Kernel and kdump
Kdump is a kernel crash dumping mechanism and is very reliable because the crash dump is captured from the context of a freshly booted kernel and not from the context of the crashed kernel. Kdump uses kexec to boot into a second kernel whenever system crashes. This second kernel, often called the crash kernel, boots with very little memory and captures the dump image.
The first kernel reserves a section of memory that the second kernel uses to boot. Kexec enables booting the capture kernel without going through the BIOS, so contents of the first kernel's memory are preserved, which is essentially the kernel crash dump.
How to Use Kdump
Step 1: Configuring Kdump
- Install the kexec-tools and kernel-debuginfo packages. Use following command line to install the packages.
yum install kexec-tools kernel-debuginfo
- Boot your normal kernel with the additional command line option "crashkernel=64M@16M". Edit /etc/grub.conf and add the "crashkernel=64M@16M" command line option. An example command line might look like this:
kernel /vmlinuz-188.8.131.52-191.fc11.x86_64 ro root=/dev/VolGroup00/LogVol00 rhgb console=tty0 console=ttyS0,115200 crashkernel=64M@16M"
Notes: 1. Above shown parameter reserves 64MB of physical memory starting at 16MB. This reserved memory is used to preload and run the capture kernel.
2. Init scripts take care of pre-loading the capture kernel at system boot time.
2. It is recommended to either set up a serial console or switch to run level 3 (init 3) for testing purposes. The reason being that kdump does not reset the console if you are in X or framebuffer mode, and no message might be visible on console after system crash.
Step 2: Capturing the Dump
Normally kernel panic() will trigger booting into capture kernel but for testing purposes one can simulate the trigger in one of the following ways.
- Trigger through /proc interface
- Trigger by inserting a module which calls panic().
System will boot into capture kernel. Dump will be automatically saved in /var/crash/<dumpdir> and system will boot back into the regular kernel.
Note: <dumpdir> will be created under /var/crash depending on date and time of crash. For example, /var/crash/2006-02-17-17:02/vmcore.
Step 3: Dump Analysis
- Open the vmcore using crash tool.
- Kernel Source (Documentation/kdump/kdump.txt).