From: Linus Torvalds <torvalds@cs.helsinki.fi>

How to track down an Oops.. [originally a mail to linux-kernel]

The main trick is having 5 years of experience with those pesky oops 
messages ;-)

Actually, there are things you can do that make this easier. I have two 
separate approaches:

	gdb /usr/src/linux/vmlinux
	gdb> disassemble <offending_function>

That's the easy way to find the problem, at least if the bug-report is 
well made (like this one was - run through ksymoops to get the 
information of which function and the offset in the function that it 
happened in).

Oh, it helps if the report happens on a kernel that is compiled with the 
same compiler and similar setups.

The other thing to do is disassemble the "Code:" part of the bug report: 
ksymoops will do this too with the correct tools (and new version of 
ksymoops), but if you don't have the tools you can just do a silly 
program:

	char str[] = "\xXX\xXX\xXX...";
	main(){}

and compile it with gcc -g and then do "disassemble str" (where the "XX" 
stuff are the values reported by the Oops - you can just cut-and-paste 
and do a replace of spaces to "\x" - that's what I do, as I'm too lazy 
to write a program to automate this all).

Finally, if you want to see where the code comes from, you can do

	cd /usr/src/linux
	make fs/buffer.s 	# or whatever file the bug happened in

and then you get a better idea of what happens than with the gdb 
disassembly.

Now, the trick is just then to combine all the data you have: the C 
sources (and general knowledge of what it _should_ do, the assembly 
listing and the code disassembly (and additionally the register dump you 
also get from the "oops" message - that can be useful to see _what_ the 
corrupted pointers were, and when you have the assembler listing you can 
also match the other registers to whatever C expressions they were used 
for).

Essentially, you just look at what doesn't match (in this case it was the 
"Code" disassembly that didn't match with what the compiler generated). 
Then you need to find out _why_ they don't match. Often it's simple - you 
see that the code uses a NULL pointer and then you look at the code and 
wonder how the NULL pointer got there, and if it's a valid thing to do 
you just check against it..

Now, if somebody gets the idea that this is time-consuming and requires 
some small amount of concentration, you're right. Which is why I will 
mostly just ignore any panic reports that don't have the symbol table 
info etc looked up: it simply gets too hard to look it up (I have some 
programs to search for specific patterns in the kernel code segment, and 
sometimes I have been able to look up those kinds of panics too, but 
that really requires pretty good knowledge of the kernel just to be able 
to pick out the right sequences etc..)

_Sometimes_ it happens that I just see the disassembled code sequence 
from the panic, and I know immediately where it's coming from. That's when 
I get worried that I've been doing this for too long ;-)

		Linus


---------------------------------------------------------------------------
Notes on Oops tracing with klogd:

In order to help Linus and the other kernel developers there has been
substantial support incorporated into klogd for processing protection
faults.  In order to have full support for address resolution at least
version 1.3-pl3 of the sysklogd package should be used.

When a protection fault occurs the klogd daemon automatically
translates important addresses in the kernel log messages to their
symbolic equivalents.  This translated kernel message is then
forwarded through whatever reporting mechanism klogd is using.  The
protection fault message can be simply cut out of the message files
and forwarded to the kernel developers.

Two types of address resolution are performed by klogd.  The first is
static translation and the second is dynamic translation.  Static
translation uses the System.map file in much the same manner that
ksymoops does.  In order to do static translation the klogd daemon
must be able to find a system map file at daemon initialization time.
See the klogd man page for information on how klogd searches for map
files.

Dynamic address translation is important when kernel loadable modules
are being used.  Since memory for kernel modules is allocated from the
kernel's dynamic memory pools there are no fixed locations for either
the start of the module or for functions and symbols in the module.

The kernel supports system calls which allow a program to determine
which modules are loaded and their location in memory.  Using these
system calls mber of free
pages falls below free_pages_high, and intensive swapping is started
below free_pages_low.  A "page" is 4 kB.

The values selected as boot defaults are the following:  For a
machine with n>=8 Megabytes of memory, set min_free_pages = n*2,
free_pages_low = n*3 and free_pages_high = n*4.  Machines with less
than 8 Megabytes or less as if they had 8 Megabytes.

If "out of memory" errors sometimes occur, or if your machine does lots
of networking, increasing min_free_pages to 64 or more may be a good
idea.

free_pages_low should probably be about double of min_free_pages.

After a period of inactivity, the difference between free_pages_high and
free_pages low is immediately available for any program you want to
start up, without any need to swap out anything else.  If your memory
is large enough (e.g. > 16 Meg), keeping 2 or 3 megabytes of memory
ready for this purpose is probably a good idea.

I've found that

# echo "128 256 1024" > /proc/sys/vm/freepages

gives good performance for a 32 Meg system used as a small server and
personal workstation.

The other three files in /proc/sys/vm are undocumented, as yet.

Thomas Koenig, ig25@rz.uni-karlsruhe.de
                                                                                                                                                                                                                                                                                                                                               usr/src/kernel-source-2.0.33/Documentation/modules.txt                                              100644       0       0        20741  6156563460  21115  0                                                                                                    ustar   root                            root                                                                                                                                                                                                                   This file describes the strategy for dynamically loadable modules
in the Linux kernel. This is not a technical description on
the internals of module, but mostly a sample of how to compile
and use modules.

Note: You should ensure that the modules-X.Y.Z.tar.gz you are using
is the most up to date one for this kernel. The "X.Y.Z" will reflect
the kernel version at the time of the release of the modules package.
Some older modules packages aren't aware of some of the newer modular
features that the kernel now supports. (If you are unsure, you can 
usually find out what the current release of the modules-X.Y.Z.tar.gz
package is by looking up the URL listed for "Bjorn Ekwall" in the 
file ./linux/CREDITS)


In the beginning...
-------------------

Anyway, y