Kernel Dump Analysis On Solaris
ACT captures detailed and accurate information about:
1. Where the kernel panicked
2. A complete list of threads on the system
3. The contents of the /etc/system file which was read when the failed system booted
4. A list of kernel modules that were loaded at the time of the panic
5. The output of the kernel message buffer
6. Full deadlock detection relating to threads blocked on mutexes or readers/writer locks
7. Threads blocked in either getblk() or biowait()
The ACT package is installed in the directory /opt/CTEact. The actual executable can be found in /opt/CTEact/bin/act.
When possible, ACT should always be run from the server that produced the core to be analyzed.
ACT can be run on a server other than the one which produced the core, however, care should be taken to
insure that both boxes are running the same version of Solaris at the same kernel patch revision. Results may not be
accurate when running ACT on a server other than the one which produced the core file.
Options:
-d corefile
ACT assumes that the file corefile contains the kernel core image. This file could be /dev/mem if you want ACT to analyze the running system.
-l
Should be used when running act on a live system.
-n namelist
ACT assumes that the file namelist contains a valid kernel namelist. This file could be /dev/ksyms if you want ACT to analyze the running system.
-s directory
Tells ACT to split its output into several files writing the data into the directory specified to aid readability. The files created are:
biowait getblk modules msgbuf mutex
rwlock threads system summary sunsolve
-u
Displays stack information in an alternate form.
-z
This informs ACT to display timezone information in localtime rather than GMT.
Examples:
# act -l (output on live server to screen)
# act -l -s /tmp/dir/ (output from live server to seperate files)
# act -d /var/crash/hostname/vmcore.0 -s /tmp/dir/
(output core file to seperate files in /tmp/dir)
# act -d /var/crash/hostname/vmcore.0 > /tmp/act_out
(output core file to file /tmp/act_out)
1. Where the kernel panicked
2. A complete list of threads on the system
3. The contents of the /etc/system file which was read when the failed system booted
4. A list of kernel modules that were loaded at the time of the panic
5. The output of the kernel message buffer
6. Full deadlock detection relating to threads blocked on mutexes or readers/writer locks
7. Threads blocked in either getblk() or biowait()
The ACT package is installed in the directory /opt/CTEact. The actual executable can be found in /opt/CTEact/bin/act.
When possible, ACT should always be run from the server that produced the core to be analyzed.
ACT can be run on a server other than the one which produced the core, however, care should be taken to
insure that both boxes are running the same version of Solaris at the same kernel patch revision. Results may not be
accurate when running ACT on a server other than the one which produced the core file.
Options:
-d corefile
ACT assumes that the file corefile contains the kernel core image. This file could be /dev/mem if you want ACT to analyze the running system.
-l
Should be used when running act on a live system.
-n namelist
ACT assumes that the file namelist contains a valid kernel namelist. This file could be /dev/ksyms if you want ACT to analyze the running system.
-s directory
Tells ACT to split its output into several files writing the data into the directory specified to aid readability. The files created are:
biowait getblk modules msgbuf mutex
rwlock threads system summary sunsolve
-u
Displays stack information in an alternate form.
-z
This informs ACT to display timezone information in localtime rather than GMT.
Examples:
# act -l (output on live server to screen)
# act -l -s /tmp/dir/ (output from live server to seperate files)
# act -d /var/crash/hostname/vmcore.0 -s /tmp/dir/
(output core file to seperate files in /tmp/dir)
# act -d /var/crash/hostname/vmcore.0 > /tmp/act_out
(output core file to file /tmp/act_out)
About Manas Ranjan Tripathy
No comments