‘crash’ is useful tool to analyse system crashes or debugging in Linux system. It has many useful commands, but sometimes I wanted to get full picture of process list that was running at the time of crash. You can get process list with ‘ps’, but if you want to get hierarchical view, only ‘ps -p’ is the one that has similar feature, but shows parent processes just like in the below.
crash> ps -p 27597
PID: 0 TASK: ffffffff818d5440 CPU: 0 COMMAND: "swapper/0"
PID: 1 TASK: ffff88007c080000 CPU: 0 COMMAND: "systemd"
PID: 4099 TASK: ffff88005aaae660 CPU: 1 COMMAND: "gnome-terminal"
PID: 4104 TASK: ffff88005aae2d80 CPU: 0 COMMAND: "bash"
PID: 27590 TASK: ffff88005a9eb8e0 CPU: 1 COMMAND: "su"
PID: 27597 TASK: ffff880076c638e0 CPU: 0 COMMAND: "bash"
It’s useful when you know which process you are concerning, but it wouldn’t be easy when you don’t know which one you are actually looking at. So, here comes ‘pstree’ which you can find the source code from the below.
https://github.com/sungju/crash-extensions
To use it, you need to import it with the below command.
crash> extend ./pstree.so
./pstree.so: shared object loaded
crash> man pstree
NAME
pstree - print process list in tree
SYNOPSIS
pstree [-p][-g] [pid] ...
DESCRIPTION
This command prints process list in tree
The list can be modified by the following options
-p print process ID
-g print thread group instead of each threads
EXAMPLE
Print out process list
crash> pstree
init --+-- swapd
+-- httpd
+-...
crash> pstree -p 4099
# of processes : 523
gnome-terminal- [4099] -+- gnome-pty-helpe [4103]
`- bash [4104] -+- su [27590] -+- bash [27597]
Sungju's Slow Life 
Leave a Reply