1.\" Copyright (c) 1990, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 4. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)kdump.1 8.1 (Berkeley) 6/6/93 29.\" $FreeBSD$ 30.\" 31.Dd June 4, 2012 32.Dt KDUMP 1 33.Os 34.Sh NAME 35.Nm kdump 36.Nd display kernel trace data 37.Sh SYNOPSIS 38.Nm 39.Op Fl dEnlHRsTA 40.Op Fl f Ar trfile 41.Op Fl m Ar maxdata 42.Op Fl p Ar pid 43.Op Fl t Ar trstr 44.Sh DESCRIPTION 45The 46.Nm 47command displays the kernel trace files produced with 48.Xr ktrace 1 49in human readable format. 50By default, the file 51.Pa ktrace.out 52in the current directory is displayed. 53.Pp 54The options are as follows: 55.Bl -tag -width Fl 56.It Fl d 57Display all numbers in decimal. 58.It Fl E 59Display elapsed timestamps (time since beginning of trace). 60.It Fl f Ar trfile 61Display the specified file instead of 62.Pa ktrace.out . 63.It Fl H 64List the thread ID (tid) of the thread with each trace record, if available. 65If no thread ID is available, 0 will be printed. 66.It Fl l 67Loop reading the trace file, once the end-of-file is reached, waiting for 68more data. 69.It Fl m Ar maxdata 70Display at most 71.Ar maxdata 72bytes when decoding 73.Tn I/O . 74.It Fl n 75Suppress ad hoc translations. 76Normally 77.Nm 78tries to decode many system calls into a more human readable format. 79For example, 80.Xr ioctl 2 81values are replaced with the macro name and 82.Va errno 83values are replaced with the 84.Xr strerror 3 85string. 86Suppressing this feature yields a more consistent output format and is 87easily amenable to further processing. 88.It Fl p Ar pid 89Display only trace events that correspond to the process or thread 90.Ar pid . 91This may be useful when there are multiple processes or threads recorded in the 92same trace file. 93.It Fl R 94Display relative timestamps (time since previous entry). 95.It Fl r 96When decoding STRU records, display structure members such as UIDs, 97GIDs, dates etc. symbolically instead of numerically. 98.It Fl s 99Suppress display of I/O data. 100.It Fl T 101Display absolute timestamps for each entry (seconds since epoch). 102.It Fl A 103Display description of the ABI of traced process. 104.It Fl t Ar trstr 105See the 106.Fl t 107option of 108.Xr ktrace 1 . 109.El 110.Pp 111The output format of 112.Nm 113is line oriented with several fields. 114The example below shows a section of a kdump generated by the following 115commands: 116.Bd -literal -offset indent 117?> ktrace echo "ktrace" 118 119?> kdump 120 121 85045 echo CALL writev(0x1,0x804b030,0x2) 122 85045 echo GIO fd 1 wrote 7 bytes 123 "ktrace 124 " 125 85045 echo RET writev 7 126.Ed 127.Pp 128The first field is the PID of the process being traced. 129The second field is the name of the program being traced. 130The third field is the operation that the kernel performed 131on behalf of the process. 132If thread IDs are being printed, then an additional thread ID column will be 133added to the output between the PID field and program name field. 134.Pp 135In the first line above, the kernel executes the 136.Xr writev 2 137system call on behalf of the process so this is a 138.Li CALL 139operation. 140The fourth field shows the system call that was executed, 141including its arguments. 142The 143.Xr writev 2 144system call takes a file descriptor, in this case 1, or standard 145output, then a pointer to the iovector to write, and the number of 146iovectors that are to be written. 147In the second line we see the operation was 148.Li GIO , 149for general I/O, and that file descriptor 1 had 150seven bytes written to it. 151This is followed by the seven bytes that were written, the string 152.Qq Li ktrace 153with a carriage return and line feed. 154The last line is the 155.Li RET 156operation, showing a return from the kernel, what system call we are 157returning from, and the return value that the process received. 158Seven bytes were written by the 159.Xr writev 2 160system call, so 7 is the return value. 161.Pp 162The possible operations are: 163.Bl -column -offset indent ".Li CALL" ".No data from user process" 164.It Sy Name Ta Sy Operation Ta Sy Fourth field 165.It Li CALL Ta enter syscall Ta syscall name and arguments 166.It Li RET Ta return from syscall Ta syscall name and return value 167.It Li NAMI Ta file name lookup Ta path to file 168.It Li GIO Ta general I/O Ta fd, read/write, number of bytes 169.It Li PSIG Ta signal Ta signal name, handler, mask, code 170.It Li CSW Ta context switch Ta stop/resume user/kernel wmesg 171.It Li USER Ta data from user process Ta the data 172.It Li STRU Ta various syscalls Ta structure 173.It Li SCTL Ta Xr sysctl 3 requests Ta MIB name 174.It Li PFLT Ta enter page fault Ta fault address and type 175.It Li PRET Ta return from page fault Ta fault result 176.El 177.Sh SEE ALSO 178.Xr ktrace 1 179.Sh HISTORY 180The 181.Nm 182command appeared in 183.Bx 4.4 . 184