KTRACE(1) - General Commands Manual

KTRACE(1) - General Commands Manual #

KTRACE(1) - General Commands Manual

NAME #

ktrace - enable kernel process tracing

SYNOPSIS #

ktrace [-aCcdi] [-f trfile] [-g pgid] [-p pid] [-t trstr]
ktrace [-aBdiT] [-f trfile] [-t trstr] command

DESCRIPTION #

ktrace enables kernel trace logging for the specified processes. By default, kernel trace data is logged to the file ktrace.out, unless overridden by the -f option. The kernel operations traced are system calls, namei translations, signal processing and I/O.

Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; it is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes and, if executed by root, all processes:

$ ktrace -C

The trace file is not human-readable; use kdump(1) to decode it.

The options are as follows:

-a

Append to the trace file instead of recreating it.

-B

Set the LD_BIND_NOW environment variable to specify that the dynamic linker should process relocations immediately instead of as they are encountered. This eliminates the resulting ld.so(1) relocation sequences.

-C

Disable tracing on all user owned processes and, if executed by root, all processes in the system.

-c

Clear the trace points associated with the trace file or any specified processes.

-d

Descendants; perform the operation for all current children of the designated processes.

-f trfile

Log trace records to trfile instead of ktrace.out.

-g pgid

Enable (disable) tracing on all processes in the process group (only one -g flag is permitted).

-i

Inherit; pass the trace flags to all future children of the designated processes.

-p pid

Enable (disable) tracing on the indicated process ID (only one -p flag is permitted).

-T

Disable userland timekeeping, making time related system calls more prevalent.

-t trstr

Select which information to put into the dump file. The argument can contain one or more of the following letters. By default all trace points except for X are enabled.

c

trace system calls

i

trace I/O

n

trace namei translations

p

trace violation of pledge(2) restrictions

s

trace signal processing

S

trace violation of pinsyscalls(2)

t

trace various structures

u

trace user data coming from utrace(2)

x

trace argument vector in execve(2)

X

trace environment in execve(2)

+

trace the default points

command

Execute command with the specified trace flags.

The -p, -g, and command options are mutually exclusive.

FILES #

ktrace.out

default ktrace dump file

EXAMPLES #

Trace all kernel operations of process ID 34:

$ ktrace -p 34

Trace all kernel operations of processes in process group 15 and pass the trace flags to all current and future children:

$ ktrace -idg 15

Disable all tracing of process 65:

$ ktrace -cp 65

Disable tracing signals on process 70 and all current children:

$ ktrace -t s -cdp 70

Enable tracing of I/O on process 67:

$ ktrace -ti -p 67

Run the command w(1), tracing only system calls:

$ ktrace -tc w

Disable all tracing to the file “tracedata”:

$ ktrace -c -f tracedata

Disable tracing of all processes owned by the user:

$ ktrace -C

SEE ALSO #

kdump(1), ktrace(2), utrace(2)

HISTORY #

The ktrace command appeared in 4.3BSD-Reno.

OpenBSD 7.5 - December 15, 2023