28 lines
1.2 KiB
Plaintext
28 lines
1.2 KiB
Plaintext
Demonstrations of threadsnoop, the Linux bpftrace/eBPF version.
|
|
|
|
|
|
Tracing new threads via phtread_create():
|
|
|
|
# ./threadsnoop.bt
|
|
Attaching 2 probes...
|
|
TIME PID COMM FUNC
|
|
10:20:31.938572 28549 dockerd threadentry
|
|
10:20:31.939213 28549 dockerd threadentry
|
|
10:20:31.939405 28549 dockerd threadentry
|
|
10:20:31.940642 28549 dockerd threadentry
|
|
10:20:31.949060 28549 dockerd threadentry
|
|
10:20:31.958319 28549 dockerd threadentry
|
|
10:20:31.939152 28549 dockerd threadentry
|
|
10:20:31.950978 28549 dockerd threadentry
|
|
10:20:32.013269 28579 docker-containe 0x562f30f2e710
|
|
10:20:32.036764 28549 dockerd threadentry
|
|
10:20:32.083780 28579 docker-containe 0x562f30f2e710
|
|
10:20:32.116738 629 systemd-journal 0x7fb7114955c0
|
|
10:20:32.116844 629 systemd-journal 0x7fb7114955c0
|
|
[...]
|
|
|
|
The output shows a dockerd process creating several threads with the start
|
|
routine threadentry(), and docker-containe (truncated) and systemd-journal
|
|
also starting threads: in their cases, the function had no symbol information
|
|
available, so their addresses are printed in hex.
|