问题
I used strace to attach to a process briefly. The process created 90 threads. When I found the offending thread, I had to tediously search for the parent thread, then the grandparent thread, and so on all the way to the root process.
Is there a trick or tool to quickly figure out which thread created another? Or better yet, print the tree of thread creations like pstree?
回答1:
strace -f to trace child process that's fork()ed.
回答2:
There is a perl script called strace-graph. Here is a version from github. It is packaged with crosstool-ng versions of compilers. It works for me even used cross platform.
ARM Linux box.
$ ./strace -f -q -s 100 -o app.trc -p 449
$ tftp -pr app.trc 172.0.0.133
X86_64 Linux box.
$ ./strace-graph /srv/tftp/app.trc
(anon)
+-- touch /tmp/ppp.sleep
+-- killall -HUP pppd
+-- amixer set Speaker 70%
+-- amixer set Speaker 70%
+-- amixer set Speaker 70%
+-- amixer set Speaker 70%
+-- amixer set Speaker 50%
+-- amixer set Speaker 70%
`-- amixer set Speaker 50%
The output can be used to help navigate the main trace log.
回答3:
I can't see an easy way:
You could use the -ff option with -o filename to produce multiple files (one per pid).
eg:
strace -o process_dump -ff ./executable
grep clone process_dump*
that would help you see which parent created what. Maybe that would help you - at least then you could search backwards.
回答4:
To capture traffic for a single process you can use strace, as @stackmate suggested.
strace -f -e trace=network -s 10000 -p <PID>;
or output it to a file.
strace -f -e trace=network -s 10000 -o dumpfile -p <PID>
-f for all forked process, -s for string size to print, and -o to dump the output to a file.
来源:https://stackoverflow.com/questions/4053142/how-to-track-child-process-using-strace