Truss can't follow processes that vfork() because of a circular wait condition. Truss assumes calls to fork in the traced process return immediately with the child PID. On return, truss forks a child truss to trace the child process. Unfortunately, vfork() doesn't return the PID until the child has exited or exec'd. The circular wait is as follows: 1. Truss waits for vfork to return, so it can examine the PID and start a child truss to trace the child process. 2. The child process meanwhile has been started with the same pfsflags as the parent, so it will have stopped at the first syscall waiting for the child truss to PIOCCONT it. 3. But the child truss hasn't been started yet... back to (1). Apparently devel/strace had similar problems under linux. The strace fix is to actually poke user data and change vforks into forks. How-To-Repeat: In any port directory, truss -f make clean always does the trick for me.
The problem outlined in this PR still exists. I have updated the patch against -current. I briefly tested it, and it still appears to work. http://people.freebsd.org/~lawrance/truss.patch
truss -f has been reworked to make use of fork following in ptrace() and no longer forks additional child processes, but will report the return value of vfork() once vfork() finally returns. The original patch is now OBE since truss uses ptrace() instead of procfs (and procfs for debugging is a legacy interface in FreeBSD that will likely be removed at some point). Please reopen if you are able to reproduce problems with truss -f and vfork on 11.0 or later.