DOKK / manpages / debian 12 / bpfcc-tools / drsnoop-bpfcc.8.en
drsnoop(8) System Manager's Manual drsnoop(8)

drsnoop - Trace direct reclaim events. Uses Linux eBPF/bcc.

drsnoop [-h] [-T] [-U] [-p PID] [-t TID] [-u UID] [-d DURATION] [-n name] [-v]

drsnoop trace direct reclaim events, showing which processes are allocing pages with direct reclaiming. This can be useful for discovering when allocstall (/p- roc/vmstat) continues to increase, whether it is caused by some critical proc- esses or not.

This works by tracing the direct reclaim events using kernel tracepoints.

This makes use of a Linux 4.4 feature (bpf_perf_event_output()); for kernels older than 4.4, see the version under tools/old, which uses an older mechanism.

Since this uses BPF, only the root user can use this tool.

CONFIG_BPF and bcc.

Print usage message.
Include a timestamp column.
Show UID.
Trace this process ID only (filtered in-kernel).
Trace this thread ID only (filtered in-kernel).
Trace this UID only (filtered in-kernel).
Total duration of trace in seconds.
Only print processes where its name partially matches 'name' -v verbose Run in verbose mode. Will output system memory state
show system memory state

# drsnoop
# drsnoop -d 10
# drsnoop -T
# drsnoop -U
# drsnoop -p 181
# drsnoop -u 1000
es 'mond': # drnsnoop -n mond

Time of the call, in seconds.
User ID
Process ID
Thread ID
Process name

This traces the kernel direct reclaim tracepoints and prints output for each event. As the rate of this is generally expected to be low (< 1000/s), the overhead is also expected to be negligible.

This is from bcc.

https://github.com/iovisor/bcc

Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.

Linux

Unstable - in development.

Wenbo Zhang

2019-02-20 USER COMMANDS