Stack Overflow
Stack Overflow

Questions tagged [strace]

strace is a Linux/UNIX tool for logging and analysing the system calls made by a user-side process.

strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. The operation of strace is made possible by the kernel feature known as .

Use this tag to ask programming questions related to the strace command and the strace() system call.

Source: Wikipedia

485 questions
25
votes
6 answers

Node.js 100% CPU - gettimeofday call

I've got a long running node.js process that sometimes jumps to 100% CPU and stops responding to requests. The most recent time it did this I attached strace to the process, and here's what I saw: Process 19523 attached - interrupt to…
Ben Dowling
  • 17,187
  • 8
  • 87
  • 103
24
votes
3 answers

How does strace work?

It can trace all system calls used. But what differs a sys_call from a normal call??
gdb
  • 7,189
  • 12
  • 38
  • 36
22
votes
3 answers

gdb break when program opens specific file

Back story: While running a program under strace I notice that '/dev/urandom' is being open'ed. I would like to know where this call is coming from (it is not part of the program itself, it is part of the system). So, using gdb, I am trying to…
zdav
  • 2,752
  • 17
  • 15
22
votes
3 answers

ltrace equivalent for osx?

osx has the really powerful dtrace/ktrace/dtruss tools - however i'm not willing to invest the time necessary to learn dealing with them right now. what's the easiest way to get the equivalent functionality of linux ltrace (and possibly strace) on…
Enki
  • 221
  • 1
  • 2
  • 3
21
votes
1 answer

How to exclude some calls in strace?

I want to trace system calls with strace. There are too many read and write, so I want to exclude them. Here is my test: strace -e trace=!read ls My PC (Ubuntu 14) failed to run this command. The error message is !open: event not found. I have read…
bucherren
  • 223
  • 1
  • 2
  • 5
17
votes
2 answers

poll system call timeout

Attaching strace shows a lot of these messages: poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=10, events=POLLIN}], 6, 0) = 0 (Timeout) poll([{fd=5, events=POLLIN},…
mahmood
  • 23,197
  • 49
  • 147
  • 242
15
votes
3 answers

strace -f strace /bin/ls failed with PTRACE_TRACEME EPERM (Operation not permitted)

When I run strace -f strace /bin/ls to know how strace work it failed with ptrace(PTRACE_TRACEME, 0, 0, 0) = -1 EPERM (Operation not permitted) even with root account. It there any solution for this?
user150497
  • 490
  • 4
  • 14
15
votes
1 answer

Tracing calls to a shared library

I am developing a program under Linux. For debugging purposes I want to trace all calls from my program to a certain (preferably shared) library. (I do not want to trace calls happening inside the library.) For syscalls there is strace. Is there any…
porton
  • 5,214
  • 11
  • 47
  • 95
14
votes
7 answers

How to trace per-file IO operations in Linux?

I need to track read system calls for specific files, and I'm currently doing this by parsing the output of strace. Since read operates on file descriptors I have to keep track of the current mapping between fd and path. Additionally, seek has to be…
Noah Watkins
  • 5,446
  • 3
  • 34
  • 47
13
votes
3 answers

How to quit strace when attached to a process?

[root@woyo test]# strace -o /tmp/lsof.strace -p 5625 Process 5625 attached - interrupt to quit q Anyone knows?
compiler
  • 4,143
  • 9
  • 36
  • 40
13
votes
1 answer

A lot of SIGSEGV while strace'ing java process

Interesting stuff occurred while I debug one of the unit tests on CI server (maven build actually). I connect to java process with strace -ff -e trace=network -p [pid] to trace network activity of build process. And that's what I saw: Process 26324…
Denis Bazhenov
  • 9,680
  • 8
  • 43
  • 65
13
votes
1 answer

How to capture network traffic from a specific android application.

I have read a paper which proposes an approach to capture network traffic from a specific android application.It says "We used tcpdump to collect all the network traffic from the virtual machine. We ported the strace utility to Android to log each…
user3308958
  • 131
  • 1
  • 1
  • 4
13
votes
2 answers

Is there a way to see the value behind a raw pointer in strace output?

With strace it is possible to see the ioctl call for the certain file descriptor and with certain command. The third argument is a structure, but strace shows it as a raw pointer to the memory. strace output example: open("/dev/node", O_RDWR) =…
Terry Greentail
  • 143
  • 1
  • 5
12
votes
1 answer

Difference between ptrace(PTRACE_PEEKUSER) and ptrace(PTRACE_PEEKDATA)?

After posting a lot of questions on ptrace (the most recent 5 questions are mine :( ) I finally got the desired output when I replaced reg_val[1] = ptrace(PTRACE_PEEKDATA, child, 4 * EBX, NULL); with reg_val[1] = ptrace(PTRACE_PEEKUSER, child, 4 *…
kidd0
  • 731
  • 2
  • 8
  • 25
12
votes
5 answers

strace to monitor Dockerized application activity

My goal is to monitor which ports are opened and closed by a multi-process application. My plan is to run the application in a Docker container, in order to isolate it, and then use strace to report the application activity. I've tried with Apache…
Guillaume Delafosse
  • 222
  • 1
  • 3
  • 14
1
2
3
32 33