forked from bpftrace/bpftrace
-
Notifications
You must be signed in to change notification settings - Fork 0
/
threadsnoop_example.txt
27 lines (23 loc) · 1.07 KB
/
threadsnoop_example.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Demonstrations of threadsnoop, the Linux bpftrace/eBPF version.
Tracing new threads via phtread_create():
# ./threadsnoop.bt
Attaching 2 probes...
TIME(ms) PID COMM FUNC
1938 28549 dockerd threadentry
1939 28549 dockerd threadentry
1939 28549 dockerd threadentry
1940 28549 dockerd threadentry
1949 28549 dockerd threadentry
1958 28549 dockerd threadentry
1939 28549 dockerd threadentry
1950 28549 dockerd threadentry
2013 28579 docker-containe 0x562f30f2e710
2036 28549 dockerd threadentry
2083 28579 docker-containe 0x562f30f2e710
2116 629 systemd-journal 0x7fb7114955c0
2116 629 systemd-journal 0x7fb7114955c0
[...]
The output shows a dockerd process creating several threads with the start
routine threadentry(), and docker-containe (truncated) and systemd-journal
also starting threads: in their cases, the function had no symbol information
available, so their addresses are printed in hex.