[20181217]strace使用问题.txt
[20181217]strace使用问题.txt
--//最近使用starce跟踪分析ogg相关进程遇到一些问题.
# strace -t -p 703 -f -e open,read,lseek
Process 703 attached with 12 threads - interrupt to quit
[pid 717] 15:07:01 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:07:01 lseek(26, 2192071680, SEEK_SET) = 2192071680
[pid 720] 15:07:01 read(26, "\1\"\0\0.TA\0\337\20\0\0\20\200FZ`\0\0\0\4\0\6\0\177\354\237/\1\0\24\0"..., 1024000) = 1024000
[pid 717] 15:07:01 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 720] 15:07:01 read(26, "\1\"\0\0\376[A\0\325\20\0\0000\200\332\364G\225-\0\2\0\21\1\26\0\307\316\5\304\25-"..., 1024000) = 1024000
[pid 716] 15:07:03 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:07:03 lseek(25, 1679056896, SEEK_SET) = 1679056896
[pid 719] 15:07:03 read(25, "\1\"\0\0000\n2\0\362\25\0\0000\200\0023(#\0\0k\0\21\0\306f\n\0\377\0\16\0"..., 1024000) = 1024000
[pid 716] 15:07:03 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 719] 15:07:03 read(25, "\1\"\0\0\0\0222\0\356\25\0\0\220\200\10I/5\300\0\214\303\24\0\0\200\6\0\373x\361."..., 1024000) = 1024000
[pid 717] 15:07:04 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:07:04 lseek(26, 2192132608, SEEK_SET) = 2192132608
[pid 720] 15:07:04 read(26, "\1\"\0\0\245TA\0\337\20\0\0\20\200-3`\0\0\0\0043\6\0\305\356\237/\1\0ug"..., 1024000) = 1024000
[pid 717] 15:07:04 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 720] 15:07:04 read(26, "\1\"\0\0u\\A\0\325\20\0\0\230\200\214\205\0\0;V\2\r\2\0\5\0\377\377Y\310\300\21"..., 1024000) = 1024000
[pid 716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:07:06 lseek(25, 1679399424, SEEK_SET) = 1679399424
[pid 719] 15:07:06 read(25, "\1\"\0\0\315\f2\0\362\25\0\0\34\200\265Q\0\0\313*\367\357\237/\6\0\0\0\0\0\0\0"..., 1024000) = 1024000
[pid 716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 719] 15:07:06 read(25, "\1\"\0\0\235\0242\0\356\25\0\0\20\200\177Z(\2\0\0\5\0\6\0009\231\361.\1\0\24\0"..., 1024000) = 1024000
[pid 703] 15:07:07 lseek(20, 0, SEEK_SET) = 0
[pid 717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:07:07 lseek(26, 2192153600, SEEK_SET) = 2192153600
[pid 720] 15:07:07 read(26, "\1\"\0\0\316TA\0\337\20\0\0\20\200\347\257p\0\0\0\6\v\6\0\230\360\237/\1\0\0\0"..., 1024000) = 1024000
[pid 720] 15:07:07 read(26, "\1\"\0\0\236\\A\0\337\20\0\0008\200J75\0\22\0\240\212=\0\216\350@\1d\226;\0"..., 1024000) = 1024000
[pid 717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
--//这样可以跟踪open,read,lseek函数.
--//如果我想保存到文件并且输出,遇到问题:
# strace -t -p 703 -f -e open,read,lseek | tee /tmp/703.txt
...
--//ctrl+c中断退出.
# ls -l /tmp/703.txt
-rw-r--r-- 1 root root 0 2018-12-17 15:07:51 /tmp/703.txt
--//可以发现这样并不会通过管道写入/tmp/703.txt,似乎starce的这些输出被定向到标准错误输出(句柄2).
--//0对应标准输入 1对应标准输出 2对应标准错误.
--//改写如下就ok了.
# strace -t -p 703 -f -e open,read,lseek 2>&1 | tee /tmp/703.txt
Process 703 attached with 12 threads - interrupt to quit
[pid 703] 15:18:26 lseek(20, 0, SEEK_SET) = 0
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:18:26 lseek(25, 1819684352, SEEK_SET) = 1819684352
[pid 719] 15:18:26 read(25, "\1\"\0\0\27;6\0\362\25\0\0l\200\312J\1\0\216\1\1\0\0\0\0\0\24\0k\0 \0"..., 1024000) = 1024000
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 719] 15:18:26 read(25, "\1\"\0\0\347B6\0\356\25\0\0\20\200d\2040\2\0\0\5\0\6\0S\262\364.\1\0\360."..., 1024000) = 1024000
[pid 717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:18:27 lseek(26, 2217297920, SEEK_SET) = 2217297920
[pid 720] 15:18:27 read(26, "\1\"\0\0\244\24B\0\337\20\0\0\300\200\"\323\0\0\0\0\2\2\1\0h5\242/\6\0\0\0"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0t\34B\0\337\20\0\0x\200\25\262!\352\10\4\346\217\315\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0D$B\0\337\20\0\0\20\200M\7/table></div>\r\n<"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0\24,B\0\325\20\0\0`\200\346\3755px; left:435px;"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0\3443B\0\325\20\0\0\200\200\217\1!j\t\4R0\331\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000
[pid 717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
# cat /tmp/703.txt
Process 703 attached with 12 threads - interrupt to quit
[pid 703] 15:18:26 lseek(20, 0, SEEK_SET) = 0
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:18:26 lseek(25, 1819684352, SEEK_SET) = 1819684352
[pid 719] 15:18:26 read(25, "\1\"\0\0\27;6\0\362\25\0\0l\200\312J\1\0\216\1\1\0\0\0\0\0\24\0k\0 \0"..., 1024000) = 1024000
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 719] 15:18:26 read(25, "\1\"\0\0\347B6\0\356\25\0\0\20\200d\2040\2\0\0\5\0\6\0S\262\364.\1\0\360."..., 1024000) = 1024000
[pid 717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:18:27 lseek(26, 2217297920, SEEK_SET) = 2217297920
[pid 720] 15:18:27 read(26, "\1\"\0\0\244\24B\0\337\20\0\0\300\200\"\323\0\0\0\0\2\2\1\0h5\242/\6\0\0\0"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0t\34B\0\337\20\0\0x\200\25\262!\352\10\4\346\217\315\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0D$B\0\337\20\0\0\20\200M\7/table></div>\r\n<"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0\24,B\0\325\20\0\0`\200\346\3755px; left:435px;"..., 1024000) = 1024000
[pid 720] 15:18:27 read(26, "\1\"\0\0\3443B\0\325\20\0\0\200\200\217\1!j\t\4R0\331\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000
[pid 717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
---//简单探究打开句柄的情况:
# ps -ef | grep strac[e]
root 1913 24587 1 15:18 pts/3 00:00:00 strace -t -p 703 -f -e open read lseek
# ls -l /proc/1913/fd
total 0
lrwx------ 1 root root 64 2018-12-17 15:19:40 0 -> /dev/pts/3
l-wx------ 1 root root 64 2018-12-17 15:19:40 1 -> pipe:[32398409]
l-wx------ 1 root root 64 2018-12-17 15:19:04 2 -> pipe:[32398409]
--//1,2 被定向到 pipe:[32398409].
# ps -ef | grep te[e]
root 1914 24587 0 15:18 pts/3 00:00:00 tee /tmp/703.txt
# ls -l /proc/1914/fd
total 0
lr-x------ 1 root root 64 2018-12-17 15:20:29 0 -> pipe:[32398409]
lrwx------ 1 root root 64 2018-12-17 15:20:29 1 -> /dev/pts/3
lrwx------ 1 root root 64 2018-12-17 15:19:04 2 -> /dev/pts/3
l-wx------ 1 root root 64 2018-12-17 15:20:29 3 -> /tmp/703.txt
--// 0 定向到pipe:[32398409],也就是接收strace的输出.
# cat /proc/1914/fd/0
[pid 717] 15:21:36 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 717] 15:21:36 lseek(26, 2230129664, SEEK_SET) = 2230129664
[pid 720] 15:21:36 read(26,
[root@dbcndg2 IP=100.75 /proc/1691/fd 159]# cat /proc/1914/fd/0
[pid 717] 15:21:39 read(22, [pid 717] 15:21:39 lseek(26, 2230850560, SEEK_SET) = 2230850560
[pid 720] 15:21:39 read(26, "\1\"\0\0\n|B\0\337\20\0\0\20\200\20u`\0\0\0\4\211\6\0\373\367\242/\1\0\1\0"..., 1024000) = 1024000
[pid 717] 15:21:39 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232
[pid 720] 15:21:39 read(26, "\1\"\0\0\332\203B\0\325\20\0\0X\200\27\330:normal;font-fam"..., 1024000) = 1024000
--//还有一种方式分别写入文件使用参数-ff
# strace -t -p 703 -ff -e open,read,lseek -o /tmp/703.txt
Process 703 attached with 12 threads - interrupt to quit
# ls -l /tmp/703.txt*
-rw-r--r-- 1 root root 88 2018-12-17 15:27:24 /tmp/703.txt.703
-rw-r--r-- 1 root root 0 2018-12-17 15:27:11 /tmp/703.txt.704
-rw-r--r-- 1 root root 0 2018-12-17 15:27:11 /tmp/703.txt.705
-rw-r--r-- 1 root root 0 2018-12-17 15:27:11 /tmp/703.txt.706
-rw-r--r-- 1 root root 0 2018-12-17 15:27:11 /tmp/703.txt.707
-rw-r--r-- 1 root root 0 2018-12-17 15:27:11 /tmp/703.txt.712
-rw-r--r-- 1 root root 0 2018-12-17 15:27:11 /tmp/703.txt.715
-rw-r--r-- 1 root root 2334 2018-12-17 15:27:30 /tmp/703.txt.716
-rw-r--r-- 1 root root 1815 2018-12-17 15:27:31 /tmp/703.txt.717
-rw-r--r-- 1 root root 0 2018-12-17 15:27:11 /tmp/703.txt.718
-rw-r--r-- 1 root root 1555 2018-12-17 15:27:30 /tmp/703.txt.719
-rw-r--r-- 1 root root 1090 2018-12-17 15:27:31 /tmp/703.txt.720
扫一扫,关注我们
