1.\" Copyright (c) 1990, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)kdump.1 8.1 (Berkeley) 6/6/93 33.\" $FreeBSD$ 34.\" 35.Dd January 28, 2005 36.Dt KDUMP 1 37.Os 38.Sh NAME 39.Nm kdump 40.Nd display kernel trace data 41.Sh SYNOPSIS 42.Nm 43.Op Fl dEnlRT 44.Op Fl f Ar trfile 45.Op Fl m Ar maxdata 46.Op Fl p Ar pid 47.Op Fl t Op cnisuw 48.Sh DESCRIPTION 49The 50.Nm 51command displays the kernel trace files produced with 52.Xr ktrace 1 53in human readable format. 54By default, the file 55.Pa ktrace.out 56in the current directory is displayed. 57.Pp 58The options are as follows: 59.Bl -tag -width Fl 60.It Fl d 61Display all numbers in decimal. 62.It Fl E 63Display elapsed timestamps (time since beginning of trace). 64.It Fl f Ar trfile 65Display the specified file instead of 66.Pa ktrace.out . 67.It Fl l 68Loop reading the trace file, once the end-of-file is reached, waiting for 69more data. 70.It Fl m Ar maxdata 71Display at most 72.Ar maxdata 73bytes when decoding 74.Tn I/O . 75.It Fl n 76Suppress ad hoc translations. 77Normally 78.Nm 79tries to decode many system calls into a more human readable format. 80For example, 81.Xr ioctl 2 82values are replaced with the macro name and 83.Va errno 84values are replaced with the 85.Xr strerror 3 86string. 87Suppressing this feature yields a more consistent output format and is 88easily amenable to further processing. 89.It Fl p Ar pid 90Display only trace events that correspond to the process 91.Ar pid . 92This may be useful when there are multiple processes recorded in the 93same trace file. 94.It Fl R 95Display relative timestamps (time since previous entry). 96.It Fl T 97Display absolute timestamps for each entry (seconds since epoch). 98.It Fl t Ar cnisuw 99See the 100.Fl t 101option of 102.Xr ktrace 1 . 103.El 104.Pp 105The output format of 106.Nm 107is line oriented with several fields. 108The example below shows a section of a kdump generated by the following 109commands: 110.Bd -literal -offset indent 111?> ktrace echo "ktrace" 112 113?> kdump 114 115 85045 echo CALL writev(0x1,0x804b030,0x2) 116 85045 echo GIO fd 1 wrote 7 bytes 117 "ktrace 118 " 119 85045 echo RET writev 7 120.Ed 121.Pp 122The first field is the PID of the process being traced. 123The second field is the name of the program being traced. 124The third field is the operation that the kernel performed 125on behalf of the process. 126.Pp 127In the first line above, the kernel executes the 128.Xr writev 2 129system call on behalf of the process so this is a 130.Li CALL 131operation. 132The fourth field shows the system call that was executed, 133including its arguments. 134The 135.Xr writev 2 136system call takes a file descriptor, in this case 1, or standard 137output, then a pointer to the iovector to write, and the number of 138iovectors that are to be written. 139In the second line we see the operation was 140.Li GIO , 141for general I/O, and that file descriptor 1 had 142seven bytes written to it. 143This is followed by the seven bytes that were written, the string 144.Qq Li ktrace 145with a carriage return and line feed. 146The last line is the 147.Li RET 148operation, showing a return from the kernel, what system call we are 149returning from, and the return value that the process received. 150Seven bytes were written by the 151.Xr writev 2 152system call, so 7 is the return value. 153.Pp 154The possible operations are: 155.Bl -column -offset indent ".Li GENIO" ".No data from user process" 156.It Sy Name Ta Sy Operation Ta Sy Fourth field 157.It Li CALL Ta enter syscall Ta syscall name and arguments 158.It Li RET Ta return from syscall Ta syscall name and return value 159.It Li NAMI Ta file name lookup Ta path to file 160.It Li GENIO Ta general I/O Ta fd, read/write, number of bytes 161.It Li SIG Ta signal Ta signal name, handler, mask, code 162.It Li CSW Ta context switch Ta stop/resume user/kernel 163.It Li USER Ta data from user process Ta the data 164.El 165.Sh SEE ALSO 166.Xr ktrace 1 167.Sh HISTORY 168The 169.Nm 170command appeared in 171.Bx 4.4 . 172