1Demonstrations of threadsnoop, the Linux BCC/eBPF version. 2 3 4Tracing new threads via phtread_create(): 5 6# ./threadsnoop 7Attaching 2 probes... 8TIME(ms) PID COMM FUNC 91938 28549 dockerd threadentry 101939 28549 dockerd threadentry 111939 28549 dockerd threadentry 121940 28549 dockerd threadentry 131949 28549 dockerd threadentry 141958 28549 dockerd threadentry 151939 28549 dockerd threadentry 161950 28549 dockerd threadentry 172013 28579 docker-containe 0x562f30f2e710L 182036 28549 dockerd threadentry 192083 28579 docker-containe 0x562f30f2e710L 202116 629 systemd-journal 0x7fb7114955c0L 212116 629 systemd-journal 0x7fb7114955c0L 22[...] 23 24The output shows a dockerd process creating several threads with the start 25routine threadentry(), and docker-containe (truncated) and systemd-journal 26also starting threads: in their cases, the function had no symbol information 27available, so their addresses are printed in hex. 28