Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
KDUMP(1)		  BSD General Commands Manual		      KDUMP(1)

     kdump -- display kernel trace data

     kdump [-dEnlHRSsTA] [-f trfile] [-m maxdata] [-p pid] [-t trstr]

     The kdump command displays	the kernel trace files produced	with ktrace(1)
     in	human readable format.	By default, the	file ktrace.out	in the current
     directory is displayed.

     The options are as	follows:

     -d		 Display all numbers in	decimal.

     -E		 Display elapsed timestamps (time since	beginning of trace).

     -f	trfile	 Display the specified file instead of ktrace.out.

     -H		 List the thread ID (tid) of the thread	with each trace
		 record, if available.	If no thread ID	is available, 0	will
		 be printed.

     -l		 Loop reading the trace	file, once the end-of-file is reached,
		 waiting for more data.

     -m	maxdata	 Display at most maxdata bytes when decoding I/O.

     -n		 Suppress ad hoc translations.	Normally kdump tries to	decode
		 many system calls into	a more human readable format.  For ex-
		 ample,	ioctl(2) values	are replaced with the macro name and
		 errno values are replaced with	the strerror(3)	string.	 Sup-
		 pressing this feature yields a	more consistent	output format
		 and is	easily amenable	to further processing.

     -p	pid	 Display only trace events that	correspond to the process or
		 thread	pid.  This may be useful when there are	multiple pro-
		 cesses	or threads recorded in the same	trace file.

     -R		 Display relative timestamps (time since previous entry).

     -r		 When decoding STRU records, display structure members such as
		 UIDs, GIDs, dates etc.	symbolically instead of	numerically.

     -S		 Display system	call numbers.

     -s		 Suppress display of I/O data.

     -T		 Display absolute timestamps for each entry (seconds since

     -A		 Display description of	the ABI	of traced process.

     -t	trstr	 See the -t option of ktrace(1).

     The output	format of kdump	is line	oriented with several fields.  The ex-
     ample below shows a section of a kdump generated by the following com-

	   ?> ktrace echo "ktrace"

	   ?> kdump

	    85045 echo	   CALL	 writev(0x1,0x804b030,0x2)
	    85045 echo	   GIO	 fd 1 wrote 7 bytes
	    85045 echo	   RET	 writev	7

     The first field is	the PID	of the process being traced.  The second field
     is	the name of the	program	being traced.  The third field is the opera-
     tion that the kernel performed on behalf of the process.  If thread IDs
     are being printed,	then an	additional thread ID column will be added to
     the output	between	the PID	field and program name field.

     In	the first line above, the kernel executes the writev(2)	system call on
     behalf of the process so this is a	CALL operation.	 The fourth field
     shows the system call that	was executed, including	its arguments.	The
     writev(2) system call takes a file	descriptor, in this case 1, or stan-
     dard output, then a pointer to the	iovector to write, and the number of
     iovectors that are	to be written.	In the second line we see the opera-
     tion was GIO, for general I/O, and	that file descriptor 1 had seven bytes
     written to	it.  This is followed by the seven bytes that were written,
     the string	"ktrace" with a	carriage return	and line feed.	The last line
     is	the RET	operation, showing a return from the kernel, what system call
     we	are returning from, and	the return value that the process received.
     Seven bytes were written by the writev(2) system call, so 7 is the	return

     The possible operations are:

	   Name	   Operation		     Fourth field
	   CALL	   enter syscall	     syscall name and arguments
	   RET	   return from syscall	     syscall name and return value
	   NAMI	   file	name lookup	     path to file
	   GIO	   general I/O		     fd, read/write, number of bytes
	   PSIG	   signal		     signal name, handler, mask, code
	   CSW	   context switch	     stop/resume user/kernel wmesg
	   USER	   data	from user process    the data
	   STRU	   various syscalls	     structure
	   SCTL	   sysctl(3) requests	     MIB name
	   PFLT	   enter page fault	     fault address and type
	   PRET	   return from page fault    fault result


     The kdump command appeared	in 4.4BSD.

BSD				March 28, 2014				   BSD


Want to link to this manual page? Use this URL:

home | help