# 使用 Crash utility 工具进行调试 Crash utility 是一个开源工具,用于使用基于 gdb 的命令行界面通过 RAM dump 来调试内核。 ## 前提条件 - `kaslr_offset` 和 `kimage_voffset` 值 默认情况下,Qualcomm Linux 编译版本已启用内核地址空间布局随机化 (KASLR) 功能。为了使 Crash utility 在启用 KASLR 的内核上工作,您需要 `kaslr_offset` 和 `kimage_voffset` 参数的值,您可以从 `dmesg_TZ.txt` RAMparser 输出文件中提取这些值。 以下是 RAMparser 输出文件 `dmesg_TZ.txt` 的摘录示例,其中提供了 `kaslr_offset` 和 `kimage_voffset` 值。 The kaslr\_offset extracted is: 0x340c3d320000 ... The kimage\_voffset extracted is: ffffb40bbf600000 - 内核二进制文件 (`DDRCS*.BIN`) 的基址 当您使用 PCAT 采集 RAM dump 时,它还会采集 `dump_info.txt` 和 `load.cmm` 文件。这些文件包含内核二进制文件 (`DDRCS*.BIN`) 的基址。 ## 在 Linux 主机上下载和编译 Crash utility 要下载和编译 Crash utility,可运行以下命令: git clone https://github.com/crash-utility/crash Copy to clipboard make target=ARM64 Copy to clipboard make extensions=ARM64 Copy to clipboard 关于更多信息,请参阅 [crash/README at master · crash-utility/crash· GitHub](https://github.com/crash-utility/crash/blob/master/README)。 ## 运行 Crash utility 下面是在 Ubuntu 主机上运行 Crash utility 的示例命令: ./crash /vmlinux /DDRCS0_0.BIN@0x80000000,/DDRCS1_0.BIN@0x100000000,/DDRCS1_1.BIN@0x180000000 -m vabits_actual=48 -m max_physmem_bits=48 -m kimage_voffset=0xffffb40bbf600000 --kaslr=0x340c3d320000 Copy to clipboard - 将 `` 替换为 vmlinux RAM dump 路径。 - 从 `dmesg_TZ.txt` RAMparser 输出文件中提取 `kimage_voffset` 和 `kaslr`。 - 从使用 PCAT 收集的 RAM dump 中可用的 `dump_info.txt` 文件中提取 DDR 偏移量,例如 `0x80000000`。 示例输出: crash 8.0.4 Copyright (C) 2002-2022 Red Hat, Inc. Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation Copyright (C) 1999-2006 Hewlett-Packard Co Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited Copyright (C) 2006, 2007 VA Linux Systems Japan K.K. Copyright (C) 2005, 2011, 2020-2022 NEC Corporation Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc. Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. Copyright (C) 2015, 2021 VMware, Inc. This program is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Enter "help copying" to see the conditions. This program has absolutely no warranty. Enter "help warranty" for details. NOTE: setting vabits_actual to: 48 NOTE: setting max_physmem_bits to: 48 GNU gdb (GDB) 10.2 Copyright (C) 2021 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "--host=x86_64-pc-linux-gnu --target=aarch64-elf-linux". Type "show configuration" for configuration details. Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... WARNING: cpu 0: cannot find NT_PRSTATUS note WARNING: cpu 1: cannot find NT_PRSTATUS note WARNING: cpu 2: cannot find NT_PRSTATUS note WARNING: cpu 3: cannot find NT_PRSTATUS note WARNING: cpu 4: cannot find NT_PRSTATUS note WARNING: cpu 5: cannot find NT_PRSTATUS note WARNING: cpu 6: cannot find NT_PRSTATUS note WARNING: cpu 7: cannot find NT_PRSTATUS note KERNEL: /test/vmlinux [TAINTED] DUMPFILES: /var/tmp/ramdump_elf_PBaLfj [temporary ELF header] /test/DDRCS0_0.BIN /test/DDRCS1_0.BIN /test/DDRCS1_1.BIN CPUS: 8 [OFFLINE: 7] DATE: Sun Jan 6 05:30:34 +0530 1980 UPTIME: 00:00:48 LOAD AVERAGE: 1.60, 0.51, 0.18 TASKS: 532 RELEASE: 6.6.17-debug VERSION: #1 SMP PREEMPT Mon Mar 25 04:52:52 UTC 2024 MACHINE: aarch64 (unknown Mhz) MEMORY: 5.5 GB PANIC: "Kernel panic - not syncing: sysrq triggered crash" PID: 1419 COMMAND: "sh" TASK: ffff1756f61ea000 [THREAD_INFO: ffff1756f61ea000] CPU: 0 STATE: TASK_RUNNING (PANIC) Copy to clipboard crash> man Copy to clipboard * files mod sbitmapq union alias foreach mount search vm ascii fuser net set vtop bpf gdb p sig waitq bt help ps struct whatis btop ipcs pte swap wr dev irq ptob sym q dis kmem ptov sys eval list rd task exit log repeat timer extend mach runq tree crash version: 8.0.4 gdb version: 10.2 For help on any command above, enter "help ". For help on input options, enter "help input". For help on output options, enter "help output". Copy to clipboard crash> log Copy to clipboard [ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x412fd050] [ 0.000000] Linux version 6.6.17-debug (oe-user@oe-host) (aarch64-qcom-linux-gcc (GCC) 11.4.0, GNU ld (GNU Binutils) 2.38.20220708) #1 SMP PREEMPT Mon Mar 25 04:52:52 UTC 2024 [ 0.000000] KASLR enabled [ 0.000000] Machine model: Qualcomm Technologies, Inc. Robotics RB3gen2 addons vision mezz platform [ 0.000000] efi: EFI v2.7 by Qualcomm Technologies, Inc. [ 0.000000] efi: MEMATTR=0x9ccf6018 INITRD=0x9cceaf18 RNG=0x9cce3018 MEMRESERVE=0x9ccea818 [ 0.000000] random: crng init done [ 0.000000] Reserved memory: created CMA memory pool at 0x00000000fd000000, size 12 MiB [ 0.000000] OF: reserved mem: initialized node adsp-heap, compatible id shared-dma-pool Copy to clipboard crash> p memdump Copy to clipboard memdump = $1 = { table_phys = 4110417920, table = 0xffff80008087d000 } Copy to clipboard 关于 Crash utility 的更多信息,请参阅以下内容: - [Crash utility](https://crash-utility.github.io/) - [Crash-Linux manual page](https://man7.org/linux/man-pages/man8/crash.8.html) Last Published: Jan 20, 2026 [Previous Topic 使用 QCAP 解析 RAM dump](https://docs.qualcomm.com/bundle/publicresource/80-70023-12SC/topics/parse_ram_dumps_using_qcap.md) [Next Topic 使用 OpenOCD 进行调试](https://docs.qualcomm.com/bundle/publicresource/80-70023-12SC/topics/debug_using_openocd.md)