Kernel Crash Dumps

This article explains how to capture the kernel crash dumps (kdump). Kdumps are produced by kernel panic or lockup. To be simple, just a single kernel is used both for the ordinary system and recovery. The described method is almost distro independent. This article is based on KDump on Gentoo by (a Gentoo developer), and the first version is posted by the author.

Kernel
You need to activate the following kernel options:

Emerge
Install :

local.d script
Create containing:

If you are using an initramfs you also have to pass that as a parameter. For example:

Now make this file executable:

Note that your kernel has to be readable. (A typical gentoo config leaves unmounted, so you'll either need to remove noauto from your fstab or place a copy of your kernel elsewhere.)

Bootloader
To the kernel boot option, add crashkernel=64M for up to around 12GB of system RAM.

Usage
First, run the above script.

It loads the rescue kernel image which is run after kernel crash.

Whenever you get a kernel panic or lockup (hard/soft if the kernel is set to detect them), kexec runs the kernel in crash mode, relocated to a reserved area of memory. The rest of RAM will be untouched. When the system boots up log in and copy to a file - this is your crash dump. Then reboot your system to get back to a normal configuration; you shouldn't continue to operate in this state.

You can force a kernel panic by executing the following command (do not forget to save all data, log-out other users and leave the filesystems in a clean state by the invocation of sync before doing this):

External resources

 * Kernel documentation on kdump
 * Linux Kernel Crash Book