crash

Setup Crash env

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# yum install -y crash kernel-debuginfo kernel-debuginfo-common kernel-debug-debuginfo
# crash /usr/lib/debug/lib/modules/3.10.0-121.el7.x86_64/vmlinux vmcore

crash 7.0.2-6.el7
Copyright (C) 2002-2013  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.

GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu"...

      KERNEL: /usr/lib/debug/lib/modules/3.10.0-121.el7.x86_64/vmlinux
    DUMPFILE: vmcore  [PARTIAL DUMP]
        CPUS: 2
        DATE: Sun Apr 20 22:06:35 2014
      UPTIME: 00:12:06
LOAD AVERAGE: 0.20, 0.28, 0.19
       TASKS: 129
    NODENAME: hp-dl380pgen8-02-vm-7.lab.bos.xxx.com
     RELEASE: 3.10.0-121.el7.x86_64
     VERSION: #1 SMP Tue Apr 8 10:48:19 EDT 2014
     MACHINE: x86_64  (2892 Mhz)
      MEMORY: 4 GB
       PANIC: "Oops: 0003 [#1] SMP " (check log for details)
         PID: 0
     COMMAND: "swapper/1"
        TASK: ffff880119b42220  (1 of 2)  [THREAD_INFO: ffff880119b4c000]
         CPU: 1
       STATE: TASK_RUNNING (PANIC)

crash> bt
PID: 0      TASK: ffff880119b42220  CPU: 1   COMMAND: "swapper/1"
 #0 [ffff88011fd03960] machine_kexec at ffffffff81041181
 #1 [ffff88011fd039b8] crash_kexec at ffffffff810cf0e2
 #2 [ffff88011fd03a88] oops_end at ffffffff815f4c48
 #3 [ffff88011fd03ab0] no_context at ffffffff815e5663
 #4 [ffff88011fd03b00] __bad_area_nosemaphore at ffffffff815e56f9
 #5 [ffff88011fd03b48] bad_area_nosemaphore at ffffffff815e5863
 #6 [ffff88011fd03b58] __do_page_fault at ffffffff815f7a6e
 #7 [ffff88011fd03c58] do_page_fault at ffffffff815f7c8a
 #8 [ffff88011fd03c80] page_fault at ffffffff815f3ec8
    [exception RIP: nf_nat_cleanup_conntrack+64]
    RIP: ffffffffa0539200  RSP: ffff88011fd03d38  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff8800da1b1ba8  RCX: ffffffff819b1790
    RDX: ffff8800bdef3a80  RSI: 0000000000000011  RDI: ffffffffa053c498
    RBP: ffff88011fd03d40   R8: 0000000000006aa4   R9: ffff880119b64000
    R10: 0000000000000002  R11: 0000000000000005  R12: ffff8800da1b1b00
    R13: ffff8800d8d83ea0  R14: ffffffffa03e0160  R15: ffff8800d8d83ea0
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff88011fd03d48] __nf_ct_ext_destroy at ffffffffa03e7db4 [nf_conntrack]
#10 [ffff88011fd03d70] nf_conntrack_free at ffffffffa03df2d5 [nf_conntrack]
#11 [ffff88011fd03d90] destroy_conntrack at ffffffffa03e083d [nf_conntrack]
#12 [ffff88011fd03db0] nf_conntrack_destroy at ffffffff8150a9a7
#13 [ffff88011fd03dc0] nf_ct_delete at ffffffffa03e007a [nf_conntrack]
#14 [ffff88011fd03e20] death_by_timeout at ffffffffa03e0172 [nf_conntrack]
#15 [ffff88011fd03e30] call_timer_fn at ffffffff8106d236
#16 [ffff88011fd03e68] run_timer_softirq at ffffffff8106f2ff
#17 [ffff88011fd03ee0] __do_softirq at ffffffff81067047
#18 [ffff88011fd03f50] call_softirq at ffffffff815fe15c
#19 [ffff88011fd03f68] do_softirq at ffffffff81014d25
#20 [ffff88011fd03f80] irq_exit at ffffffff810673e5
#21 [ffff88011fd03f98] smp_apic_timer_interrupt at ffffffff815feb35
#22 [ffff88011fd03fb0] apic_timer_interrupt at ffffffff815fd49d
--- <IRQ stack> ---
#23 [ffff880119b4dde8] apic_timer_interrupt at ffffffff815fd49d
    [exception RIP: native_safe_halt+6]
    RIP: ffffffff81046346  RSP: ffff880119b4de98  RFLAGS: 00000286
    RAX: 00000000ffffffed  RBX: ffff880119b4de20  RCX: 0100000000000000
    RDX: 0000000000000000  RSI: 0000000000000000  RDI: 0000000000000046
    RBP: ffff880119b4de98   R8: 0000000000000000   R9: 0000000000000000
    R10: 0000000000000000  R11: 0000000000000001  R12: 0000000000000001
    R13: 0000000100068181  R14: 000000a91f15dec0  R15: ffff88011fd0e9e0
    ORIG_RAX: ffffffffffffff10  CS: 0010  SS: 0018
#24 [ffff880119b4dea0] default_idle at ffffffff8101b39f
#25 [ffff880119b4dec0] arch_cpu_idle at ffffffff8101bc96
#26 [ffff880119b4ded0] cpu_startup_entry at ffffffff810b4725
#27 [ffff880119b4df30] start_secondary at ffffffff815da5e1
crash> quit

Install extentions

Install Xportshow extention. Download mpykdump and put mpykdump64.so to /usr/local/lib64/mpykdump64.so. Then add extend /usr/local/lib64/mpykdump64.so in .crashrc. Now you can use xportshow in crash. For more useage, please see usage page

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

# show struct list_head with addr 0xffff95c24b6a2cd8
crash> struct list_head 0xffff95c24b6a2cd8

# show struct inet6_ifaddr, with offset if_list addr 0xffff95c24b6a2cd8
crash> list -s inet6_ifaddr -l inet6_ifaddr.if_list 0xffff95c24b6a2cd8


# Show struct inet6_ifaddr's fields addr,prefix_len,refcnt,if_list,peer_addr,
# The list offset is inet6_ifaddr.if_list, offset addr is 0xffff95c24b6a2cd8
# The addrs dumpped are all list's if_list addr.
crash> list -s inet6_ifaddr.addr,prefix_len,refcnt,if_list,peer_addr -l inet6_ifaddr.if_list 0xffff95c24b6a2cd8
ffff95c24b6a2cd8

# Get the offset of inet6_ifaddr.if_list
crash> struct -o inet6_ifaddr.if_list
struct inet6_ifaddr {
  [216] struct list_head if_list;
}
# calculate the inet6_ifaddr addr by reduce the offset
# hex(216) = 0xd8
# 0xffff95c24b6a2cd8 - 0xd8 = 0xffff95c24b6a2c00
# Now with -h, it shows the inet6_ifaddr addr directly, e.g. ffff95c24b6a2c00
crash> list -s inet6_ifaddr.addr,prefix_len,refcnt,if_list,peer_addr -h inet6_ifaddr.if_list 0xffff95c24b6a2c00
ffff95c24b6a2c00

# read memory directly
# Try get dev_addr
crash> struct net_device.dev_addr -p 0xffff95c2c1728000
  unsigned char *dev_addr = 0xffff95c2e03e6910
  -> (not accessible)
# show mac addr: 00:e0:4c:68:03:8e
crash> rd -8 0xffff95c2e03e6910 6
ffff95c2e03e6910:  00 e0 4c 68 03 8e                                 ..Lh..

A crash example

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
[22281.789816] IPv6: enp94s0: IPv6 duplicate address 2001::2e0:4cff:fe68:38e used by 00:e0:4c:68:03:8e detected!
[22281.795674] IPv6: enp59s0: IPv6 duplicate address 2001::2e0:4cff:fe68:399 used by 00:e0:4c:68:03:99 detected!
[22281.799756] list_del corruption, ffff95c24b6a2cd8->prev is LIST_POISON2 (dead000000000122)
[22281.817918] ------------[ cut here ]------------
[22281.822538] kernel BUG at lib/list_debug.c:48!
[22281.826988] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[22281.832215] CPU: 24 PID: 1907097 Comm: kworker/24:2 Kdump: loaded Tainted: G          I      --------- ---  5.14.0-127.el9.x86_64 #1
[22281.844112] Hardware name: Dell Inc. PowerEdge R740/0F9N89, BIOS 2.3.10 08/15/2019
[22281.851679] Workqueue: ipv6_addrconf addrconf_dad_work
[22281.856825] RIP: 0010:__list_del_entry_valid.cold+0x45/0x47
[22281.862396] Code: fe ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 e0 16 59 b0 e8 37 f6 fe ff 0f 0b 48 89 fe 4c 89 c2 48 c7 c7 a8 16 59 b0 e8 23 f6 fe ff <0f> 0b 48 89 ee 48 c7 c7 48 1d 59 b0 e8 12 f6 fe ff e9 c2 ee ad ff
[22281.881142] RSP: 0018:ffffa725c8743de8 EFLAGS: 00010246
[22281.886377] RAX: 000000000000004e RBX: 0000000000000000 RCX: 0000000000000000
[22281.893509] RDX: 0000000000000000 RSI: ffff95c9a0317ca0 RDI: ffff95c9a0317ca0
[22281.900641] RBP: ffff95c24b6a2c00 R08: 0000000000000000 R09: ffffa725c8743c30
[22281.907790] R10: ffffa725c8743c28 R11: ffffffffb0f822b0 R12: ffff95c24b6a2c20
[22281.914922] R13: ffff95c24b6a2c00 R14: ffff95c24b6a2c24 R15: 0000000000000000
[22281.922054] FS:  0000000000000000(0000) GS:ffff95c9a0300000(0000) knlGS:0000000000000000
[22281.930138] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[22281.935886] CR2: 000055d08b9c25c8 CR3: 0000000c21c10006 CR4: 00000000007706e0
[22281.943017] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[22281.950149] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[22281.957281] PKRU: 55555554
[22281.960011] Call Trace:
[22281.962464]  ipv6_del_addr+0xd6/0x340
[22281.966131]  addrconf_dad_work+0x1fa/0x340
[22281.970228]  ? finish_task_switch.isra.0+0xb4/0x290
[22281.975106]  process_one_work+0x1e5/0x3c0
[22281.979119]  worker_thread+0x50/0x3b0
[22281.982793]  ? rescuer_thread+0x370/0x370
[22281.986805]  kthread+0x146/0x170
[22281.990040]  ? set_kthread_struct+0x40/0x40
[22281.994223]  ret_from_fork+0x1f/0x30


crash> struct list_head ffff95c24b6a2cd8
struct list_head {
  next = 0xffff95c283420008,
  prev = 0xdead000000000122
}

crash> list 0xffff95c24b6a2cd8 -l inet6_ifaddr.if_list -s inet6_ifaddr
ffff95c24b6a2cd8
struct inet6_ifaddr {
  addr = {
    in6_u = {
      u6_addr8 = " \001\000\000\000\000\000\000\002\340L\377\376h\003\216",
      u6_addr16 = {288, 0, 0, 0, 57346, 65356, 26878, 36355},
      u6_addr32 = {288, 0, 4283228162, 2382588158}
    }
  },
  prefix_len = 64,
  rt_priority = 0,
  valid_lft = 86400,
  prefered_lft = 14400,
  refcnt = {
    refs = {
      counter = 2
    }
  },
[...]
  state = 4,
  flags = 328,
  dad_probes = 1 '\001',
  stable_privacy_retry = 0 '\000',
  scope = 0,
  dad_nonce = 271021395576713,
[...]
  if_list = {
    next = 0xffff95c283420008,
    prev = 0xdead000000000122
  },
[...]
  peer_addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
      u6_addr32 = {0, 0, 0, 0}
    }
  }
}
ffff95c283420008
struct inet6_ifaddr {
  addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
      u6_addr32 = {0, 0, 0, 0}
    }
  },
[...]
  if_list = {
    next = 0xffff95c283420008,
    prev = 0xffff95c283420008
  },
[...]
  peer_addr = {
    in6_u = {
      u6_addr8 = "\350\003\000\000\000\000\000\000\340\377\377\377\017\000\000",
      u6_addr16 = {1000, 0, 0, 0, 65504, 65535, 15, 0},
      u6_addr32 = {1000, 0, 4294967264, 15}
    }
  }
}

# Here the addr is each of list_head addr, e.g. ffff95c24b6a2cd8, ffff95c283420008
crash> list -l inet6_ifaddr.if_list -s inet6_ifaddr.addr,prefix_len,refcnt,if_list,peer_addr 0xffff95c24b6a2cd8
ffff95c24b6a2cd8
  addr = {
    in6_u = {
      u6_addr8 = " \001\000\000\000\000\000\000\002\340L\377\376h\003\216",
      u6_addr16 = {288, 0, 0, 0, 57346, 65356, 26878, 36355},
      u6_addr32 = {288, 0, 4283228162, 2382588158}
    }
  },
  prefix_len = 64,
  refcnt = {
    refs = {
      counter = 2
    }
  },
  if_list = {
    next = 0xffff95c283420008,
    prev = 0xdead000000000122
  },
  peer_addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
      u6_addr32 = {0, 0, 0, 0}
    }
  }
ffff95c283420008
  addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
      u6_addr32 = {0, 0, 0, 0}
    }
  },
  prefix_len = 0,
  refcnt = {
    refs = {
      counter = 0
    }
  },
  if_list = {
    next = 0xffff95c283420008,
    prev = 0xffff95c283420008
  },
  peer_addr = {
    in6_u = {
      u6_addr8 = "\350\003\000\000\000\000\000\000\340\377\377\377\017\000\000",
      u6_addr16 = {1000, 0, 0, 0, 65504, 65535, 15, 0},
      u6_addr32 = {1000, 0, 4294967264, 15}
    }
  }

# Get the offset of inet6_ifaddr.if_list
crash> struct -o inet6_ifaddr.if_list
struct inet6_ifaddr {
  [216] struct list_head if_list;
}
# calculate the inet6_ifaddr addr by reduce the offset
# hex(216) = 0xd8
# 0xffff95c24b6a2cd8 - 0xd8 = 0xffff95c24b6a2c00
# Now with -h, it shows the inet6_ifaddr addr directly, e.g. ffff95c24b6a2c00, ffff95c28341ff30
crash> list inet6_ifaddr.if_list -s inet6_ifaddr.addr,prefix_len,refcnt,if_list,peer_addr -h 0xffff95c24b6a2c00
ffff95c24b6a2c00
  addr = {
    in6_u = {
      u6_addr8 = " \001\000\000\000\000\000\000\002\340L\377\376h\003\216",
      u6_addr16 = {288, 0, 0, 0, 57346, 65356, 26878, 36355},
      u6_addr32 = {288, 0, 4283228162, 2382588158}
    }
  },
  prefix_len = 64,
  refcnt = {
    refs = {
      counter = 2
    }
  },
  if_list = {
    next = 0xffff95c283420008,
    prev = 0xdead000000000122
  },
  peer_addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
      u6_addr32 = {0, 0, 0, 0}
    }
  }
ffff95c28341ff30
  addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
      u6_addr32 = {0, 0, 0, 0}
    }
  },
  prefix_len = 0,
  refcnt = {
    refs = {
      counter = 0
    }
  },
  if_list = {
    next = 0xffff95c283420008,
    prev = 0xffff95c283420008
  },
  peer_addr = {
    in6_u = {
      u6_addr8 = "\350\003\000\000\000\000\000\000\340\377\377\377\017\000\000",
      u6_addr16 = {1000, 0, 0, 0, 65504, 65535, 15, 0},
      u6_addr32 = {1000, 0, 4294967264, 15}
    }
  }


crash> struct inet6_ifaddr ffff95c24b6a2c00 -o
struct inet6_ifaddr {
  [ffff95c24b6a2c00] struct in6_addr addr;
  [ffff95c24b6a2c10] __u32 prefix_len;
  [ffff95c24b6a2c14] __u32 rt_priority;
  [ffff95c24b6a2c18] __u32 valid_lft;
  [ffff95c24b6a2c1c] __u32 prefered_lft;
  [ffff95c24b6a2c20] refcount_t refcnt;
  [ffff95c24b6a2c24] spinlock_t lock;
  [ffff95c24b6a2c28] int state;
  [ffff95c24b6a2c2c] __u32 flags;
  [ffff95c24b6a2c30] __u8 dad_probes;
  [ffff95c24b6a2c31] __u8 stable_privacy_retry;
  [ffff95c24b6a2c32] __u16 scope;
  [ffff95c24b6a2c38] __u64 dad_nonce;
  [ffff95c24b6a2c40] unsigned long cstamp;
  [ffff95c24b6a2c48] unsigned long tstamp;
  [ffff95c24b6a2c50] struct delayed_work dad_work;
  [ffff95c24b6a2cb8] struct inet6_dev *idev;
  [ffff95c24b6a2cc0] struct fib6_info *rt;
  [ffff95c24b6a2cc8] struct hlist_node addr_lst;
  [ffff95c24b6a2cd8] struct list_head if_list;
  [ffff95c24b6a2ce8] struct list_head tmp_list;
  [ffff95c24b6a2cf8] struct inet6_ifaddr *ifpub;
  [ffff95c24b6a2d00] int regen_count;
  [ffff95c24b6a2d04] bool tokenized;
  [ffff95c24b6a2d08] struct callback_head rcu;
  [ffff95c24b6a2d18] struct in6_addr peer_addr;
}
SIZE: 296

crash> struct inet6_ifaddr.idev ffff95c24b6a2c00 -p
  struct inet6_dev *idev = 0xffff95c283420000
  -> {
       dev = 0xffff95c2c1728000,
       dev_tracker = {<No data fields>},
       addr_list = {
         next = 0xffff95c283420008,
         prev = 0xffff95c283420008
       },
[...]

crash> struct inet6_dev.dev -p 0xffff95c283420000
  struct net_device *dev = 0xffff95c2c1728000
  -> {
       name = "enp94s0\000\000\000\000\000\000\000\000",

# Try get dev_addr
crash> struct net_device.dev_addr -p 0xffff95c2c1728000
  unsigned char *dev_addr = 0xffff95c2e03e6910
  -> (not accessible)
# show mac addr: 00:e0:4c:68:03:8e
crash> rd -8 0xffff95c2e03e6910 6
ffff95c2e03e6910:  00 e0 4c 68 03 8e                                 ..Lh..

crash> net
   NET_DEVICE     NAME   IP ADDRESS(ES)
ffff95c9c3d25000  lo     127.0.0.1
ffff95c24aff4000  eno1   10.73.131.129
ffff95c24aff8000  eno2
ffff95c24affc000  eno3
ffff95c2c0400000  eno4
ffff95c2c0404000  enp59s0
ffff95c2c1728000  enp94s0

# show addr with hex format. We can see the first IPv6 addr is
# 2001::2e0:4cff:fe68:38e, the second addr's peer_addr is ???
crash> list inet6_ifaddr.if_list -s inet6_ifaddr.addr,peer_addr -x -h 0xffff95c24b6a2c00
ffff95c24b6a2c00
  addr = {
    in6_u = {
      u6_addr8 = " \001\000\000\000\000\000\000\002\340L\377\376h\003\216",
      u6_addr16 = {0x120, 0x0, 0x0, 0x0, 0xe002, 0xff4c, 0x68fe, 0x8e03},
      u6_addr32 = {0x120, 0x0, 0xff4ce002, 0x8e0368fe}
    }
  },
  peer_addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
      u6_addr32 = {0x0, 0x0, 0x0, 0x0}
    }
  }
ffff95c28341ff30
  addr = {
    in6_u = {
      u6_addr8 = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
      u6_addr16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
      u6_addr32 = {0x0, 0x0, 0x0, 0x0}
    }
  },
  peer_addr = {
    in6_u = {
      u6_addr8 = "\350\003\000\000\000\000\000\000\340\377\377\377\017\000\000",
      u6_addr16 = {0x3e8, 0x0, 0x0, 0x0, 0xffe0, 0xffff, 0xf, 0x0},
      u6_addr32 = {0x3e8, 0x0, 0xffffffe0, 0xf}
    }
  }

# Or read the memory directly
crash> rd -8 0xffff95c24b6a2c00 16
ffff95c24b6a2c00:  20 01 00 00 00 00 00 00 02 e0 4c ff fe 68 03 8e    .........L..h..
crash> rd -16 0xffff95c24b6a2c00 8 -N
ffff95c24b6a2c00:  2001 0000 0000 0000 02e0 4cff fe68 038e   . .........Lh...
# weird address
crash> struct inet6_ifaddr ffff95c28341ff30 -o | grep peer_addr
  [ffff95c283420048] struct in6_addr peer_addr;
crash> rd -16 0xffff95c283420048 8 -N
ffff95c283420048:  e803 0000 0000 0000 e0ff ffff 0f00 0000   ................

# the flag of ifp, is 0x148, which means: IFA_F_DADFAILED | IFA_F_TENTATIVE | IFA_F_MANAGETEMPADDR
crash> struct inet6_ifaddr.flags 0xffff95c24b6a2c00 -x
  flags = 0x148,
# ifp state: INET6_IFADDR_STATE_DEAD
crash> struct inet6_ifaddr.state 0xffff95c24b6a2c00
  state = 4,

Contents

Setup Crash env

Install extentions

Examples

A crash example