Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
KDUMP(1)                FreeBSD General Commands Manual               KDUMP(1)

     kdump - display kernel trace data

     kdump [-dEnlHRsT] [-f trfile] [-m maxdata] [-p pid] [-t [cnisuw]]

     The kdump command displays the kernel trace files produced with ktrace(1)
     in human readable format.  By default, the file ktrace.out in the current
     directory is displayed.

     The options are as follows:

     -d          Display all numbers in decimal.

     -E          Display elapsed timestamps (time since beginning of trace).

     -f trfile   Display the specified file instead of ktrace.out.

     -H          List the thread ID (tid) of the thread with each trace
                 record, if available.  If no thread ID is available, 0 will
                 be printed.

     -l          Loop reading the trace file, once the end-of-file is reached,
                 waiting for more data.

     -m maxdata  Display at most maxdata bytes when decoding I/O.

     -n          Suppress ad hoc translations.  Normally kdump tries to decode
                 many system calls into a more human readable format.  For
                 example, ioctl(2) values are replaced with the macro name and
                 errno values are replaced with the strerror(3) string.
                 Suppressing this feature yields a more consistent output
                 format and is easily amenable to further processing.

     -p pid      Display only trace events that correspond to the process pid.
                 This may be useful when there are multiple processes recorded
                 in the same trace file.

     -R          Display relative timestamps (time since previous entry).

     -s          Suppress display of I/O data.

     -T          Display absolute timestamps for each entry (seconds since

     -t cnisuw   See the -t option of ktrace(1).

     The output format of kdump is line oriented with several fields.  The
     example below shows a section of a kdump generated by the following

           ?> ktrace echo "ktrace"

           ?> kdump

            85045 echo     CALL  writev(0x1,0x804b030,0x2)
            85045 echo     GIO   fd 1 wrote 7 bytes
            85045 echo     RET   writev 7

     The first field is the PID of the process being traced.  The second field
     is the name of the program being traced.  The third field is the
     operation that the kernel performed on behalf of the process.  If thread
     IDs are being printed, then an additional thread ID column will be added
     to the output between the PID field and program name field.

     In the first line above, the kernel executes the writev(2) system call on
     behalf of the process so this is a CALL operation.  The fourth field
     shows the system call that was executed, including its arguments.  The
     writev(2) system call takes a file descriptor, in this case 1, or
     standard output, then a pointer to the iovector to write, and the number
     of iovectors that are to be written.  In the second line we see the
     operation was GIO, for general I/O, and that file descriptor 1 had seven
     bytes written to it.  This is followed by the seven bytes that were
     written, the string "ktrace" with a carriage return and line feed.  The
     last line is the RET operation, showing a return from the kernel, what
     system call we are returning from, and the return value that the process
     received.  Seven bytes were written by the writev(2) system call, so 7 is
     the return value.

     The possible operations are:

           Name         Operation                     Fourth field
           CALL         enter syscall                 syscall name and
           RET          return from syscall           syscall name and return
           NAMI         file name lookup              path to file
           GENIO        general I/O                   fd, read/write, number
                                                      of bytes
           SIG          signal                        signal name, handler,
                                                      mask, code
           CSW          context switch                stop/resume user/kernel
           USER         data from user process        the data


     The kdump command appeared in 4.4BSD.

FreeBSD 11.0-PRERELEASE        November 12, 2005       FreeBSD 11.0-PRERELEASE


Want to link to this manual page? Use this URL:

home | help