1

I have seen this answer and according to that Stack Trace can be seen like:

$ cat /proc/<PID>/stack
[<ffffffff81012b72>] save_stack_trace_tsk+0x22/0x40
[<ffffffff81213abe>] proc_pid_stack+0x8e/0xe0
[<ffffffff81214960>] proc_single_show+0x50/0x90
[<ffffffff811cd970>] seq_read+0xe0/0x3e0
[<ffffffff811a6a84>] vfs_read+0x94/0x180
[<ffffffff811a7729>] SyS_read+0x49/0xb0
[<ffffffff81623ad2>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff

From what I guess, in line

[<ffffffff81012b72>] save_stack_trace_tsk+0x22/0x40

save_stack_trace_tsk definitely refers to name of function What do the other parameters indicate? (Perhaps 0xffffffff81012b72 points to address of starting address of save_stack_trace_tsk+0x22) Most importantly what does 0x40 denote? Does 0x40 denote the total number of bytes taken by that particular function?

Thanks a lot!

Yash Jain
  • 113
  • 1
  • 5
  • does 0x40 denote the total number of bytes in that funtion? – Yash Jain Jan 07 '20 at 19:22
  • yes, it's offset/size. –  Jan 07 '20 at 19:30
  • 2
    Notice that the address in brackets is always `[<0>]` in newer kernels, see [this](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f5abe842e) –  Jan 07 '20 at 19:35

1 Answers1

1

In save_stack_trace_tsk+0x22/0x40, 0x22 is the offset inside the the save_stack_trace_tsk function, and 0x40 is the size of the save_stack_trace_tsk function. Both hex numbers are in bytes.

This is the result of the %pB format specifier extension used by the kernel's printf implementation: for details, including how the end (thence the size) of the function is determined, you can have a look at the lib/vsprintf.c and kernel/kallsyms.c in the linux kernel source code.

The [<0xffffffff81012b72>] is the same save_stack_trace_tsk+0x22 kernel address, but in raw form.

That's always [<0>] in newer kernels, since this change.