How to use kdump for kernel crash analysis

· Category: Linux

Short answer

kdump captures a memory dump (vmcore) when the kernel crashes, enabling post-mortem analysis.

Steps

  1. Install kdump tools:
sudo apt install linux-crashdump
  1. Reserve crash kernel memory in grub config.
  2. Enable and start:
sudo systemctl enable kdump-tools
  1. Test with a sysrq trigger:
echo c | sudo tee /proc/sysrq-trigger
  1. Analyze the vmcore with crash.

Tips

  • Store vmcore on a dedicated partition or network location.
  • Filter zero pages to reduce dump size.
  • Automate vmcore collection in production environments.

Common issues

  • Insufficient reserved memory causes kdump to fail.
  • Secure boot may prevent kexec from loading the crash kernel.