📌 Printing Stack Traces in the Linux Kernel
Printing stack traces is one of the most valuable debugging tools available to kernel developers. When something goes wrong in kernel space, the call stack helps reveal the path the code took before hitting the error. This post explores different ways to print stack traces in the Linux kernel, and explains how the kernel stack actually works under the hood.
🧠 Understanding the Kernel Stack
Before diving into stack trace functions, it helps to understand what the kernel stack actually is.
🔹 Key Properties of the Kernel Stack
- Each process (task) in Linux has its own kernel-mode stack, separate from the user-mode stack.
- The kernel stack is fixed in size and relatively small — usually 8KB (16KB on some archs like ARM64 with
CONFIG_VMAP_STACK). - It’s allocated in
thread_info, at the bottom of each task’s memory area. - Stack overflows are dangerous in kernel space and often fatal; that’s why the size is kept small and protected with guard pages (if enabled).
🔹 Stack Layout (x86_64)
[high memory]
+-------------------+
| Guard Page | ← may be present (no access)
+-------------------+
| Kernel Stack | ← grows downward
+-------------------+
| Thread Info |
+-------------------+
[low memory]
On modern kernels, stacks can be virtually mapped (
CONFIG_VMAP_STACK) to help detect overflows.
🛠️ Stack Trace Functions in the Kernel
✅ dump_stack()
This is the most commonly used function to print a stack trace.
#include <linux/kernel.h>
void dump_stack(void);
It’s a macro/function combo that prints:
- A header with file/line info (if built with debug)
- The stack trace of the current task
Example:
if (unexpected_condition) {
printk(KERN_ERR "Unexpected condition occurred\n");
dump_stack();
}
Internally, it calls architecture-specific functions like show_stack() or arch_stack_walk() depending on the platform.
✅ show_stack()
Used to print the stack of the current or another task:
void show_stack(struct task_struct *task, unsigned long *sp);
Usage:
show_stack(NULL, NULL); // NULL = current task + auto-detect SP
Useful for printing stacks in interrupt or panic contexts.
✅ show_trace()
Older kernels used show_trace() directly to print stack entries, but it has been phased out or renamed depending on architecture. It was typically used internally by dump_stack().
On x86_64, the kernel uses unwinder support to walk the call stack more reliably using frame pointers or DWARF debug info.
✅ print_symbol() (deprecated)
print_symbol("caller is %s\n", (long)__builtin_return_address(0));
This function used to translate an address to a symbol name. Modern code should use printk() with %pS or %pB:
printk("caller is %pS\n", __builtin_return_address(0));
✅ stack_trace_print()
For custom stack walking (e.g., in kernel modules), use:
#include <linux/stacktrace.h>
void stack_trace_print(const unsigned long *entries, unsigned int nr, int skip);
Collect stack frames with stack_trace_save() and then print them.
🧩 Architecture Differences
Stack tracing is architecture-specific in many details:
- x86_64: Often uses frame pointers for reliable tracing (
CONFIG_FRAME_POINTER). - ARM / RISC-V: Stack traces can be less reliable without frame pointers; newer support uses ORC (Oops Rewind Capability).
- CONFIG_UNWINDER_ORC: Modern unwinder for x86_64, introduced to improve tracing reliability without frame pointers.
Check your arch-specific implementation in:
arch/<arch>/kernel/traps.c
arch/<arch>/kernel/dumpstack.c
⚙️ Kernel Configuration Requirements
To enable useful stack traces, ensure your kernel is built with the right configs:
CONFIG_STACKTRACE=y
CONFIG_FRAME_POINTER=y # For better trace accuracy
CONFIG_DEBUG_KERNEL=y # Enables general debug helpers
CONFIG_VMAP_STACK=y # Virtual mapping for better safety
🧪 Example Usage in Real Code
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
static int __init trace_test_init(void)
{
printk(KERN_INFO "Module loaded. Dumping stack.\n");
dump_stack();
return 0;
}
static void __exit trace_test_exit(void)
{
printk(KERN_INFO "Module exiting.\n");
}
module_init(trace_test_init);
module_exit(trace_test_exit);
MODULE_LICENSE("GPL");
🛡️ Security Considerations
Exposing full stack traces can leak sensitive address layout, so kernel builds for production often restrict or obfuscate trace outputs via:
CONFIG_KALLSYMSCONFIG_KALLSYMS_ALLCONFIG_SECURITY_DMESG_RESTRICT
🧠 Summary
- The Linux kernel stack is small, per-task, and vital for function calls in kernel space.
dump_stack()is the most straightforward way to print a trace.- Deeper APIs (
show_stack,stack_trace_print) offer more flexibility. - Correct kernel configuration improves trace reliability.
- Be aware of architecture differences and stack unwinder capabilities.
Stack tracing is your best friend when you’re staring down a panic, lockup, or race condition deep in kernel space. Mastering it can save you hours of guesswork and turn bugs into beautiful insights.
