show backtrace for macOS remote threads.

Hello All,

I’m currently debugging my xnu based kernel module and I’m using the API of kernel.py from the KDK.

I need some advice about how to print the backtraces of all kernel space threads or all kernel space threads per task.

Here’s what I’ve done so far :

  1. getting kernel_task id

(lldb) showalltasks

task vm_map ipc_space #acts flags pid process io_policy wq_state command

0xffffff800d828550 0xffffff800a1038d8 0xffffff800d5d17c0 140 0 0xffffff8007abb460 -1 -1 -1 kernel_task

  1. dump all threads which belongs to kernel_task

(lldb) showtaskthreads 0xffffff800d828550

task vm_map ipc_space #acts flags pid process io_policy wq_state command

0xffffff800d828550 0xffffff800a1038d8 0xffffff800d5d17c0 140 0 0xffffff8007abb460 -1 -1 -1 kernel_task

thread thread_id processor base pri sched_mode io_policy state ast waitq wait_event wmesg thread_name

0xffffff8007acf098 0x65 0xffffff8007a8a7b8 92 92 fixed bound WU L 0xffffff804119e550 0xffffff8007a87a30 <vm_page_free_wanted>

0xffffff800d83f4c0 0x66 0xffffff8007a8a7b8 0 0 fixed bound RI L

0xffffff800d83f958 0x67 0xffffff8041ad6000 95 95 fixed WU L 0xffffff804119c240 0xffffff8007303840 <sched_timeshare_maintenance_continue> sched_maintenance_thread

0xffffff800d83fdf0 0x68 0xffffff8041ad6000 80 80 fixed WU L 0xffffff804119e850 0xffffff8007acf9f0

0xffffff800d83f028 0x69 0xffffff8007a8a7b8 93 93 fixed WU 0xffffff804119e5e0 0xffffff8007acfa08

0xffffff800d83eb90 0x6a 0xffffff8041ad6000 80 80 fixed WU 0xffffff80411a07a0 0xffffff8007acf9c8

Now I’ve got record for each thread in the kernel_task along with info such as thread id, but not the backtrace …
is there any command in the KDK which can retrieve the backtrace for all the threads per task or any single thread ?

Thanks ,
Zohar