功能描述

Debug Linux kernel crashes using the crash utility and memory debugging tools. Use when users mention kernel crash, kernel panic, vmcore analysis, kernel dum...

使用说明 (SKILL.md)

Linux Kernel Crash Debugging

Name: Linux Kernel Crash Debug
Author: crazyss

This skill guides you through analyzing Linux kernel crash dumps using the crash utility.

Installation

Claude Code

claude skill install linux-kernel-crash-debug.skill

OpenClaw

# Method 1: Install via ClawHub
clawhub install linux-kernel-crash-debug

# Method 2: Manual installation
mkdir -p ~/.openclaw/workspace/skills/linux-kernel-crash-debug
cp SKILL.md ~/.openclaw/workspace/skills/linux-kernel-crash-debug/

Quick Start

Starting a Session

# Analyze a dump file
crash vmlinux vmcore

# Debug a running system
crash vmlinux

# Raw RAM dump
crash vmlinux ddr.bin --ram_start=0x80000000

Core Debugging Workflow

1. crash> sys              # Confirm panic reason
2. crash> log              # View kernel log
3. crash> bt               # Analyze call stack
4. crash> struct \x3Ctype>    # Inspect data structures
5. crash> kmem \x3Caddr>      # Memory analysis

🤖 Agent Execution Directives

If you are an AI/Agent using this skill, do not invoke crash interactively as it will block your subshell.

Use the bundled wrapper ./scripts/agent-crash.sh which maps precisely to the workflows below but safely truncates outputs:
- ./scripts/agent-crash.sh -k vmlinux -c vmcore triage - Safely runs initial sys, log, and bt.
- ./scripts/agent-crash.sh -k vmlinux -c vmcore flow-oom - Top 15 memory checks.
- ./scripts/agent-crash.sh -k vmlinux -c vmcore flow-deadlock - Pulls UN task stacks.
- ./scripts/agent-crash.sh -k vmlinux -c vmcore dis-regs \x3Cfunc> \x3Cpid> - Assembly regression.
- ./scripts/agent-crash.sh -k vmlinux -c vmcore check-poison \x3Caddr> - Pattern match memory poisons.
Fallback Strategy: If macros don't solve the issue, fall back to basic primitives manually: ./scripts/agent-crash.sh -k vmlinux -c vmcore run "rd ffff880123456780".
Check references/agentic-heuristics.md for extended expert methodologies.

Prerequisites

Item	Requirement
vmlinux	Must have debug symbols (`CONFIG_DEBUG_INFO=y`)
vmcore	kdump/netdump/diskdump/ELF format
Version	vmlinux must exactly match the vmcore kernel version

Package Installation

Anolis OS / Alibaba Cloud Linux

# Install crash utility
sudo dnf install crash

# Install kernel debuginfo (match your kernel version)
sudo dnf install kernel-debuginfo-$(uname -r)

# Install additional analysis tools
sudo dnf install gdb readelf objdump makedumpfile

# Optional: Install kernel-devel for source code reference
sudo dnf install kernel-devel-$(uname -r)

RHEL / CentOS / Rocky / AlmaLinux

sudo dnf install crash kernel-debuginfo-$(uname -r)
sudo dnf install gdb binutils makedumpfile

Ubuntu / Debian

sudo apt install crash linux-crashdump gdb binutils makedumpfile
sudo apt install linux-image-$(uname -r)-dbgsym

Self-compiled Kernel

# Enable debug symbols in kernel config
make menuconfig  # Enable CONFIG_DEBUG_INFO, CONFIG_DEBUG_INFO_REDUCED=n

# Or set directly
scripts/config --enable CONFIG_DEBUG_INFO
scripts/config --enable CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT

Verify Installation

# Check crash version
crash --version

# Verify debuginfo matches kernel
crash /usr/lib/debug/lib/modules/$(uname -r)/vmlinux /proc/kcore

Core Command Reference

Debugging Analysis

Command	Purpose	Example
`sys`	System info/panic reason	`sys`, `sys -i`
`log`	Kernel message buffer	`log`, `log \| tail`
`bt`	Stack backtrace	`bt`, `bt -a`, `bt -f`
`struct`	View structures	`struct task_struct \x3Caddr>`
`p/px/pd`	Print variables	`p jiffies`, `px current`
`kmem`	Memory analysis	`kmem -i`, `kmem -S \x3Ccache>`

Tasks and Processes

Command	Purpose	Example
`ps`	Process list	`ps`, `ps -m \| grep UN`
`set`	Switch context	`set \x3Cpid>`, `set -p`
`foreach`	Batch task operations	`foreach bt`, `foreach UN bt`
`task`	task_struct contents	`task \x3Cpid>`
`files`	Open files	`files \x3Cpid>`

Memory Operations

Command	Purpose	Example
`rd`	Read memory	`rd \x3Caddr>`, `rd -p \x3Cphys>`
`search`	Search memory	`search -k deadbeef`
`vtop`	Address translation	`vtop \x3Caddr>`
`list`	Traverse linked lists	`list task_struct.tasks -h \x3Caddr>`

bt Command Details

The most important debugging command:

crash> bt              # Current task stack
crash> bt -a           # All CPU active tasks
crash> bt -f           # Expand stack frame raw data
crash> bt -F           # Symbolic stack frame data
crash> bt -l           # Show source file and line number
crash> bt -e           # Search for exception frames
crash> bt -v           # Check stack overflow
crash> bt -R \x3Csym>     # Only show stacks referencing symbol
crash> bt \x3Cpid>        # Specific process

Context Management

Crash session has a "current context" affecting bt, files, vm commands:

crash> set              # View current context
crash> set \x3Cpid>        # Switch to specified PID
crash> set \x3Ctask_addr>  # Switch to task address
crash> set -p           # Restore to panic task

Session Control

# Output control
crash> set scroll off   # Disable pagination
crash> sf               # Alias for scroll off

# Output redirection
crash> foreach bt > bt.all

# GDB passthrough
crash> gdb bt           # Single gdb invocation
crash> set gdb on       # Enter gdb mode
(gdb) info registers
(gdb) set gdb off

# Read commands from file
crash> \x3C commands.txt

Typical Debugging Scenarios

Kernel BUG Location

crash> sys                    # Confirm panic
crash> log | tail -50         # View logs
crash> bt                     # Call stack
crash> bt -f                  # Expand frames for parameters
crash> struct \x3Ctype> \x3Caddr>   # Inspect data structures

Deadlock Analysis

crash> bt -a                  # All CPU call stacks
crash> ps -m | grep UN        # Uninterruptible processes
crash> foreach UN bt          # View waiting reasons
crash> struct mutex \x3Caddr>    # Inspect lock state

Memory Issues

crash> kmem -i                # Memory statistics
crash> kmem -S \x3Ccache>        # Inspect slab
crash> vm \x3Cpid>               # Process memory mapping
crash> search -k \x3Cpattern>    # Search memory

Stack Overflow

crash> bt -v                  # Check stack overflow
crash> bt -r                  # Raw stack data

Advanced Techniques

Chained Queries

crash> bt -f                  # Get pointers
crash> struct file.f_dentry \x3Caddr>
crash> struct dentry.d_inode \x3Caddr>
crash> struct inode.i_pipe \x3Caddr>

Batch Slab Inspection

crash> kmem -S inode_cache | grep counter | grep -v "= 1"

Kernel Linked List Traversal

crash> list task_struct.tasks -s task_struct.pid -h \x3Cstart>
crash> list -h \x3Caddr> -s dentry.d_name.name

Extended Reference

For detailed information, refer to the following reference files:

File	Content
`references/advanced-commands.md`	Advanced commands: list, rd, search, vtop, kmem, foreach
`references/vmcore-format.md`	vmcore file format, ELF structure, VMCOREINFO
`references/case-studies.md`	Debugging cases: kernel BUG, deadlock, OOM, NULL pointer, stack overflow
`references/debug-tools-guide.md`	Advanced debugging tools: KASAN, Kprobes, Kmemleak, UBSAN (require kernel rebuild)

Usage:

crash> help \x3Ccommand>        # Built-in help
# Or ask Claude to view reference files

Common Errors

crash: vmlinux and vmcore do not match!
# -> Ensure vmlinux version exactly matches vmcore

crash: cannot find booted kernel
# -> Specify vmlinux path explicitly

crash: cannot resolve symbol
# -> Check if vmlinux has debug symbols

Security Warnings

⚠️ Dangerous Operations

The following commands can cause system damage or data loss:

Command	Risk	Recommendation
`wr`	Writes to live kernel memory	NEVER use on production systems - can crash or corrupt running kernel
GDB passthrough	Unrestricted memory access	Use with caution, may modify memory or registers

🔒 Sensitive Data Handling

vmcore files contain complete kernel memory, potentially including:
- User process memory and credentials
- Encryption keys and secrets
- Network connection data and passwords
Access control: Restrict vmcore file access to authorized personnel
Secure storage: Store dump files in encrypted or access-controlled directories
Secure disposal: Use shred or secure delete when disposing of vmcore files

🛡️ Best Practices

Only analyze vmcore files in isolated/test environments when possible
Never share raw vmcore files publicly without sanitization
Consider using makedumpfile -d to filter sensitive pages before analysis
Document and audit all crash analysis sessions for compliance

Important Notes

Version Match: vmlinux must exactly match the vmcore kernel version
Debug Info: Must use vmlinux with debug symbols
Context Awareness: bt, files, vm commands are affected by current context
Live System Modification: wr command modifies running kernel, extremely dangerous

Resources

Contributing

This is an open-source project. Contributions are welcome!

GitHub Repository: https://github.com/crazyss/linux-kernel-crash-debug
Report Issues: GitHub Issues
Submit PRs: Pull requests are welcome for bug fixes, new features, or documentation improvements

See CONTRIBUTING.md for guidelines.

安全使用建议

This skill is internally consistent for kernel crash analysis, but it can read and output raw kernel memory and recommends internet lookups of crash signatures. Before installing: (1) review scripts/agent-crash.sh yourself (it runs crash with piped commands, a 30s timeout, and truncation logic); (2) avoid giving the agent/skill network upload privileges or automatic publishing permissions for vmcore output — vmcore can contain secrets or proprietary data; (3) run the skill in an isolated environment when analyzing production dumps; (4) be cautious with the 'run' macro (allows arbitrary crash commands) and the heuristics that instruct web searches/git greps — these can inadvertently transmit sensitive information. If you need stronger guarantees, disable autonomous invocation for this skill or restrict the agent's network access.

功能分析

Type: OpenClaw Skill Name: linux-kernel-crash-debug Version: 1.0.4 The skill bundle provides a legitimate and well-structured environment for Linux kernel crash analysis using the `crash` utility. It includes a safety-oriented wrapper script, `scripts/agent-crash.sh`, which implements timeouts and output truncation to prevent AI agents from hanging or exceeding context limits. The instructions in `SKILL.md` and `references/agentic-heuristics.md` are designed to guide the agent toward stable and efficient debugging practices rather than subverting its behavior. The bundle also includes appropriate security warnings regarding the handling of sensitive memory dumps and the dangers of modifying live kernel memory.

能力标签

crypto

能力评估

✓ Purpose & Capability

Name/description match the required binaries (crash, gdb, readelf, objdump, makedumpfile). The included wrapper script and reference docs align with vmcore/vmlinux analysis tasks; required tools are appropriate and proportionate for the stated purpose.

ℹ Instruction Scope

SKILL.md stays focused on crash analysis and correctly instructs agents to use the provided non-interactive wrapper. However, the agent heuristics explicitly recommend web searches or git greps of crash signatures (upstream verification) and allow arbitrary crash 'run' commands which can dump raw memory — both are sensible for debugging but can leak sensitive data or proprietary source if the agent transmits outputs externally.

✓ Install Mechanism

No install spec (instruction-only) and the only shipped code is a small wrapper script. There are no downloads from untrusted URLs or archive extraction steps. This is low-risk from an installation perspective.

✓ Credentials

The skill requires no environment variables or credentials and does not request config paths. Its access model is limited to invoking local debugging binaries and reading local vmcore/vmlinux files, which is appropriate for its purpose.

✓ Persistence & Privilege

always is false and the skill does not attempt to modify other skills or system-wide agent settings. It runs transient local commands via a wrapper; no elevated persistence or forced inclusion is requested.

版本历史

v1.0.4

- Added agent/expert workflow support: wrapper script (`scripts/agent-crash.sh`) and heuristic methodology (`references/agentic-heuristics.md`) for safe, batch, or programmatic crash analysis. - Introduced agent execution directives section for non-interactive usage and recommended best practices for agents. - Embedded OpenClaw-specific `metadata` and runtime `requires` blocks for better platform integration. - Added legal and contribution documents: `LICENSE`, `CONTRIBUTING.md`. - Removed user-facing introductory docs (`README.md`, `README_CN.md`); primary usage guidance now lives in `SKILL.md`. - Reference file structure expanded for deeper tooling and methodology documentation.

v1.0.3

- Expanded description to include memory error debugging tools (KASAN, Kprobes, Kmemleak, UBSAN) and memory corruption scenarios. - Added a new reference file: `references/debug-tools-guide.md` for advanced debugging tools. - Updated the reference table to link to the new guide on KASAN, Kprobes, Kmemleak, and UBSAN. - Improved scope to cover memory leak detection, use-after-free, and out-of-bounds access.

v1.0.2

**Summary:** This release adds explicit dependency requirements, detailed OS-specific installation instructions, and highlights security risks when using the crash utility. - Declares skill dependencies: crash, gdb, readelf, objdump, makedumpfile. - Adds detailed package installation and verification steps for Anolis, RHEL/CentOS, and Ubuntu/Debian. - Provides instructions for enabling kernel debug symbols on self-compiled kernels. - Expands documentation with a new Security Warnings section covering dangerous commands and sensitive data risks.

v1.0.1

- Added SKILL_CN.md to provide additional documentation. - Removed five files: issue templates and CONTRIBUTING.md. - SKILL.md rewritten in English, improving clarity and accessibility. - Expanded installation instructions for Claude and OpenClaw users. - Updated contribution instructions and community links. - Content is now more concise and focused on broader user needs.

v1.0.0

Initial release with comprehensive Linux kernel crash dump debugging guide using the crash utility. - Provides step-by-step instructions for installing and using crash to analyze kernel dumps (vmcore). - Covers essential commands for system diagnosis, stack tracing, memory inspection, and deadlock/root-cause analysis. - Includes troubleshooting tips, context management, and advanced techniques like chain queries and bulk slab checking. - Summarizes typical debugging scenarios (kernel BUG, deadlock, memory issues, stack overflows). - Lists common errors and how to resolve them. - Offers reference materials and external documentation links for in-depth learning.

元数据

Slug linux-kernel-crash-debug

版本 1.0.4

许可证 MIT-0

累计安装 3

当前安装数 3

历史版本数 5

常见问题

Linux Kernel Crash Debug 是什么？

Debug Linux kernel crashes using the crash utility and memory debugging tools. Use when users mention kernel crash, kernel panic, vmcore analysis, kernel dum... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 583 次。

如何安装 Linux Kernel Crash Debug？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install linux-kernel-crash-debug」即可一键安装，无需额外配置。

Linux Kernel Crash Debug 是免费的吗？

是的，Linux Kernel Crash Debug 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Linux Kernel Crash Debug 支持哪些平台？

Linux Kernel Crash Debug 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Linux Kernel Crash Debug？

由 James Wang（@crazyss）开发并维护，当前版本 v1.0.4。

Linux Kernel Crash Debug