Analyzing Kdump Output

You can use the crash utility to analyze the contents of kdump core dumps in a shell prompt, which is useful when troubleshooting problems. For more detailed information about using the crash utility, see the crash(8) manual page.

Install the crash package:
```
sudo dnf install crash
```
Provide the location of the kernel debuginfo module and the location of the core dump as parameters to the crash utility, for example:
```
sudo crash /usr/lib/debug/lib/modules/$(uname -r)/vmlinux \
 /var/crash/127.0.0.1-2024-10-03-12:38:25/vmcore
```
In the previous command, we use $(uname -r) to identify the running kernel version within the command and 127.0.0.1-2024-10-03-12:38:25 represents the ipaddress-timestamp.
Use the crash shell to get more information about the core dump.

Inside the crash shell, use the help log command for information about how to use the log command, which displays the kernel log_buf contents in chronological order.

You can also use the bt, ps, vm, and files commands to get more information about the core dump:

bt

Displays a task's kernel-stack backtrace.

ps

Displays process status for the specified, or all, processes in the system.

vm

Displays basic virtual memory information of a context.

files

Displays information about open files in a context.
When you have finished analyzing the core dump, exit the shell.
You can either type the exit command or use the q command as shorthand.