SystemTap logo SystemTap | 
 

Examples
 

Example Indexes

All Examples

  • general/ansi_colors.stp - Color Table for ansi_set_color2() and ansi_set_color3()
    keywords: FORMAT

    The script prints a table showing the available color combinations for the ansi_set_color2() and ans_set_color3() functions in the ansi.stp tapset.

  • general/ansi_colors2.stp - Show Attribues in Table for ansi_set_color3()
    keywords: FORMAT

    The script prints a table showing the available attributes (bold, underline, and inverse) with color combinations for the ans_set_color3() function in the ansi.stp tapset.

  • general/badname.stp - Bad Filename Filter
    keywords: FILESYSTEM HACK

    The badname.stp script shows how one could prevent the creation of files with undesirable names using guru mode.

  • general/graphs.stp - Graphing Disk and CPU Utilization
    keywords: DISK CPU USE GRAPH

    The script tracks the disk and CPU utilization. The resulting output of the script can be piped into gnuplot to generate a graph of disk and CPU USE.

  • general/helloworld.stp - SystemTap "Hello World" Program
    keywords: SIMPLE

    A basic "Hello World" program implemented in SystemTap script. It prints out "hello world" message and then immediately exits.

  • general/para-callgraph-verbose.stp - Callgraph tracing with verbose arguments
    keywords: TRACE CALLGRAPH

    Print a timed per-thread callgraph, complete with pretty-printed function parameters and return values. The first parameter names the function probe points to trace. The optional second parameter names the probe points for trigger functions, which acts to enable tracing for only those functions that occur while the current thread is nested within the trigger.

  • general/para-callgraph.stp - Callgraph tracing with arguments
    keywords: TRACE CALLGRAPH

    Print a timed per-thread callgraph, complete with function parameters and return values. The first parameter names the function probe points to trace. The optional second parameter names the probe points for trigger functions, which acts to enable tracing for only those functions that occur while the current thread is nested within the trigger.

  • general/sizeof.stp - Print the size of a C type.
    keywords: STATISTICS MEMORY SIMPLE

    This script prints the size of a type, based on dwarf debuginfo for any kernel or userspace module, or trial-compilation of a given header file name.

  • general/varwatch.stp - Watch a variable changing value in a thread.
    keywords: MONITORING

    This script places a set of probes (specified by $1), each of which monitors the state of some context $variable expression (specified by $2). Whenever the value changes, with respect to the active thread, the event is traced.

  • interrupt/interrupts-by-dev.stp - Record interrupts on a per-device basis.
    keywords: INTERRUPT

    The interrupts-by-dev.stp script profiles interrupts received by each device per 100 ms.

  • interrupt/scf.stp - Tally Backtraces for Inter-Processor Interrupt (IPI)
    keywords: INTERRUPT BACKTRACE

    The Linux kernel function smp_call_function causes expensive inter-processor interrupts (IPIs). The scf.stp script tallies the processes and backtraces causing the interprocessor interrupts to identify the cause of the expensive IPI. On exit the script prints the tallies in descending frequency.

  • io/deviceseeks.stp - Histograms of Seek Behavior for Each Device
    keywords: DISK

    The deviceseeks.stp script generates a histogram showing the frequency of different sized seeks on each device.

  • io/disktop.stp - Summarize Disk Read/Write Traffic
    keywords: DISK

    Get the status of reading/writing disk every 5 seconds, output top ten entries during that period.

  • io/io_submit.stp - Tally Reschedule Reason During AIO io_submit Call
    keywords: IO BACKTRACE

    When a reschedule occurs during an AIO io_submit call, accumulate the traceback in a histogram. When the script exits prints out a sorted list from most common to least common backtrace.

  • io/ioblktime.stp - Average Time Block IO Requests Spend in Queue
    keywords: IO

    The ioblktime.stp script tracks the amount of time that each block IO requests spend waiting for completion. The script computes the average waiting time for block IO per device and prints list every 10 seconds. In some cases there can be too many outstanding block IO operations and the script may exceed the default number of MAXMAPENTRIES allowed. In this case the allowed number can be increased with "-DMAXMAPENTRIES=10000" option on the stap command line.

  • io/iodevstats.stp - List Executables Reading and Writing the Most Data by Device
    keywords: IO PROFILING

    The iodevstats.stp script measures the amount of data successfully read and written by all the executables for each io device on the system. The output is sorted from greatest sum of bytes read and written to a device by an executable to the least. The output contains device major/minor number, the count of operations (reads and writes), the totals and averages for the number of bytes read and written.

  • io/iostat-scsi.stp - iostat for SCSI Devices
    keywords: IO PROFILING SCSI

    The iostat-scsi.stp script provides a breakdown of the number of blks read and written on the machine's various SCSI devices. The script takes one argument which is the number of seconds between reports.

  • io/iostats.stp - List Executables Reading and Writing the Most Data
    keywords: IO PROFILING

    The iostat.stp script measures the amount of data successfully read and written by all the executables on the system. The output is sorted from most greatest sum of bytes read and written by an executable to the least. The output contains the count of operations (opens, reads, and writes), the totals and averages for the number of bytes read and written.

  • io/iotime.stp - Trace Time Spent in Read and Write for Files
    keywords: SYSCALL READ WRITE TIME IO

    The script watches each open, close, read, and write syscalls on the system. For each file the scripts observes opened it accumulates the amount of wall clock time spent in read and write operations and the number of bytes read and written. When a file is closed the script prints out a pair of lines for the file. Both lines begin with a timestamp in microseconds, the PID number, and the executable name in parentheses. The first line with the "access" keyword lists the file name, the attempted number of bytes for the read and write operations. The second line with the "iotime" keyword list the file name and the number of microseconds accumulated in the read and write syscalls.

  • io/iotop.stp - Periodically Print I/O Activity by Process Name
    keywords: IO

    Every five seconds print out the top ten executables generating I/O traffic during that interval sorted in descending order.

  • io/mbrwatch.stp - Monitor read/write of MBR (boot sector) area of block devices
    keywords: IO MONITORING

    The mbrwatch.stp script reports any attempted reads/writes of the first few sectors of a raw block device.

  • io/nfs_func_users.stp - Tally the Number of NFS Functions Used by Each Process
    keywords: IO PROFILING

    The nfs_func_users.stp script counts the uses of NFS functions in the kernel on a per process bases. The output is sorted from the process with the greatest number of NFS functions called to the least. The output contains the executable name, the process number, and the total number of NFS functions called by the process.

  • io/traceio.stp - Track Cumulative I/O Activity by Process Name
    keywords: IO

    Every second print out the top ten executables sorted in descending order based on cumulative I/O traffic observed.

  • io/traceio2.stp - Watch I/O Activity on a Particular Device
    keywords: IO

    Print out the executable name and process number as reads and writes to the specified device occur.

  • io/ttyspy.stp - Monitor tty typing.
    keywords: IO TTY PER-PROCESS MONITORING

    The ttyspy.stp script uses tty_audit hooks to monitor recent typing activity on the system, printing a scrolling record of recent keystrokes, on a per-tty basis.

  • locks/bkl.stp - Tracing Contention on Big Kernel Lock (BKL)
    keywords: LOCKING

    The bkl.stp script can help determine whether the Big Kernel Lock (BKL) is causing serialization on a multiprocessor system due to excessive contention of the BKL. The bkl.stp script takes one argument which is the number of processes waiting for the Big Kernel Lock (BKL). When the number of processes waiting for the BKL is reached or exceeded, the script will print a time stamp, the number of processes waiting for the BKL, the holder of the BKL, and the amount of time the BKL was held.

  • locks/bkl_stats.stp - Per Process Statistics on Big Kernel Lock (BKL) Use
    keywords: LOCKING

    The bkl_stats.stp script can indicate which processes have excessive waits for the Big Kernel Lock (BKL) and which processes are taking the BKL for long periods of time. The bkl_stats.stp script prints lists of all the processes that require the BKL. Every five seconds two tables are printed out. The first table lists the processes that waited for the BKL followed by the number of times that the process waited, the minimum time of the wait, the average and the maximum time waited. The second table lists has similar information for the time spent in holding the lock for each of the processes.

  • memory/kmalloc-top - Show Paths to Kernel Malloc (kmalloc) Invocations
    keywords: MEMORY

    The kmalloc-top perl program runs a small systemtap script to collect stack traces for each call to the kmalloc function and counts the time that each stack trace is observed. When kmalloc-top exits it prints out sorted list. The output can be filtered to print only the first N stack traces (-t), stack traces with a minimum counts (-m), or exclude certain stack traces (-e).

  • memory/mmanonpage.stp - Track Virtual Memory System Actions on Anonymous Pages
    keywords: MEMORY

    The mmanonpage.stp script uses the virtual memory tracepoints available in some kernels to track the number of faults, user space frees, page ins, copy on writes and unmaps for anonymous pages. When the script is terminated the counts are printed for each process that allocated pages while the script was running. This script displays the anonymous page statistics for each process that ran while the script is active. It's useful in debugging leaks in the anonymous regions of a process.

  • memory/mmfilepage.stp - Track Virtual Memory System Actions on File Backed Pages
    keywords: MEMORY

    The mmfilepage.stp script uses the virtual memory tracepoints available in some kernels to track the number of faults, copy on writes mapping, and unmapping operations for file backed pages. When the script is terminated the counts are printed for each process that allocated pages while the script was running. The mmfilepage.stp script is useful in debugging leaks in the mapped file regions of a process.

  • memory/mmreclaim.stp - Track Virtual Memory System Page Reclamation
    keywords: MEMORY

    The mmreclaim.stp script uses the virtual memory tracepoints available in some kernels to track page reclaim activity that occurred while the script was running. It's useful in debugging performance problems that occur due to page reclamation.

  • memory/mmwriteback.stp - Track Virtual Memory System Writing to Disk
    keywords: MEMORY

    The mmwriteback.stp script uses the virtual memory tracepoints available in some kernels to report all of the file writebacks that occur form kupdate, pdflush and kjournald while the script is running. It's useful in determining where writes are coming from on a supposedly idle system that is experiencing unexpected IO.

  • memory/numa_faults.stp - Summarize Process Misses across NUMA Nodes
    keywords: MEMORY NUMA

    The numa_faults.stp script tracks the read and write pages faults for each process. When the script exits it prints out the total read and write pages faults for each process. The script also provide a break down of page faults per node for each process. This script is useful for determining whether the program has good locality (page faults limited to a single node) on a NUMA computer.

  • memory/overcommit.stp - Log failed process memory allocation due to overcommit limits
    keywords: MEMORY PROCESS

    The overcommit.stp script prints a line each time the kernel refuses a memory allocation request from a process because of /proc/sys/vm/overcommit* limits.

  • memory/pfaults.stp - Generate Log of Major and Minor Page Faults
    keywords: MEMORY

    The pfaults.stp script generates a simple log for each major and minor page fault that occurs on the system. Each line contains a timestamp (in microseconds) when the page fault servicing was completed, the pid of the process, the address of the page fault, the type of access (read or write), the type of fault (major or minor), and the elapsed time for page fault. This log can be examined to determine where the page faults are occurring.

  • memory/vm.tracepoints.stp - Collect slab allocation statistics
    keywords: MEMORY SLAB ALLOCATOR

    The script will probe all memory slab/slub allocations and collects information about the size of the object (bytes requested) and user-space process in execution. When run over a period of time, it helps to correlate kernel-space memory consumption owing to user-space processes.

  • network/autofs4.stp - Watch autofs4 operations
    keywords: NETWORK AUTOFS NFS

    Trace key autofs4 operations such as mounting or unmounting remote filesystems.

  • network/dropwatch.stp - Watch Where Socket Buffers are Freed in the Kernel
    keywords: NETWORK TRACEPOINT BUFFER FREE

    Every five seconds the dropwatch.stp script lists the number of socket buffers freed at locations in the kernel.

  • network/netdev.stp - Trace Activity on Network Devices
    keywords: NETWORK DEVICE TRAFFIC

    The netdev.stp script traces configuration and transmit/receive activity on network devices.

  • network/nettop.stp - Periodic Listing of Processes Using Network Interfaces
    keywords: NETWORK TRAFFIC PER-PROCESS

    Every five seconds the nettop.stp script prints out a list of processed (PID and command) with the number of packets sent/received and the amount of data sent/received by the process during that interval.

  • network/sk_stream_wait_memory.stp - Track Start and Stop of Processes Due to Network Buffer Space
    keywords: NETWORK TCP BUFFER MEMORY

    The sk_stream-wait_memory.stp prints a time stamp, executable, and pid each time a process blocks due to the send buffer being full. A similar entry is printed each time a process continues because there is room in the buffer.

  • network/socket-trace.stp - Trace Functions called in Network Socket Code
    keywords: NETWORK SOCKET

    The script instruments each of the functions in the Linux kernel's net/socket.c file. The script prints out trace data. The first element of a line is time delta in microseconds from the previous entry. This is followed by the command name and the PID. The "->" and "<-" indicates function entry and function exit, respectively. The last element of the line is the function name.

  • network/socktop - Periodically Summarize Socket Activity on the System
    keywords: NETWORK SOCKET

    The socktop script periodically prints out a list of the processes with the highest socket activity. Command line options for the script allow filtering to focus on particular types of sockets. The "-h" option lists socktop script's filtering options.

  • network/tcp_connections.stp - Track Creation of Incoming TCP Connections
    keywords: NETWORK TCP SOCKET

    The tcp_connections.stp script prints information for each new incoming TCP connection accepted by the computer. The information includes the UID, the command accepting the connection, the PID of the command, the port the connection is on, and the IP address of the originator of the request.

  • network/tcp_trace.stp - Tcp connection tracing utility.
    keywords: NETWORK TRACE

    This scripts traces a given tcp connection based on the filter parameters given by the user. The indexing is done by the 4 tuples local address, remote address, local port, remote port.

  • network/tcpdumplike.stp - Dump of Received TCP Packets
    keywords: NETWORK TRAFFIC

    The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.

  • network/tcpipstat.stp - Display network statistics for individual TCP sockets.
    keywords: NETWORK STATISTICS

    tcpipstat collects and displays network statistics related to individual TCP sockets or groups of sockets. The statistics that are collected are simular to that of the command netstat -s, only sorted and grouped by individual sockets.

  • process/chng_cpu.stp - Monitor Changes in Processor Executing a Task
    keywords: SCHEDULER

    The chng_cpu.stp script takes an argument which is the executable name of the task it should monitor. Each time a task with that executable name is found running on a different processor, the script prints out the thread id (tid), the executable name, the processor now running the task, the thread state, and a backtrace showing the kernel functions that triggered the running of the task on the processor.

  • process/cycle_thief.stp - Track IRQs and Other Processes Stealing Cycles from a Task
    keywords: PROCESS SCHEDULER TIME TRACEPOINT INTERRUPT

    The cycle_thief.stp script instruments the scheduler and IRQ handler to determine which processes and interrupts are competing with the specified task for the cpu cycles. This script uses the '-c' or '-x' options to focus on a specific task. The script output the number of times the task migrates between processors, histograms showing the length of time on and off processor, lists of processes running while the task is off the processor, and the interrupts that occurred while the task was running.

  • process/dumpstack.stp - Print the kernel stack of a hung task
    keywords: PROCESS BACKTRACE

    The script prints the kernel stack of any non-running pid in the system. This is useful for diagnosing the reason that a task is hung.

  • process/errsnoop.stp - tabulate system call errors
    keywords: PROCESS SYSCALL

    The script prints a periodic tabular report about failing system calls, by process and by syscall failure. The first optional argument specifies the reporting interval (in seconds, default 5); the second optional argument gives a screen height (number of lines in the report, default 20).

  • process/forktracker.stp - Trace Creation of Processes
    keywords: PROCESS SCHEDULER

    The forktracker.stp script prints out a time-stamped entry showing each fork and exec operation on the machine. This can be useful to determine what process is creating a flurry of short-lived processes.

  • process/futexes.stp - System-Wide Futex Contention
    keywords: SYSCALL LOCKING FUTEX

    The script watches the futex syscall on the system. On exit the futexes address, the number of contentions, and the average time for each contention on the futex are printed from lowest pid number to highest.

  • process/migrate.stp - Track the Migration of Specific Executables
    keywords: SCHEDULER

    The migrate.stp script takes an argument which is the executable name of the task it should monitor. Each time a task with that executable name migrates between processors an entry is printed with the process id (pid), the executable name, the processor off loading the task, and the process taking the task. Note that the task may or may not be executing at the time of the migration.

  • process/noptrace.stp - disable ptrace(2) from hierarchies of processes
    keywords: PROCESS SECURITY

    noptrace.stp blocks ptrace(2) attempts from processes identified by stap -c/-x, as also specifiable from /proc/systemtap/stap_XXX/ control files. Processes may be added or removed from the blocked list.

  • process/pf2.stp - Profile kernel functions
    keywords: PROFILING

    The pf2.stp script sets up time-based sampling. Every five seconds it prints out a sorted list with the top ten kernel functions with samples.

  • process/pfiles.stp - print process file descriptors
    keywords: PROCESS FILES

    Run pfiles.stp to produce a human-readable summary of all open file descriptors of a given process. Specify the process-id as -x PID for fastest performance.

  • process/plimit.stp - print resource limits
    keywords: PROCESS

    The script prints a variety of resource limits for a given pid, like /proc/$$/limits on recent kernels.

  • process/schedtimes.stp - Track Time Processes Spend in Various States using Tracepoints
    keywords: PROCESS SCHEDULER TIME TRACEPOINT

    The schedtimes.stp script instruments the scheduler to track the amount of time that each process spends in running, sleeping, queuing, and waiting for io. On exit the script prints out the accumulated time for each state of processes observed. Optionally, this script can be used with the '-c' or '-x' options to focus on a specific PID.

  • process/sig_by_pid.stp - Signal Counts by Process ID
    keywords: SIGNALS

    Print signal counts by process ID in descending order.

  • process/sig_by_proc.stp - Signal Counts by Process Name
    keywords: SIGNALS

    Print signal counts by process name in descending order.

  • process/sigkill.stp - Track SIGKILL Signals
    keywords: SIGNALS

    The script traces any SIGKILL signals. When that SIGKILL signal is sent to a process, the script prints out the signal name, the destination executable and process ID, the executable name and user ID that sents the signal.

  • process/sigmon.stp - Track a particular signal to a specific process
    keywords: SIGNALS

    The script watches for a particular signal sent to a specific process. When that signal is sent to the specified process, the script prints out the PID and executable of the process sending the signal, the PID and executable name of the process receiving the signal, and the signal number and name.

  • process/sleepingBeauties.stp - Generating Backtraces of Threads Waiting for IO Operations
    keywords: IO SCHEDULER BACKTRACE

    The script monitors the time that threads spend in waiting for IO operations (in "D" state) in the wait_for_completion function. If a thread spends over 10ms, its name and backtrace is printed, and later so is the total delay.

  • process/sleeptime.stp - Trace Time Spent in nanosleep Syscalls
    keywords: SYSCALL SLEEP

    The script watches each nanosleep syscall on the system. At the end of each nanosleep syscall the script prints out a line with a timestamp in microseconds, the pid, the executable name in parentheses, the "nanosleep:" key, and the duration of the sleep in microseconds.

  • process/syscalls_by_pid.stp - System-Wide Count of Syscalls by PID
    keywords: SYSCALL

    The script watches all syscall on the system. On exit the script prints a list showing the number of systemcalls executed by each PID ordered from greatest to least number of syscalls.

  • process/syscalls_by_proc.stp - System-Wide Count of Syscalls by Executable
    keywords: SYSCALL

    The script watches all syscall on the system. On exit the script prints a list showing the number of systemcalls executed by each executable ordered from greatest to least number of syscalls.

  • process/wait4time.stp - Trace Time Spent in wait4 Syscalls
    keywords: SYSCALL WAIT4

    The script watches each wait4 syscall on the system. At the end of each wait4 syscall the script prints out a line with a timestamp in microseconds, the pid, the executable name in parentheses, the "wait4:" key, the duration of the wait and the PID that the wait4 was waiting for. If the waited for PID is not specified , it is "-1".

  • profiling/errno.stp - Show Which Processes and System Calls Return Errors Most Frequently
    keywords: PROFILING

    On exit the errno.stp script provides a sorted list showing which combination of PID, system call, and error occur most frequently.

  • profiling/fntimes.stp - Show functions taking longer than usual
    keywords: PROFILING

    The fntimes.stp script monitors the execution time history of a given function family (assumed non-recursive). Each time (beyond a warmup interval) is then compared to the historical maximum. If it exceeds a certain threshold (250%), a message is printed.

  • profiling/functioncallcount.stp - Count Times Functions Called
    keywords: PROFILING FUNCTIONS

    The functioncallcount.stp script takes one argument, a list of functions to probe. The script will run and count the number of times that each of the functions on the list is called. On exit the script will print a sorted list from most frequently to least frequently called function.

  • profiling/linetimes.stp - Show Time Spent on Each Line if a Function
    keywords: PROFILING

    The linetimes.stp script takes two arguments: where to find the function and the function name. linetimes.stp will instrument each line in the function. It will print out the number of times that the function is called, a table with the average and maximum time each line takes, and control flow information when the script exits.

  • profiling/sched_switch.stp - Display the task switches happening in the scheduler
    keywords: PROFILING FUNCTIONS

    The sched_switch.stp script takes two arguments, first argument can be "pid" or "name" to indicate what is being passed as second argument. The script will trace the process based on pid/name and print the scheduler switches happening with the process. If no arguments are passed, it displays all the scheduler switches. This can be used to understand which tasks schedule out the current process being traced, and when it gets scheduled in again.

  • profiling/thread-times.stp - Profile kernel functions
    keywords: PROFILING

    The thread-times.stp script sets up time-based sampling. Every five seconds it prints out a sorted list with the top twenty threads occupying the CPUs, broken down as a percentage of user and kernel time.

  • profiling/timeout.stp - Show Processes Doing Polling Operations
    keywords: PROFILING

    The timeout.stp script is based on a blog entry (http://udrepper.livejournal.com/19041.html) mentioning a need for a tool to help developers find applications that are polling. The timeout.stp script monitors systemcall used for polling and records the systemcalls that timed out rather than returned because some action occurred. The script updates the screen once a second with the top twenty processes.

  • profiling/topsys.stp - Show Processes Doing Polling Operations
    keywords: PROFILING

    The topsys.stp script lists out the top twenty systemcalls for the previous 5 seconds. The output is sorted from most frequent to least frequent.
SystemTap