Written by J. Moellenkamp
on 
Reading time: 1 minute
Solaris   English

Less known Solaris Features: About crashes and cores - Appendix B: Live crashdumps

With gcore you can create core dumps of processes without the need to stop them. You can do the same with the crash dumps as well. You can trigger a crash dump without rebooting the system. The command for this task is the savecore command. The normal task of this program is to take the content of the crash dump device and to create files in the regular filesystem to make them persistent for further studies after the reboot of a system.

How to trigger a live crash dump

A less known option of this command it the -L option. With this option you can command the system to create a live crash dump. The system isn´t paused while creating the dump, so the live crash dump isn´t self-consistent (the state of the system at the end of the creation may be different than the one at the beginning of this process. Nevertheless a live crash dump is still a useful toll. Triggering the crash dump is really easy as the following example shows.

# savecore -L
dumping to /dev/zvol/dsk/rpool/dump, offset 65536, content: kernel
100% done: 155962 pages dumped, compression ratio 3.32, dump succeeded
System dump time: Mon Dec 29 22:13:41 2008
Constructing namelist /var/crash/central/unix.0
Constructing corefile /var/crash/central/vmcore.0
100% done: 155962 of 155962 pages saved

After the creation of the crash dump you can analyse it with the standard toolset like the mdb:

# mdb /var/crash/central/unix.0 /var/crash/central/vmcore.0
mdb: failed to read panicbuf and panic_reg -- current register set will be unavailable
Loading modules: [ unix genunix specfs dtrace cpu.generic uppc pcplusmp scsi_vhci zfs
 ip hook neti sctp arp usba uhci fctl sd md lofs audiosup fcip fcp
 cpc random crypto smbsrv nfs logindmux ptm ufs sppp nsmb ]
> ::ps
S    PID   PPID   PGID    SID    UID      FLAGS             ADDR NAME
R      0      0      0      0      0 0x00000001 fffffffffbc29c30 sched
[...]
R      7      1      7      7      0 0x42000000 ffffff00c5c42188 svc.startd
R    418      7    418    418      0 0x4a004000 ffffff00ca5a0018 ttymon
R    391      7    391    391      0 0x4a014000 ffffff00cd995e08 sac
R    395    391    391    391      0 0x4a014000 ffffff00cd9938e8 ttymon
>

This enables you to analyse the state of your system without having to aim for a moving target.