Sometimes you need to go deep in your technical analysis to discover the root cause of a problem, and if you are working in a situation that a crash dump was generated, you have all necessary information to provide your root cause analysis.
A core file is an image of a process that has crashed It contains all process information pertinent to debugging: contents of hardware registers, process status, and process data.
To install the crash analyzing tool, execute the following command.
# yum install crash -y
In addition to crash, it is also necessary to install the kernel-debuginfo package, which provides the data necessary for dump analysis.
# yum --enablerepo=\*debuginfo # debuginfo-install kernel
To start the utility, use the following command.
# crash /var/crash/127.0.0.1-2014-03-26-12\:24\:39/vmcore /usr/lib/debug/lib/modules/`uname –r`/vmlinux
Note that the <kernel> version should be the same that was captured by kdump. To find out which kernel you are currently running, use the uname -r command.
Display system information about the system.
Display the kernel message buffer, using the following command.
Display the kernel stack trace.
Display status of processes in the system.
Display basic virtual memory information.
Display information about open files.
Display swap information.
Display IPCS information.
Display IRQ information.
crash> irq -s