1.\" $OpenBSD: ktrace.1,v 1.34 2023/12/15 15:12:08 deraadt Exp $ 2.\" 3.\" Copyright (c) 1990, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)ktrace.1 8.1 (Berkeley) 6/6/93 31.\" 32.Dd $Mdocdate: December 15 2023 $ 33.Dt KTRACE 1 34.Os 35.Sh NAME 36.Nm ktrace 37.Nd enable kernel process tracing 38.Sh SYNOPSIS 39.Nm ktrace 40.Op Fl aCcdi 41.Op Fl f Ar trfile 42.Op Fl g Ar pgid 43.Op Fl p Ar pid 44.Op Fl t Ar trstr 45.Nm ktrace 46.Op Fl aBdiT 47.Op Fl f Ar trfile 48.Op Fl t Ar trstr 49.Ar command 50.Sh DESCRIPTION 51.Nm ktrace 52enables kernel trace logging for the specified processes. 53By default, kernel trace data is logged to the file 54.Pa ktrace.out , 55unless overridden by the 56.Fl f 57option. 58The kernel operations traced are system calls, namei translations, 59signal processing and I/O. 60.Pp 61Once tracing is enabled on a process, trace data will be logged until 62either the process exits or the trace point is cleared. 63A traced process can generate enormous amounts of log data quickly; 64it is strongly suggested that users memorize how to disable tracing before 65attempting to trace a process. 66The following command is sufficient to disable tracing on all user owned 67processes and, if executed by root, all processes: 68.Pp 69.Dl $ ktrace -C 70.Pp 71The trace file is not human-readable; use 72.Xr kdump 1 73to decode it. 74.Pp 75The options are as follows: 76.Bl -tag -width 9n 77.It Fl a 78Append to the trace file instead of recreating it. 79.It Fl B 80Set the 81.Ev LD_BIND_NOW 82environment variable to specify that the dynamic linker should process 83relocations immediately instead of as they are encountered. 84This eliminates the resulting 85.Xr ld.so 1 86relocation sequences. 87.It Fl C 88Disable tracing on all user owned processes and, if executed by root, all 89processes in the system. 90.It Fl c 91Clear the trace points associated with the trace file or any specified 92processes. 93.It Fl d 94Descendants; perform the operation for all current children of the 95designated processes. 96.It Fl f Ar trfile 97Log trace records to 98.Ar trfile 99instead of 100.Pa ktrace.out . 101.It Fl g Ar pgid 102Enable (disable) tracing on all processes in the process group (only one 103.Fl g 104flag is permitted). 105.It Fl i 106Inherit; pass the trace flags to all future children of the designated 107processes. 108.It Fl p Ar pid 109Enable (disable) tracing on the indicated process ID (only one 110.Fl p 111flag is permitted). 112.It Fl T 113Disable userland timekeeping, making time related system calls more prevalent. 114.It Fl t Ar trstr 115Select which information to put into the dump file. 116The argument can contain one or more of the following letters. 117By default all trace points except for 118.Cm X 119are enabled. 120.Pp 121.Bl -tag -width flag -offset indent -compact 122.\" Keep this list in sync with kdump(1) and ltrace(1). 123.It Cm c 124trace system calls 125.It Cm i 126trace I/O 127.It Cm n 128trace namei translations 129.It Cm p 130trace violation of 131.Xr pledge 2 132restrictions 133.It Cm s 134trace signal processing 135.It Cm S 136trace violation of 137.Xr pinsyscalls 2 138.It Cm t 139trace various structures 140.It Cm u 141trace user data coming from 142.Xr utrace 2 143.It Cm x 144trace argument vector in 145.Xr execve 2 146.It Cm X 147trace environment in 148.Xr execve 2 149.It Cm + 150trace the default points 151.El 152.It Ar command 153Execute 154.Ar command 155with the specified trace flags. 156.El 157.Pp 158The 159.Fl p , 160.Fl g , 161and 162.Ar command 163options are mutually exclusive. 164.Sh FILES 165.Bl -tag -width ktrace.out -compact 166.It Pa ktrace.out 167default ktrace dump file 168.El 169.Sh EXAMPLES 170Trace all kernel operations of process ID 34: 171.Dl $ ktrace -p 34 172.Pp 173Trace all kernel operations of processes in process group 15 and 174pass the trace flags to all current and future children: 175.Dl $ ktrace -idg 15 176.Pp 177Disable all tracing of process 65: 178.Dl $ ktrace -cp 65 179.Pp 180Disable tracing signals on process 70 and all current children: 181.Dl $ ktrace -t s -cdp 70 182.Pp 183Enable tracing of I/O on process 67: 184.Dl $ ktrace -ti -p 67 185.Pp 186Run the command 187.Xr w 1 , 188tracing only system calls: 189.Dl $ ktrace -tc w 190.Pp 191Disable all tracing to the file "tracedata": 192.Dl $ ktrace -c -f tracedata 193.Pp 194Disable tracing of all processes owned by the user: 195.Dl $ ktrace -C 196.Sh SEE ALSO 197.Xr kdump 1 , 198.Xr ktrace 2 , 199.Xr utrace 2 200.Sh HISTORY 201The 202.Nm ktrace 203command appeared in 204.Bx 4.3 Reno . 205