[daily] 查看linux程序或操作的kernel内核调用栈
一
[classic_tong @ https://www.cnblogs.com/hugetong/p/12198122.html]
查看一个命令或程序,都调用了什么系统API的方法,
可以是用strace
[root@T9 OUTPUT_nginx]# strace echo execve("/usr/bin/echo", ["echo"], [/* 22 vars */]) = 0 brk(NULL) = 0x1311000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10f71d4000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=53652, ...}) = 0 mmap(NULL, 53652, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f10f71c6000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340$\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=2151672, ...}) = 0 mmap(NULL, 3981792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f10f6be7000 mprotect(0x7f10f6da9000, 2097152, PROT_NONE) = 0
二
查看一个正在运行的程序的调用栈
在红帽系的话,可以用红帽给gdb打的补丁,gstack:https://src.fedoraproject.org/rpms/gdb/blob/master/f/gdb-6.3-gstack-20050411.patch
[root@T9 OUTPUT_nginx]# gstack 1 #0 0x00007f5924fad483 in epoll_wait () from /lib64/libc.so.6 #1 0x00005582a86c3ae9 in sd_event_wait () #2 0x00005582a86c45fd in sd_event_run () #3 0x00005582a86250c3 in manager_loop () #4 0x00005582a86195fb in main ()
其他地方,还可以用pstack https://code.lm7.fr/robotux/pstack
┬─[tong@T7:~/Src/go/src/github.com/cmpxchg16/gobench]─[05:58:39 PM] ╰─>$ sudo pstack 1 1: /usr/lib/systemd/systemd --switched-root --system --deserialize 28 (No symbols found) 0x7f09c0b0060e: ???? (55d405e91340, 0, 7ffd04515c90, 55d4057163a7, 7ffd04515d80, 7ffd04515d7a) + ffffd5d70197beb0 0x7f09c084444c: ???? (55d405e8eab0, 55d405f0e920, 3500000002, 55d405f07130, 55d405f27da0, 59c2fce020610) + ffffaa2ffa16e55b crawl: Input/output error Error tracing through process 1 0xffffffff: ????⏎
三
现在进入正题,查看一个程序或操作的内核调用栈
使用trace-cmd,如他自己所说,是ftrace的用户态前端:user-space front-end command-line tool for Ftrace
ftrace是内核的调试手段,用法稍有些复杂:详见:
https://www.kernel.org/doc/Documentation/trace/ftrace.txt,
trace-cmd就相对非常简单,如下:
分两步,先record,可以针对正运行的程序,或一次性运行的程序。
trace-cmd record -p function -P 10493 或 trace-cmd record -p functon -F cat /sys/class/net/lan0/statistics/rx_bytes
他们会在本地存储一个文件,trace.dat
如下命令,可以查看在内核中的调用栈
trace-cmd report
[classic_tong @ https://www.cnblogs.com/hugetong/p/12198122.html]