xref: /freebsd/usr.bin/kdump/kdump.1 (revision f126d349810fdb512c0b01e101342d430b947488)
1.\" Copyright (c) 1990, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"	@(#)kdump.1	8.1 (Berkeley) 6/6/93
29.\" $FreeBSD$
30.\"
31.Dd July 16, 2022
32.Dt KDUMP 1
33.Os
34.Sh NAME
35.Nm kdump
36.Nd display kernel trace data
37.Sh SYNOPSIS
38.Nm
39.Op Fl dEnlHRSsTA
40.Op Fl f Ar trfile
41.Op Fl m Ar maxdata
42.Op Fl p Ar pid
43.Op Fl t Ar trstr
44.Sh DESCRIPTION
45The
46.Nm
47command displays the kernel trace files produced with
48.Xr ktrace 1
49in human readable format.
50By default, the file
51.Pa ktrace.out
52in the current directory is displayed.
53.Pp
54The options are as follows:
55.Bl -tag -width Fl
56.It Fl A
57Display the ABI of the traced process.
58.It Fl c
59Display the CPU number with each trace entry.
60.It Fl d
61Display all numbers in decimal.
62.It Fl E
63Display elapsed timestamps (time since beginning of trace).
64.It Fl f Ar trfile
65Display the specified file instead of
66.Pa ktrace.out .
67.It Fl H
68List the thread ID (tid) of the thread with each trace record, if available.
69If no thread ID is available, 0 will be printed.
70.It Fl l
71Loop reading the trace file, once the end-of-file is reached, waiting for
72more data.
73.It Fl m Ar maxdata
74Display at most
75.Ar maxdata
76bytes when decoding
77.Tn I/O .
78.It Fl n
79Suppress ad hoc translations.
80Normally
81.Nm
82tries to decode many system calls into a more human readable format.
83For example,
84.Xr ioctl 2
85values are replaced with the macro name and
86.Va errno
87values are replaced with the
88.Xr strerror 3
89string.
90Suppressing this feature yields a more consistent output format and is
91easily amenable to further processing.
92.It Fl p Ar pid
93Display only trace events that correspond to the process or thread
94.Ar pid .
95This may be useful when there are multiple processes or threads recorded in the
96same trace file.
97.It Fl R
98Display relative timestamps (time since previous entry).
99.It Fl r
100When decoding STRU records, display structure members such as UIDs,
101GIDs, dates etc. symbolically instead of numerically.
102.It Fl S
103Display system call numbers.
104.It Fl s
105Suppress display of I/O data.
106.It Fl T
107Display absolute timestamps for each entry (seconds since epoch).
108.It Fl t Ar trstr
109See the
110.Fl t
111option of
112.Xr ktrace 1 .
113.El
114.Pp
115The output format of
116.Nm
117is line oriented with several fields.
118The example below shows a section of a kdump generated by the following
119commands:
120.Bd -literal -offset indent
121?> ktrace echo "ktrace"
122
123?> kdump
124
125 85045 echo     CALL  writev(0x1,0x804b030,0x2)
126 85045 echo     GIO   fd 1 wrote 7 bytes
127       "ktrace
128       "
129 85045 echo     RET   writev 7
130.Ed
131.Pp
132The first field is the PID of the process being traced.
133The second field is the name of the program being traced.
134The third field is the operation that the kernel performed
135on behalf of the process.
136If thread IDs are being printed, then an additional thread ID column will be
137added to the output between the PID field and program name field.
138.Pp
139In the first line above, the kernel executes the
140.Xr writev 2
141system call on behalf of the process so this is a
142.Li CALL
143operation.
144The fourth field shows the system call that was executed,
145including its arguments.
146The
147.Xr writev 2
148system call takes a file descriptor, in this case 1, or standard
149output, then a pointer to the iovector to write, and the number of
150iovectors that are to be written.
151In the second line we see the operation was
152.Li GIO ,
153for general I/O, and that file descriptor 1 had
154seven bytes written to it.
155This is followed by the seven bytes that were written, the string
156.Qq Li ktrace
157with a carriage return and line feed.
158The last line is the
159.Li RET
160operation, showing a return from the kernel, what system call we are
161returning from, and the return value that the process received.
162Seven bytes were written by the
163.Xr writev 2
164system call, so 7 is the return value.
165.Pp
166The possible operations are:
167.Bl -column -offset indent ".Li CALL" ".No data from user process"
168.It Sy Name Ta Sy Operation Ta Sy Fourth field
169.It Li CALL Ta enter syscall Ta syscall name and arguments
170.It Li RET Ta return from syscall Ta syscall name and return value
171.It Li NAMI Ta file name lookup Ta path to file
172.It Li GIO Ta general I/O Ta fd, read/write, number of bytes
173.It Li PSIG Ta signal Ta signal name, handler, mask, code
174.It Li CSW Ta context switch Ta stop/resume user/kernel wmesg
175.It Li USER Ta data from user process Ta the data
176.It Li STRU Ta various syscalls Ta structure
177.It Li SCTL Ta Xr sysctl 3 requests Ta MIB name
178.It Li PFLT Ta enter page fault Ta fault address and type
179.It Li PRET Ta return from page fault Ta fault result
180.El
181.Sh SEE ALSO
182.Xr ktrace 1
183.Sh HISTORY
184The
185.Nm
186command appeared in
187.Bx 4.4 .
188