1 .\" Copyright (c) 1990, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)kdump.1 8.1 (Berkeley) 6/6/93
40 .Nd display kernel trace data
51 command displays the kernel trace files produced with
53 in human readable format.
56 in the current directory is displayed.
58 The options are as follows:
61 Display all numbers in decimal.
63 Display elapsed timestamps (time since beginning of trace).
65 Display the specified file instead of
68 List the thread ID (tid) of the thread with each trace record, if available.
69 If no thread ID is available, 0 will be printed.
71 Loop reading the trace file, once the end-of-file is reached, waiting for
79 Suppress ad hoc translations.
82 tries to decode many system calls into a more human readable format.
85 values are replaced with the macro name and
87 values are replaced with the
90 Suppressing this feature yields a more consistent output format and is
91 easily amenable to further processing.
93 Display only trace events that correspond to the process
95 This may be useful when there are multiple processes recorded in the
98 Display relative timestamps (time since previous entry).
100 When decoding STRU records, display structure members such as UIDs,
101 GIDs, dates etc. symbolically instead of numerically.
103 Suppress display of I/O data.
105 Display absolute timestamps for each entry (seconds since epoch).
115 is line oriented with several fields.
116 The example below shows a section of a kdump generated by the following
118 .Bd -literal -offset indent
119 ?> ktrace echo "ktrace"
123 85045 echo CALL writev(0x1,0x804b030,0x2)
124 85045 echo GIO fd 1 wrote 7 bytes
127 85045 echo RET writev 7
130 The first field is the PID of the process being traced.
131 The second field is the name of the program being traced.
132 The third field is the operation that the kernel performed
133 on behalf of the process.
134 If thread IDs are being printed, then an additional thread ID column will be
135 added to the output between the PID field and program name field.
137 In the first line above, the kernel executes the
139 system call on behalf of the process so this is a
142 The fourth field shows the system call that was executed,
143 including its arguments.
146 system call takes a file descriptor, in this case 1, or standard
147 output, then a pointer to the iovector to write, and the number of
148 iovectors that are to be written.
149 In the second line we see the operation was
151 for general I/O, and that file descriptor 1 had
152 seven bytes written to it.
153 This is followed by the seven bytes that were written, the string
155 with a carriage return and line feed.
158 operation, showing a return from the kernel, what system call we are
159 returning from, and the return value that the process received.
160 Seven bytes were written by the
162 system call, so 7 is the return value.
164 The possible operations are:
165 .Bl -column -offset indent ".Li CALL" ".No data from user process"
166 .It Sy Name Ta Sy Operation Ta Sy Fourth field
167 .It Li CALL Ta enter syscall Ta syscall name and arguments
168 .It Li RET Ta return from syscall Ta syscall name and return value
169 .It Li NAMI Ta file name lookup Ta path to file
170 .It Li GIO Ta general I/O Ta fd, read/write, number of bytes
171 .It Li PSIG Ta signal Ta signal name, handler, mask, code
172 .It Li CSW Ta context switch Ta stop/resume user/kernel
173 .It Li USER Ta data from user process Ta the data
174 .It Li STRU Ta various syscalls Ta structure
175 .It Li SCTL Ta Xr sysctl 3 requests Ta MIB name