scat - kernel crash dump analysis tool
scat [ --nommap ] [ --usesymfile ] <core number> scat [ --nommap ] [ --usesymfile ] [<unix file>] <core file> scat --sanity_checks [<unix file>] <core file> scat --explore [-v] [-a] [-d dest] [<unix file>] <core file> scat --nocore
scat(1) General Commands Manual scat(1)
NAME
scat, blast - kernel crash dump analysis tool
SYNOPSIS
scat [ --nommap ] [ --usesymfile ] <core number>
scat [ --nommap ] [ --usesymfile ] [<unix file>] <core file>
scat --sanity_checks [<unix file>] <core file>
scat --explore [-v] [-a] [-d dest] [<unix file>] <core file>
scat --nocore
AVAILABILITY
This software supports SPARC platforms running Oracle Solaris 8 through
12, and x86 / x64 systems running Oracle Solaris 10 through 12.
DESCRIPTION
Oracle Solaris Crash Analysis Tool is a post-mortem kernel crash dump
analysis tool to assist kernel developers and diagnostic engineers. It
relieves the user of many repetitive commands and displays information
in a useful format.
The command line interface is invoked with the scat
OPTIONS
--nommap
By default, Oracle Solaris Crash Analysis Tool uses mmap(2) to
access the dump files. This behaviour may be changed to use
pread(2) / pwrite(2) for cases where resource utilization is at
a premium.
--usesymfile
Oracle Solaris Crash Analysis Tool uses the symbol table present
in the vmcore file whenever possible. This option forces it to
use the symbol table in the unix.X file instead.
--sanity_checks
This option informs Oracle Solaris Crash Analysis Tool to run
its sanity checks and then immediately exit. Use this option to
quickly verify the state of a running system or crash dump file.
--nochecks
This option informs Oracle Solaris Crash Analysis Tool to start
without running the sanity checks. Use this if there are any
problems with the startup sanity checks.
--explore [-v] [-a] [-d dest]
explore is a script included with Oracle Solaris Crash Analysis
Tool which extracts crash data from a crash dump. When the
--explore option is issued to Oracle Solaris Crash Analysis
Tool, the crash dump is opened and explore is run. The col-
lected crash data is saved in a directory with the crash dump
and the directory name is displayed. explore also saves a com-
pressed tar archive of the crash data in this directory. The
following options can be passed:
-v Places explore in verbose mode whereby it prints messages stat-
ing what it is working on.
-a Causes explore to run in "auto-mode" - the program does not
prompt for information concerning the crash dump.
-d dest
Informs explore where to write it's output. Normall, the tool
creates an output directory under the present working dorectory.
--nocore
The tool doesn't open a core, and is available for running the
calc and data conversion / display commands.
--write
Opens the crash dump read / write, and and thus enables witing
to the crash dump.
There are other debugging options available to assist the developers of
the software, although they should not be needed under normal circum-
stances as the tool automatically recognises the system architecture
and operating system version to be analyzed and so on.
OPERANDS
When invoked without operands, the tool reads /dev/ksyms and /dev/kmem
for the dump image (that is, the live system on which the tool is exe-
cuting).
If /dev/kmem is not readable, the tool starts up as if the --nocore
option had been provided.
core number This is an integer which is the filename suffix from the
dump files. Specifying core number alone is a shortcut
for typing unix.X and vmcore.X. If the coredump uses
dumphdr version 11 and above, any other cores matching
vmcore*.X are also opened.
unix file This file contains the kernel namelist. It is normally
named unix.X, where X is an integer which matches the
vmcore file. The unix file has become superfluous and
the namelist is retrieved from the core file.
core file The core file is normally named vmcore.X, it contains
the memory image from the time the dump was produced.
USAGE
The tool is capable of analyzing 32-bit or 64-bit crash dumps produced
by the SPARC platform edition of Oracle Solaris 8 through 12, and the
x86 / x64 platform edition of Oracle Solaris 10 through 12. To analyze
a 64-bit dump, the tool must be executed on a system booted in 64-bit
mode. The tool will only open SPARC crash dumps on SPARC, and x86 /
x64 crash dumps on x86 / x64.
EXAMPLES
To analyze a live running system, invoke the tool without operands.
Root privileges will normally be needed as read access is required to
/dev/ksyms and /dev/kmem.
# scat
The following example is used to analyze the dump in vmcore.0
% scat vmcore.0
The next example is a short-cut to analyze the dumps in the files
unix.2 and vmcore.2.
% scat 2
Finally, this example is used to analyze the /path/to/cores/unix.0 and
/path/to/cores/vmcore.0 files, with write access enabled.
% scat --write 0
WARNINGS
Use of the tool to modify (that is, write to) a live running operating
system is extremely dangerous, and may result in a system panic in the
event the user damages a kernel data structure.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+----------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+----------------------+
|Availability | developer/debug/scat |
+---------------+----------------------+
|Stability | Volatile |
+---------------+----------------------+
(5.5) 24 Oct 2013 scat(1)