-a

column Align return values in a specific column (default column 40).

-i

Print the instruction pointer at the time of the system call.

-o

filename Write the trace output to the file filename rather than to stderr. filename.pid form is used if

-ff

treated as a command and all output is piped to it. This is convenient for piping the debuggingoutput to a program without affecting the redirections of executed programs. The latter is notcompatible with -ff option currently.

-qq

suppress messages about process exit status.

-t

Prefix each line of the trace with the wall clock time.

-tt

the time printed will include the microseconds.

-x

Print all non-ASCII strings in hexadecimal string format.

-xx

Print all strings in hexadecimal string format.

-y

Print paths associated with file descriptor arguments.

-C

Like -c but also print regular output while processes are running.

-e

Trace only the specified set of system calls. The -c option is useful for determining which sys‐tem calls might be useful to trace. For example, trace=open,close,read,write means to only tracethose four system calls. Be careful when making inferences about the user/kernel boundary if onlya subset of system calls are being monitored. The default is trace=all.

-v

option has the effect of abbrev=none.

-1,

If :signal=sig option is specified with either a symbolic value like SIGSEGV or a numeric value within1..SIGRTMAX range, that signal is delivered on entering every syscall specified by the set.If :signal=sig option is specified without :error=errno or :retval=value options, then only a signalsig is delivered without a syscall fault injection. Conversely, :error=errno or :retval=value optionwithout :signal=sig option injects a fault without delivering a signal.If both :error=errno or :retval=value and :signal=sig options are specified, then both a fault or suc‐cess is injected and a signal is delivered.Unless a :when=expr subexpression is specified, an injection is being made into every invocation ofeach syscall from the set.The format of the subexpression is one of the following:firstFor every syscall from the set, perform an injection for the syscall invocation number first only.first+For every syscall from the set, perform injections for the syscall invocation number first and allsubsequent invocations.first+stepFor every syscall from the set, perform injections for syscall invocations number first,first+step, first+step+step, and so on.For example, to fail each third and subsequent chdir syscalls with ENOENT, use

-P

/dev/urandom -e inject=file:error=ENOENT.

-I

When strace can be interrupted by signals (such as pressing ^C). 1: no signals are blocked; 2:fatal signals are blocked while decoding syscall (default); 3: fatal signals are always blocked(default if '-o FILE PROG'); 4: fatal signals and SIGTSTP (^Z) are always blocked (useful to makestrace -o FILE PROG not stop on ^Z).Startup

-E

var=val Run command with var=val in its list of environment variables.

-d

Show some debugging output of strace itself on the standard error.

-h

Print the help summary.

-V

DIAGNOSTICSWhen command exits, strace exits with the same exit status. If command is terminated by a signal, strace ter‐minates itself with the same signal, so that strace can be used as a wrapper process transparent to the invok‐ing parent process. Note that parent-child relationship (signal stop notifications, getppid() value, etc)between traced process and its parent are not preserved unless -D is used.When using -p without a command, the exit status of strace is zero unless no processes has been attached orthere was an unexpected error in doing the tracing.SETUID INSTALLATIONIf strace is installed setuid to root then the invoking user will be able to attach to and trace processesowned by any user. In addition setuid and setgid programs will be executed and traced with the correct effec‐tive privileges. Since only users trusted with full root privileges should be allowed to do these things, itonly makes sense to install strace as setuid to root when the users who can execute it are restricted to thoseusers who have this trust. For example, it makes sense to install a special version of strace with mode'rwsr-xr--', user root and group trace, where members of the trace group are trusted users. If you do usethis feature, please remember to install a regular non-setuid version of strace for ordinary users to use.MULTIPLE PERSONALITY SUPPORTOn some architectures, strace supports decoding of syscalls for processes that use different ABI rather thanthe one strace uses. Specifically, in addition to decoding native ABI, strace can decode the following ABIson the following architectures:┌───────────────┬──────────────────────────────────────────────────────────────────────────────────────────┐│Architecture │ ABIs supported │├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────┤│x86_64 │ i386, x32 (when built as an x86_64 application); i386 (when built as an x32 application) │├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────┤│AArch64 │ ARM 32-bit EABI │├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────┤│PowerPC 64-bit │ PowerPC 32-bit │├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────┤│RISC-V 64-bit │ RISC-V 32-bit │├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────┤│s390x │ s390 │├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────┤│SPARC 64-bit │ SPARC 32-bit │├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────┤│TILE 64-bit │ TILE 32-bit │└───────────────┴──────────────────────────────────────────────────────────────────────────────────────────┘This support is optional and relies on ability to generate and parse structure definitions during the buildtime. Please refer to the output of the strace -V command in order to figure out what support is available inyour strace build ("non-native" refers to an ABI that differs from the ABI strace has):m32-mpers strace can trace and properly decode non-native 32-bit binaries.no-m32-mpers strace can trace, but cannot properly decode non-native 32-bit binaries.mx32-mpers strace can trace and properly decode non-native 32-on-64-bit binaries.no-mx32-mpers strace can trace, but cannot properly decode non-native 32-on-64-bit binaries.If the output contains neither m32-mpers nor no-m32-mpers, then decoding of non-native 32-bit binaries is notimplemented at all or not applicable.Likewise, if the output contains neither mx32-mpers nor no-mx32-mpers, then decoding of non-native32-on-64-bit binaries is not implemented at all or not applicable.NOTESIt is a pity that so much tracing clutter is produced by systems employing shared libraries.It is instructive to think about system call inputs and outputs as data-flow across the user/kernel boundary.Because user-space and kernel-space are separate and address-protected, it is sometimes possible to makedeductive inferences about process behavior using inputs and outputs as propositions.In some cases, a system call will differ from the documented behavior or have a different name. For example,the faccessat(2) system call does not have flags argument, and the setrlimit(2) library function usesprlimit64(2) system call on modern (2.6.38+) kernels. These discrepancies are normal but idiosyncratic char‐acteristics of the system call interface and are accounted for by C library wrapper functions.Some system calls have different names in different architectures and personalities. In these cases, systemcall filtering and printing uses the names that match corresponding __NR_* kernel macros of the tracee'sarchitecture and personality. There are two exceptions from this general rule: arm_fadvise64_64(2) ARMsyscall and xtensa_fadvise64_64(2) Xtensa syscall are filtered and printed as fadvise64_64(2).On some platforms a process that is attached to with the -p option may observe a spurious EINTR return fromthe current system call that is not restartable. (Ideally, all system calls should be restarted on straceattach, making the attach invisible to the traced process, but a few system calls aren't. Arguably, everyinstance of such behavior is a kernel bug.) This may have an unpredictable effect on the process if theprocess takes no action to restart the system call.BUGSPrograms that use the setuid bit do not have effective user ID privileges while being traced.A traced process runs slowly.Traced processes which are descended from command may be left running after an interrupt signal (CTRL-C).HISTORYThe original strace was written by Paul Kranenburg for SunOS and was inspired by its trace utility. The SunOSversion of strace was ported to Linux and enhanced by Branko Lankester, who also wrote the Linux kernel sup‐port. Even though Paul released strace 2.5 in 1992, Branko's work was based on Paul's strace 1.5 release from1991. In 1993, Rick Sladkey merged strace 2.5 for SunOS and the second release of strace for Linux, addedmany of the features of truss(1) from SVR4, and produced an strace that worked on both platforms. In 1994Rick ported strace to SVR4 and Solaris and wrote the automatic configuration support. In 1995 he portedstrace to Irix and tired of writing about himself in the third person.Beginning with 1996, strace was maintained by Wichert Akkerman. During his tenure, strace developmentmigrated to CVS; ports to FreeBSD and many architectures on Linux (including ARM, IA-64, MIPS, PA-RISC, Pow‐erPC, s390, SPARC) were introduced. In 2002, the burden of strace maintainership was transferred to RonaldMcGrath. Since then, strace gained support for several new Linux architectures (AMD64, s390x, SuperH), bi-architecture support for some of them, and received numerous additions and improvements in syscalls decoderson Linux; strace development migrated to git during that period. Since 2009, strace is actively maintained byDmitry Levin. strace gained support for AArch64, ARC, AVR32, Blackfin, Meta, Nios II, OpenSISC 1000, RISC-V,Tile/TileGx, Xtensa architectures since that time. In 2012, unmaintained and apparently broken support fornon-Linux operating systems was removed. Also, in 2012 strace gained support for path tracing and filedescriptor path decoding. In 2014, support for stack traces printing was added. In 2016, syscall faultinjection was implemented.For the additional information, please refer to the NEWS file and strace repository commit log.REPORTING BUGSProblems with strace should be reported to the strace mailing list at <strace-devel@lists.sourceforge.net>.