Konstantin Belousov
2018-May-14 11:15 UTC
extract the process arguments from the crashdump
On Mon, May 14, 2018 at 01:02:28PM +0500, Eugene M. Zheganin wrote:> Hello, > > > Is there any way to extract the process arguments from the system > crashdump ? If yes, could anyone please explain to me how do I do it.ps -M vmcore.file -N /boot/mykernel/kernel -auxww
Hello, On 14.05.2018 16:15, Konstantin Belousov wrote:> On Mon, May 14, 2018 at 01:02:28PM +0500, Eugene M. Zheganin wrote: >> Hello, >> >> >> Is there any way to extract the process arguments from the system >> crashdump ? If yes, could anyone please explain to me how do I do it. > ps -M vmcore.file -N /boot/mykernel/kernel -auxwwWell, unfortunately this gives me exactly same information as the core.X.txt file contains - process names without arguments, and I really want to know what arguments ctladm had when the system has crashed: [root at san1:esx/r332096M]# ps -M vmcore.4 -N /boot/kernel/kernel -auxww USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 0 0,0 0,0 0 0 - DLs 1???.70 2866:37,17 [kernel] root 1 0,0 0,0 5424 16 - DLs 1???.70 0:03,95 [init] root 2 0,0 0,0 0 0 - DL 1???.70 0:00,00 [crypto] root 3 0,0 0,0 0 0 - DL 1???.70 0:00,00 [crypto returns] root 4 0,0 0,0 0 0 - RL 1???.70 175:44,92 [cam] root 5 0,0 0,0 0 0 - DL 1???.70 0:00,07 [soaiod1] root 6 0,0 0,0 0 0 - DL 1???.70 0:00,07 [soaiod2] root 7 0,0 0,0 0 0 - DL 1???.70 0:00,07 [soaiod3] root 8 0,0 0,0 0 0 - DL 1???.70 0:00,07 [soaiod4] root 9 0,0 0,0 0 0 - DL 1???.70 181:27,20 [zfskern] root 10 0,0 0,0 0 0 - DL 1???.70 0:00,00 [audit] root 11 0,0 0,0 0 0 - RL 1???.70 183810:56,57 [idle] root 12 0,0 0,0 0 0 - WL 1???.70 131:37,76 [intr] root 13 0,0 0,0 0 0 - DL 1???.70 1:33,61 [geom] root 14 0,0 0,0 0 0 - DL 1???.70 0:36,74 [usb] root 15 0,0 0,0 0 0 - DL 1???.70 0:00,00 [sctp_iterator] root 16 0,0 0,0 0 0 - DL 1???.70 1:38,61 [pf purge] root 17 0,0 0,0 0 0 - DL 1???.70 1:11,87 [rand_harvestq] root 18 0,0 0,0 0 0 - DL 1???.70 0:00,37 [enc_daemon0] root 19 0,0 0,0 0 0 - DL 1???.70 0:00,38 [enc_daemon1] root 20 0,0 0,0 0 0 - DL 1???.70 0:05,20 [enc_daemon2] root 21 0,0 0,0 0 0 - DL 1???.70 1:03,00 [g_mirror swap] root 22 0,0 0,0 0 0 - DL 1???.70 10:19,64 [pagedaemon] root 23 0,0 0,0 0 0 - DL 1???.70 0:18,40 [vmdaemon] root 24 0,0 0,0 0 0 - DL 1???.70 0:00,01 [pagezero] root 25 0,0 0,0 0 0 - DL 1???.70 0:01,71 [bufdaemon] root 26 0,0 0,0 0 0 - DL 1???.70 0:01,95 [bufspacedaemon] root 27 0,0 0,0 0 0 - DL 1???.70 2:20,07 [syncer] root 28 0,0 0,0 0 0 - DL 1???.70 0:03,19 [vnlru] root 114 0,0 0,0 6288 0 - DWs - 0:00,00 [adjkerntz] root 593 0,0 0,0 6600 1860 - Ds 1???.70 0:00,00 [moused] root 606 0,0 0,0 9180 620 - Ds 1???.70 0:07,76 [devd] root 701 0,0 0,0 6420 1928 - Ds 1???.70 0:26,92 [syslogd] root 784 0,0 0,0 3564 3612 - Ds 1???.70 0:01,46 [watchdogd] root 866 0,0 0,0 0 0 - DL 1???.70 42:20,99 [ctl] root 868 0,0 0,0 224200 2248 - Ds 1???.70 20:03,85 [ctld] zabbix 894 0,0 0,0 12424 0 - DW - 0:00,00 [zabbix_agentd] zabbix 898 0,0 0,0 12424 4504 - D 1???.70 1:02,34 [zabbix_agentd] zabbix 901 0,0 0,0 12424 0 - DW - 0:00,00 [zabbix_agentd] zabbix 905 0,0 0,0 12424 1580 - D 1???.70 3:03,14 [zabbix_agentd] zabbix 907 0,0 0,0 12424 1376 - D 1???.70 3:05,45 [zabbix_agentd] root 949 0,0 0,0 12452 12532 - Ds 1???.70 0:19,90 [ntpd] root 968 0,0 0,0 1063848 0 - DWs - 0:00,00 [nginx] root 978 0,0 0,0 0 0 - DL 1???.70 0:00,00 [ng_queue] root 1069 0,0 0,0 12848 3780 - Ds 1???.70 0:06,33 [sshd] root 1151 0,0 0,0 10452 4304 - Ds 1???.70 0:09,25 [sendmail] smmsp 1154 0,0 0,0 10452 0 - DWs - 0:00,00 [sendmail] root 1158 0,0 0,0 6464 0 - DWs - 0:00,00 [cron] root 1197 0,0 0,0 10060 5268 - Ds 1???.70 4:51,59 [bsnmpd] root 1200 0,0 0,0 6600 2112 - Ds 1???.70 0:04,13 [blacklistd] root 1210 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1211 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1212 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1213 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1214 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1215 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1216 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1217 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,00 [getty] root 1218 0,0 0,0 6408 1844 - Ds+ 1???.70 0:00,05 [getty] www 12970 0,0 0,0 1065896 0 - D 1???.70 0:02,46 [nginx] www 12971 0,0 0,0 1065896 0 - D 1???.70 0:03,65 [nginx] www 12972 0,0 0,0 1065896 0 - D 1???.70 0:03,91 [nginx] www 12973 0,0 0,0 1065896 0 - D 1???.70 0:04,00 [nginx] www 12974 0,0 0,0 1065896 0 - D 1???.70 0:03,83 [nginx] www 12975 0,0 0,0 1065896 0 - D 1???.70 0:04,07 [nginx] www 12976 0,0 0,0 1065896 0 - D 1???.70 0:04,34 [nginx] www 12977 0,0 0,0 1065896 0 - D 1???.70 0:03,66 [nginx] www 12978 0,0 0,0 1065896 0 - D 1???.70 0:04,58 [nginx] www 12979 0,0 0,0 1065896 0 - D 1???.70 0:04,01 [nginx] www 12980 0,0 0,0 1065896 0 - D 1???.70 0:08,88 [nginx] www 12981 0,0 0,0 1065896 0 - D 1???.70 0:05,21 [nginx] www 12982 0,0 0,0 1065896 0 - D 1???.70 0:04,04 [nginx] www 12983 0,0 0,0 1065896 0 - D 1???.70 0:05,11 [nginx] www 12984 0,0 0,0 1065896 720 - D 1???.70 0:07,72 [nginx] www 12985 0,0 0,0 1065896 1388 - D 1???.70 0:09,17 [nginx] www 12986 0,0 0,0 1063848 736 - D 1???.70 0:03,16 [nginx] root 32835 0,0 0,0 13160 4300 - Ds 1???.70 0:00,02 [sshd] vavy 32884 0,0 0,0 13160 4300 - D 1???.70 0:00,11 [sshd] vavy 32885 0,0 0,0 8140 0 - DWs - 0:00,00 [zsh] root 32929 0,0 0,0 6944 0 - DW - 0:00,00 [su] root 32948 0,0 0,0 7412 0 - DW - 0:00,00 [csh] root 32964 0,0 0,0 7064 0 - DW+ - 0:00,00 [sh] root 32965 0,0 0,0 19120 4412 - D+ 1???.70 0:00,88 [mc] root 32966 0,0 0,0 7412 968 - Ds+ 1???.70 0:00,11 [csh] root 48747 0,0 0,0 7496 2576 - D 1???.70 0:00,01 [sudo] root 48750 0,0 0,0 7496 2576 - D 1???.70 0:00,01 [sudo] root 48757 0,0 0,0 7780 2684 - D 1???.70 0:00,00 [zfs] root 48758 0,0 0,0 7780 2684 - D 1???.70 0:00,00 [zfs] root 48759 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48762 0,0 0,0 7780 2684 - D 1???.70 0:00,00 [zfs] root 48765 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48766 0,0 0,0 7780 2908 - D 1???.70 0:00,00 [zfs] root 48769 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48770 0,0 0,0 7780 3172 - D 1???.70 0:00,00 [zfs] root 48771 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48772 0,0 0,0 7780 2984 - D 1???.70 0:00,00 [zfs] root 48785 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48786 0,0 0,0 6828 2000 - R 1???.70 0:00,00 [ctladm] root 48787 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48788 0,0 0,0 6828 2000 - D 1???.70 0:00,00 [ctladm] root 48789 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48790 0,0 0,0 6828 2000 - R 1???.70 0:00,00 [ctladm] root 48791 0,0 0,0 7496 2576 - D 1???.70 0:00,00 [sudo] root 48792 0,0 0,0 6828 2036 - D 1???.70 0:00,00 [ctladm] root 48796 0,0 0,0 7496 3236 - D 1???.70 0:00,00 [sudo] root 48797 0,0 0,0 7780 3204 - D 1???.70 0:00,00 [zfs] zfsreplica 67980 0,0 0,0 23036 4900 - D 1???.70 0:03,41 [uwsgi] zfsreplica 67981 0,0 0,0 25432 0 - DWN - 0:00,00 [uwsgi] zfsreplica 67982 0,0 0,0 25640 0 - D 1???.70 0:00,67 [uwsgi] zfsreplica 67983 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67984 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67985 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67986 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67987 0,0 0,0 25640 2768 - D 1???.70 0:02,10 [uwsgi] zfsreplica 67988 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67989 0,0 0,0 25640 0 - D 1???.70 0:01,57 [uwsgi] zfsreplica 67990 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67991 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67992 0,0 0,0 25640 0 - D 1???.70 0:01,48 [uwsgi] zfsreplica 67993 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67994 0,0 0,0 25640 0 - D 1???.70 0:01,61 [uwsgi] zfsreplica 67995 0,0 0,0 25640 0 - D 1???.70 0:03,69 [uwsgi] zfsreplica 67996 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] zfsreplica 67997 0,0 0,0 25640 0 - DW - 0:00,00 [uwsgi] Thanks. Eugene.
Hello, On 14.05.2018 16:15, Konstantin Belousov wrote:> On Mon, May 14, 2018 at 01:02:28PM +0500, Eugene M. Zheganin wrote: >> Hello, >> >> >> Is there any way to extract the process arguments from the system >> crashdump ? If yes, could anyone please explain to me how do I do it. > ps -M vmcore.file -N /boot/mykernel/kernel -auxwwEven if I ask ps explicitely to give me args, for some reason it ignores the format and 'args' keyword seems to be an alias for 'comm', but with square brackets: [root at san1:esx/r332096M]# ps -M vmcore.4 -N /boot/kernel/kernel -axo 'pid,ppid,comm,args' PID PPID COMMAND COMMAND 0 0 kernel [kernel] 1 0 init [init] 2 0 crypto [crypto] 3 0 crypto returns [crypto returns] 4 0 cam [cam] 5 0 soaiod1 [soaiod1] 6 0 soaiod2 [soaiod2] 7 0 soaiod3 [soaiod3] 8 0 soaiod4 [soaiod4] 9 0 zfskern [zfskern] 10 0 audit [audit] 11 0 idle [idle] 12 0 intr [intr] 13 0 geom [geom] 14 0 usb [usb] 15 0 sctp_iterator [sctp_iterator] 16 0 pf purge [pf purge] 17 0 rand_harvestq [rand_harvestq] 18 0 enc_daemon0 [enc_daemon0] 19 0 enc_daemon1 [enc_daemon1] 20 0 enc_daemon2 [enc_daemon2] 21 0 g_mirror swap [g_mirror swap] 22 0 pagedaemon [pagedaemon] 23 0 vmdaemon [vmdaemon] 24 0 pagezero [pagezero] 25 0 bufdaemon [bufdaemon] 26 0 bufspacedaemon [bufspacedaemon] 27 0 syncer [syncer] 28 0 vnlru [vnlru] 114 1 adjkerntz [adjkerntz] 593 1 moused [moused] 606 1 devd [devd] 701 1 syslogd [syslogd] 784 1 watchdogd [watchdogd] 866 0 ctl [ctl] 868 1 ctld [ctld] 894 1 zabbix_agentd [zabbix_agentd] 898 894 zabbix_agentd [zabbix_agentd] 901 894 zabbix_agentd [zabbix_agentd] 905 894 zabbix_agentd [zabbix_agentd] 907 894 zabbix_agentd [zabbix_agentd] 949 1 ntpd [ntpd] 968 1 nginx [nginx] 978 0 ng_queue [ng_queue] 1069 1 sshd [sshd] 1151 1 sendmail [sendmail] 1154 1 sendmail [sendmail] 1158 1 cron [cron] 1197 1 bsnmpd [bsnmpd] 1200 1 blacklistd [blacklistd] 1210 1 getty [getty] 1211 1 getty [getty] 1212 1 getty [getty] 1213 1 getty [getty] 1214 1 getty [getty] 1215 1 getty [getty] 1216 1 getty [getty] 1217 1 getty [getty] 1218 1 getty [getty] 12970 968 nginx [nginx] 12971 968 nginx [nginx] 12972 968 nginx [nginx] 12973 968 nginx [nginx] 12974 968 nginx [nginx] 12975 968 nginx [nginx] 12976 968 nginx [nginx] 12977 968 nginx [nginx] 12978 968 nginx [nginx] 12979 968 nginx [nginx] 12980 968 nginx [nginx] 12981 968 nginx [nginx] 12982 968 nginx [nginx] 12983 968 nginx [nginx] 12984 968 nginx [nginx] 12985 968 nginx [nginx] 12986 968 nginx [nginx] 32835 1069 sshd [sshd] 32884 32835 sshd [sshd] 32885 32884 zsh [zsh] 32929 32885 su [su] 32948 32929 csh [csh] 32964 32948 sh [sh] 32965 32964 mc [mc] 32966 32965 csh [csh] 48747 67993 sudo [sudo] 48750 67988 sudo [sudo] 48757 48750 zfs [zfs] 48758 48747 zfs [zfs] 48759 67990 sudo [sudo] 48762 48759 zfs [zfs] 48765 67997 sudo [sudo] 48766 48765 zfs [zfs] 48769 67984 sudo [sudo] 48770 48769 zfs [zfs] 48771 67996 sudo [sudo] 48772 48771 zfs [zfs] 48785 67991 sudo [sudo] 48786 48785 ctladm [ctladm] 48787 67983 sudo [sudo] 48788 48787 ctladm [ctladm] 48789 67986 sudo [sudo] 48790 48789 ctladm [ctladm] 48791 67985 sudo [sudo] 48792 48791 ctladm [ctladm] 48796 67987 sudo [sudo] 48797 48796 zfs [zfs] 67980 1 uwsgi [uwsgi] 67981 67980 uwsgi [uwsgi] 67982 67980 uwsgi [uwsgi] 67983 67980 uwsgi [uwsgi] 67984 67980 uwsgi [uwsgi] 67985 67980 uwsgi [uwsgi] 67986 67980 uwsgi [uwsgi] 67987 67980 uwsgi [uwsgi] 67988 67980 uwsgi [uwsgi] 67989 67980 uwsgi [uwsgi] 67990 67980 uwsgi [uwsgi] 67991 67980 uwsgi [uwsgi] 67992 67980 uwsgi [uwsgi] 67993 67980 uwsgi [uwsgi] 67994 67980 uwsgi [uwsgi] 67995 67980 uwsgi [uwsgi] 67996 67980 uwsgi [uwsgi] 67997 67980 uwsgi [uwsgi] Thanks. Eugene.