記一次Linux核心崩潰:kdump,crash,vmcore

空殼先生發表於2021-03-04

原理

Linux核心傳送崩潰時,kdump會生成一個核心轉儲檔案vmcore。 可以通過分析vmcore分析出核心崩潰的原因。
crash是一個被廣泛應用的核心奔潰轉儲檔案分析工具。使用crash除錯核心轉儲檔案,需要安裝crash工具和核心除錯工具kernel-debuginfo。

安裝需要的軟體

1、檢視系統核心

[root@qd01-stop-free015 ~]# uname  -r
3.10.0-1160.15.2.el7.x86_64

2、安裝kdump,crash

yum install  crash kexec-tools -y

3、安裝kernel-debuginfo
下載連結http://debuginfo.centos.org/7/x86_64/

rpm  -ivh kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm

crash報告分析

1、使用crash命令載入vmcore檔案

[root@qd01-stop-free015 kdump]# crash  /usr/lib/debug/lib/modules/3.10.0-1160.15.2.el7.x86_64/vmlinux  vmcore

crash 7.2.3-11.el7_9.1
Copyright (C) 2002-2017  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.
 
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu"...

WARNING: kernel relocated [274MB]: patching 87300 gdb minimal_symbol values

      KERNEL: /usr/lib/debug/lib/modules/3.10.0-1160.15.2.el7.x86_64/vmlinux
    DUMPFILE: vmcore  [PARTIAL DUMP]
        CPUS: 8
        DATE: Thu Mar  4 10:12:38 2021
      UPTIME: 00:05:04
LOAD AVERAGE: 5.28, 3.20, 1.38
       TASKS: 256
    NODENAME: zf-dbslave001
     RELEASE: 3.10.0-1160.15.2.el7.x86_64
     VERSION: #1 SMP Wed Feb 3 15:06:38 UTC 2021
     MACHINE: x86_64  (2500 Mhz)
      MEMORY: 63 GB
       PANIC: "BUG: unable to handle kernel NULL pointer dereference at 0000000000000074"
         PID: 1362
     COMMAND: "AliYunDun"
        TASK: ffff90f972365280  [THREAD_INFO: ffff90f9767a4000]
         CPU: 5
       STATE: TASK_RUNNING (PANIC)

輸出註釋如下:

  • KERNEL:系統崩潰時執行的 kernel 檔案
  • DUMPFILE: 核心轉儲檔案
  • CPUS: 所在機器的 CPU 數量
  • DATE:系統崩潰的時間
  • TASKS:系統崩潰時記憶體中的任務數
  • NODENAME:崩潰的系統主機名
  • RELEASE: 和 VERSION:核心版本號
  • MACHINE:CPU 架構
  • MEMORY:崩潰主機的實體記憶體
  • PANIC:崩潰型別,常見的崩潰型別包括:
  • SysRq (System Request):通過魔法組合鍵導致的系統崩潰,通常是測試使用。通過 echo c > /proc/sysrq-trigger,就可以觸發系統崩潰。
  • oops:可以看成是核心級的 Segmentation Fault。應用程式如果進行了非法記憶體訪問或執行了非法指令,會得到 Segfault 訊號,一般行為是 coredump,應用程式也可以自己截獲 Segfault 訊號,自行處理。如果核心自己犯了這樣的錯誤,則會彈出 oops 資訊。

從以上輸出可以知道,本次系統奔潰的原因是:PANIC: "BUG: unable to handle kernel NULL pointer dereference at 0000000000000074",然後導致AliYunDun把系統重啟了。
PS:搞不懂阿里雲的破邏輯,伺服器被黑了居然只會不斷重啟伺服器?

2、使用bt 命令用於檢視系統崩潰前的堆疊資訊。

crash> bt
PID: 1362   TASK: ffff90f972365280  CPU: 5   COMMAND: "AliYunDun"
 #0 [ffff90f9767a77a0] machine_kexec at ffffffff922662c4
 #1 [ffff90f9767a7800] __crash_kexec at ffffffff923227a2
 #2 [ffff90f9767a78d0] crash_kexec at ffffffff92322890
 #3 [ffff90f9767a78e8] oops_end at ffffffff9298c798
 #4 [ffff90f9767a7910] no_context at ffffffff92275d14
 #5 [ffff90f9767a7960] __bad_area_nosemaphore at ffffffff92275fe2
 #6 [ffff90f9767a79b0] bad_area_nosemaphore at ffffffff92276104
 #7 [ffff90f9767a79c0] __do_page_fault at ffffffff9298f750
 #8 [ffff90f9767a7a30] trace_do_page_fault at ffffffff9298fa26
 #9 [ffff90f9767a7a70] do_async_page_fault at ffffffff9298efa2
#10 [ffff90f9767a7a90] async_page_fault at ffffffff9298b7a8
#11 [ffff90f9767a7b98] kmem_cache_alloc_trace at ffffffff92428a0c
#12 [ffff90f9767a7c98] mntput at ffffffff92471d94
#13 [ffff90f9767a7d88] kvm_sched_clock_read at ffffffff9226d3be
#14 [ffff90f9767a7ec8] putname at ffffffff9245fd3d
#15 [ffff90f9767a7f50] system_call_fastpath at ffffffff92994f92
    RIP: 00007f84fd928315  RSP: 00007f84fb011af8  RFLAGS: 00000206
    RAX: 000000000000004e  RBX: 000000000244e010  RCX: ffffffffffffffff
    RDX: 0000000000008000  RSI: 000000000244e010  RDI: 0000000000000012
    RBP: 000000000244e010   R8: 0000000000000020   R9: 0000000000008030
    R10: 0000000000000076  R11: 0000000000000246  R12: ffffffffffffff30
    R13: 0000000000000000  R14: 000000000244dfe0  R15: 000000000000052a
    ORIG_RAX: 000000000000004e  CS: 0033  SS: 002b

3、log 命令可以列印系統訊息緩衝區,從而可能找到系統崩潰的線索。輸出太多,這裡只擷取部分資訊。

crash> log
[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Initializing cgroup subsys cpuacct
[    0.000000] Linux version 3.10.0-1160.15.2.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) ) #1 SMP Wed Feb 3 15:06:38 UTC 2021
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-1160.15.2.el7.x86_64 root=UUID=1114fe9e-2309-4580-b183-d778e6d97397 ro crashkernel=auto rhgb quiet LANG=en_US.UTF-8 idle=halt biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200n8 noibrs
[    0.000000] e820: BIOS-provided physical RAM map:
[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[    0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x0000000013ffffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000014000000-0x000000001511ffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000015120000-0x00000000bffcdfff] usable
[    0.000000] BIOS-e820: [mem 0x00000000bffce000-0x00000000bfffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x0000000fffffffff] usable
[    0.000000] BIOS-e820: [mem 0x0000001000000000-0x000000103fffffff] reserved
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] SMBIOS 2.8 present.
[    0.000000] DMI: Alibaba Cloud Alibaba Cloud ECS, BIOS e623647 04/01/2014
[    0.000000] Hypervisor detected: KVM
[    0.000000] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
[    0.000000] e820: remove [mem 0x000a0000-0x000fffff] usable
[    0.000000] e820: last_pfn = 0x1000000 max_arch_pfn = 0x400000000
[    0.000000] MTRR default type: write-back
[    0.000000] MTRR fixed ranges enabled:
[    0.000000]   00000-9FFFF write-back
[    0.000000]   A0000-BFFFF uncachable
[    0.000000]   C0000-FFFFF write-protect
[    0.000000] MTRR variable ranges enabled:
[    0.000000]   0 base 0000C0000000 mask 3FFFC0000000 uncachable
[    0.000000]   1 disabled
[    0.000000]   2 disabled
[    0.000000]   3 disabled
[    0.000000]   4 disabled
[    0.000000]   5 disabled
[    0.000000]   6 disabled
[    0.000000]   7 disabled
[    0.000000] PAT configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- UC  
[    0.000000] e820: last_pfn = 0xbffce max_arch_pfn = 0x400000000
[    0.000000] found SMP MP-table at [mem 0x000f5a00-0x000f5a0f] mapped at [ffffffffff200a00]
[    0.000000] Base memory trampoline at [ffff90f800099000] 99000 size 24576
[    0.000000] Using GB pages for direct mapping
[    0.000000] BRK [0x70e74000, 0x70e74fff] PGTABLE
[    0.000000] BRK [0x70e75000, 0x70e75fff] PGTABLE
[    0.000000] BRK [0x70e76000, 0x70e76fff] PGTABLE
[    0.000000] BRK [0x70e77000, 0x70e77fff] PGTABLE
[    0.000000] BRK [0x70e78000, 0x70e78fff] PGTABLE
[    0.000000] RAMDISK: [mem 0x3625c000-0x37125fff]
[    0.000000] Early table checksum verification disabled
[    0.000000] ACPI: RSDP 00000000000f59b0 00014 (v00 BOCHS )
[    0.000000] ACPI: RSDT 00000000bffe2185 00034 (v01 BOCHS  BXPCRSDT 00000001 BXPC 00000001)
[    0.000000] ACPI: FACP 00000000bffe093e 00074 (v01 BOCHS  BXPCFACP 00000001 BXPC 00000001)
[    0.000000] ACPI: DSDT 00000000bffdfd80 00BBE (v01 BOCHS  BXPCDSDT 00000001 BXPC 00000001)
[    0.000000] ACPI: FACS 00000000bffdfd40 00040
[    0.000000] ACPI: SSDT 00000000bffe09b2 015FB (v01 BOCHS  BXPCSSDT 00000001 BXPC 00000001)
[    0.000000] ACPI: APIC 00000000bffe1fad 000B0 (v01 BOCHS  BXPCAPIC 00000001 BXPC 00000001)
[    0.000000] ACPI: SRAT 00000000bffe205d 00128 (v01 BOCHS  BXPCSRAT 00000001 BXPC 00000001)

[    4.722250] Adding 33554428k swap on /data/swapfile.  Priority:-2 extents:24 across:35823612k FS
[    5.841211] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0/input/input5
[    5.841325] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 Pointer [QEMU QEMU USB Tablet] on usb-0000:00:01.2-1/input0
[   13.615575] mzoneinfo: loading out-of-tree module taints kernel.
[   13.615611] mzoneinfo: module verification failed: signature and/or required key missing - tainting kernel
[  305.100071] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074
[  305.101048] IP: [<ffffffffc02d74c0>] 0xffffffffc02d74c0
[  305.101653] PGD 800000010d7ed067 PUD 176f9c067 PMD 0
[  305.102276] Oops: 0000 [#1] SMP
[  305.102675] Modules linked in: tcp_diag inet_diag cirrus ttm nfit drm_kms_helper libnvdimm syscopyarea ppdev sysfillrect intel_powerclamp sysimgblt fb_sys_fops drm iosf_mbi parport_pc crc32_pclmul virtio_balloon parport ghash_clmulni_intel aesni_intel lrw gf128mul drm_panel_orientation_quirks glue_helper pcspkr i2c_piix4 joydev ablk_helper cryptd ip_tables ext4 mbcache jbd2 ata_generic pata_acpi virtio_net virtio_console net_failover virtio_blk failover ata_piix libata crct10dif_pclmul crct10dif_common crc32c_intel virtio_pci virtio_ring floppy serio_raw virtio
[  305.109021] CPU: 5 PID: 1362 Comm: AliYunDun Kdump: loaded Tainted: G           OE  ------------   3.10.0-1160.15.2.el7.x86_64 #1
[  305.110306] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS e623647 04/01/2014
[  305.111150] task: ffff90f972365280 ti: ffff90f9767a4000 task.ti: ffff90f9767a4000
[  305.111977] RIP: 0010:[<ffffffffc02d74c0>]  [<ffffffffc02d74c0>] 0xffffffffc02d74c0
[  305.112843] RSP: 0018:ffff90f9767a7b48  EFLAGS: 00010283
[  305.113437] RAX: fffffffffffffbd0 RBX: 0000000000000240 RCX: 00000000000007cd
[  305.114228] RDX: 0000000000000000 RSI: ffff90f972365280 RDI: 00000000ffffffff
[  305.115014] RBP: ffff90f9767a7b88 R08: 0000000040000000 R09: 0000000000000400
[  305.115804] R10: 0000000000000000 R11: ffffd9d105c1ea00 R12: 0000000000000240
[  305.116586] R13: 0000000000000258 R14: 0000000000000018 R15: ffff90f9707aa000
[  305.117377] FS:  00007f84fb012700(0000) GS:ffff9107ffd40000(0000) knlGS:0000000000000000
[  305.118276] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  305.118921] CR2: 0000000000000074 CR3: 000000017839e000 CR4: 00000000003606e0
[  305.119710] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  305.120502] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  305.121291] Call Trace:
[  305.121581]  [<ffffffff92428a0c>] ? kmem_cache_alloc_trace+0x3c/0x200
[  305.122304]  [<ffffffff9242832e>] ? __kmalloc+0x2e/0x230
[  305.122898]  [<ffffffff92471d94>] ? mntput+0x24/0x40
[  305.123458]  [<ffffffff9226d3be>] ? kvm_sched_clock_read+0x1e/0x30
[  305.124162]  [<ffffffff9245fd3d>] ? putname+0x3d/0x60
[  305.124733]  [<ffffffff92994f92>] ? system_call_fastpath+0x25/0x2a
[  305.125417] Code: 65 48 8b 34 25 c0 0e 01 00 48 8b 96 30 04 00 00 48 8d 82 d0 fb ff ff 48 39 c6 74 2c 3b 7a 74 74 2a b9 d0 07 00 00 eb 0d 0f 1f 00 <3b> 7a 74 74 1b 83 e9 01 74 13 48 8b 90 30 04 00 00 48 8d 82 d0 
[  305.128647] RIP  [<ffffffffc02d74c0>] 0xffffffffc02d74c0
[  305.129263]  RSP <ffff90f9767a7b48>
[  305.129660] CR2: 0000000000000074

4、ps 命令用於顯示程式的狀態,帶 > 標識代表是活躍的程式。

crash> ps
   PID    PPID  CPU       TASK        ST  %MEM     VSZ    RSS  COMM
      0      0   0  ffffffff92e18480  RU   0.0       0      0  [swapper/0]
>     0      0   1  ffff90f964f74200  RU   0.0       0      0  [swapper/1]
      0      0   2  ffff90f964f75280  RU   0.0       0      0  [swapper/2]
>     0      0   3  ffff90f964f76300  RU   0.0       0      0  [swapper/3]
      0      0   4  ffff90f965760000  RU   0.0       0      0  [swapper/4]
      0      0   5  ffff90f965761080  RU   0.0       0      0  [swapper/5]
      0      0   6  ffff90f965762100  RU   0.0       0      0  [swapper/6]
>     0      0   7  ffff90f965763180  RU   0.0       0      0  [swapper/7]
      1      0   3  ffff90f964b60000  IN   0.0   43460   3816  systemd
這裡忽略部分資訊......
   1045      1   6  ffff90f91038c200  IN   0.0  110208    880  agetty
   1144      1   3  ffff90f966f6a100  IN   0.0   32544   4304  AliYunDunUpdate
   1145      1   3  ffff90f90b3a3180  IN   0.0   32544   4304  AliYunDunUpdate
   1146      1   1  ffff90f90b3a2100  IN   0.0   32544   4304  AliYunDunUpdate
   1161      1   7  ffff90f978bcb180  IN   0.0   32544   4304  AliYunDunUpdate
   1165      1   1  ffff90f910389080  IN   0.0  802872  11300  aliyun-service
   1166      1   3  ffff90f978bcc200  IN   0.0  802872  11300  aliyun-service
   1170      1   5  ffff90f978bc8000  IN   0.0  802872  11300  aliyun-service
   1180      1   3  ffff90f90c3f2100  IN   0.0  802872  11300  aliyun-service
   1188      1   5  ffff90f91038d280  IN   0.0    4936   2556  matchpathcond
   1191      1   5  ffff90f91038b180  IN   0.0     328    208  postcated
   1193      1   7  ffff90f977398000  IN   0.0    3304    184  telinited
   1194   1193   5  ffff90f910388000  IN   0.0    3436   1244  telinited
   1206      1   0  ffff90f966f68000  IN   0.0    5088   1676  devlinked
   1209      1   1  ffff90f970b40000  IN   0.0     172     40  logrotated
   1313      1   1  ffff90f90f7d4200  IN   0.0  574284  17500  gmain
   1314      1   7  ffff90f90f7d2100  IN   0.0  574284  17500  tuned
   1322      1   5  ffff90f9783b8000  IN   0.0  139536  22220  AliYunDun
   1323      1   1  ffff90f9533eb180  IN   0.0  139536  22220  AliYunDun
   1324      1   5  ffff90f9533ed280  IN   0.0  139536  22220  AliYunDun
   1345      1   3  ffff90f91279d280  IN   0.0  574284  17500  tuned
   1346      1   5  ffff90f91279e300  IN   0.0  574284  17500  tuned
   1347      1   5  ffff90f90eb84200  IN   0.0  718240   7536  rs:main Q:Reg
   1349      1   1  ffff90f91279b180  IN   0.0  139536  22220  AliYunDun
   1350      1   1  ffff90f91279c200  IN   0.0  139536  22220  AliYunDun
   1351      1   1  ffff90f90b3a5280  IN   0.0  139536  22220  AliYunDun
   1352      1   4  ffff90f90b3a1080  IN   0.0  139536  22220  AliYunDun
   1353      1   5  ffff90f90b3a6300  IN   0.0  139536  22220  AliYunDun
   1354      1   5  ffff90f90b3a4200  IN   0.0  139536  22220  AliYunDun
   1355      1   1  ffff90f90b3a0000  IN   0.0  139536  22220  AliYunDun
   1357      1   7  ffff90f90b780000  IN   0.0  139536  22220  AliYunDun
   1358      1   5  ffff90f90b781080  IN   0.0  139536  22220  AliYunDun
   1359      1   3  ffff90f972361080  IN   0.0  139536  22220  AliYunDun
   1360      1   3  ffff90f972364200  IN   0.0  139536  22220  AliYunDun
   1361      1   7  ffff90f972366300  IN   0.0  139536  22220  AliYunDun
>  1362      1   5  ffff90f972365280  RU   0.0  139536  22220  AliYunDun
   1363      1   5  ffff90f97b76d280  IN   0.0  139536  22220  AliYunDun
   1401      1   3  ffff90f97638d280  IN   0.0  139536  22220  AliYunDun
   1402      1   1  ffff90f97638e300  IN   0.0  139536  22220  AliYunDun
   1403      1   7  ffff90f97638b180  IN   0.0  139536  22220  AliYunDun
   1404      1   7  ffff90f97b76b180  IN   0.0  139536  22220  AliYunDun
   1405      1   5  ffff90f97b76c200  IN   0.0  139536  22220  AliYunDun
   1406      1   5  ffff90f97b76e300  IN   0.0  139536  22220  AliYunDun
   1483      1   5  ffff90f970b45280  IN   0.0  112936   4344  sshd
   1570   1483   7  ffff90f90e386300  IN   0.0  157640   6308  sshd
   2036      1   1  ffff90f975791080  IN   0.0  802872  11300  aliyun-service
   2060   1570   1  ffff90f90c3f4200  IN   0.0  157640   2508  sshd
   2066   2060   1  ffff90f90cf8d280  IN   0.0  115548   2084  bash
   2963      1   5  ffff90f9767d3180  IN   0.0     328    264  postcated
   2973      1   2  ffff90f9767cb180  IN   0.0    5084   1672  devlinked
   2977      1   7  ffff90f9767d1080  IN   0.0     172     44  logrotated
   3923   2066   7  ffff90f9783be300  IN   0.0  241360   4640  sudo
   3924   3923   5  ffff90f975be0000  IN   0.0  191872   2360  su
   3925   3924   1  ffff90f90eb86300  IN   0.0  115680   2160  bash
   4507      1   1  ffff90f90c3f0000  IN   0.0   17816   2096  assist_daemon
   4508      1   7  ffff90f90c3f3180  IN   0.0   17816   2096  Timer thread
   4509      1   1  ffff90f90c3f6300  IN   0.0   17816   2096  assist_daemon
   4510      1   1  ffff90f90c3f1080  IN   0.0   17816   2096  Timer thread
   5820      1   7  ffff90f90eb83180  IN   0.0     328    208  postcated
   5824      1   4  ffff90f9767cc200  IN   0.0    5084   1672  devlinked
   5828      1   3  ffff90f975b83180  IN   0.0     172     40  logrotated
   9989      1   5  ffff90f90df95280  IN   0.0     328    204  postcated
   9993      1   6  ffff90f9767b4200  IN   0.0    5088   1676  devlinked
   9997      1   3  ffff90f967b7e300  IN   0.0     172     40  logrotated
  15502      1   2  ffff90f966f6b180  IN   0.0     328    208  postcated
  15528      1   4  ffff90f9533ee300  IN   0.0    5084   1668  devlinked
  15532      1   1  ffff90f9533e8000  IN   0.0     172     40  logrotated
  22388      1   3  ffff90f90f7c5280  IN   0.0     328    208  postcated
  22392      1   4  ffff90f975be3180  IN   0.0    5088   1676  devlinked
  22396      1   5  ffff90f977399080  IN   0.0     172     40  logrotated
  30647      1   5  ffff90f9767b6300  IN   0.0     328    208  postcated
  30651      1   6  ffff90f975b81080  IN   0.0    5092   1676  devlinked
  30655      1   5  ffff90f975b85280  IN   0.0     172     40  logrotated
  30779      1   3  ffff90f9757b8000  IN   0.0 2442608   3784  mountinfo
  30780      1   2  ffff90f975b86300  IN   0.0 2442608   3784  mountinfo
  30781      1   4  ffff90f975b82100  IN   0.0 2442608   3784  mountinfo
  30783      1   7  ffff90f975b84200  IN   0.0 2442608   3784  mountinfo
  30784      1   1  ffff90f90ebc1080  IN   0.0 2442608   3784  mountinfo
  30785      1   1  ffff90f8bb941080  IN   0.0 2442608   3784  mountinfo
> 31745      1   0  ffff90f90f7d3180  RU   0.0 2442608   3784  mountinfo
> 31746      1   2  ffff90f90f7d6300  RU   0.0 2442608   3784  mountinfo
> 31747      1   4  ffff90f90f7d0000  RU   0.0 2442608   3784  mountinfo
> 31748      1   6  ffff90f97b76a100  RU   0.0 2442608   3784  mountinfo

從輸出看出,mountinfo明顯是異常程式,是導致本次系統重啟的罪魁禍首

5、這裡再次bt 命令來看一下堆疊

crash> bt
PID: 1362   TASK: ffff90f972365280  CPU: 5   COMMAND: "AliYunDun"
 #0 [ffff90f9767a77a0] machine_kexec at ffffffff922662c4
 #1 [ffff90f9767a7800] __crash_kexec at ffffffff923227a2
 #2 [ffff90f9767a78d0] crash_kexec at ffffffff92322890
 #3 [ffff90f9767a78e8] oops_end at ffffffff9298c798
 #4 [ffff90f9767a7910] no_context at ffffffff92275d14
 #5 [ffff90f9767a7960] __bad_area_nosemaphore at ffffffff92275fe2
 #6 [ffff90f9767a79b0] bad_area_nosemaphore at ffffffff92276104
 #7 [ffff90f9767a79c0] __do_page_fault at ffffffff9298f750
 #8 [ffff90f9767a7a30] trace_do_page_fault at ffffffff9298fa26
 #9 [ffff90f9767a7a70] do_async_page_fault at ffffffff9298efa2
#10 [ffff90f9767a7a90] async_page_fault at ffffffff9298b7a8
#11 [ffff90f9767a7b98] kmem_cache_alloc_trace at ffffffff92428a0c
#12 [ffff90f9767a7c98] mntput at ffffffff92471d94
#13 [ffff90f9767a7d88] kvm_sched_clock_read at ffffffff9226d3be
#14 [ffff90f9767a7ec8] putname at ffffffff9245fd3d
#15 [ffff90f9767a7f50] system_call_fastpath at ffffffff92994f92
    RIP: 00007f84fd928315  RSP: 00007f84fb011af8  RFLAGS: 00000206
    RAX: 000000000000004e  RBX: 000000000244e010  RCX: ffffffffffffffff
    RDX: 0000000000008000  RSI: 000000000244e010  RDI: 0000000000000012
    RBP: 000000000244e010   R8: 0000000000000020   R9: 0000000000008030
    R10: 0000000000000076  R11: 0000000000000246  R12: ffffffffffffff30
    R13: 0000000000000000  R14: 000000000244dfe0  R15: 000000000000052a
    ORIG_RAX: 000000000000004e  CS: 0033  SS: 002b

我們看到系統崩潰前的最後一個呼叫是“#15 [ffff90f9767a7f50] system_call_fastpath at ffffffff92994f92”,現在用 dis 命令來看一下該地址的反彙編結果

6、dis 反編譯

crash> dis -l ffffffff92994f92
/usr/src/debug/kernel-3.10.0-1160.15.2.el7/linux-3.10.0-1160.15.2.el7.x86_64/arch/x86/kernel/entry_64.S: 511
0xffffffff92994f92 <system_call_fastpath+37>:   mov    %rax,0x50(%rsp)

7、檢視原始碼
從上面的反彙編結果中,我們看到問題出在entry_64.S: 第511行程式碼,翻開原始碼的相應位置,如下;

 492 system_call_fastpath:
 493 #if __SYSCALL_MASK == ~0
 494         cmpq $__NR_syscall_max+1,%rax
 495 #else
 496         andl $__SYSCALL_MASK,%eax
 497         cmpl $__NR_syscall_max+1,%eax
 498 #endif
 499         jae badsys
 500         ARRAY_INDEX_NOSPEC_SYSCALL clobber_reg=%rcx
 501         movq %r10,%rcx
 502 
 503 #ifdef CONFIG_RETPOLINE
 504         movq sys_call_table(, %rax, 8), %rax
 505         call __x86_indirect_thunk_rax
 506 #else
 507         call *sys_call_table(, %rax, 8)  # XXX:  rip relative
 508 #endif
 509 
 510         UNWIND_END_OF_STACK
 511         movq %rax,RAX(%rsp)
 512 /*

相關文章