Kernel Debug
  • CONFIG_DEBUG_KERNEL
    • This option(under "Kernel hacking/Kernel debugging") just makes other debugging options available; it should be turned on but does not, by itself, enable any features.
  • CONFIG_DEBUG_INFO
    • This option (under "Kernel hacking/Compile the kernel with debug info")
    • This adds debug symbols to the kernel and modules (gcc -g), and is needed if you intend to use kernel crashdump or binary object tools like crash, kgdb, LKCD, gdb, etc on the kernel.
  • CONFIG_KALLSYMS
    • This option (under "General setup/Configure standard kernel features (for small systems)/Load all symbols for debugging/ksymoops") causes kernel symbol information to be built into the kernel; it is enabled by default. The symbol information is used in debugging contexts; without it, an oops listing can give you a kernel traceback only in hexadecimal, which is not very useful.
    • This increases the size of the kernel somewhat, as all symbols have to be loaded into the kernel image.
    • Normally kallsyms only contains the symbols of functions for nicer OOPS messages and backtraces (i.e., symbols from the text and inittext sections).
  • CONFIG_KALLSYMS_ALL
    • This option (under "General setup/Configure standard kernel features (for small systems)/Include all symbols in kallsyms")
    • All symbols are loaded into the kernel image (i.e., symbols from all sections)
  • There are 2 files that are used as a kernel symbol table
    • /proc/kallsyms(2.6) or /proc/ksyms(before 2.6)
      • a "proc file" that is created on the fly when a kernel boots up.
      • <path to kernel>/kernel/kallsyms.c
        • in-kernel printing of symbolic oopses and stack traces
      • __kallsyms section
      • scripts/kallsyms
        • kallsyms.S
    • System.map
      • A new System.map is generated with each kernel compile
  • To help understand cryptic oops output, a daemon called klogd, the kernel logging daemon, is used to perform symbol-address translation. When an ooops occurs, klogd intercepts the oops report, translates addresses into symbol names (e.g. translating c010b860 into BytesRead()), and logs the event with the system logger, usually syslogd.
  • Well-known addresses
Address Meaning Caused by Constant
0x6b6b6b6b use after free slab poisoning POISON_FREE
0xa5a5a5a5 use of uninitialized memory slab poisoning POISON_INUSE
0x00100100 use of invalid next pointer list poisoning LIST_POISON1
0x00200200 use of invalid prev pointer list poisoning LIST_POISON2
0xcccccccc use of an address before or beyond allocated memory; or probably an off-by-one error / buffer overrun SLUB_RED_ACTIVE
0xcccccccc use of uninitialized init memory you might have accessed a per-cpu variable of an offline CPU POISON_FREE_INITMEM
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License