freebsd stable - May 2018 - extract the process arguments from the crashdump

Hello,

On 14.05.2018 16:15, Konstantin Belousov wrote:
> On Mon, May 14, 2018 at 01:02:28PM +0500, Eugene M. Zheganin wrote:
>> Hello,
>>
>>
>> Is there any way to extract the process arguments from the system
>> crashdump ? If yes, could anyone please explain to me how do I do it.
> ps -M vmcore.file -N /boot/mykernel/kernel -auxww
Well, unfortunately this gives me exactly same information as the 
core.X.txt file contains - process names without arguments, and I really 
want to know what arguments ctladm had when the system has crashed:


[root at san1:esx/r332096M]# ps -M vmcore.4 -N /boot/kernel/kernel -auxww
USER         PID %CPU %MEM     VSZ   RSS TT  STAT STARTED             
TIME COMMAND
root           0  0,0  0,0       0     0  -  DLs   1???.70 2866:37,17 
[kernel]
root           1  0,0  0,0    5424    16  -  DLs   1???.70 0:03,95 [init]
root           2  0,0  0,0       0     0  -  DL    1???.70 0:00,00 [crypto]
root           3  0,0  0,0       0     0  -  DL    1???.70 0:00,00 
[crypto returns]
root           4  0,0  0,0       0     0  -  RL    1???.70 175:44,92 [cam]
root           5  0,0  0,0       0     0  -  DL    1???.70 0:00,07 [soaiod1]
root           6  0,0  0,0       0     0  -  DL    1???.70 0:00,07 [soaiod2]
root           7  0,0  0,0       0     0  -  DL    1???.70 0:00,07 [soaiod3]
root           8  0,0  0,0       0     0  -  DL    1???.70 0:00,07 [soaiod4]
root           9  0,0  0,0       0     0  -  DL    1???.70 181:27,20 
[zfskern]
root          10  0,0  0,0       0     0  -  DL    1???.70 0:00,00 [audit]
root          11  0,0  0,0       0     0  -  RL    1???.70 183810:56,57 
[idle]
root          12  0,0  0,0       0     0  -  WL    1???.70 131:37,76 [intr]
root          13  0,0  0,0       0     0  -  DL    1???.70 1:33,61 [geom]
root          14  0,0  0,0       0     0  -  DL    1???.70 0:36,74 [usb]
root          15  0,0  0,0       0     0  -  DL    1???.70 0:00,00 
[sctp_iterator]
root          16  0,0  0,0       0     0  -  DL    1???.70 1:38,61 [pf 
purge]
root          17  0,0  0,0       0     0  -  DL    1???.70 1:11,87 
[rand_harvestq]
root          18  0,0  0,0       0     0  -  DL    1???.70 0:00,37 
[enc_daemon0]
root          19  0,0  0,0       0     0  -  DL    1???.70 0:00,38 
[enc_daemon1]
root          20  0,0  0,0       0     0  -  DL    1???.70 0:05,20 
[enc_daemon2]
root          21  0,0  0,0       0     0  -  DL    1???.70 1:03,00 
[g_mirror swap]
root          22  0,0  0,0       0     0  -  DL    1???.70 10:19,64 
[pagedaemon]
root          23  0,0  0,0       0     0  -  DL    1???.70 0:18,40 
[vmdaemon]
root          24  0,0  0,0       0     0  -  DL    1???.70 0:00,01 
[pagezero]
root          25  0,0  0,0       0     0  -  DL    1???.70 0:01,71 
[bufdaemon]
root          26  0,0  0,0       0     0  -  DL    1???.70 0:01,95 
[bufspacedaemon]
root          27  0,0  0,0       0     0  -  DL    1???.70 2:20,07 [syncer]
root          28  0,0  0,0       0     0  -  DL    1???.70 0:03,19 [vnlru]
root         114  0,0  0,0    6288     0  -  DWs  - 0:00,00 [adjkerntz]
root         593  0,0  0,0    6600  1860  -  Ds    1???.70 0:00,00 [moused]
root         606  0,0  0,0    9180   620  -  Ds    1???.70 0:07,76 [devd]
root         701  0,0  0,0    6420  1928  -  Ds    1???.70 0:26,92 [syslogd]
root         784  0,0  0,0    3564  3612  -  Ds    1???.70 0:01,46 
[watchdogd]
root         866  0,0  0,0       0     0  -  DL    1???.70 42:20,99 [ctl]
root         868  0,0  0,0  224200  2248  -  Ds    1???.70 20:03,85 [ctld]
zabbix       894  0,0  0,0   12424     0  -  DW   - 0:00,00 [zabbix_agentd]
zabbix       898  0,0  0,0   12424  4504  -  D     1???.70 1:02,34 
[zabbix_agentd]
zabbix       901  0,0  0,0   12424     0  -  DW   - 0:00,00 [zabbix_agentd]
zabbix       905  0,0  0,0   12424  1580  -  D     1???.70 3:03,14 
[zabbix_agentd]
zabbix       907  0,0  0,0   12424  1376  -  D     1???.70 3:05,45 
[zabbix_agentd]
root         949  0,0  0,0   12452 12532  -  Ds    1???.70 0:19,90 [ntpd]
root         968  0,0  0,0 1063848     0  -  DWs  - 0:00,00 [nginx]
root         978  0,0  0,0       0     0  -  DL    1???.70 0:00,00 
[ng_queue]
root        1069  0,0  0,0   12848  3780  -  Ds    1???.70 0:06,33 [sshd]
root        1151  0,0  0,0   10452  4304  -  Ds    1???.70 0:09,25 
[sendmail]
smmsp       1154  0,0  0,0   10452     0  -  DWs  - 0:00,00 [sendmail]
root        1158  0,0  0,0    6464     0  -  DWs  - 0:00,00 [cron]
root        1197  0,0  0,0   10060  5268  -  Ds    1???.70 4:51,59 [bsnmpd]
root        1200  0,0  0,0    6600  2112  -  Ds    1???.70 0:04,13 
[blacklistd]
root        1210  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1211  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1212  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1213  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1214  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1215  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1216  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1217  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,00 [getty]
root        1218  0,0  0,0    6408  1844  -  Ds+   1???.70 0:00,05 [getty]
www        12970  0,0  0,0 1065896     0  -  D     1???.70 0:02,46 [nginx]
www        12971  0,0  0,0 1065896     0  -  D     1???.70 0:03,65 [nginx]
www        12972  0,0  0,0 1065896     0  -  D     1???.70 0:03,91 [nginx]
www        12973  0,0  0,0 1065896     0  -  D     1???.70 0:04,00 [nginx]
www        12974  0,0  0,0 1065896     0  -  D     1???.70 0:03,83 [nginx]
www        12975  0,0  0,0 1065896     0  -  D     1???.70 0:04,07 [nginx]
www        12976  0,0  0,0 1065896     0  -  D     1???.70 0:04,34 [nginx]
www        12977  0,0  0,0 1065896     0  -  D     1???.70 0:03,66 [nginx]
www        12978  0,0  0,0 1065896     0  -  D     1???.70 0:04,58 [nginx]
www        12979  0,0  0,0 1065896     0  -  D     1???.70 0:04,01 [nginx]
www        12980  0,0  0,0 1065896     0  -  D     1???.70 0:08,88 [nginx]
www        12981  0,0  0,0 1065896     0  -  D     1???.70 0:05,21 [nginx]
www        12982  0,0  0,0 1065896     0  -  D     1???.70 0:04,04 [nginx]
www        12983  0,0  0,0 1065896     0  -  D     1???.70 0:05,11 [nginx]
www        12984  0,0  0,0 1065896   720  -  D     1???.70 0:07,72 [nginx]
www        12985  0,0  0,0 1065896  1388  -  D     1???.70 0:09,17 [nginx]
www        12986  0,0  0,0 1063848   736  -  D     1???.70 0:03,16 [nginx]
root       32835  0,0  0,0   13160  4300  -  Ds    1???.70 0:00,02 [sshd]
vavy       32884  0,0  0,0   13160  4300  -  D     1???.70 0:00,11 [sshd]
vavy       32885  0,0  0,0    8140     0  -  DWs  - 0:00,00 [zsh]
root       32929  0,0  0,0    6944     0  -  DW   - 0:00,00 [su]
root       32948  0,0  0,0    7412     0  -  DW   - 0:00,00 [csh]
root       32964  0,0  0,0    7064     0  -  DW+  - 0:00,00 [sh]
root       32965  0,0  0,0   19120  4412  -  D+    1???.70 0:00,88 [mc]
root       32966  0,0  0,0    7412   968  -  Ds+   1???.70 0:00,11 [csh]
root       48747  0,0  0,0    7496  2576  -  D     1???.70 0:00,01 [sudo]
root       48750  0,0  0,0    7496  2576  -  D     1???.70 0:00,01 [sudo]
root       48757  0,0  0,0    7780  2684  -  D     1???.70 0:00,00 [zfs]
root       48758  0,0  0,0    7780  2684  -  D     1???.70 0:00,00 [zfs]
root       48759  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48762  0,0  0,0    7780  2684  -  D     1???.70 0:00,00 [zfs]
root       48765  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48766  0,0  0,0    7780  2908  -  D     1???.70 0:00,00 [zfs]
root       48769  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48770  0,0  0,0    7780  3172  -  D     1???.70 0:00,00 [zfs]
root       48771  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48772  0,0  0,0    7780  2984  -  D     1???.70 0:00,00 [zfs]
root       48785  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48786  0,0  0,0    6828  2000  -  R     1???.70 0:00,00 [ctladm]
root       48787  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48788  0,0  0,0    6828  2000  -  D     1???.70 0:00,00 [ctladm]
root       48789  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48790  0,0  0,0    6828  2000  -  R     1???.70 0:00,00 [ctladm]
root       48791  0,0  0,0    7496  2576  -  D     1???.70 0:00,00 [sudo]
root       48792  0,0  0,0    6828  2036  -  D     1???.70 0:00,00 [ctladm]
root       48796  0,0  0,0    7496  3236  -  D     1???.70 0:00,00 [sudo]
root       48797  0,0  0,0    7780  3204  -  D     1???.70 0:00,00 [zfs]
zfsreplica 67980  0,0  0,0   23036  4900  -  D     1???.70 0:03,41 [uwsgi]
zfsreplica 67981  0,0  0,0   25432     0  -  DWN  - 0:00,00 [uwsgi]
zfsreplica 67982  0,0  0,0   25640     0  -  D     1???.70 0:00,67 [uwsgi]
zfsreplica 67983  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67984  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67985  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67986  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67987  0,0  0,0   25640  2768  -  D     1???.70 0:02,10 [uwsgi]
zfsreplica 67988  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67989  0,0  0,0   25640     0  -  D     1???.70 0:01,57 [uwsgi]
zfsreplica 67990  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67991  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67992  0,0  0,0   25640     0  -  D     1???.70 0:01,48 [uwsgi]
zfsreplica 67993  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67994  0,0  0,0   25640     0  -  D     1???.70 0:01,61 [uwsgi]
zfsreplica 67995  0,0  0,0   25640     0  -  D     1???.70 0:03,69 [uwsgi]
zfsreplica 67996  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]
zfsreplica 67997  0,0  0,0   25640     0  -  DW   - 0:00,00 [uwsgi]


Thanks.

Eugene.

On Mon, May 14, 2018 at 05:32:21PM +0500, Eugene M. Zheganin
wrote:
> Hello,
> 
> On 14.05.2018 16:15, Konstantin Belousov wrote:
> > On Mon, May 14, 2018 at 01:02:28PM +0500, Eugene M. Zheganin wrote:
> >> Hello,
> >>
> >>
> >> Is there any way to extract the process arguments from the system
> >> crashdump ? If yes, could anyone please explain to me how do I do
it.
> > ps -M vmcore.file -N /boot/mykernel/kernel -auxww
> 
> Well, unfortunately this gives me exactly same information as the 
> core.X.txt file contains - process names without arguments, and I really 
> want to know what arguments ctladm had when the system has crashed:
Most likely the in-kernel cache for the process arguments was dropped.