Peering into the Linux Kernel with Trace
a year ago
- #BCC Tools
- #Linux Kernel
- #Debugging
- The author encountered intermittent test failures due to unexpected changes in file access times.
- Using strace didn't reveal the cause, leading to suspicion of another process or a kernel bug.
- The BCC tools, specifically trace, were used to monitor kernel function calls in real-time.
- trace was configured to monitor the touch_atime function, revealing Sublime Text's background thread was accessing files.
- The issue was traced back to Sublime Text's git integration feature updating access times.
- The author highlights the power of trace for debugging and its addition to their toolkit.
- The process involved parsing probe specifications, converting them to eBPF bytecode, and using kprobes for monitoring.
- The article underscores the importance of transparency in system design for easier debugging.