What is Dump and Types of Dump
In computing, a dump, core dump , memory dump, or system dump consists of the recorded state
of the working memory of a computer program at a specific time, generally when
the program has crashed or otherwise terminated abnormally. Core dumps are
often used to assist in diagnosing and debugging errors in computer programs
core dump created by netdump, diskdump, xendump, or kdump. In this post we will see more about Kernel dump (Kdump).
What is Kernel Dump (Kdump)
a) How to enable Kdump
To enable Kdump we need to add below keyword-value in the boot.conf at kernel line. While enabling crash kernel we need to reserve the memory for crash kernel. You can set it to either auto or specific value. It is recommended to use minimum of 128M for a machine with 2G memory or higher.
In the file:
To write the dump to a raw device, you can uncomment “raw /dev/sda5” and change it to point to correct dump location.
For NFS, you can uncomment “#net my.server.com:/export/tmp” and point to the current NFS server location.
# core_collector makedumpfile -c --message-level 1 -d 31
makedumpfile specified in the core_collector actually makes a small DUMPFILE by compressing the data. makedumpfile provides two DUMPFILE formats (the ELF format and the kdump-compressed format). By default, makedumpfile makes a DUMPFILE in the kdump-compressed format.
Kdump is a kernel crash
dumping mechanism that allows you to save the contents of the system's memory
for later analysis. It relies on kexec tools package.
This second
kernel resides in a reserved part of the system memory that is inaccessible to
the first kernel. The second kernel then captures the contents of the crashed
kernel's memory (a crash dump) and saves it
a) How to enable Kdump
To enable Kdump we need to add below keyword-value in the boot.conf at kernel line. While enabling crash kernel we need to reserve the memory for crash kernel. You can set it to either auto or specific value. It is recommended to use minimum of 128M for a machine with 2G memory or higher.
root (hd0,0)
kernel
/vmlinuz-2.6.32-419.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS
LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16
crashkernel=auto rd_LVM_LV=VolGroup/lv_root
KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd
/initramfs-2.6.32-419.el6.x86_64.img
b) Configure Dump Location
Once the kernel crashes, the
core dump can be captured to local filesystem or remote filesystem(NFS) based
on the settings defined in /etc/kdump.conf
This file is automatically
created when the kexec-tools package is installed.
path /var/crash
core_collector makedumpfile -c
--message-level 1 -d 31
In the file:
To write the dump to a raw device, you can uncomment “raw /dev/sda5” and change it to point to correct dump location.
For NFS, you can uncomment “#net my.server.com:/export/tmp” and point to the current NFS server location.
c) Configure Core Collector
The next step is to configure
the core collector in Kdump configuration file. It is important to compress the
data captured and filter all the unnecessary information from the captured core
file.
To enable the core collector,
uncomment the following line that starts with core_collector.
# core_collector makedumpfile -c --message-level 1 -d 31
makedumpfile specified in the core_collector actually makes a small DUMPFILE by compressing the data. makedumpfile provides two DUMPFILE formats (the ELF format and the kdump-compressed format). By default, makedumpfile makes a DUMPFILE in the kdump-compressed format.
The kdump-compressed format
can be read only with the crash utility, and it can be smaller than the ELF
format because of the compression support.
The ELF format is readable
with GDB and the crash utility.
-c is to compresses dump data
by each page
-d is the number of pages that
are unnecessary and can be ignored
If you uncomment the line
#default shell then the shell is invoked if the kdump fails to collect the
core. Then the administrator can manually take the core dump using makedumpfile
commands.
d) Restart kdump Services
Once kdump is configured,
restart the kdump services,
If you have any issues in
starting the services, then kdump module or crashkernel parameter has not been
setup properly. So, verify /proc/cmdline and make sure it reflects to include
the crashkernel value.
How to check core dump
How to check core dump
Crash utility is used to
analyze the core file captured by kdump.
It can also be used to
analyze the core files created by other dump utilities like netdump, diskdump,
xendump.
You need to ensure the
“kernel-debuginfo” package is present and it is at the same level as the
kernel.
Launch the crash tool as
shown below. Once after entering this you will get a cash prompt, where you can
execute crash commands:
# crash /var/crash/127.0.0.1-2014-03-26-12\:24\:39/vmcore
/usr/lib/debug/lib/modules/`uname –r`/vmlinux
crash>
To view the Process when
System Crashed
Execute ps command at the
crash prompt, which will display all the running process when the system
crashed.
crash> ps
PID
PPID CPU TASK ST
%MEM VSZ RSS
COMM
1
0 0 ffff88013e7db500 IN
0.0 19356 1544
init
2
0 0 ffff88013e7daaa0 IN
0.0 0 0
[kthreadd]
3
2 0 ffff88013e7da040 IN
0.0 0
0 [migration/0]
4
2 0 ffff88013e7e9540 IN
0.0 0 0
[ksoftirqd/0]
7
2 0 ffff88013dc19500 IN
0.0 0 0
[events/0]
Crash is the utility allows you to interactively analyze a running Linux system as well.
How to manually Trigger the Core Dump
echo 1 > /proc/sys/kernel/sysrq
The server will reboot itself and the crash dump will be generated.
Crash is the utility allows you to interactively analyze a running Linux system as well.
How to manually Trigger the Core Dump
You can manually trigger the core dump using the following commands:
echo c > /proc/sysrq-trigger
The server will reboot itself and the crash dump will be generated.