I am using forktracker.stp to track the fork process flow. The script is like this:
probe kprocess.create
{
printf("%-25s: %s (%d) created %d\n",
ctime(gettimeofday_s()), execname(), pid(), new_pid)
}
probe kprocess.exec
{
printf("%-25s: %s (%d) is exec'ing %s\n",
ctime(gettimeofday_s()), execname(), pid(), filename)
}
Executing the script, I find it outputs the following results:
......
Thu Oct 22 05:09:42 2015 : virt-manager (8713) created 8713
Thu Oct 22 05:09:42 2015 : virt-manager (8713) created 8713
Thu Oct 22 05:09:42 2015 : virt-manager (8713) created 8713
Thu Oct 22 05:09:43 2015 : virt-manager (8713) created 8713
......
I can't understand why pid() and new_pid are same value. I doubt whether it is related to "fork call once, return twice". So I write a simple program to test:
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main(void)
{
pid_t pid;
pid = fork();
if (pid < 0) {
exit(1);
} else if (pid > 0) {
printf("Parent exits!\n");
exit(0);
}
printf("hello world\n");
return 0;
}
Tracking this program, the script outputs:
Thu Oct 22 05:27:10 2015 : bash (3855) created 8955
Thu Oct 22 05:27:10 2015 : bash (8955) is exec'ing "./test"
Thu Oct 22 05:27:10 2015 : test (8955) created 8956
So it seems not related to "fork call once, return twice".
How can I understand the pid() and new_pid are same value?
I think what you're seeing are simply new threads, where the pids will be the same while the tids will differ. You can easily add tids to that script like so:
probe kprocess.create {
printf("%-25s: %s (%d:%d) created %d:%d\n",
ctime(gettimeofday_s()), execname(), pid(), tid(), new_pid, new_tid)
}
probe kprocess.exec {
printf("%-25s: %s (%d) is exec'ing %s\n",
ctime(gettimeofday_s()), execname(), pid(), filename)
}
You could also report tid in the exec, but that's often less interesting since an exec will replace the whole process anyway.
(This question was also posted to the mailing list, and I replied here.)