ktracedump.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ktracedump(1M) ktracedump(1M)

NAME

ktracedump - display ktracer output for live system or crashdump

SYNOPSIS

ktracedump [-D|-m][

-H][-J col][-j col][-S

col][-a][-g][-A][-f

col:egrep_opts :regexp]

[

-N][-F

][-X ext]

DESCRIPTION

ktracedump displays kernel trace output for live system or crashdump, after trace records are captured

by ktracer.

The kernel trace feature (

ktracer) provides two commands:

•

ktracer: captures trace record on a live system, controls which kernel functions to traced, when to

start and stop tracing, and how many trace records to collect per CPU (see ktracer (1M)), and

•

ktracedump: produces a formatted report of trace records collected by

ktracer.

The output from

ktracedump goes to Unix standard output (typically a terminal screen) unless saved to

a ﬁle (> ﬁlename), or sent to a printer (

|lp), or piped to another program (|

program_name).

ktracedump also reports a list of kernel function names that were selected by

ktracer to be traced.

ktracedump reads the trace records and traced function names from kernel memory.

The

ktracedump -D command reads trace records for a live kernel from /dev/kmem. The ktra-

cedump -m command reads trace records from a crash dump.

In case of a crash dump,

ktracedump can be run in the dump directory to report which kernel pro-

cedure calls on a CPU led up to a panic or hang. However, kernel trace data will be found only if

ktracer was activated and running before the crash.

ktracedump does not write to the kernel, does not change kernel path ﬂow, and does not incur a

system-wide performance cost. ktracedump incurs only the performance cost of running the ktra-

cedump process.

ktracedump can be used concurrently by multiple superusers analyzing different dumps on the same

system. However, for consistent results on a live system, the sole superuser running ktracer should be

the only superuser running ktracedump -D on a live system.

Each kernel trace record contains the raw data needed to show the following information:

• Awk Parse Info

• Sequence#

• Zero-based Sequence#

• CPU#

• Process ID (PID)

• Thread ID (TID)

• Spinlock Depth

• Function (name of callee that is traced)

• Caller (name of calling function)

• Caller Offset

• Absolute Time (adjusted interval timer)

• Absolute Seconds (Absolute Time converted to seconds)

• Elapsed Time since previous trace record, in units of machine cycles

• Elapsed USec (Elapsed Time converted to microseconds)

• Stack Pointer (from Kernel Stack or Interrupt Control Stack)

• Processor Status Register (PSR)

• Task Priority Register (TPR)

• Function Parameters (arg0 through arg3 or arg7)

• 4 kernel Global variables

The ktracedump options -A, -J, -j, -a, and -g control which columns of data to show. The columns

shown follow the order of the options listed above.

Each trace record is displayed on one line of the

ktracedump output, with each one column for each

ﬁeld of the trace.

ktracer uses circular buffers in which the oldest data is overwritten by the newest data when

ktracer is active. Once the oldest data is overwritten, it is no longer available to ktracedump.Asa

precaution on a live system, save your ktracedump report to a ﬁle in order to view it again after

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (10 pages)

PAGE 1
ktracedump(1M) ktracedump(1M) NAME ktracedump - display ktracer output for live system or crashdump SYNOPSIS ktracedump [-D|-m] [-H] [-J col ] [-j col ] [-S col ] [-a] [-g] [-A] [-f col :egrep_opts :regexp] [-N] [-F] [-X ext] DESCRIPTION ktracedump displays kernel trace output for live system or crashdump, after trace records are captured by ktracer.
PAGE 2
ktracedump(1M) ktracedump(1M) restarting ktracer. The following command # ktracer -A numtraces will modify how many trace records the kernel collects per CPU. When the kernel collects more traces, ktracedump provides more data to analyze, but takes more time to generate the report, more disk space to store it, and more effort to search through it. ktracedump may be invoked repeatedly with different options. The underlying trace data always stays the same in a dump.
PAGE 3
ktracedump(1M) 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 ktracedump(1M) ZSeq Cpu PID TID SpnD Caller COff Function AbsTime AbsSec ElTime ElUSec StkPtr PSR TPR Nargs arg0 arg1 arg2 arg3 arg4 arg5 arg6 arg7 SymArg0 SymArg1 SymArg2 SymArg3 SymArg4 SymArg5 SymArg6 SymArg7 global0 global1 global2 global3 ON ON ON OFF ON OFF OFF ON OFF OFF OFF ON OFF ON OFF OFF OFF OFF OFF OFF OFF OFF OFF OFF ON OFF OFF OFF OFF OFF OFF OFF OFF OFF OFF OFF : : : : : :
PAGE 4
ktracedump(1M) ktracedump(1M) also the Timekeeping section. -J AbsSec%10.3lf would show the AbsSec column as a 10-character-wide column with 3 places after the decimal, representing seconds.milliseconds. -J ElUSec%7.0lf would show the ElUSec column as a 7-character-wide column with 0 places after the decimal, representing whole microseconds. -j column Do not show the specified column number or name in the output. For example, -j PSR will suppress the display of the PSR column. -j 0 will hide all fields.
PAGE 5
ktracedump(1M) ktracedump(1M) proceed to display the traced function list section if -F is specified. # ktracedump -D -N -F will report the ktracedump header and the traced function list, and no trace records. -F Display the traced function list. List the name of every kernel function that the ktracer user has selected to trace. It is common and expected, particularly with ktracer -R, to see many functions on the traced function list that have not been traced.
PAGE 6
ktracedump(1M) ktracedump(1M) corroborating that one hundredth of a second elapses between each hardclock call on each hyperthreaded CPU.
PAGE 7
ktracedump(1M) ktracedump(1M) ElTime Elapsed Time (ElTime) measures the time that elapsed, in iticks, between when the previous trace record was captured and when the current trace record was captured. Because trace points exist only at function entry points, ElTime measures elapsed time from Function ENTRY to Function ENTRY. Although users want to interpret ElTime and ElUSec as the length of time spent within the Function, from ENTRY to EXIT, that is not what ElTime is.
PAGE 8
ktracedump(1M) ktracedump(1M) or variable name that arg0 represents if possible. If unable to determine a name, SymArg0 will show arg0 numerically. SymArg1 Symbolic Argument 1 is a symbolic translation of arg1. SymArg2 Symbolic Argument 2 is a symbolic translation of arg2. SymArg3 Symbolic Argument 3 is a symbolic translation of arg3. Limitations As described in the LIMITATIONS section of the ktracer (1M) manpage, not all functions are traceable.
PAGE 9
ktracedump(1M) ktracedump(1M) Another way to do all the steps in the previous example: # ktracer -R -w ’workload ’ > ktrc.out ’workload’ can be replaced by a script name or a command line with or without parameters. If the workload has multiple parameters, surround the workload by a pair of single or double quotes per sh-posix quoting conventions: # ktracer -R -w ’find /tmp -name core’ > ktrace.out See sh-posix (1) for information about the quotes.
PAGE 10
ktracedump(1M) ktracedump(1M) ZSeq Cpu PID Function AbsSec 1013 0 1984 pm_signalx 8160.908 1014 0 1984 kill 8160.908 1015 0 1984 ksi_dequeue_fl 8160.908 1016 0 1984 psignalx 8160.908 1017 0 1984 pm_signalx 8160.908 1018 1 14235 issig 8160.908 1019 0 1984 __jobctl_sig_for_psignal 8160.908 1020 0 1984 clear_p_sig_jobctl_signa 8160.908 1021 0 1984 clear_kt_sig_stopsigs 8160.908 1022 0 1984 remove_stops_from_thread 8160.908 1023 0 1984 sigvec 8160.908 1024 1 14235 unblock_sigstop 8160.