|stacksnoop(8)||System Manager's Manual||stacksnoop(8)|
stacksnoop - Print kernel stack traces for kernel functions. Uses Linux eBPF/bcc.
stacksnoop [-h] [-p PID] [-s] [-v] function
stacksnoop traces a given kernel function and for each call, prints the kernel stack back trace for that call. This shows the ancestry of function calls, and is a quick way to investigate low frequency kernel functions and their cause. For high frequency kernel functions, see stackcount.
This tool only works on Linux 4.6+. Stack traces are obtained using the new BPF_STACK_TRACE` APIs. For kernels older than 4.6, see the version under tools/old.
CONFIG_BPF and bcc.
- Print kernel stack traces for each call to ext4_sync_fs:
- # stacksnoop ext4_sync_fs
- Also show the symbol offsets:
- # stacksnoop -s ext4_sync_fs
- Show extra columns:
- # stacksnoop -v ext4_sync_fs
- Only trace when PID 185 is on-CPU:
- # stacksnoop -p 185 ext4_sync_fs
This can have significant overhead if frequently called functions (> 1000/s) are traced, and is only intended for low frequency function calls. This is because details including the stack trace for every call is passed to user space and processed. See stackcount for higher frequency calls, which performs in-kernel summaries.
This is from bcc.
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.
Unstable - in development.