From: Fuxin Zhang <fxzhang@ict.ac.cn>
To: Ralf Baechle <ralf@linux-mips.org>
Cc: Srinivas Kommu <kommu@hotmail.com>, linux-mips@linux-mips.org
Subject: Re: how to get a process backtrace from kernel gdb?
Date: Wed, 22 Mar 2006 19:11:22 +0800 [thread overview]
Message-ID: <442130DA.8060407@ict.ac.cn> (raw)
In-Reply-To: <20060322105026.GA3129@linux-mips.org>
Are there any existing method/code to get a reliable back trace dump for
oops? Kgdb is not usable here because I have no serial port. Do I need
to copy gdb code to analysis the stack?
If I am not wrong, dump_stack() just print out any stack address falled
in the text section, and that will make the result hard to understand.
For example, I often find some interrupt functions mixed with normal
function names and repeated functions, e.g.
8e1c7968: redzone 1: 0x0, redzone 2: 0x170fc2a5.
slab error in cache_free_debugcheck(): cache `dentry_cache': double
free, or memory nCall Trace:
[<8035de48>] cache_free_debugcheck+0x1dc/0x2d4
[<8035de1c>] cache_free_debugcheck+0x1b0/0x2d4
[<8035f35c>] kmem_cache_free+0x60/0x248
[<8033f7e4>] __rcu_process_callbacks+0xdc/0x360 /* between
kmem_cache_free? */
[<8035f35c>] kmem_cache_free+0x60/0x248
[<80300e10>] ll_cputimer_irq+0xc/0x14
[<8033f7e4>] __rcu_process_callbacks+0xdc/0x360
[<804c1480>] int_timer_do+0x1c/0x30
[<8033fa8c>] rcu_process_callbacks+0x24/0x48
[<803338d8>] run_timer_softirq+0x128/0x244
[<804c1480>] int_timer_do+0x1c/0x30
[<8032ee50>] tasklet_action+0xd4/0x1b8
[<8032e7e4>] __do_softirq+0x94/0x15c
[<8032e93c>] do_softirq+0x90/0xbc
[<80303814>] do_IRQ+0x24/0x34
[<8035e220>] cache_alloc_debugcheck_after+0x17c/0x1b4 /* do_IRQ happens
inside debugcheck? */
[<8035e220>] cache_alloc_debugcheck_after+0x17c/0x1b4
[<80300e10>] ll_cputimer_irq+0xc/0x14
[<803a961c>] d_alloc+0x34/0x22c
[<8035e5e8>] kmem_cache_alloc+0x128/0x220
[<803a961c>] d_alloc+0x34/0x22c /* where is the
ROOT of current trace... ?? */
[<80478660>] memset_partial+0x44/0x6c
[<8039a808>] __link_path_walk+0x790/0x1a38
[<8039a870>] __link_path_walk+0x7f8/0x1a38
[<8035d8a0>] check_poison_obj+0x40/0x238
[<8039bb90>] link_path_walk+0xe0/0x438
[<8035e174>] cache_alloc_debugcheck_after+0xd0/0x1b4
[<80380114>] get_unused_fd+0x158/0x20c
[<8039bfc8>] path_lookup+0xe0/0x3e8
[<8038235c>] get_empty_filp+0x5c/0x110
[<8038235c>] get_empty_filp+0x5c/0x110
[<8039d2f8>] open_namei+0xa4/0xdf4
[<8038235c>] get_empty_filp+0x5c/0x110
[<8037fee4>] filp_open+0x74/0xe0
[<80398bdc>] getname+0x2c/0x13c
[<80380114>] get_unused_fd+0x158/0x20c
[<803802e0>] do_sys_open+0x84/0x144
[<80303814>] do_IRQ+0x24/0x34
[<8030c5a4>] stack_done+0x20/0x3c
[<80478670>] memset_partial+0x54/0x6c
8e1c78d4: redzone 1: 0x170fc2a5, redzone 2: 0x10.
IOPortBase = 2af34000
Ralf Baechle 写道:
> On Tue, Mar 21, 2006 at 04:02:19PM -0800, Srinivas Kommu wrote:
>
>> I'm running gdb on vmlinux connected to a remote target (2.4 kernel). I
>> have the task_struct address of 'current' and other processes. Is it
>> possible to get a symbolic stack trace of the kernel stack? Where is the
>> kernel stack located? I tried to print (task_struct->reg29)[13]. Is this
>> the PC?
>
> I assume you meant task_struct->reg29)[31] which is the address at which
> the process is going to resume execution when it's time has arrived. But
> in most cases this address isn't terribly interesting. So we have two
> cases here:
>
> o $31 pointing to ret_from_fork
> This is a new born process which will begin it's active life of
> execution on a CPU at ret_from_fork. This is where the resume function
> will jump to which may well be not the scheduler function.
> o Otherwise:
> The thread is regaining the CPU and the resume() call is going to return
> straight to it's caller, kernel/sched.c:context_switch() which inlined
> into schedule() and what we actually want is schedule's caller, so we
> dig through the scheduler's stack frame. To make things more
> entertaining the stack frame will change with configuration options and
> compiler used, so we basically have to disassemble the stackframe.
>
> For get_wchan We repeat that exercise in the cases we one of the other
> scheduler functions may have called schedule() until we reach a
> non-schedule function. So now we have a pointer that actually points to
> something interesting, a driver or other kernel subsystem.
>
> The whole thing is a bit of a mindbender. Why? The scheduler is designed
> to deliver best possible performance and we've not compromized on
> performance to make the job of backtracing any easier.
>
>> PS. I broke into gdb using a hotkey on the serial console; so the gdb
>> backtrace shows the serial driver.
>
> In which you need to be extra careful about the validity of any pointer
> you might encounter.
>
> Ralf
>
>
>
next prev parent reply other threads:[~2006-03-22 11:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-22 0:02 how to get a process backtrace from kernel gdb? Srinivas Kommu
2006-03-22 10:50 ` Ralf Baechle
2006-03-22 11:11 ` Fuxin Zhang [this message]
2006-03-22 11:32 ` Ralf Baechle
2006-03-22 11:40 ` Fuxin Zhang
2006-03-22 12:04 ` Ralf Baechle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=442130DA.8060407@ict.ac.cn \
--to=fxzhang@ict.ac.cn \
--cc=kommu@hotmail.com \
--cc=linux-mips@linux-mips.org \
--cc=ralf@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.