-
Notifications
You must be signed in to change notification settings - Fork 3.9k
/
threadsnoop_example.txt
40 lines (31 loc) · 1.28 KB
/
threadsnoop_example.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Demonstrations of threadsnoop, the Linux BCC/eBPF version.
Tracing new threads via phtread_create():
# ./threadsnoop
Attaching 2 probes...
TIME(ms) PID COMM FUNC
1938 28549 dockerd threadentry
1939 28549 dockerd threadentry
1939 28549 dockerd threadentry
1940 28549 dockerd threadentry
1949 28549 dockerd threadentry
1958 28549 dockerd threadentry
1939 28549 dockerd threadentry
1950 28549 dockerd threadentry
2013 28579 docker-containe 0x562f30f2e710L
2036 28549 dockerd threadentry
2083 28579 docker-containe 0x562f30f2e710L
2116 629 systemd-journal 0x7fb7114955c0L
2116 629 systemd-journal 0x7fb7114955c0L
[...]
The output shows a dockerd process creating several threads with the start
routine threadentry(), and docker-containe (truncated) and systemd-journal
also starting threads: in their cases, the function had no symbol information
available, so their addresses are printed in hex.
USAGE message:
# ./threadsnoop.py -h
usage: threadsnoop.py [-h]
List new thread creation.
options:
-h, --help show this help message and exit
examples:
./threadsnoop # list new thread creation