More Related Content
Similar to Root cause analysis with e bpf & python (20)
Root cause analysis with e bpf & python
- 15. from bcc import BPF
sensor=''int kprobe__sys_clone(void *ctx) {
bpf_trace_printk("Hello, World!n");
return 0;
}'
BPF(text=sensor).trace_print()
- 19. summarize aggregated latencies of syscalls
./syscount.py -L -p `pgrep -nx my_process`
Tracing syscalls, printing top 10... Ctrl+C to quit.
[09:41:32]
SYSCALL COUNT TIME (us)
nanosleep 9 7020894.226
futex 6 220.009
write 4 90.292
clone 2 70.935
Detaching...
- 20. top 3 failed syscalls
/usr/share/bcc/tools/syscount -x -T 3
Tracing failed syscalls, printing top 3... Ctrl+C to quit.
[13:27:46]
SYSCALL COUNT
recvmsg 6152
futex 346
read 32
^C
Detaching...
- 27. System Libraries
System Call Interface
Sockets
TCP/UDP
IP
Ethernet
VFS
File Systems
Volume Manager
Block Device
Interface
Device Drivers
Scheduler
Virtual
Memory
Trace
PYTHON
CPYTHON 3.6+
- 28. Listing tracepoints of CPython interpreter
tplist.py -l ./python
./python python:line
./python python:function__entry
./python python:function__return
./python python:import__find__load__start
./python python:import__find__load__done
./python python:gc__start
./python python:gc__done
- 32. ● Maximum of 4096 ebpf assembly
instructions
● No loops allowed
● Poor ecosystem
Editor's Notes
- these are the ones that might be worth
investigating with follow-up tools like opensnoop, execsnoop, or
trace
- It works by taking samples of stack traces at timed
intervals, and frequency counting them in kernel context for efficiency
- For further read. Refer to his blog