kdump(1)
NAME
kdump - display kernel trace data
SYNOPSIS
kdump [-dEnlHRsT] [-f trfile] [-m maxdata] [-p pid] [-t [cnisuw]]
DESCRIPTION
- The kdump command displays the kernel trace files produced
- with ktrace(1)
in human readable format. By default, the file ktrace.out - in the current
directory is displayed. - The options are as follows:
- -d Display all numbers in decimal.
- -E Display elapsed timestamps (time since beginning
- of trace).
- -f trfile Display the specified file instead of
- ktrace.out.
- -H List the thread ID (tid) of the thread with each
- trace
- record, if available. If no thread ID is avail
- able, 0 will
be printed. - -l Loop reading the trace file, once the end-of
- file is reached,
- waiting for more data.
- -m maxdata Display at most maxdata bytes when decoding I/O.
- -n Suppress ad hoc translations. Normally kdump
- tries to decode
- many system calls into a more human readable
- format. For
example, ioctl(2) values are replaced with the - macro name and
errno values are replaced with the strerror(3) - string. Suppressing this feature yields a more consistent
- output format
and is easily amenable to further processing. - -p pid Display only trace events that correspond to the
- process pid.
- This may be useful when there are multiple pro
- cesses recorded
in the same trace file. - -R Display relative timestamps (time since previous
- entry).
- -s Suppress display of I/O data.
- -T Display absolute timestamps for each entry (sec
- onds since
- epoch).
- -t cnisuw See the -t option of ktrace(1).
- The output format of kdump is line oriented with several
- fields. The
example below shows a section of a kdump generated by the - following commands:
?> ktrace echo "ktrace"- ?> kdump
85045 echo CALL writev(0x1,0x804b030,0x2)
85045 echo GIO fd 1 wrote 7 bytes"ktrace
"85045 echo RET writev 7 - The first field is the PID of the process being traced. The
- second field
is the name of the program being traced. The third field is - the operation that the kernel performed on behalf of the process. If
- thread IDs
are being printed, then an additional thread ID column will - be added to
the output between the PId field and program name field. - In the first line above, the kernel executes the writev(2)
- system call on
behalf of the process so this is a CALL operation. The - fourth field
shows the system call that was executed, including its argu - ments. The
writev(2) system call takes a file descriptor, in this case - 1, or standard output, then a pointer to the iovector to write, and
- the number of
iovectors that are to be written. In the second line we see - the operation was GIO, for general I/O, and that file descriptor 1
- had seven bytes
written to it. This is followed by the seven bytes that - were written,
the string "ktrace" with a carriage return and line feed. - The last line
is the RET operation, showing a return from the kernel, what - system call
we are returning from, and the return value that the process - received.
Seven bytes were written by the writev(2) system call, so 7 - is the return
value. - The possible operations are:
Name Operation Fourthfield
CALL enter syscall syscallname andargumentsRET return from syscall syscallname and returnvalueNAMI file name lookup path tofile
GENIO general I/O fd,read/write, numberof bytesSIG signal signalname, handler,mask, codeCSW context switch stop/resumeuser/kernel
USER data from user process the data
SEE ALSO
HISTORY
- The kdump command appeared in 4.4BSD.
- BSD February 14, 2006