forked from bpftrace/bpftrace
-
Notifications
You must be signed in to change notification settings - Fork 0
/
threadsnoop_example.txt
27 lines (23 loc) · 1.15 KB
/
threadsnoop_example.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Demonstrations of threadsnoop, the Linux bpftrace/eBPF version.
Tracing new threads via phtread_create():
# ./threadsnoop.bt
Attaching 2 probes...
TIME PID COMM FUNC
10:20:31.938572 28549 dockerd threadentry
10:20:31.939213 28549 dockerd threadentry
10:20:31.939405 28549 dockerd threadentry
10:20:31.940642 28549 dockerd threadentry
10:20:31.949060 28549 dockerd threadentry
10:20:31.958319 28549 dockerd threadentry
10:20:31.939152 28549 dockerd threadentry
10:20:31.950978 28549 dockerd threadentry
10:20:32.013269 28579 docker-containe 0x562f30f2e710
10:20:32.036764 28549 dockerd threadentry
10:20:32.083780 28579 docker-containe 0x562f30f2e710
10:20:32.116738 629 systemd-journal 0x7fb7114955c0
10:20:32.116844 629 systemd-journal 0x7fb7114955c0
[...]
The output shows a dockerd process creating several threads with the start
routine threadentry(), and docker-containe (truncated) and systemd-journal
also starting threads: in their cases, the function had no symbol information
available, so their addresses are printed in hex.