xref: /freebsd/usr.bin/kdump/kdump.c (revision 96190b4fef3b4a0cc3ca0606b0c4e3e69a5e6717)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1988, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #define _WANT_KERNEL_ERRNO
33 #ifdef __LP64__
34 #define	_WANT_KEVENT32
35 #endif
36 #define	_WANT_FREEBSD11_KEVENT
37 #define	_WANT_FREEBSD_BITSET
38 #include <sys/param.h>
39 #include <sys/capsicum.h>
40 #include <sys/_bitset.h>
41 #include <sys/bitset.h>
42 #include <sys/errno.h>
43 #include <sys/time.h>
44 #include <sys/uio.h>
45 #include <sys/event.h>
46 #include <sys/ktrace.h>
47 #include <sys/mman.h>
48 #include <sys/ioctl.h>
49 #include <sys/poll.h>
50 #include <sys/socket.h>
51 #include <sys/stat.h>
52 #include <sys/sysent.h>
53 #include <sys/umtx.h>
54 #include <sys/un.h>
55 #include <sys/queue.h>
56 #include <sys/wait.h>
57 #ifdef WITH_CASPER
58 #include <sys/nv.h>
59 #endif
60 #include <arpa/inet.h>
61 #include <netinet/in.h>
62 #include <ctype.h>
63 #include <capsicum_helpers.h>
64 #include <err.h>
65 #include <grp.h>
66 #include <inttypes.h>
67 #include <locale.h>
68 #include <netdb.h>
69 #include <nl_types.h>
70 #include <pwd.h>
71 #include <stddef.h>
72 #include <stdio.h>
73 #include <stdlib.h>
74 #include <string.h>
75 #include <sysdecode.h>
76 #include <time.h>
77 #include <unistd.h>
78 #include <vis.h>
79 #include "ktrace.h"
80 #include "kdump.h"
81 
82 #ifdef WITH_CASPER
83 #include <libcasper.h>
84 
85 #include <casper/cap_grp.h>
86 #include <casper/cap_pwd.h>
87 #endif
88 
89 int fetchprocinfo(struct ktr_header *, u_int *);
90 u_int findabi(struct ktr_header *);
91 int fread_tail(void *, int, int);
92 void dumpheader(struct ktr_header *, u_int);
93 void dumptimeval(struct ktr_header_v0 *kth);
94 void dumptimespec(struct ktr_header *kth);
95 void ktrsyscall(struct ktr_syscall *, u_int);
96 void ktrsysret(struct ktr_sysret *, u_int);
97 void ktrnamei(char *, int);
98 void hexdump(char *, int, int);
99 void visdump(char *, int, int);
100 void ktrgenio(struct ktr_genio *, int);
101 void ktrpsig(struct ktr_psig *);
102 void ktrcsw(struct ktr_csw *);
103 void ktrcsw_old(struct ktr_csw_old *);
104 void ktruser(int, void *);
105 void ktrcaprights(cap_rights_t *);
106 void ktritimerval(struct itimerval *it);
107 void ktrsockaddr(struct sockaddr *);
108 void ktrsplice(struct splice *);
109 void ktrstat(struct stat *);
110 void ktrstruct(char *, size_t);
111 void ktrcapfail(struct ktr_cap_fail *);
112 void ktrfault(struct ktr_fault *);
113 void ktrfaultend(struct ktr_faultend *);
114 void ktrkevent(struct kevent *);
115 void ktrpollfd(struct pollfd *);
116 void ktrstructarray(struct ktr_struct_array *, size_t);
117 void ktrbitset(char *, struct bitset *, size_t);
118 void ktrsyscall_freebsd(struct ktr_syscall *ktr, register_t **resip,
119     int *resnarg, char *resc, u_int sv_flags);
120 void usage(void);
121 
122 #define	TIMESTAMP_NONE		0x0
123 #define	TIMESTAMP_ABSOLUTE	0x1
124 #define	TIMESTAMP_ELAPSED	0x2
125 #define	TIMESTAMP_RELATIVE	0x4
126 
127 bool decimal, fancy = true, resolv;
128 static bool abiflag, suppressdata, syscallno, tail, threads, cpuflag;
129 static int timestamp, maxdata;
130 static const char *tracefile = DEF_TRACEFILE;
131 static struct ktr_header ktr_header;
132 static short version;
133 
134 #define TIME_FORMAT	"%b %e %T %Y"
135 #define eqs(s1, s2)	(strcmp((s1), (s2)) == 0)
136 
137 struct proc_info
138 {
139 	TAILQ_ENTRY(proc_info)	info;
140 	u_int			sv_flags;
141 	pid_t			pid;
142 };
143 
144 static TAILQ_HEAD(trace_procs, proc_info) trace_procs;
145 
146 #ifdef WITH_CASPER
147 static cap_channel_t *cappwd, *capgrp;
148 
149 static int
150 cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp)
151 {
152 	cap_channel_t *capcas, *cappwdloc, *capgrploc;
153 	const char *cmds[1], *fields[1];
154 
155 	capcas = cap_init();
156 	if (capcas == NULL) {
157 		err(1, "unable to create casper process");
158 		exit(1);
159 	}
160 	cappwdloc = cap_service_open(capcas, "system.pwd");
161 	capgrploc = cap_service_open(capcas, "system.grp");
162 	/* Casper capability no longer needed. */
163 	cap_close(capcas);
164 	if (cappwdloc == NULL || capgrploc == NULL) {
165 		if (cappwdloc == NULL)
166 			warn("unable to open system.pwd service");
167 		if (capgrploc == NULL)
168 			warn("unable to open system.grp service");
169 		exit(1);
170 	}
171 	/* Limit system.pwd to only getpwuid() function and pw_name field. */
172 	cmds[0] = "getpwuid";
173 	if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0)
174 		err(1, "unable to limit system.pwd service");
175 	fields[0] = "pw_name";
176 	if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0)
177 		err(1, "unable to limit system.pwd service");
178 	/* Limit system.grp to only getgrgid() function and gr_name field. */
179 	cmds[0] = "getgrgid";
180 	if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0)
181 		err(1, "unable to limit system.grp service");
182 	fields[0] = "gr_name";
183 	if (cap_grp_limit_fields(capgrploc, fields, 1) < 0)
184 		err(1, "unable to limit system.grp service");
185 
186 	*cappwdp = cappwdloc;
187 	*capgrpp = capgrploc;
188 	return (0);
189 }
190 #endif	/* WITH_CASPER */
191 
192 void
193 print_integer_arg(const char *(*decoder)(int), int value)
194 {
195 	const char *str;
196 
197 	str = decoder(value);
198 	if (str != NULL)
199 		printf("%s", str);
200 	else {
201 		if (decimal)
202 			printf("<invalid=%d>", value);
203 		else
204 			printf("<invalid=%#x>", value);
205 	}
206 }
207 
208 /* Like print_integer_arg but unknown values are treated as valid. */
209 void
210 print_integer_arg_valid(const char *(*decoder)(int), int value)
211 {
212 	const char *str;
213 
214 	str = decoder(value);
215 	if (str != NULL)
216 		printf("%s", str);
217 	else {
218 		if (decimal)
219 			printf("%d", value);
220 		else
221 			printf("%#x", value);
222 	}
223 }
224 
225 bool
226 print_mask_arg_part(bool (*decoder)(FILE *, int, int *), int value, int *rem)
227 {
228 
229 	printf("%#x<", value);
230 	return (decoder(stdout, value, rem));
231 }
232 
233 void
234 print_mask_arg(bool (*decoder)(FILE *, int, int *), int value)
235 {
236 	bool invalid;
237 	int rem;
238 
239 	invalid = !print_mask_arg_part(decoder, value, &rem);
240 	printf(">");
241 	if (invalid)
242 		printf("<invalid>%u", rem);
243 }
244 
245 void
246 print_mask_arg0(bool (*decoder)(FILE *, int, int *), int value)
247 {
248 	bool invalid;
249 	int rem;
250 
251 	if (value == 0) {
252 		printf("0");
253 		return;
254 	}
255 	printf("%#x<", value);
256 	invalid = !decoder(stdout, value, &rem);
257 	printf(">");
258 	if (invalid)
259 		printf("<invalid>%u", rem);
260 }
261 
262 static void
263 decode_fileflags(fflags_t value)
264 {
265 	bool invalid;
266 	fflags_t rem;
267 
268 	if (value == 0) {
269 		printf("0");
270 		return;
271 	}
272 	printf("%#x<", value);
273 	invalid = !sysdecode_fileflags(stdout, value, &rem);
274 	printf(">");
275 	if (invalid)
276 		printf("<invalid>%u", rem);
277 }
278 
279 void
280 decode_filemode(int value)
281 {
282 	bool invalid;
283 	int rem;
284 
285 	if (value == 0) {
286 		printf("0");
287 		return;
288 	}
289 	printf("%#o<", value);
290 	invalid = !sysdecode_filemode(stdout, value, &rem);
291 	printf(">");
292 	if (invalid)
293 		printf("<invalid>%u", rem);
294 }
295 
296 void
297 print_mask_arg32(bool (*decoder)(FILE *, uint32_t, uint32_t *), uint32_t value)
298 {
299 	bool invalid;
300 	uint32_t rem;
301 
302 	printf("%#x<", value);
303 	invalid = !decoder(stdout, value, &rem);
304 	printf(">");
305 	if (invalid)
306 		printf("<invalid>%u", rem);
307 }
308 
309 void
310 print_mask_argul(bool (*decoder)(FILE *, u_long, u_long *), u_long value)
311 {
312 	bool invalid;
313 	u_long rem;
314 
315 	if (value == 0) {
316 		printf("0");
317 		return;
318 	}
319 	printf("%#lx<", value);
320 	invalid = !decoder(stdout, value, &rem);
321 	printf(">");
322 	if (invalid)
323 		printf("<invalid>%lu", rem);
324 }
325 
326 int
327 main(int argc, char *argv[])
328 {
329 	int ch, ktrlen, size;
330 	void *m;
331 	int trpoints = ALL_POINTS;
332 	int drop_logged;
333 	pid_t pid = 0;
334 	u_int sv_flags;
335 
336 	setlocale(LC_CTYPE, "");
337 
338 	timestamp = TIMESTAMP_NONE;
339 
340 	while ((ch = getopt(argc,argv,"f:cdElm:np:AHRrSsTt:")) != -1)
341 		switch (ch) {
342 		case 'A':
343 			abiflag = true;
344 			break;
345 		case 'f':
346 			tracefile = optarg;
347 			break;
348 		case 'c':
349 			cpuflag = true;
350 			break;
351 		case 'd':
352 			decimal = true;
353 			break;
354 		case 'l':
355 			tail = true;
356 			break;
357 		case 'm':
358 			maxdata = atoi(optarg);
359 			break;
360 		case 'n':
361 			fancy = false;
362 			break;
363 		case 'p':
364 			pid = atoi(optarg);
365 			break;
366 		case 'r':
367 			resolv = true;
368 			break;
369 		case 'S':
370 			syscallno = true;
371 			break;
372 		case 's':
373 			suppressdata = true;
374 			break;
375 		case 'E':
376 			timestamp |= TIMESTAMP_ELAPSED;
377 			break;
378 		case 'H':
379 			threads = true;
380 			break;
381 		case 'R':
382 			timestamp |= TIMESTAMP_RELATIVE;
383 			break;
384 		case 'T':
385 			timestamp |= TIMESTAMP_ABSOLUTE;
386 			break;
387 		case 't':
388 			trpoints = getpoints(optarg);
389 			if (trpoints < 0)
390 				errx(1, "unknown trace point in %s", optarg);
391 			break;
392 		default:
393 			usage();
394 		}
395 
396 	if (argc > optind)
397 		usage();
398 
399 	m = malloc(size = 1025);
400 	if (m == NULL)
401 		errx(1, "%s", strerror(ENOMEM));
402 	if (strcmp(tracefile, "-") != 0)
403 		if (!freopen(tracefile, "r", stdin))
404 			err(1, "%s", tracefile);
405 
406 	caph_cache_catpages();
407 	caph_cache_tzdata();
408 
409 #ifdef WITH_CASPER
410 	if (resolv) {
411 		if (cappwdgrp_setup(&cappwd, &capgrp) < 0) {
412 			cappwd = NULL;
413 			capgrp = NULL;
414 		}
415 	}
416 	if (!resolv || (cappwd != NULL && capgrp != NULL)) {
417 		if (caph_enter() < 0)
418 			err(1, "unable to enter capability mode");
419 	}
420 #else
421 	if (!resolv) {
422 		if (caph_enter() < 0)
423 			err(1, "unable to enter capability mode");
424 	}
425 #endif
426 	if (caph_limit_stdio() == -1)
427 		err(1, "unable to limit stdio");
428 
429 	TAILQ_INIT(&trace_procs);
430 	drop_logged = 0;
431 	while (fread_tail(&ktr_header, sizeof(struct ktr_header), 1)) {
432 		if (ktr_header.ktr_type & KTR_VERSIONED) {
433 			ktr_header.ktr_type &= ~KTR_VERSIONED;
434 			version = ktr_header.ktr_version;
435 		} else
436 			version = KTR_VERSION0;
437 		if (ktr_header.ktr_type & KTR_DROP) {
438 			ktr_header.ktr_type &= ~KTR_DROP;
439 			if (!drop_logged && threads) {
440 				printf(
441 				    "%6d %6d %-8.*s Events dropped.\n",
442 				    ktr_header.ktr_pid,
443 				    ktr_header.ktr_tid > 0 ?
444 				    (lwpid_t)ktr_header.ktr_tid : 0,
445 				    MAXCOMLEN, ktr_header.ktr_comm);
446 				drop_logged = 1;
447 			} else if (!drop_logged) {
448 				printf("%6d %-8.*s Events dropped.\n",
449 				    ktr_header.ktr_pid, MAXCOMLEN,
450 				    ktr_header.ktr_comm);
451 				drop_logged = 1;
452 			}
453 		}
454 		if ((ktrlen = ktr_header.ktr_len) < 0)
455 			errx(1, "bogus length 0x%x", ktrlen);
456 		if (ktrlen > size) {
457 			m = realloc(m, ktrlen+1);
458 			if (m == NULL)
459 				errx(1, "%s", strerror(ENOMEM));
460 			size = ktrlen;
461 		}
462 		if (version == KTR_VERSION0 &&
463 		    fseek(stdin, KTR_OFFSET_V0, SEEK_CUR) < 0)
464 			errx(1, "%s", strerror(errno));
465 		if (ktrlen && fread_tail(m, ktrlen, 1) == 0)
466 			errx(1, "data too short");
467 		if (fetchprocinfo(&ktr_header, (u_int *)m) != 0)
468 			continue;
469 		if (pid && ktr_header.ktr_pid != pid &&
470 		    ktr_header.ktr_tid != pid)
471 			continue;
472 		if ((trpoints & (1<<ktr_header.ktr_type)) == 0)
473 			continue;
474 		sv_flags = findabi(&ktr_header);
475 		dumpheader(&ktr_header, sv_flags);
476 		drop_logged = 0;
477 		switch (ktr_header.ktr_type) {
478 		case KTR_SYSCALL:
479 			ktrsyscall((struct ktr_syscall *)m, sv_flags);
480 			break;
481 		case KTR_SYSRET:
482 			ktrsysret((struct ktr_sysret *)m, sv_flags);
483 			break;
484 		case KTR_NAMEI:
485 		case KTR_SYSCTL:
486 			ktrnamei(m, ktrlen);
487 			break;
488 		case KTR_GENIO:
489 			ktrgenio((struct ktr_genio *)m, ktrlen);
490 			break;
491 		case KTR_PSIG:
492 			ktrpsig((struct ktr_psig *)m);
493 			break;
494 		case KTR_CSW:
495 			if (ktrlen == sizeof(struct ktr_csw_old))
496 				ktrcsw_old((struct ktr_csw_old *)m);
497 			else
498 				ktrcsw((struct ktr_csw *)m);
499 			break;
500 		case KTR_USER:
501 			ktruser(ktrlen, m);
502 			break;
503 		case KTR_STRUCT:
504 			ktrstruct(m, ktrlen);
505 			break;
506 		case KTR_CAPFAIL:
507 			ktrcapfail((struct ktr_cap_fail *)m);
508 			break;
509 		case KTR_FAULT:
510 			ktrfault((struct ktr_fault *)m);
511 			break;
512 		case KTR_FAULTEND:
513 			ktrfaultend((struct ktr_faultend *)m);
514 			break;
515 		case KTR_STRUCT_ARRAY:
516 			ktrstructarray((struct ktr_struct_array *)m, ktrlen);
517 			break;
518 		default:
519 			printf("\n");
520 			break;
521 		}
522 		if (tail)
523 			fflush(stdout);
524 	}
525 	return 0;
526 }
527 
528 int
529 fread_tail(void *buf, int size, int num)
530 {
531 	int i;
532 
533 	while ((i = fread(buf, size, num, stdin)) == 0 && tail) {
534 		sleep(1);
535 		clearerr(stdin);
536 	}
537 	return (i);
538 }
539 
540 int
541 fetchprocinfo(struct ktr_header *kth, u_int *flags)
542 {
543 	struct proc_info *pi;
544 
545 	switch (kth->ktr_type) {
546 	case KTR_PROCCTOR:
547 		TAILQ_FOREACH(pi, &trace_procs, info) {
548 			if (pi->pid == kth->ktr_pid) {
549 				TAILQ_REMOVE(&trace_procs, pi, info);
550 				break;
551 			}
552 		}
553 		pi = malloc(sizeof(struct proc_info));
554 		if (pi == NULL)
555 			errx(1, "%s", strerror(ENOMEM));
556 		pi->sv_flags = *flags;
557 		pi->pid = kth->ktr_pid;
558 		TAILQ_INSERT_TAIL(&trace_procs, pi, info);
559 		return (1);
560 
561 	case KTR_PROCDTOR:
562 		TAILQ_FOREACH(pi, &trace_procs, info) {
563 			if (pi->pid == kth->ktr_pid) {
564 				TAILQ_REMOVE(&trace_procs, pi, info);
565 				free(pi);
566 				break;
567 			}
568 		}
569 		return (1);
570 	}
571 
572 	return (0);
573 }
574 
575 u_int
576 findabi(struct ktr_header *kth)
577 {
578 	struct proc_info *pi;
579 
580 	TAILQ_FOREACH(pi, &trace_procs, info) {
581 		if (pi->pid == kth->ktr_pid) {
582 			return (pi->sv_flags);
583 		}
584 	}
585 	return (0);
586 }
587 
588 void
589 dumptimeval(struct ktr_header_v0 *kth)
590 {
591 	static struct timeval prevtime, prevtime_e;
592 	struct timeval temp;
593 	const char *sign;
594 
595 	if (timestamp & TIMESTAMP_ABSOLUTE) {
596 		printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
597 		    kth->ktr_time.tv_usec);
598 	}
599 	if (timestamp & TIMESTAMP_ELAPSED) {
600 		if (prevtime_e.tv_sec == 0)
601 			prevtime_e = kth->ktr_time;
602 		timersub(&kth->ktr_time, &prevtime_e, &temp);
603 		printf("%jd.%06ld ", (intmax_t)temp.tv_sec,
604 		    temp.tv_usec);
605 	}
606 	if (timestamp & TIMESTAMP_RELATIVE) {
607 		if (prevtime.tv_sec == 0)
608 			prevtime = kth->ktr_time;
609 		if (timercmp(&kth->ktr_time, &prevtime, <)) {
610 			timersub(&prevtime, &kth->ktr_time, &temp);
611 			sign = "-";
612 		} else {
613 			timersub(&kth->ktr_time, &prevtime, &temp);
614 			sign = "";
615 		}
616 		prevtime = kth->ktr_time;
617 		printf("%s%jd.%06ld ", sign, (intmax_t)temp.tv_sec,
618 		    temp.tv_usec);
619 	}
620 }
621 
622 void
623 dumptimespec(struct ktr_header *kth)
624 {
625 	static struct timespec prevtime, prevtime_e;
626 	struct timespec temp;
627 	const char *sign;
628 
629 	if (timestamp & TIMESTAMP_ABSOLUTE) {
630 		printf("%jd.%09ld ", (intmax_t)kth->ktr_time.tv_sec,
631 		    kth->ktr_time.tv_nsec);
632 	}
633 	if (timestamp & TIMESTAMP_ELAPSED) {
634 		if (prevtime_e.tv_sec == 0)
635 			prevtime_e = kth->ktr_time;
636 		timespecsub(&kth->ktr_time, &prevtime_e, &temp);
637 		printf("%jd.%09ld ", (intmax_t)temp.tv_sec,
638 		    temp.tv_nsec);
639 	}
640 	if (timestamp & TIMESTAMP_RELATIVE) {
641 		if (prevtime.tv_sec == 0)
642 			prevtime = kth->ktr_time;
643 		if (timespeccmp(&kth->ktr_time, &prevtime, <)) {
644 			timespecsub(&prevtime, &kth->ktr_time, &temp);
645 			sign = "-";
646 		} else {
647 			timespecsub(&kth->ktr_time, &prevtime, &temp);
648 			sign = "";
649 		}
650 		prevtime = kth->ktr_time;
651 		printf("%s%jd.%09ld ", sign, (intmax_t)temp.tv_sec,
652 		    temp.tv_nsec);
653 	}
654 }
655 
656 void
657 dumpheader(struct ktr_header *kth, u_int sv_flags)
658 {
659 	static char unknown[64];
660 	const char *abi;
661 	const char *arch;
662 	const char *type;
663 
664 	switch (kth->ktr_type) {
665 	case KTR_SYSCALL:
666 		type = "CALL";
667 		break;
668 	case KTR_SYSRET:
669 		type = "RET ";
670 		break;
671 	case KTR_NAMEI:
672 		type = "NAMI";
673 		break;
674 	case KTR_GENIO:
675 		type = "GIO ";
676 		break;
677 	case KTR_PSIG:
678 		type = "PSIG";
679 		break;
680 	case KTR_CSW:
681 		type = "CSW ";
682 		break;
683 	case KTR_USER:
684 		type = "USER";
685 		break;
686 	case KTR_STRUCT:
687 	case KTR_STRUCT_ARRAY:
688 		type = "STRU";
689 		break;
690 	case KTR_SYSCTL:
691 		type = "SCTL";
692 		break;
693 	case KTR_CAPFAIL:
694 		type = "CAP ";
695 		break;
696 	case KTR_FAULT:
697 		type = "PFLT";
698 		break;
699 	case KTR_FAULTEND:
700 		type = "PRET";
701 		break;
702 	default:
703 		sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type);
704 		type = unknown;
705 	}
706 
707 	/*
708 	 * The ktr_tid field was previously the ktr_buffer field, which held
709 	 * the kernel pointer value for the buffer associated with data
710 	 * following the record header.  It now holds a threadid, but only
711 	 * for trace files after the change.  Older trace files still contain
712 	 * kernel pointers.  Detect this and suppress the results by printing
713 	 * negative tid's as 0.
714 	 */
715 	if (threads)
716 		printf("%6d %6d %-8.*s ", kth->ktr_pid,
717 		    kth->ktr_tid > 0 ? (lwpid_t)kth->ktr_tid : 0,
718 		    MAXCOMLEN, kth->ktr_comm);
719 	else
720 		printf("%6d %-8.*s ", kth->ktr_pid, MAXCOMLEN, kth->ktr_comm);
721         if (timestamp) {
722 		if (version == KTR_VERSION0)
723 			dumptimeval((struct ktr_header_v0 *)kth);
724 		else
725 			dumptimespec(kth);
726 	}
727 	if (cpuflag && version > KTR_VERSION0)
728 		printf("%3d ", kth->ktr_cpu);
729 	printf("%s  ", type);
730 	if (abiflag != 0) {
731 		switch (sv_flags & SV_ABI_MASK) {
732 		case SV_ABI_LINUX:
733 			abi = "L";
734 			break;
735 		case SV_ABI_FREEBSD:
736 			abi = "F";
737 			break;
738 		default:
739 			abi = "U";
740 			break;
741 		}
742 
743 		if ((sv_flags & SV_LP64) != 0)
744 			arch = "64";
745 		else if ((sv_flags & SV_ILP32) != 0)
746 			arch = "32";
747 		else
748 			arch = "00";
749 
750 		printf("%s%s  ", abi, arch);
751 	}
752 }
753 
754 #include <sys/syscall.h>
755 
756 static void
757 ioctlname(unsigned long val)
758 {
759 	const char *str;
760 
761 	str = sysdecode_ioctlname(val);
762 	if (str != NULL)
763 		printf("%s", str);
764 	else if (decimal)
765 		printf("%lu", val);
766 	else
767 		printf("%#lx", val);
768 }
769 
770 static enum sysdecode_abi
771 syscallabi(u_int sv_flags)
772 {
773 
774 	if (sv_flags == 0)
775 		return (SYSDECODE_ABI_FREEBSD);
776 	switch (sv_flags & SV_ABI_MASK) {
777 	case SV_ABI_FREEBSD:
778 		return (SYSDECODE_ABI_FREEBSD);
779 	case SV_ABI_LINUX:
780 #ifdef __LP64__
781 		if (sv_flags & SV_ILP32)
782 			return (SYSDECODE_ABI_LINUX32);
783 #endif
784 		return (SYSDECODE_ABI_LINUX);
785 	default:
786 		return (SYSDECODE_ABI_UNKNOWN);
787 	}
788 }
789 
790 static void
791 syscallname(u_int code, u_int sv_flags)
792 {
793 	const char *name;
794 
795 	name = sysdecode_syscallname(syscallabi(sv_flags), code);
796 	if (name == NULL)
797 		printf("[%d]", code);
798 	else {
799 		printf("%s", name);
800 		if (syscallno)
801 			printf("[%d]", code);
802 	}
803 }
804 
805 static void
806 print_signal(int signo)
807 {
808 	const char *signame;
809 
810 	signame = sysdecode_signal(signo);
811 	if (signame != NULL)
812 		printf("%s", signame);
813 	else
814 		printf("SIG %d", signo);
815 }
816 
817 void
818 ktrsyscall(struct ktr_syscall *ktr, u_int sv_flags)
819 {
820 	int narg = ktr->ktr_narg;
821 	register_t *ip;
822 
823 	syscallname(ktr->ktr_code, sv_flags);
824 	ip = &ktr->ktr_args[0];
825 	if (narg) {
826 		char c = '(';
827 		if (fancy) {
828 			switch (sv_flags & SV_ABI_MASK) {
829 			case SV_ABI_FREEBSD:
830 				ktrsyscall_freebsd(ktr, &ip, &narg, &c,
831 				    sv_flags);
832 				break;
833 #ifdef SYSDECODE_HAVE_LINUX
834 			case SV_ABI_LINUX:
835 #ifdef __amd64__
836 				if (sv_flags & SV_ILP32)
837 					ktrsyscall_linux32(ktr, &ip,
838 					    &narg, &c);
839 				else
840 #endif
841 				ktrsyscall_linux(ktr, &ip, &narg, &c);
842 				break;
843 #endif /* SYSDECODE_HAVE_LINUX */
844 			}
845 		}
846 		while (narg > 0)
847 			print_number(ip, narg, c);
848 		putchar(')');
849 	}
850 	putchar('\n');
851 }
852 
853 void
854 ktrsyscall_freebsd(struct ktr_syscall *ktr, register_t **resip,
855     int *resnarg, char *resc, u_int sv_flags)
856 {
857 	int narg = ktr->ktr_narg;
858 	register_t *ip, *first;
859 	intmax_t arg;
860 	int quad_align, quad_slots;
861 
862 	ip = first = &ktr->ktr_args[0];
863 	char c = *resc;
864 
865 			quad_align = 0;
866 			if (sv_flags & SV_ILP32) {
867 #ifdef __powerpc__
868 				quad_align = 1;
869 #endif
870 				quad_slots = 2;
871 			} else
872 				quad_slots = 1;
873 			switch (ktr->ktr_code) {
874 			case SYS_bindat:
875 			case SYS_chflagsat:
876 			case SYS_connectat:
877 			case SYS_faccessat:
878 			case SYS_fchmodat:
879 			case SYS_fchownat:
880 			case SYS_fstatat:
881 			case SYS_futimesat:
882 			case SYS_linkat:
883 			case SYS_mkdirat:
884 			case SYS_mkfifoat:
885 			case SYS_mknodat:
886 			case SYS_openat:
887 			case SYS_readlinkat:
888 			case SYS_renameat:
889 			case SYS_unlinkat:
890 			case SYS_utimensat:
891 				putchar('(');
892 				print_integer_arg_valid(sysdecode_atfd, *ip);
893 				c = ',';
894 				ip++;
895 				narg--;
896 				break;
897 			}
898 			switch (ktr->ktr_code) {
899 			case SYS_ioctl: {
900 				print_number(ip, narg, c);
901 				putchar(c);
902 				ioctlname(*ip);
903 				c = ',';
904 				ip++;
905 				narg--;
906 				break;
907 			}
908 			case SYS_ptrace:
909 				putchar('(');
910 				print_integer_arg(sysdecode_ptrace_request, *ip);
911 				c = ',';
912 				ip++;
913 				narg--;
914 				break;
915 			case SYS_access:
916 			case SYS_eaccess:
917 			case SYS_faccessat:
918 				print_number(ip, narg, c);
919 				putchar(',');
920 				print_mask_arg(sysdecode_access_mode, *ip);
921 				ip++;
922 				narg--;
923 				break;
924 			case SYS_close_range:
925 				print_number(ip, narg, c);
926 				print_number(ip, narg, c);
927 				putchar(',');
928 				print_mask_arg0(sysdecode_close_range_flags,
929 				    *ip);
930 				ip += 3;
931 				narg -= 3;
932 				break;
933 			case SYS_open:
934 			case SYS_openat:
935 				print_number(ip, narg, c);
936 				putchar(',');
937 				print_mask_arg(sysdecode_open_flags, ip[0]);
938 				if ((ip[0] & O_CREAT) == O_CREAT) {
939 					putchar(',');
940 					decode_filemode(ip[1]);
941 				}
942 				ip += 2;
943 				narg -= 2;
944 				break;
945 			case SYS_wait4:
946 				print_number(ip, narg, c);
947 				print_number(ip, narg, c);
948 				putchar(',');
949 				print_mask_arg0(sysdecode_wait4_options, *ip);
950 				ip++;
951 				narg--;
952 				break;
953 			case SYS_wait6:
954 				putchar('(');
955 				print_integer_arg(sysdecode_idtype, *ip);
956 				c = ',';
957 				ip++;
958 				narg--;
959 				print_number64(first, ip, narg, c);
960 				print_number(ip, narg, c);
961 				putchar(',');
962 				print_mask_arg(sysdecode_wait6_options, *ip);
963 				ip++;
964 				narg--;
965 				break;
966 			case SYS_chmod:
967 			case SYS_fchmod:
968 			case SYS_lchmod:
969 			case SYS_fchmodat:
970 				print_number(ip, narg, c);
971 				putchar(',');
972 				decode_filemode(*ip);
973 				ip++;
974 				narg--;
975 				break;
976 			case SYS_mknodat:
977 				print_number(ip, narg, c);
978 				putchar(',');
979 				decode_filemode(*ip);
980 				ip++;
981 				narg--;
982 				break;
983 			case SYS_getfsstat:
984 				print_number(ip, narg, c);
985 				print_number(ip, narg, c);
986 				putchar(',');
987 				print_integer_arg(sysdecode_getfsstat_mode, *ip);
988 				ip++;
989 				narg--;
990 				break;
991 			case SYS_mount:
992 				print_number(ip, narg, c);
993 				print_number(ip, narg, c);
994 				putchar(',');
995 				print_mask_arg0(sysdecode_mount_flags, *ip);
996 				ip++;
997 				narg--;
998 				break;
999 			case SYS_unmount:
1000 				print_number(ip, narg, c);
1001 				putchar(',');
1002 				print_mask_arg0(sysdecode_mount_flags, *ip);
1003 				ip++;
1004 				narg--;
1005 				break;
1006 			case SYS_recvmsg:
1007 			case SYS_sendmsg:
1008 				print_number(ip, narg, c);
1009 				print_number(ip, narg, c);
1010 				putchar(',');
1011 				print_mask_arg0(sysdecode_msg_flags, *ip);
1012 				ip++;
1013 				narg--;
1014 				break;
1015 			case SYS_recvfrom:
1016 			case SYS_sendto:
1017 				print_number(ip, narg, c);
1018 				print_number(ip, narg, c);
1019 				print_number(ip, narg, c);
1020 				putchar(',');
1021 				print_mask_arg0(sysdecode_msg_flags, *ip);
1022 				ip++;
1023 				narg--;
1024 				break;
1025 			case SYS_chflags:
1026 			case SYS_chflagsat:
1027 			case SYS_fchflags:
1028 			case SYS_lchflags:
1029 				print_number(ip, narg, c);
1030 				putchar(',');
1031 				decode_fileflags(*ip);
1032 				ip++;
1033 				narg--;
1034 				break;
1035 			case SYS_kill:
1036 				print_number(ip, narg, c);
1037 				putchar(',');
1038 				print_signal(*ip);
1039 				ip++;
1040 				narg--;
1041 				break;
1042 			case SYS_reboot:
1043 				putchar('(');
1044 				print_mask_arg(sysdecode_reboot_howto, *ip);
1045 				ip++;
1046 				narg--;
1047 				break;
1048 			case SYS_umask:
1049 				putchar('(');
1050 				decode_filemode(*ip);
1051 				ip++;
1052 				narg--;
1053 				break;
1054 			case SYS_msync:
1055 				print_number(ip, narg, c);
1056 				print_number(ip, narg, c);
1057 				putchar(',');
1058 				print_mask_arg(sysdecode_msync_flags, *ip);
1059 				ip++;
1060 				narg--;
1061 				break;
1062 #ifdef SYS_freebsd6_mmap
1063 			case SYS_freebsd6_mmap:
1064 				print_number(ip, narg, c);
1065 				print_number(ip, narg, c);
1066 				putchar(',');
1067 				print_mask_arg(sysdecode_mmap_prot, *ip);
1068 				putchar(',');
1069 				ip++;
1070 				narg--;
1071 				print_mask_arg(sysdecode_mmap_flags, *ip);
1072 				ip++;
1073 				narg--;
1074 				break;
1075 #endif
1076 			case SYS_mmap:
1077 				print_number(ip, narg, c);
1078 				print_number(ip, narg, c);
1079 				putchar(',');
1080 				print_mask_arg(sysdecode_mmap_prot, *ip);
1081 				putchar(',');
1082 				ip++;
1083 				narg--;
1084 				print_mask_arg(sysdecode_mmap_flags, *ip);
1085 				ip++;
1086 				narg--;
1087 				break;
1088 			case SYS_mprotect:
1089 				print_number(ip, narg, c);
1090 				print_number(ip, narg, c);
1091 				putchar(',');
1092 				print_mask_arg(sysdecode_mmap_prot, *ip);
1093 				ip++;
1094 				narg--;
1095 				break;
1096 			case SYS_madvise:
1097 				print_number(ip, narg, c);
1098 				print_number(ip, narg, c);
1099 				putchar(',');
1100 				print_integer_arg(sysdecode_madvice, *ip);
1101 				ip++;
1102 				narg--;
1103 				break;
1104 			case SYS_pathconf:
1105 			case SYS_lpathconf:
1106 			case SYS_fpathconf:
1107 				print_number(ip, narg, c);
1108 				putchar(',');
1109 				print_integer_arg(sysdecode_pathconf_name, *ip);
1110 				ip++;
1111 				narg--;
1112 				break;
1113 			case SYS_getpriority:
1114 			case SYS_setpriority:
1115 				putchar('(');
1116 				print_integer_arg(sysdecode_prio_which, *ip);
1117 				c = ',';
1118 				ip++;
1119 				narg--;
1120 				break;
1121 			case SYS_fcntl:
1122 				print_number(ip, narg, c);
1123 				putchar(',');
1124 				print_integer_arg(sysdecode_fcntl_cmd, ip[0]);
1125 				if (sysdecode_fcntl_arg_p(ip[0])) {
1126 					putchar(',');
1127 					if (ip[0] == F_SETFL)
1128 						print_mask_arg(
1129 						    sysdecode_fcntl_fileflags,
1130 							ip[1]);
1131 					else
1132 						sysdecode_fcntl_arg(stdout,
1133 						    ip[0], ip[1],
1134 						    decimal ? 10 : 16);
1135 				}
1136 				ip += 2;
1137 				narg -= 2;
1138 				break;
1139 			case SYS_socket: {
1140 				int sockdomain;
1141 				putchar('(');
1142 				sockdomain = *ip;
1143 				print_integer_arg(sysdecode_socketdomain,
1144 				    sockdomain);
1145 				ip++;
1146 				narg--;
1147 				putchar(',');
1148 				print_mask_arg(sysdecode_socket_type, *ip);
1149 				ip++;
1150 				narg--;
1151 				if (sockdomain == PF_INET ||
1152 				    sockdomain == PF_INET6) {
1153 					putchar(',');
1154 					print_integer_arg(sysdecode_ipproto,
1155 					    *ip);
1156 					ip++;
1157 					narg--;
1158 				}
1159 				c = ',';
1160 				break;
1161 			}
1162 			case SYS_setsockopt:
1163 			case SYS_getsockopt: {
1164 				const char *str;
1165 
1166 				print_number(ip, narg, c);
1167 				putchar(',');
1168 				print_integer_arg_valid(sysdecode_sockopt_level,
1169 				    *ip);
1170 				str = sysdecode_sockopt_name(ip[0], ip[1]);
1171 				if (str != NULL) {
1172 					printf(",%s", str);
1173 					ip++;
1174 					narg--;
1175 				}
1176 				ip++;
1177 				narg--;
1178 				break;
1179 			}
1180 #ifdef SYS_freebsd6_lseek
1181 			case SYS_freebsd6_lseek:
1182 				print_number(ip, narg, c);
1183 				/* Hidden 'pad' argument, not in lseek(2) */
1184 				print_number(ip, narg, c);
1185 				print_number64(first, ip, narg, c);
1186 				putchar(',');
1187 				print_integer_arg(sysdecode_whence, *ip);
1188 				ip++;
1189 				narg--;
1190 				break;
1191 #endif
1192 			case SYS_lseek:
1193 				print_number(ip, narg, c);
1194 				print_number64(first, ip, narg, c);
1195 				putchar(',');
1196 				print_integer_arg(sysdecode_whence, *ip);
1197 				ip++;
1198 				narg--;
1199 				break;
1200 			case SYS_flock:
1201 				print_number(ip, narg, c);
1202 				putchar(',');
1203 				print_mask_arg(sysdecode_flock_operation, *ip);
1204 				ip++;
1205 				narg--;
1206 				break;
1207 			case SYS_mkfifo:
1208 			case SYS_mkfifoat:
1209 			case SYS_mkdir:
1210 			case SYS_mkdirat:
1211 				print_number(ip, narg, c);
1212 				putchar(',');
1213 				decode_filemode(*ip);
1214 				ip++;
1215 				narg--;
1216 				break;
1217 			case SYS_shutdown:
1218 				print_number(ip, narg, c);
1219 				putchar(',');
1220 				print_integer_arg(sysdecode_shutdown_how, *ip);
1221 				ip++;
1222 				narg--;
1223 				break;
1224 			case SYS_socketpair:
1225 				putchar('(');
1226 				print_integer_arg(sysdecode_socketdomain, *ip);
1227 				ip++;
1228 				narg--;
1229 				putchar(',');
1230 				print_mask_arg(sysdecode_socket_type, *ip);
1231 				ip++;
1232 				narg--;
1233 				c = ',';
1234 				break;
1235 			case SYS_getrlimit:
1236 			case SYS_setrlimit:
1237 				putchar('(');
1238 				print_integer_arg(sysdecode_rlimit, *ip);
1239 				ip++;
1240 				narg--;
1241 				c = ',';
1242 				break;
1243 			case SYS_getrusage:
1244 				putchar('(');
1245 				print_integer_arg(sysdecode_getrusage_who, *ip);
1246 				ip++;
1247 				narg--;
1248 				c = ',';
1249 				break;
1250 			case SYS_quotactl:
1251 				print_number(ip, narg, c);
1252 				putchar(',');
1253 				if (!sysdecode_quotactl_cmd(stdout, *ip)) {
1254 					if (decimal)
1255 						printf("<invalid=%d>", (int)*ip);
1256 					else
1257 						printf("<invalid=%#x>",
1258 						    (int)*ip);
1259 				}
1260 				ip++;
1261 				narg--;
1262 				c = ',';
1263 				break;
1264 			case SYS_nfssvc:
1265 				putchar('(');
1266 				print_integer_arg(sysdecode_nfssvc_flags, *ip);
1267 				ip++;
1268 				narg--;
1269 				c = ',';
1270 				break;
1271 			case SYS_rtprio:
1272 			case SYS_rtprio_thread:
1273 				putchar('(');
1274 				print_integer_arg(sysdecode_rtprio_function,
1275 				    *ip);
1276 				ip++;
1277 				narg--;
1278 				c = ',';
1279 				break;
1280 			case SYS___semctl:
1281 				print_number(ip, narg, c);
1282 				print_number(ip, narg, c);
1283 				putchar(',');
1284 				print_integer_arg(sysdecode_semctl_cmd, *ip);
1285 				ip++;
1286 				narg--;
1287 				break;
1288 			case SYS_semget:
1289 				print_number(ip, narg, c);
1290 				print_number(ip, narg, c);
1291 				putchar(',');
1292 				print_mask_arg(sysdecode_semget_flags, *ip);
1293 				ip++;
1294 				narg--;
1295 				break;
1296 			case SYS_msgctl:
1297 				print_number(ip, narg, c);
1298 				putchar(',');
1299 				print_integer_arg(sysdecode_msgctl_cmd, *ip);
1300 				ip++;
1301 				narg--;
1302 				break;
1303 			case SYS_shmat:
1304 				print_number(ip, narg, c);
1305 				print_number(ip, narg, c);
1306 				putchar(',');
1307 				print_mask_arg(sysdecode_shmat_flags, *ip);
1308 				ip++;
1309 				narg--;
1310 				break;
1311 			case SYS_shmctl:
1312 				print_number(ip, narg, c);
1313 				putchar(',');
1314 				print_integer_arg(sysdecode_shmctl_cmd, *ip);
1315 				ip++;
1316 				narg--;
1317 				break;
1318 #ifdef SYS_freebsd12_shm_open
1319 			case SYS_freebsd12_shm_open:
1320 				if (ip[0] == (uintptr_t)SHM_ANON) {
1321 					printf("(SHM_ANON");
1322 					ip++;
1323 				} else {
1324 					print_number(ip, narg, c);
1325 				}
1326 				putchar(',');
1327 				print_mask_arg(sysdecode_open_flags, ip[0]);
1328 				putchar(',');
1329 				decode_filemode(ip[1]);
1330 				ip += 2;
1331 				narg -= 2;
1332 				break;
1333 #endif
1334 			case SYS_shm_open2:
1335 				if (ip[0] == (uintptr_t)SHM_ANON) {
1336 					printf("(SHM_ANON");
1337 					ip++;
1338 				} else {
1339 					print_number(ip, narg, c);
1340 				}
1341 				putchar(',');
1342 				print_mask_arg(sysdecode_open_flags, ip[0]);
1343 				putchar(',');
1344 				decode_filemode(ip[1]);
1345 				putchar(',');
1346 				print_mask_arg(sysdecode_shmflags, ip[2]);
1347 				ip += 3;
1348 				narg -= 3;
1349 				break;
1350 			case SYS_minherit:
1351 				print_number(ip, narg, c);
1352 				print_number(ip, narg, c);
1353 				putchar(',');
1354 				print_integer_arg(sysdecode_minherit_inherit,
1355 				    *ip);
1356 				ip++;
1357 				narg--;
1358 				break;
1359 			case SYS_rfork:
1360 				putchar('(');
1361 				print_mask_arg(sysdecode_rfork_flags, *ip);
1362 				ip++;
1363 				narg--;
1364 				c = ',';
1365 				break;
1366 			case SYS_lio_listio:
1367 				putchar('(');
1368 				print_integer_arg(sysdecode_lio_listio_mode,
1369 				    *ip);
1370 				ip++;
1371 				narg--;
1372 				c = ',';
1373 				break;
1374 			case SYS_mlockall:
1375 				putchar('(');
1376 				print_mask_arg(sysdecode_mlockall_flags, *ip);
1377 				ip++;
1378 				narg--;
1379 				break;
1380 			case SYS_sched_setscheduler:
1381 				print_number(ip, narg, c);
1382 				putchar(',');
1383 				print_integer_arg(sysdecode_scheduler_policy,
1384 				    *ip);
1385 				ip++;
1386 				narg--;
1387 				break;
1388 			case SYS_sched_get_priority_max:
1389 			case SYS_sched_get_priority_min:
1390 				putchar('(');
1391 				print_integer_arg(sysdecode_scheduler_policy,
1392 				    *ip);
1393 				ip++;
1394 				narg--;
1395 				break;
1396 			case SYS_sendfile:
1397 				print_number(ip, narg, c);
1398 				print_number(ip, narg, c);
1399 				print_number(ip, narg, c);
1400 				print_number(ip, narg, c);
1401 				print_number(ip, narg, c);
1402 				print_number(ip, narg, c);
1403 				putchar(',');
1404 				print_mask_arg(sysdecode_sendfile_flags, *ip);
1405 				ip++;
1406 				narg--;
1407 				break;
1408 			case SYS_kldsym:
1409 				print_number(ip, narg, c);
1410 				putchar(',');
1411 				print_integer_arg(sysdecode_kldsym_cmd, *ip);
1412 				ip++;
1413 				narg--;
1414 				break;
1415 			case SYS_sigprocmask:
1416 				putchar('(');
1417 				print_integer_arg(sysdecode_sigprocmask_how,
1418 				    *ip);
1419 				ip++;
1420 				narg--;
1421 				c = ',';
1422 				break;
1423 			case SYS___acl_get_file:
1424 			case SYS___acl_set_file:
1425 			case SYS___acl_get_fd:
1426 			case SYS___acl_set_fd:
1427 			case SYS___acl_delete_file:
1428 			case SYS___acl_delete_fd:
1429 			case SYS___acl_aclcheck_file:
1430 			case SYS___acl_aclcheck_fd:
1431 			case SYS___acl_get_link:
1432 			case SYS___acl_set_link:
1433 			case SYS___acl_delete_link:
1434 			case SYS___acl_aclcheck_link:
1435 				print_number(ip, narg, c);
1436 				putchar(',');
1437 				print_integer_arg(sysdecode_acltype, *ip);
1438 				ip++;
1439 				narg--;
1440 				break;
1441 			case SYS_sigaction:
1442 				putchar('(');
1443 				print_signal(*ip);
1444 				ip++;
1445 				narg--;
1446 				c = ',';
1447 				break;
1448 			case SYS_extattrctl:
1449 				print_number(ip, narg, c);
1450 				putchar(',');
1451 				print_integer_arg(sysdecode_extattrnamespace,
1452 				    *ip);
1453 				ip++;
1454 				narg--;
1455 				break;
1456 			case SYS_nmount:
1457 				print_number(ip, narg, c);
1458 				print_number(ip, narg, c);
1459 				putchar(',');
1460 				print_mask_arg0(sysdecode_mount_flags, *ip);
1461 				ip++;
1462 				narg--;
1463 				break;
1464 			case SYS_thr_create:
1465 				print_number(ip, narg, c);
1466 				print_number(ip, narg, c);
1467 				putchar(',');
1468 				print_mask_arg(sysdecode_thr_create_flags, *ip);
1469 				ip++;
1470 				narg--;
1471 				break;
1472 			case SYS_thr_kill:
1473 				print_number(ip, narg, c);
1474 				putchar(',');
1475 				print_signal(*ip);
1476 				ip++;
1477 				narg--;
1478 				break;
1479 			case SYS_kldunloadf:
1480 				print_number(ip, narg, c);
1481 				putchar(',');
1482 				print_integer_arg(sysdecode_kldunload_flags,
1483 				    *ip);
1484 				ip++;
1485 				narg--;
1486 				break;
1487 			case SYS_linkat:
1488 			case SYS_renameat:
1489 			case SYS_symlinkat:
1490 				print_number(ip, narg, c);
1491 				putchar(',');
1492 				print_integer_arg_valid(sysdecode_atfd, *ip);
1493 				ip++;
1494 				narg--;
1495 				print_number(ip, narg, c);
1496 				break;
1497 			case SYS_cap_fcntls_limit:
1498 				print_number(ip, narg, c);
1499 				putchar(',');
1500 				arg = *ip;
1501 				ip++;
1502 				narg--;
1503 				print_mask_arg32(sysdecode_cap_fcntlrights, arg);
1504 				break;
1505 			case SYS_posix_fadvise:
1506 				print_number(ip, narg, c);
1507 				print_number(ip, narg, c);
1508 				print_number(ip, narg, c);
1509 				(void)putchar(',');
1510 				print_integer_arg(sysdecode_fadvice, *ip);
1511 				ip++;
1512 				narg--;
1513 				break;
1514 			case SYS_procctl:
1515 				putchar('(');
1516 				print_integer_arg(sysdecode_idtype, *ip);
1517 				c = ',';
1518 				ip++;
1519 				narg--;
1520 				print_number64(first, ip, narg, c);
1521 				putchar(',');
1522 				print_integer_arg(sysdecode_procctl_cmd, *ip);
1523 				ip++;
1524 				narg--;
1525 				break;
1526 			case SYS__umtx_op: {
1527 				int op;
1528 
1529 				print_number(ip, narg, c);
1530 				putchar(',');
1531 				if (print_mask_arg_part(sysdecode_umtx_op_flags,
1532 				    *ip, &op))
1533 					putchar('|');
1534 				print_integer_arg(sysdecode_umtx_op, op);
1535 				putchar('>');
1536 				switch (*ip) {
1537 				case UMTX_OP_CV_WAIT:
1538 					ip++;
1539 					narg--;
1540 					putchar(',');
1541 					print_mask_argul(
1542 					    sysdecode_umtx_cvwait_flags, *ip);
1543 					break;
1544 				case UMTX_OP_RW_RDLOCK:
1545 					ip++;
1546 					narg--;
1547 					putchar(',');
1548 					print_mask_argul(
1549 					    sysdecode_umtx_rwlock_flags, *ip);
1550 					break;
1551 				}
1552 				ip++;
1553 				narg--;
1554 				break;
1555 			}
1556 			case SYS_ftruncate:
1557 			case SYS_truncate:
1558 				print_number(ip, narg, c);
1559 				print_number64(first, ip, narg, c);
1560 				break;
1561 			case SYS_fchownat:
1562 				print_number(ip, narg, c);
1563 				print_number(ip, narg, c);
1564 				print_number(ip, narg, c);
1565 				break;
1566 			case SYS_fstatat:
1567 			case SYS_utimensat:
1568 				print_number(ip, narg, c);
1569 				print_number(ip, narg, c);
1570 				break;
1571 			case SYS_unlinkat:
1572 				print_number(ip, narg, c);
1573 				break;
1574 			case SYS_sysarch:
1575 				putchar('(');
1576 				print_integer_arg(sysdecode_sysarch_number, *ip);
1577 				ip++;
1578 				narg--;
1579 				c = ',';
1580 				break;
1581 			case SYS_getitimer:
1582 			case SYS_setitimer:
1583 				putchar('(');
1584 				print_integer_arg(sysdecode_itimer, *ip);
1585 				ip++;
1586 				narg--;
1587 				c = ',';
1588 				break;
1589 			}
1590 			switch (ktr->ktr_code) {
1591 			case SYS_chflagsat:
1592 			case SYS_fchownat:
1593 			case SYS_faccessat:
1594 			case SYS_fchmodat:
1595 			case SYS_fstatat:
1596 			case SYS_linkat:
1597 			case SYS_unlinkat:
1598 			case SYS_utimensat:
1599 				putchar(',');
1600 				print_mask_arg0(sysdecode_atflags, *ip);
1601 				ip++;
1602 				narg--;
1603 				break;
1604 			}
1605 	*resc = c;
1606 	*resip = ip;
1607 	*resnarg = narg;
1608 }
1609 
1610 void
1611 ktrsysret(struct ktr_sysret *ktr, u_int sv_flags)
1612 {
1613 	register_t ret = ktr->ktr_retval;
1614 	int error = ktr->ktr_error;
1615 
1616 	syscallname(ktr->ktr_code, sv_flags);
1617 	printf(" ");
1618 
1619 	if (error == 0) {
1620 		if (fancy) {
1621 			printf("%ld", (long)ret);
1622 			if (ret < 0 || ret > 9)
1623 				printf("/%#lx", (unsigned long)ret);
1624 		} else {
1625 			if (decimal)
1626 				printf("%ld", (long)ret);
1627 			else
1628 				printf("%#lx", (unsigned long)ret);
1629 		}
1630 	} else if (error == ERESTART)
1631 		printf("RESTART");
1632 	else if (error == EJUSTRETURN)
1633 		printf("JUSTRETURN");
1634 	else {
1635 		printf("-1 errno %d", sysdecode_freebsd_to_abi_errno(
1636 		    syscallabi(sv_flags), error));
1637 		if (fancy)
1638 			printf(" %s", strerror(ktr->ktr_error));
1639 	}
1640 	putchar('\n');
1641 }
1642 
1643 void
1644 ktrnamei(char *cp, int len)
1645 {
1646 	printf("\"%.*s\"\n", len, cp);
1647 }
1648 
1649 void
1650 hexdump(char *p, int len, int screenwidth)
1651 {
1652 	int n, i;
1653 	int width;
1654 
1655 	width = 0;
1656 	do {
1657 		width += 2;
1658 		i = 13;			/* base offset */
1659 		i += (width / 2) + 1;	/* spaces every second byte */
1660 		i += (width * 2);	/* width of bytes */
1661 		i += 3;			/* "  |" */
1662 		i += width;		/* each byte */
1663 		i += 1;			/* "|" */
1664 	} while (i < screenwidth);
1665 	width -= 2;
1666 
1667 	for (n = 0; n < len; n += width) {
1668 		for (i = n; i < n + width; i++) {
1669 			if ((i % width) == 0) {	/* beginning of line */
1670 				printf("       0x%04x", i);
1671 			}
1672 			if ((i % 2) == 0) {
1673 				printf(" ");
1674 			}
1675 			if (i < len)
1676 				printf("%02x", p[i] & 0xff);
1677 			else
1678 				printf("  ");
1679 		}
1680 		printf("  |");
1681 		for (i = n; i < n + width; i++) {
1682 			if (i >= len)
1683 				break;
1684 			if (p[i] >= ' ' && p[i] <= '~')
1685 				printf("%c", p[i]);
1686 			else
1687 				printf(".");
1688 		}
1689 		printf("|\n");
1690 	}
1691 	if ((i % width) != 0)
1692 		printf("\n");
1693 }
1694 
1695 void
1696 visdump(char *dp, int datalen, int screenwidth)
1697 {
1698 	int col = 0;
1699 	char *cp;
1700 	int width;
1701 	char visbuf[5];
1702 
1703 	printf("       \"");
1704 	col = 8;
1705 	for (;datalen > 0; datalen--, dp++) {
1706 		vis(visbuf, *dp, VIS_CSTYLE | VIS_NOLOCALE, *(dp+1));
1707 		cp = visbuf;
1708 		/*
1709 		 * Keep track of printables and
1710 		 * space chars (like fold(1)).
1711 		 */
1712 		if (col == 0) {
1713 			putchar('\t');
1714 			col = 8;
1715 		}
1716 		switch(*cp) {
1717 		case '\n':
1718 			col = 0;
1719 			putchar('\n');
1720 			continue;
1721 		case '\t':
1722 			width = 8 - (col&07);
1723 			break;
1724 		default:
1725 			width = strlen(cp);
1726 		}
1727 		if (col + width > (screenwidth-2)) {
1728 			printf("\\\n\t");
1729 			col = 8;
1730 		}
1731 		col += width;
1732 		do {
1733 			putchar(*cp++);
1734 		} while (*cp);
1735 	}
1736 	if (col == 0)
1737 		printf("       ");
1738 	printf("\"\n");
1739 }
1740 
1741 void
1742 ktrgenio(struct ktr_genio *ktr, int len)
1743 {
1744 	int datalen = len - sizeof (struct ktr_genio);
1745 	char *dp = (char *)ktr + sizeof (struct ktr_genio);
1746 	static int screenwidth = 0;
1747 	int i, binary;
1748 
1749 	printf("fd %d %s %d byte%s\n", ktr->ktr_fd,
1750 		ktr->ktr_rw == UIO_READ ? "read" : "wrote", datalen,
1751 		datalen == 1 ? "" : "s");
1752 	if (suppressdata)
1753 		return;
1754 	if (screenwidth == 0) {
1755 		struct winsize ws;
1756 
1757 		if (fancy && ioctl(fileno(stderr), TIOCGWINSZ, &ws) != -1 &&
1758 		    ws.ws_col > 8)
1759 			screenwidth = ws.ws_col;
1760 		else
1761 			screenwidth = 80;
1762 	}
1763 	if (maxdata && datalen > maxdata)
1764 		datalen = maxdata;
1765 
1766 	for (i = 0, binary = 0; i < datalen && binary == 0; i++)  {
1767 		if (dp[i] >= 32 && dp[i] < 127)
1768 			continue;
1769 		if (dp[i] == 10 || dp[i] == 13 || dp[i] == 0 || dp[i] == 9)
1770 			continue;
1771 		binary = 1;
1772 	}
1773 	if (binary)
1774 		hexdump(dp, datalen, screenwidth);
1775 	else
1776 		visdump(dp, datalen, screenwidth);
1777 }
1778 
1779 void
1780 ktrpsig(struct ktr_psig *psig)
1781 {
1782 	const char *str;
1783 
1784 	print_signal(psig->signo);
1785 	if (psig->action == SIG_DFL) {
1786 		printf(" SIG_DFL");
1787 	} else {
1788 		printf(" caught handler=0x%lx mask=0x%x",
1789 		    (u_long)psig->action, psig->mask.__bits[0]);
1790 	}
1791 	printf(" code=");
1792 	str = sysdecode_sigcode(psig->signo, psig->code);
1793 	if (str != NULL)
1794 		printf("%s", str);
1795 	else
1796 		printf("<invalid=%#x>", psig->code);
1797 	putchar('\n');
1798 }
1799 
1800 void
1801 ktrcsw_old(struct ktr_csw_old *cs)
1802 {
1803 	printf("%s %s\n", cs->out ? "stop" : "resume",
1804 		cs->user ? "user" : "kernel");
1805 }
1806 
1807 void
1808 ktrcsw(struct ktr_csw *cs)
1809 {
1810 	printf("%s %s \"%s\"\n", cs->out ? "stop" : "resume",
1811 	    cs->user ? "user" : "kernel", cs->wmesg);
1812 }
1813 
1814 void
1815 ktruser(int len, void *p)
1816 {
1817 	unsigned char *cp;
1818 
1819 	if (sysdecode_utrace(stdout, p, len)) {
1820 		printf("\n");
1821 		return;
1822 	}
1823 
1824 	printf("%d ", len);
1825 	cp = p;
1826 	while (len--)
1827 		if (decimal)
1828 			printf(" %d", *cp++);
1829 		else
1830 			printf(" %02x", *cp++);
1831 	printf("\n");
1832 }
1833 
1834 void
1835 ktrcaprights(cap_rights_t *rightsp)
1836 {
1837 
1838 	printf("cap_rights_t ");
1839 	sysdecode_cap_rights(stdout, rightsp);
1840 	printf("\n");
1841 }
1842 
1843 static void
1844 ktrtimeval(struct timeval *tv)
1845 {
1846 
1847 	printf("{%ld, %ld}", (long)tv->tv_sec, tv->tv_usec);
1848 }
1849 
1850 void
1851 ktritimerval(struct itimerval *it)
1852 {
1853 
1854 	printf("itimerval { .interval = ");
1855 	ktrtimeval(&it->it_interval);
1856 	printf(", .value = ");
1857 	ktrtimeval(&it->it_value);
1858 	printf(" }\n");
1859 }
1860 
1861 void
1862 ktrsockaddr(struct sockaddr *sa)
1863 {
1864 /*
1865  TODO: Support additional address families
1866 	#include <netsmb/netbios.h>
1867 	struct sockaddr_nb	*nb;
1868 */
1869 	const char *str;
1870 	char addr[64];
1871 
1872 	/*
1873 	 * note: ktrstruct() has already verified that sa points to a
1874 	 * buffer at least sizeof(struct sockaddr) bytes long and exactly
1875 	 * sa->sa_len bytes long.
1876 	 */
1877 	printf("struct sockaddr { ");
1878 	str = sysdecode_sockaddr_family(sa->sa_family);
1879 	if (str != NULL)
1880 		printf("%s", str);
1881 	else
1882 		printf("<invalid=%d>", sa->sa_family);
1883 	printf(", ");
1884 
1885 #define check_sockaddr_len(n)					\
1886 	if (sa_##n.s##n##_len < sizeof(struct sockaddr_##n)) {	\
1887 		printf("invalid");				\
1888 		break;						\
1889 	}
1890 
1891 	switch(sa->sa_family) {
1892 	case AF_INET: {
1893 		struct sockaddr_in sa_in;
1894 
1895 		memset(&sa_in, 0, sizeof(sa_in));
1896 		memcpy(&sa_in, sa, sa->sa_len);
1897 		check_sockaddr_len(in);
1898 		inet_ntop(AF_INET, &sa_in.sin_addr, addr, sizeof addr);
1899 		printf("%s:%u", addr, ntohs(sa_in.sin_port));
1900 		break;
1901 	}
1902 	case AF_INET6: {
1903 		struct sockaddr_in6 sa_in6;
1904 
1905 		memset(&sa_in6, 0, sizeof(sa_in6));
1906 		memcpy(&sa_in6, sa, sa->sa_len);
1907 		check_sockaddr_len(in6);
1908 		getnameinfo((struct sockaddr *)&sa_in6, sizeof(sa_in6),
1909 		    addr, sizeof(addr), NULL, 0, NI_NUMERICHOST);
1910 		printf("[%s]:%u", addr, htons(sa_in6.sin6_port));
1911 		break;
1912 	}
1913 	case AF_UNIX: {
1914 		struct sockaddr_un sa_un;
1915 
1916 		memset(&sa_un, 0, sizeof(sa_un));
1917 		memcpy(&sa_un, sa, sa->sa_len);
1918 		printf("%.*s", (int)sizeof(sa_un.sun_path), sa_un.sun_path);
1919 		break;
1920 	}
1921 	default:
1922 		printf("unknown address family");
1923 	}
1924 	printf(" }\n");
1925 }
1926 
1927 void
1928 ktrsplice(struct splice *sp)
1929 {
1930 	printf("struct splice { fd=%d, max=%#jx, idle=%jd.%06jd }\n",
1931 	    sp->sp_fd, (uintmax_t)sp->sp_max, (intmax_t)sp->sp_idle.tv_sec,
1932 	    (intmax_t)sp->sp_idle.tv_usec);
1933 }
1934 
1935 void
1936 ktrstat(struct stat *statp)
1937 {
1938 	char mode[12], timestr[PATH_MAX + 4];
1939 	struct passwd *pwd;
1940 	struct group  *grp;
1941 	struct tm *tm;
1942 
1943 	/*
1944 	 * note: ktrstruct() has already verified that statp points to a
1945 	 * buffer exactly sizeof(struct stat) bytes long.
1946 	 */
1947 	printf("struct stat {");
1948 	printf("dev=%ju, ino=%ju, ",
1949 		(uintmax_t)statp->st_dev, (uintmax_t)statp->st_ino);
1950 	if (!resolv)
1951 		printf("mode=0%jo, ", (uintmax_t)statp->st_mode);
1952 	else {
1953 		strmode(statp->st_mode, mode);
1954 		printf("mode=%s, ", mode);
1955 	}
1956 	printf("nlink=%ju, ", (uintmax_t)statp->st_nlink);
1957 	if (!resolv) {
1958 		pwd = NULL;
1959 	} else {
1960 #ifdef WITH_CASPER
1961 		if (cappwd != NULL)
1962 			pwd = cap_getpwuid(cappwd, statp->st_uid);
1963 		else
1964 #endif
1965 			pwd = getpwuid(statp->st_uid);
1966 	}
1967 	if (pwd == NULL)
1968 		printf("uid=%ju, ", (uintmax_t)statp->st_uid);
1969 	else
1970 		printf("uid=\"%s\", ", pwd->pw_name);
1971 	if (!resolv) {
1972 		grp = NULL;
1973 	} else {
1974 #ifdef WITH_CASPER
1975 		if (capgrp != NULL)
1976 			grp = cap_getgrgid(capgrp, statp->st_gid);
1977 		else
1978 #endif
1979 			grp = getgrgid(statp->st_gid);
1980 	}
1981 	if (grp == NULL)
1982 		printf("gid=%ju, ", (uintmax_t)statp->st_gid);
1983 	else
1984 		printf("gid=\"%s\", ", grp->gr_name);
1985 	printf("rdev=%ju, ", (uintmax_t)statp->st_rdev);
1986 	printf("atime=");
1987 	if (!resolv)
1988 		printf("%jd", (intmax_t)statp->st_atim.tv_sec);
1989 	else {
1990 		tm = localtime(&statp->st_atim.tv_sec);
1991 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1992 		printf("\"%s\"", timestr);
1993 	}
1994 	if (statp->st_atim.tv_nsec != 0)
1995 		printf(".%09ld, ", statp->st_atim.tv_nsec);
1996 	else
1997 		printf(", ");
1998 	printf("mtime=");
1999 	if (!resolv)
2000 		printf("%jd", (intmax_t)statp->st_mtim.tv_sec);
2001 	else {
2002 		tm = localtime(&statp->st_mtim.tv_sec);
2003 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
2004 		printf("\"%s\"", timestr);
2005 	}
2006 	if (statp->st_mtim.tv_nsec != 0)
2007 		printf(".%09ld, ", statp->st_mtim.tv_nsec);
2008 	else
2009 		printf(", ");
2010 	printf("ctime=");
2011 	if (!resolv)
2012 		printf("%jd", (intmax_t)statp->st_ctim.tv_sec);
2013 	else {
2014 		tm = localtime(&statp->st_ctim.tv_sec);
2015 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
2016 		printf("\"%s\"", timestr);
2017 	}
2018 	if (statp->st_ctim.tv_nsec != 0)
2019 		printf(".%09ld, ", statp->st_ctim.tv_nsec);
2020 	else
2021 		printf(", ");
2022 	printf("birthtime=");
2023 	if (!resolv)
2024 		printf("%jd", (intmax_t)statp->st_birthtim.tv_sec);
2025 	else {
2026 		tm = localtime(&statp->st_birthtim.tv_sec);
2027 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
2028 		printf("\"%s\"", timestr);
2029 	}
2030 	if (statp->st_birthtim.tv_nsec != 0)
2031 		printf(".%09ld, ", statp->st_birthtim.tv_nsec);
2032 	else
2033 		printf(", ");
2034 	printf("size=%jd, blksize=%ju, blocks=%jd, flags=0x%x",
2035 		(uintmax_t)statp->st_size, (uintmax_t)statp->st_blksize,
2036 		(intmax_t)statp->st_blocks, statp->st_flags);
2037 	printf(" }\n");
2038 }
2039 
2040 void
2041 ktrbitset(char *name, struct bitset *set, size_t setlen)
2042 {
2043 	int i, maxi, c = 0;
2044 
2045 	if (setlen > INT32_MAX)
2046 		setlen = INT32_MAX;
2047 	maxi = setlen * CHAR_BIT;
2048 	printf("%s [ ", name);
2049 	for (i = 0; i < maxi; i++) {
2050 		if (!BIT_ISSET(setlen, i, set))
2051 			continue;
2052 		if (c == 0)
2053 			printf("%d", i);
2054 		else
2055 			printf(", %d", i);
2056 		c++;
2057 	}
2058 	if (c == 0)
2059 		printf(" empty ]\n");
2060 	else
2061 		printf(" ]\n");
2062 }
2063 
2064 void
2065 ktrstruct(char *buf, size_t buflen)
2066 {
2067 	char *name, *data;
2068 	size_t namelen, datalen;
2069 	int i;
2070 	cap_rights_t rights;
2071 	struct itimerval it;
2072 	struct stat sb;
2073 	struct sockaddr_storage ss;
2074 	struct bitset *set;
2075 
2076 	for (name = buf, namelen = 0;
2077 	     namelen < buflen && name[namelen] != '\0';
2078 	     ++namelen)
2079 		/* nothing */;
2080 	if (namelen == buflen)
2081 		goto invalid;
2082 	if (name[namelen] != '\0')
2083 		goto invalid;
2084 	data = buf + namelen + 1;
2085 	datalen = buflen - namelen - 1;
2086 	if (datalen == 0)
2087 		goto invalid;
2088 	/* sanity check */
2089 	for (i = 0; i < (int)namelen; ++i)
2090 		if (!isalpha(name[i]) && name[i] != '_')
2091 			goto invalid;
2092 	if (strcmp(name, "caprights") == 0) {
2093 		if (datalen != sizeof(cap_rights_t))
2094 			goto invalid;
2095 		memcpy(&rights, data, datalen);
2096 		ktrcaprights(&rights);
2097 	} else if (strcmp(name, "itimerval") == 0) {
2098 		if (datalen != sizeof(struct itimerval))
2099 			goto invalid;
2100 		memcpy(&it, data, datalen);
2101 		ktritimerval(&it);
2102 	} else if (strcmp(name, "stat") == 0) {
2103 		if (datalen != sizeof(struct stat))
2104 			goto invalid;
2105 		memcpy(&sb, data, datalen);
2106 		ktrstat(&sb);
2107 	} else if (strcmp(name, "sockaddr") == 0) {
2108 		if (datalen > sizeof(ss))
2109 			goto invalid;
2110 		memcpy(&ss, data, datalen);
2111 		if (datalen != ss.ss_len)
2112 			goto invalid;
2113 		ktrsockaddr((struct sockaddr *)&ss);
2114 	} else if (strcmp(name, "cpuset_t") == 0) {
2115 		if (datalen < 1)
2116 			goto invalid;
2117 		set = malloc(datalen);
2118 		if (set == NULL)
2119 			errx(1, "%s", strerror(ENOMEM));
2120 		memcpy(set, data, datalen);
2121 		ktrbitset(name, set, datalen);
2122 		free(set);
2123 	} else if (strcmp(name, "splice") == 0) {
2124 		struct splice sp;
2125 
2126 		if (datalen != sizeof(sp))
2127 			goto invalid;
2128 		memcpy(&sp, data, datalen);
2129 		ktrsplice(&sp);
2130 	} else {
2131 #ifdef SYSDECODE_HAVE_LINUX
2132 		if (ktrstruct_linux(name, data, datalen) == false)
2133 #endif
2134 			printf("unknown structure\n");
2135 	}
2136 	return;
2137 invalid:
2138 	printf("invalid record\n");
2139 }
2140 
2141 void
2142 ktrcapfail(struct ktr_cap_fail *ktr)
2143 {
2144 	union ktr_cap_data *kcd = &ktr->cap_data;
2145 
2146 	switch (ktr->cap_type) {
2147 	case CAPFAIL_NOTCAPABLE:
2148 		/* operation on fd with insufficient capabilities */
2149 		printf("operation requires ");
2150 		sysdecode_cap_rights(stdout, &kcd->cap_needed);
2151 		printf(", descriptor holds ");
2152 		sysdecode_cap_rights(stdout, &kcd->cap_held);
2153 		break;
2154 	case CAPFAIL_INCREASE:
2155 		/* requested more capabilities than fd already has */
2156 		printf("attempt to increase capabilities from ");
2157 		sysdecode_cap_rights(stdout, &kcd->cap_held);
2158 		printf(" to ");
2159 		sysdecode_cap_rights(stdout, &kcd->cap_needed);
2160 		break;
2161 	case CAPFAIL_SYSCALL:
2162 		/* called restricted syscall */
2163 		printf("system call not allowed: ");
2164 		syscallname(ktr->cap_code, ktr->cap_svflags);
2165 		if (syscallabi(ktr->cap_svflags) == SYSDECODE_ABI_FREEBSD) {
2166 			switch (ktr->cap_code) {
2167 			case SYS_sysarch:
2168 				printf(", op: ");
2169 				print_integer_arg(sysdecode_sysarch_number,
2170 				    kcd->cap_int);
2171 				break;
2172 			case SYS_fcntl:
2173 				printf(", cmd: ");
2174 				print_integer_arg(sysdecode_fcntl_cmd,
2175 				    kcd->cap_int);
2176 				break;
2177 			}
2178 		}
2179 		break;
2180 	case CAPFAIL_SIGNAL:
2181 		/* sent signal to proc other than self */
2182 		syscallname(ktr->cap_code, ktr->cap_svflags);
2183 		printf(": signal delivery not allowed: ");
2184 		print_integer_arg(sysdecode_signal, kcd->cap_int);
2185 		break;
2186 	case CAPFAIL_PROTO:
2187 		/* created socket with restricted protocol */
2188 		syscallname(ktr->cap_code, ktr->cap_svflags);
2189 		printf(": protocol not allowed: ");
2190 		print_integer_arg(sysdecode_ipproto, kcd->cap_int);
2191 		break;
2192 	case CAPFAIL_SOCKADDR:
2193 		/* unable to look up address */
2194 		syscallname(ktr->cap_code, ktr->cap_svflags);
2195 		printf(": restricted address lookup: ");
2196 		ktrsockaddr(&kcd->cap_sockaddr);
2197 		return;
2198 	case CAPFAIL_NAMEI:
2199 		/* absolute or AT_FDCWD path, ".." path, etc. */
2200 		syscallname(ktr->cap_code, ktr->cap_svflags);
2201 		printf(": restricted VFS lookup: %s\n", kcd->cap_path);
2202 		return;
2203 	case CAPFAIL_CPUSET:
2204 		/* modification of an external cpuset */
2205 		syscallname(ktr->cap_code, ktr->cap_svflags);
2206 		printf(": restricted cpuset operation\n");
2207 		return;
2208 	default:
2209 		syscallname(ktr->cap_code, ktr->cap_svflags);
2210 		printf(": unknown capability failure\n");
2211 		return;
2212 	}
2213 	printf("\n");
2214 }
2215 
2216 void
2217 ktrfault(struct ktr_fault *ktr)
2218 {
2219 
2220 	printf("0x%jx ", (uintmax_t)ktr->vaddr);
2221 	print_mask_arg(sysdecode_vmprot, ktr->type);
2222 	printf("\n");
2223 }
2224 
2225 void
2226 ktrfaultend(struct ktr_faultend *ktr)
2227 {
2228 	const char *str;
2229 
2230 	str = sysdecode_vmresult(ktr->result);
2231 	if (str != NULL)
2232 		printf("%s", str);
2233 	else
2234 		printf("<invalid=%d>", ktr->result);
2235 	printf("\n");
2236 }
2237 
2238 void
2239 ktrkevent(struct kevent *kev)
2240 {
2241 
2242 	printf("{ ident=");
2243 	switch (kev->filter) {
2244 	case EVFILT_READ:
2245 	case EVFILT_WRITE:
2246 	case EVFILT_VNODE:
2247 	case EVFILT_PROC:
2248 	case EVFILT_TIMER:
2249 	case EVFILT_PROCDESC:
2250 	case EVFILT_EMPTY:
2251 		printf("%ju", (uintmax_t)kev->ident);
2252 		break;
2253 	case EVFILT_SIGNAL:
2254 		print_signal(kev->ident);
2255 		break;
2256 	default:
2257 		printf("%p", (void *)kev->ident);
2258 	}
2259 	printf(", filter=");
2260 	print_integer_arg(sysdecode_kevent_filter, kev->filter);
2261 	printf(", flags=");
2262 	print_mask_arg0(sysdecode_kevent_flags, kev->flags);
2263 	printf(", fflags=");
2264 	sysdecode_kevent_fflags(stdout, kev->filter, kev->fflags,
2265 	    decimal ? 10 : 16);
2266 	printf(", data=%#jx, udata=%p }", (uintmax_t)kev->data, kev->udata);
2267 }
2268 
2269 void
2270 ktrpollfd(struct pollfd *pfd)
2271 {
2272 
2273 	printf("{ fd=%d", pfd->fd);
2274 	printf(", events=");
2275 	print_mask_arg0(sysdecode_pollfd_events, pfd->events);
2276 	printf(", revents=");
2277 	print_mask_arg0(sysdecode_pollfd_events, pfd->revents);
2278 	printf("}");
2279 }
2280 
2281 void
2282 ktrstructarray(struct ktr_struct_array *ksa, size_t buflen)
2283 {
2284 	struct kevent kev;
2285 	struct pollfd pfd;
2286 	char *name, *data;
2287 	size_t namelen, datalen;
2288 	int i;
2289 	bool first;
2290 
2291 	buflen -= sizeof(*ksa);
2292 	for (name = (char *)(ksa + 1), namelen = 0;
2293 	     namelen < buflen && name[namelen] != '\0';
2294 	     ++namelen)
2295 		/* nothing */;
2296 	if (namelen == buflen)
2297 		goto invalid;
2298 	if (name[namelen] != '\0')
2299 		goto invalid;
2300 	/* sanity check */
2301 	for (i = 0; i < (int)namelen; ++i)
2302 		if (!isalnum(name[i]) && name[i] != '_')
2303 			goto invalid;
2304 	data = name + namelen + 1;
2305 	datalen = buflen - namelen - 1;
2306 	printf("struct %s[] = { ", name);
2307 	first = true;
2308 	for (; datalen >= ksa->struct_size;
2309 	    data += ksa->struct_size, datalen -= ksa->struct_size) {
2310 		if (!first)
2311 			printf("\n             ");
2312 		else
2313 			first = false;
2314 		if (strcmp(name, "kevent") == 0) {
2315 			if (ksa->struct_size != sizeof(kev))
2316 				goto bad_size;
2317 			memcpy(&kev, data, sizeof(kev));
2318 			ktrkevent(&kev);
2319 		} else if (strcmp(name, "freebsd11_kevent") == 0) {
2320 			struct freebsd11_kevent kev11;
2321 
2322 			if (ksa->struct_size != sizeof(kev11))
2323 				goto bad_size;
2324 			memcpy(&kev11, data, sizeof(kev11));
2325 			memset(&kev, 0, sizeof(kev));
2326 			kev.ident = kev11.ident;
2327 			kev.filter = kev11.filter;
2328 			kev.flags = kev11.flags;
2329 			kev.fflags = kev11.fflags;
2330 			kev.data = kev11.data;
2331 			kev.udata = kev11.udata;
2332 			ktrkevent(&kev);
2333 #ifdef _WANT_KEVENT32
2334 		} else if (strcmp(name, "kevent32") == 0) {
2335 			struct kevent32 kev32;
2336 
2337 			if (ksa->struct_size != sizeof(kev32))
2338 				goto bad_size;
2339 			memcpy(&kev32, data, sizeof(kev32));
2340 			memset(&kev, 0, sizeof(kev));
2341 			kev.ident = kev32.ident;
2342 			kev.filter = kev32.filter;
2343 			kev.flags = kev32.flags;
2344 			kev.fflags = kev32.fflags;
2345 #if BYTE_ORDER == BIG_ENDIAN
2346 			kev.data = kev32.data2 | ((int64_t)kev32.data1 << 32);
2347 #else
2348 			kev.data = kev32.data1 | ((int64_t)kev32.data2 << 32);
2349 #endif
2350 			kev.udata = (void *)(uintptr_t)kev32.udata;
2351 			ktrkevent(&kev);
2352 		} else if (strcmp(name, "freebsd11_kevent32") == 0) {
2353 			struct freebsd11_kevent32 kev32;
2354 
2355 			if (ksa->struct_size != sizeof(kev32))
2356 				goto bad_size;
2357 			memcpy(&kev32, data, sizeof(kev32));
2358 			memset(&kev, 0, sizeof(kev));
2359 			kev.ident = kev32.ident;
2360 			kev.filter = kev32.filter;
2361 			kev.flags = kev32.flags;
2362 			kev.fflags = kev32.fflags;
2363 			kev.data = kev32.data;
2364 			kev.udata = (void *)(uintptr_t)kev32.udata;
2365 			ktrkevent(&kev);
2366 #endif
2367 		} else if (strcmp(name, "pollfd") == 0) {
2368 			if (ksa->struct_size != sizeof(pfd))
2369 				goto bad_size;
2370 			memcpy(&pfd, data, sizeof(pfd));
2371 			ktrpollfd(&pfd);
2372 		} else {
2373 			printf("<unknown structure> }\n");
2374 			return;
2375 		}
2376 	}
2377 	printf(" }\n");
2378 	return;
2379 invalid:
2380 	printf("invalid record\n");
2381 	return;
2382 bad_size:
2383 	printf("<bad size> }\n");
2384 	return;
2385 }
2386 
2387 void
2388 usage(void)
2389 {
2390 	fprintf(stderr, "usage: kdump [-dEnlHRrSsTA] [-f trfile] "
2391 	    "[-m maxdata] [-p pid] [-t trstr]\n");
2392 	exit(1);
2393 }
2394