basic questions to strace

Eugene Syromyatnikov evgsyr at gmail.com
Fri Oct 7 17:58:41 UTC 2016 

On Fri, Oct 7, 2016 at 5:06 PM, Lentes, Bernd
<bernd.lentes at helmholtz-muenchen.de> wrote:
>
>
>> On Fri, Oct 7, 2016 at 4:08 PM, Lentes, Bernd
>> <bernd.lentes at helmholtz-muenchen.de> wrote:
>>>
>>>
>
>>>
>>> Is that a segmentation fault ?
>> Well, I assume so by "general protection" message from your excerpt,
>> which is printed when there is unhandled SIGSEGV, iirc.
>
> It is one. When i do a "strace -f /usr/sbin/nsrexecd 2>&1|less" these are the last lines:
>
> [pid 14272] read(10, "4\277\267\233:Q\215\313\207\1e]\373\317\16\2755\375\251\371t\335\233q\223\214\350\tgN3\323"..., 48) = 48
> [pid 14272] write(10, "\25\3\1\0 \34\247\3343z\\\377\264\313\273\323\363%\1\202\26\240v\236\177Hp\2724b\344s"..., 37) = 37
> [pid 14272] read(10, "\25\3\1\0 ", 5)   = 5
> [pid 14272] read(10, "\277M)\5\315\213&\7\371\22\306\335\305\246o\255\213A\352@\26H\312\331<lw[s\263\267\217", 32) = 32
> [pid 14272] close(10)                   = 0
> [pid 14272] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
This is NULL dereference, but it is difficult to say what caused it
without additional information.

> [pid 14272] +++ killed by SIGSEGV (core dumped) +++
> [pid 14271] +++ killed by SIGSEGV (core dumped) +++
> [pid 14270] +++ killed by SIGSEGV (core dumped) +++
> [pid 14269] +++ killed by SIGSEGV (core dumped) +++
> +++ killed by SIGSEGV (core dumped) +++
>
>
>>> Ah. So clone is called with all arguments but strace shows just the relevant ?
>>> Does strace have this behaviour also with other system calls ?
>> Yes. futex, fcntl, prctl, quotact, keyctl, ptrace are examples of such syscalls.
>
>
>>> Sorry, i didn't read completely. Because the return code was != 0, i thought
>>> it's an error code.
>> Some syscalls return positive values in case of success, mostly the
>> ones which provide fd as a result, but there are other examples of
>> such behaviour. Only negative value indicates an error (in all cases
>> i'm aware of, at least).
>
>
>>> I installed the debian-kerbel via apt.
>>> But it didn't install it completely, just downloaded a tar which i need to
>>> extract manually.
>>> Why do i have a package management ?
>> There is linux-source package available in Debian. You can also do
>> apt-get source linux-image and obtain deb-src which would also contain
>> kernel sources.
>
> I installed linux-source via apt but still had to decompress the kernel tar manually.
>
> I have also core dumps which i don't know how to interpret. I can read the first few lines, but the rest
> seems to be base64 (?) coded and i can't read it. Is there a way to make it human readable ?
> I can offer it as a download (~400KB).
Well, core dumps (from ELF binaries) are ELF files. You can overview
it, as any other ELF file, with binutils, but the most useful, from my
point of view, is to load it into gdb (gdb -c corefile progname) and
check backtrace, info registers and disassemble /m.

> Thanks for your help, i appreciate that.
> For me to keep a sharp eye on what the system is doing itself is fascinating.
>
> Bernd
>
>
>
> Helmholtz Zentrum Muenchen
> Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
> Ingolstaedter Landstr. 1
> 85764 Neuherberg
> www.helmholtz-muenchen.de
> Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe
> Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Dr. Alfons Enhsen
> Registergericht: Amtsgericht Muenchen HRB 6466
> USt-IdNr: DE 129521671
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Strace-devel mailing list
> Strace-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/strace-devel



-- 
Eugene "eSyr" Syromyatnikov
mailto:evgSyr at gmail.com
xmpp:eSyr at jabber.{ru|org}

More information about the Strace-devel mailing list