To debug a kernel crash you can use objdump to show the assembler for the routine shown and if debug symbols from kernel hacking menu are turned on then you can see the C code also. There will be a hex offset in the crash output and just use that to find the valid line of code/assembler. For example: objdump -r -S -l --disassemble net/dccp/ipv4.o
NB. You need to be at the top level of the kernel tree for this to pick up your C files.
If you don't have access to the code you can also debug on some crash dumps e.g. crash dump output as shown by Dave Miller.
EIP is at ip_queue_xmit+0x14/0x4c0
...
Code: 44 24 04 e8 6f 05 00 00 e9 e8 fe ff ff 8d 76 00 8d bc 27 00 00
00 00 55 57 56 53 81 ec bc 00 00 00 8b ac 24 d0 00 00 00 8b 5d 08
<8b> 83 3c 01 00 00 89 44 24 14 8b 45 28 85 c0 89 44 24 18 0f 85
Put the bytes into a "foo.s" file like this:
.text
.globl foo
foo:
.byte .... /* bytes from Code: part of OOPS dump */
Compile it with "gcc -c -o foo.o foo.s" then look at the output
of "objdump --disassemble foo.o".
Output:
ip_queue_xmit:
push %ebp
push %edi
push %esi
push %ebx
sub $0xbc, %esp
mov 0xd0(%esp), %ebp ! %ebp = arg0 (skb)
mov 0x8(%ebp), %ebx ! %ebx = skb->sk
mov 0x13c(%ebx), %eax ! %eax = inet_sk(sk)->opt
Also a very useful menu option for menuconfig under Kernel Hacking is debug memory allocations as that will help you see whether data has been initialised and not set before use etc. To see the values that get assigned with this look at mm/slab.c and search for POISON_INUSE. When using this an Oops will often show the poisoned data instead of zero which is the default.
See also KernelDevelopment
One page links to KernelDevelopmentDebugging:
