The crash program

Previous page
Table of content
Next page

Solaris systems provide a program called crash that was specifically written for use in examining memory on both live systems and in postmortem files; crash can be used to print out various structures and tables of the kernel in easy-to-read formats.

On Solaris 1 systems, the crash program can be found in the /etc directory. On Solaris 2 systems, it lives in the /usr/sbin directory.

While it is tempting for us to include a whole chapter or two on how to use crash , we would rather just refer you to the manual pages. However, since Solaris 2's process status, ps , command doesn't run on postmortem files, we will show you how to get the process status by using the crash program instead.

Figure 6-3 Using the crash utility to get process status information 
 Hiya...  crash -d vmcore.0 -n unix.0  dumpfile = vmcore.0, namelist = unix.0, outfile = stdout  >  help p  p [-e] [-f] [-l] [-w filename] [([-p] [-a] tbl_entry  #procid)...  -r]          tbl_entry = slot number  address  symbol  expression  range  process table  alias: proc          acceptable aliases are uniquely identifiable initial substrings  >  p -e  PROC TABLE SIZE = 490  SLOT ST  PID  PPID  PGID   SID   UID PRI CPU   NAME        FLAGS     0 r     0     0     0     0     0  98  69 sched          load sys lock     1 r     1     0     0     0     0  98  32 init           load     2 r     2     0     0     0     0  98  13 pageout        load sys lock nowait     3 r     3     0     0     0     0  98  80 fsflush        load sys lock nowait     4 r   369     1   369   369     0  98  14 sac            load jctl     5 r   370     1   370   370 11628  98  69 sh             load     6 r   331   323   323   323     0  98  13 lpNet          load nowait jctl     7 r   261     1   261   261     0  98   2 keyserv        load     8 r   259     1   259   259     0  98  80 rpcbind        load     9 r   267     1   267   267     0  98  64 ypbind         load    10 r   269     1   269   269     0  98  14 kerbd          load    11 r   279     1   279   279     0  98  80 inetd          load    12 r   286     1   286   286     0  98  80 automountd     load    13 r   290     1   290   290     0  98  18 statd          load    14 r   292     1   292   292     0  98  45 lockd          load    15 r   303     1   303   303     0  98  28 syslogd        load nowait    16 r   323     1   323   323     0  98  28 lpsched        load nowait    17 r   313     1   313   313     0  98  50 cron           load    18 r   332     1   332   332     0  98  37 sendmail       load    19 r   373   369   369   369     0  98  20 ttymon         load jctl    20 r   528   523   520   520     0  98  61 adb            load    21 r   496     1   495   495 11628  98  11 fm_flb         load    22 r   407   370   370   370 11628  98  80 openwin        load    23 z   399   370   399   370 11628  98  80 zombie         load    24 r   372   369   369   369     0  98  21 listen         load nowait jctl    25 r   492     1   492   477 11628  98  80 maker4X.exe    load    26 r   411   407   370   370 11628  98  12 xinit          load    27 r   412   411   412   370 11628  98  80 Xsun           load    28 r   413   411   413   370 11628  98 107 sh             load    29 r   432   279   279   279     0  98  23 rpc.ttdbserver load    30 r   421     1   421   370 11628  98  17 fbconsole      load    31 r   520   517   520   520 11628  98  80 sh             load    32 r   428     1   428   370 11628  98  35 vkbd           load    33 r   431     1   431   370 11628  98  52 ttsession      load    34 r   435   413   435   370 11628  98   4 olwm           load    35 r   436   435   435   370 11628  98  24 olwmslave      load    37 r   444     1   413   370 11628  98  41 clock          load    39 r   523   520   520   520     0  98  51 sh             load    40 r   451     1   413   370 11628  98  77 cmdtool        load jctl    41 r   454   451   454   454 11628  98  61 sh             load    42 r   471   435   471   471 11628  98  80 x_cdplayer     load    43 r   517   435   517   517 11628  98  80 cmdtool        load jctl  >  q  Hiya...

Use of the p command with the -l option in crash is interesting, giving you the user credentials information. Basically, this is who owns the process. The output of the -l option is very long, so we'll just show a snippet of it here.

Figure 6-4 Process credentials as displayed by the crash utility 
 SLOT ST  PID  PPID  PGID   SID   UID PRI CPU   NAME        FLAGS    20 r   528   523   520   520     0  98  61 adb            load          Session: sid: 520, ctty: vnode(fc5acd04) maj(  24) min  1)          Process Credentials: uid: 0, gid: 1, real uid: 0, real gid: 1          as: fc1ef550          wait code: 0, wait data: 0          sig: effff178   link 0          parent: fc451800        child: 0          sibling: 0 threadp: fc4dc600          utime: 41       stime: 20       cutime: 0       cstime: 0          trace: 0        sigmask: effff178       class: 0          lwptotal: 1     lwpcnt: 1       lwprcnt: 1          lwpblocked: 0

This is the section of the output for the adb process that was running at the time of the crash. The crash dump in question was caused by the adb session in Chapter 5, when we set rootdir to zero and caused the system to panic.

Again, if you want to experiment with the crash command, go for it! However, please note that some early versions of crash were a bit buggy .


Previous page
Table of content
Next page
PANIC. UNIX System Crash Dump Analysis Handbook
PANIC! UNIX System Crash Dump Analysis Handbook (Bk/CD-ROM)
ISBN: 0131493868
EAN: 2147483647
Year: 1994
Pages: 289
Authors: Chris Drake
BUY ON AMAZON
WebLogic: The Definitive Guide
Managing Enterprise Systems with the Windows Script Host
Cisco CallManager Fundamentals (2nd Edition)
101 Microsoft Visual Basic .NET Applications
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy