KDUMP(1) FreeBSD General Commands Manual KDUMP(1)
NAME
kdump - display kernel trace data
SYNOPSIS
kdump [-dEnlHRSsTA] [-f trfile] [-m maxdata] [-p pid] [-t trstr]
DESCRIPTION
The kdump command displays the kernel trace files produced with ktrace(1)
in human readable format. By default, the file ktrace.out in the current
directory is displayed.
The options are as follows:
-d Display all numbers in decimal.
-E Display elapsed timestamps (time since beginning of trace).
-f trfile Display the specified file instead of ktrace.out.
-H List the thread ID (tid) of the thread with each trace
record, if available. If no thread ID is available, 0 will
be printed.
-l Loop reading the trace file, once the end-of-file is reached,
waiting for more data.
-m maxdata Display at most maxdata bytes when decoding I/O.
-n Suppress ad hoc translations. Normally kdump tries to decode
many system calls into a more human readable format. For
example, ioctl(2) values are replaced with the macro name and
errno values are replaced with the strerror(3) string.
Suppressing this feature yields a more consistent output
format and is easily amenable to further processing.
-p pid Display only trace events that correspond to the process or
thread pid. This may be useful when there are multiple
processes or threads recorded in the same trace file.
-R Display relative timestamps (time since previous entry).
-r When decoding STRU records, display structure members such as
UIDs, GIDs, dates etc. symbolically instead of numerically.
-S Display system call numbers.
-s Suppress display of I/O data.
-T Display absolute timestamps for each entry (seconds since
epoch).
-A Display description of the ABI of traced process.
-t trstr See the -t option of ktrace(1).
The output format of kdump is line oriented with several fields. The
example below shows a section of a kdump generated by the following
commands:
?> ktrace echo "ktrace"
?> kdump
85045 echo CALL writev(0x1,0x804b030,0x2)
85045 echo GIO fd 1 wrote 7 bytes
"ktrace
"
85045 echo RET writev 7
The first field is the PID of the process being traced. The second field
is the name of the program being traced. The third field is the
operation that the kernel performed on behalf of the process. If thread
IDs are being printed, then an additional thread ID column will be added
to the output between the PID field and program name field.
In the first line above, the kernel executes the writev(2) system call on
behalf of the process so this is a CALL operation. The fourth field
shows the system call that was executed, including its arguments. The
writev(2) system call takes a file descriptor, in this case 1, or
standard output, then a pointer to the iovector to write, and the number
of iovectors that are to be written. In the second line we see the
operation was GIO, for general I/O, and that file descriptor 1 had seven
bytes written to it. This is followed by the seven bytes that were
written, the string "ktrace" with a carriage return and line feed. The
last line is the RET operation, showing a return from the kernel, what
system call we are returning from, and the return value that the process
received. Seven bytes were written by the writev(2) system call, so 7 is
the return value.
The possible operations are:
Name Operation Fourth field
CALL enter syscall syscall name and
arguments
RET return from syscall syscall name and return
value
NAMI file name lookup path to file
GIO general I/O fd, read/write, number of
bytes
PSIG signal signal name, handler,
mask, code
CSW context switch stop/resume user/kernel
wmesg
USER data from user process the data
STRU various syscalls structure
SCTL sysctl(3) requests MIB name
PFLT enter page fault fault address and type
PRET return from page fault fault result
SEE ALSO
ktrace(1)
HISTORY
The kdump command appeared in 4.4BSD.
FreeBSD 13.1-RELEASE-p6 March 28, 2014 FreeBSD 13.1-RELEASE-p6
man2web Home...