xref: /freebsd/usr.bin/kdump/kdump.1 (revision b9128a37faafede823eb456aa65a11ac69997284)
1.\" Copyright (c) 1990, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.Dd July 16, 2022
29.Dt KDUMP 1
30.Os
31.Sh NAME
32.Nm kdump
33.Nd display kernel trace data
34.Sh SYNOPSIS
35.Nm
36.Op Fl dEnlHRSsTA
37.Op Fl f Ar trfile
38.Op Fl m Ar maxdata
39.Op Fl p Ar pid
40.Op Fl t Ar trstr
41.Sh DESCRIPTION
42The
43.Nm
44command displays the kernel trace files produced with
45.Xr ktrace 1
46in human readable format.
47By default, the file
48.Pa ktrace.out
49in the current directory is displayed.
50.Pp
51The options are as follows:
52.Bl -tag -width Fl
53.It Fl A
54Display the ABI of the traced process.
55.It Fl c
56Display the CPU number with each trace entry.
57.It Fl d
58Display all numbers in decimal.
59.It Fl E
60Display elapsed timestamps (time since beginning of trace).
61.It Fl f Ar trfile
62Display the specified file instead of
63.Pa ktrace.out .
64.It Fl H
65List the thread ID (tid) of the thread with each trace record, if available.
66If no thread ID is available, 0 will be printed.
67.It Fl l
68Loop reading the trace file, once the end-of-file is reached, waiting for
69more data.
70.It Fl m Ar maxdata
71Display at most
72.Ar maxdata
73bytes when decoding
74.Tn I/O .
75.It Fl n
76Suppress ad hoc translations.
77Normally
78.Nm
79tries to decode many system calls into a more human readable format.
80For example,
81.Xr ioctl 2
82values are replaced with the macro name and
83.Va errno
84values are replaced with the
85.Xr strerror 3
86string.
87Suppressing this feature yields a more consistent output format and is
88easily amenable to further processing.
89.It Fl p Ar pid
90Display only trace events that correspond to the process or thread
91.Ar pid .
92This may be useful when there are multiple processes or threads recorded in the
93same trace file.
94.It Fl R
95Display relative timestamps (time since previous entry).
96.It Fl r
97When decoding STRU records, display structure members such as UIDs,
98GIDs, dates etc. symbolically instead of numerically.
99.It Fl S
100Display system call numbers.
101.It Fl s
102Suppress display of I/O data.
103.It Fl T
104Display absolute timestamps for each entry (seconds since epoch).
105.It Fl t Ar trstr
106See the
107.Fl t
108option of
109.Xr ktrace 1 .
110.El
111.Pp
112The output format of
113.Nm
114is line oriented with several fields.
115The example below shows a section of a kdump generated by the following
116commands:
117.Bd -literal -offset indent
118?> ktrace echo "ktrace"
119
120?> kdump
121
122 85045 echo     CALL  writev(0x1,0x804b030,0x2)
123 85045 echo     GIO   fd 1 wrote 7 bytes
124       "ktrace
125       "
126 85045 echo     RET   writev 7
127.Ed
128.Pp
129The first field is the PID of the process being traced.
130The second field is the name of the program being traced.
131The third field is the operation that the kernel performed
132on behalf of the process.
133If thread IDs are being printed, then an additional thread ID column will be
134added to the output between the PID field and program name field.
135.Pp
136In the first line above, the kernel executes the
137.Xr writev 2
138system call on behalf of the process so this is a
139.Li CALL
140operation.
141The fourth field shows the system call that was executed,
142including its arguments.
143The
144.Xr writev 2
145system call takes a file descriptor, in this case 1, or standard
146output, then a pointer to the iovector to write, and the number of
147iovectors that are to be written.
148In the second line we see the operation was
149.Li GIO ,
150for general I/O, and that file descriptor 1 had
151seven bytes written to it.
152This is followed by the seven bytes that were written, the string
153.Qq Li ktrace
154with a carriage return and line feed.
155The last line is the
156.Li RET
157operation, showing a return from the kernel, what system call we are
158returning from, and the return value that the process received.
159Seven bytes were written by the
160.Xr writev 2
161system call, so 7 is the return value.
162.Pp
163The possible operations are:
164.Bl -column -offset indent ".Li CALL" ".No data from user process"
165.It Sy Name Ta Sy Operation Ta Sy Fourth field
166.It Li CALL Ta enter syscall Ta syscall name and arguments
167.It Li RET Ta return from syscall Ta syscall name and return value
168.It Li NAMI Ta file name lookup Ta path to file
169.It Li GIO Ta general I/O Ta fd, read/write, number of bytes
170.It Li PSIG Ta signal Ta signal name, handler, mask, code
171.It Li CSW Ta context switch Ta stop/resume user/kernel wmesg
172.It Li USER Ta data from user process Ta the data
173.It Li STRU Ta various syscalls Ta structure
174.It Li SCTL Ta Xr sysctl 3 requests Ta MIB name
175.It Li PFLT Ta enter page fault Ta fault address and type
176.It Li PRET Ta return from page fault Ta fault result
177.El
178.Sh SEE ALSO
179.Xr ktrace 1
180.Sh HISTORY
181The
182.Nm
183command appeared in
184.Bx 4.4 .
185