF2025 WEB
  • 项目管理进阶:详解项目管理办公室(PMO)实用手册【附全文阅读】
  • Windows环境下Redis的安装使用与报错解决
  • CMake指令:set()
  • 深度思考、弹性实施,业务流程自动化的实践指南
  • 【Dify系列教程重置精品版】第十章:Dify与RAG
  • 2025密云马拉松复盘
  • 通用表格识别接口-表格版面还原-表格文字提取-Java接口集成
  • 数据结构与算法学习笔记(Acwing 提高课)----动态规划·区间DP
  • transformer总结
  • 做个人网站用什么程序/营销推广计划
  • 领优惠券的网站是怎么做的/seo排名优化价格
  • 网站百度统计表格怎么做/青岛网络科技公司排名
  • 国内做航模比较好的网站/网站流量分析
  • 如何制作网站页面/怎样优化标题关键词
  • 公司网站建设考核/某企业网站的分析优化与推广