← Back to Skills Marketplace
crazyss

Linux Kernel Crash Debug

by James Wang · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ✓ Security Clean
583
Downloads
0
Stars
3
Active Installs
5
Versions
Install in OpenClaw
/install linux-kernel-crash-debug
Description
Debug Linux kernel crashes using the crash utility and memory debugging tools. Use when users mention kernel crash, kernel panic, vmcore analysis, kernel dum...
README (SKILL.md)

Linux Kernel Crash Debugging

This skill guides you through analyzing Linux kernel crash dumps using the crash utility.

Installation

Claude Code

claude skill install linux-kernel-crash-debug.skill

OpenClaw

# Method 1: Install via ClawHub
clawhub install linux-kernel-crash-debug

# Method 2: Manual installation
mkdir -p ~/.openclaw/workspace/skills/linux-kernel-crash-debug
cp SKILL.md ~/.openclaw/workspace/skills/linux-kernel-crash-debug/

Quick Start

Starting a Session

# Analyze a dump file
crash vmlinux vmcore

# Debug a running system
crash vmlinux

# Raw RAM dump
crash vmlinux ddr.bin --ram_start=0x80000000

Core Debugging Workflow

1. crash> sys              # Confirm panic reason
2. crash> log              # View kernel log
3. crash> bt               # Analyze call stack
4. crash> struct \x3Ctype>    # Inspect data structures
5. crash> kmem \x3Caddr>      # Memory analysis

🤖 Agent Execution Directives

If you are an AI/Agent using this skill, do not invoke crash interactively as it will block your subshell.

  1. Use the bundled wrapper ./scripts/agent-crash.sh which maps precisely to the workflows below but safely truncates outputs:
    • ./scripts/agent-crash.sh -k vmlinux -c vmcore triage - Safely runs initial sys, log, and bt.
    • ./scripts/agent-crash.sh -k vmlinux -c vmcore flow-oom - Top 15 memory checks.
    • ./scripts/agent-crash.sh -k vmlinux -c vmcore flow-deadlock - Pulls UN task stacks.
    • ./scripts/agent-crash.sh -k vmlinux -c vmcore dis-regs \x3Cfunc> \x3Cpid> - Assembly regression.
    • ./scripts/agent-crash.sh -k vmlinux -c vmcore check-poison \x3Caddr> - Pattern match memory poisons.
  2. Fallback Strategy: If macros don't solve the issue, fall back to basic primitives manually: ./scripts/agent-crash.sh -k vmlinux -c vmcore run "rd ffff880123456780".
  3. Check references/agentic-heuristics.md for extended expert methodologies.

Prerequisites

Item Requirement
vmlinux Must have debug symbols (CONFIG_DEBUG_INFO=y)
vmcore kdump/netdump/diskdump/ELF format
Version vmlinux must exactly match the vmcore kernel version

Package Installation

Anolis OS / Alibaba Cloud Linux

# Install crash utility
sudo dnf install crash

# Install kernel debuginfo (match your kernel version)
sudo dnf install kernel-debuginfo-$(uname -r)

# Install additional analysis tools
sudo dnf install gdb readelf objdump makedumpfile

# Optional: Install kernel-devel for source code reference
sudo dnf install kernel-devel-$(uname -r)

RHEL / CentOS / Rocky / AlmaLinux

sudo dnf install crash kernel-debuginfo-$(uname -r)
sudo dnf install gdb binutils makedumpfile

Ubuntu / Debian

sudo apt install crash linux-crashdump gdb binutils makedumpfile
sudo apt install linux-image-$(uname -r)-dbgsym

Self-compiled Kernel

# Enable debug symbols in kernel config
make menuconfig  # Enable CONFIG_DEBUG_INFO, CONFIG_DEBUG_INFO_REDUCED=n

# Or set directly
scripts/config --enable CONFIG_DEBUG_INFO
scripts/config --enable CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT

Verify Installation

# Check crash version
crash --version

# Verify debuginfo matches kernel
crash /usr/lib/debug/lib/modules/$(uname -r)/vmlinux /proc/kcore

Core Command Reference

Debugging Analysis

Command Purpose Example
sys System info/panic reason sys, sys -i
log Kernel message buffer log, log | tail
bt Stack backtrace bt, bt -a, bt -f
struct View structures struct task_struct \x3Caddr>
p/px/pd Print variables p jiffies, px current
kmem Memory analysis kmem -i, kmem -S \x3Ccache>

Tasks and Processes

Command Purpose Example
ps Process list ps, ps -m | grep UN
set Switch context set \x3Cpid>, set -p
foreach Batch task operations foreach bt, foreach UN bt
task task_struct contents task \x3Cpid>
files Open files files \x3Cpid>

Memory Operations

Command Purpose Example
rd Read memory rd \x3Caddr>, rd -p \x3Cphys>
search Search memory search -k deadbeef
vtop Address translation vtop \x3Caddr>
list Traverse linked lists list task_struct.tasks -h \x3Caddr>

bt Command Details

The most important debugging command:

crash> bt              # Current task stack
crash> bt -a           # All CPU active tasks
crash> bt -f           # Expand stack frame raw data
crash> bt -F           # Symbolic stack frame data
crash> bt -l           # Show source file and line number
crash> bt -e           # Search for exception frames
crash> bt -v           # Check stack overflow
crash> bt -R \x3Csym>     # Only show stacks referencing symbol
crash> bt \x3Cpid>        # Specific process

Context Management

Crash session has a "current context" affecting bt, files, vm commands:

crash> set              # View current context
crash> set \x3Cpid>        # Switch to specified PID
crash> set \x3Ctask_addr>  # Switch to task address
crash> set -p           # Restore to panic task

Session Control

# Output control
crash> set scroll off   # Disable pagination
crash> sf               # Alias for scroll off

# Output redirection
crash> foreach bt > bt.all

# GDB passthrough
crash> gdb bt           # Single gdb invocation
crash> set gdb on       # Enter gdb mode
(gdb) info registers
(gdb) set gdb off

# Read commands from file
crash> \x3C commands.txt

Typical Debugging Scenarios

Kernel BUG Location

crash> sys                    # Confirm panic
crash> log | tail -50         # View logs
crash> bt                     # Call stack
crash> bt -f                  # Expand frames for parameters
crash> struct \x3Ctype> \x3Caddr>   # Inspect data structures

Deadlock Analysis

crash> bt -a                  # All CPU call stacks
crash> ps -m | grep UN        # Uninterruptible processes
crash> foreach UN bt          # View waiting reasons
crash> struct mutex \x3Caddr>    # Inspect lock state

Memory Issues

crash> kmem -i                # Memory statistics
crash> kmem -S \x3Ccache>        # Inspect slab
crash> vm \x3Cpid>               # Process memory mapping
crash> search -k \x3Cpattern>    # Search memory

Stack Overflow

crash> bt -v                  # Check stack overflow
crash> bt -r                  # Raw stack data

Advanced Techniques

Chained Queries

crash> bt -f                  # Get pointers
crash> struct file.f_dentry \x3Caddr>
crash> struct dentry.d_inode \x3Caddr>
crash> struct inode.i_pipe \x3Caddr>

Batch Slab Inspection

crash> kmem -S inode_cache | grep counter | grep -v "= 1"

Kernel Linked List Traversal

crash> list task_struct.tasks -s task_struct.pid -h \x3Cstart>
crash> list -h \x3Caddr> -s dentry.d_name.name

Extended Reference

For detailed information, refer to the following reference files:

File Content
references/advanced-commands.md Advanced commands: list, rd, search, vtop, kmem, foreach
references/vmcore-format.md vmcore file format, ELF structure, VMCOREINFO
references/case-studies.md Debugging cases: kernel BUG, deadlock, OOM, NULL pointer, stack overflow
references/debug-tools-guide.md Advanced debugging tools: KASAN, Kprobes, Kmemleak, UBSAN (require kernel rebuild)

Usage:

crash> help \x3Ccommand>        # Built-in help
# Or ask Claude to view reference files

Common Errors

crash: vmlinux and vmcore do not match!
# -> Ensure vmlinux version exactly matches vmcore

crash: cannot find booted kernel
# -> Specify vmlinux path explicitly

crash: cannot resolve symbol
# -> Check if vmlinux has debug symbols

Security Warnings

⚠️ Dangerous Operations

The following commands can cause system damage or data loss:

Command Risk Recommendation
wr Writes to live kernel memory NEVER use on production systems - can crash or corrupt running kernel
GDB passthrough Unrestricted memory access Use with caution, may modify memory or registers

🔒 Sensitive Data Handling

  • vmcore files contain complete kernel memory, potentially including:
    • User process memory and credentials
    • Encryption keys and secrets
    • Network connection data and passwords
  • Access control: Restrict vmcore file access to authorized personnel
  • Secure storage: Store dump files in encrypted or access-controlled directories
  • Secure disposal: Use shred or secure delete when disposing of vmcore files

🛡️ Best Practices

  1. Only analyze vmcore files in isolated/test environments when possible
  2. Never share raw vmcore files publicly without sanitization
  3. Consider using makedumpfile -d to filter sensitive pages before analysis
  4. Document and audit all crash analysis sessions for compliance

Important Notes

  1. Version Match: vmlinux must exactly match the vmcore kernel version
  2. Debug Info: Must use vmlinux with debug symbols
  3. Context Awareness: bt, files, vm commands are affected by current context
  4. Live System Modification: wr command modifies running kernel, extremely dangerous

Resources

Contributing

This is an open-source project. Contributions are welcome!

See CONTRIBUTING.md for guidelines.

Usage Guidance
This skill is internally consistent for kernel crash analysis, but it can read and output raw kernel memory and recommends internet lookups of crash signatures. Before installing: (1) review scripts/agent-crash.sh yourself (it runs crash with piped commands, a 30s timeout, and truncation logic); (2) avoid giving the agent/skill network upload privileges or automatic publishing permissions for vmcore output — vmcore can contain secrets or proprietary data; (3) run the skill in an isolated environment when analyzing production dumps; (4) be cautious with the 'run' macro (allows arbitrary crash commands) and the heuristics that instruct web searches/git greps — these can inadvertently transmit sensitive information. If you need stronger guarantees, disable autonomous invocation for this skill or restrict the agent's network access.
Capability Analysis
Type: OpenClaw Skill Name: linux-kernel-crash-debug Version: 1.0.4 The skill bundle provides a legitimate and well-structured environment for Linux kernel crash analysis using the `crash` utility. It includes a safety-oriented wrapper script, `scripts/agent-crash.sh`, which implements timeouts and output truncation to prevent AI agents from hanging or exceeding context limits. The instructions in `SKILL.md` and `references/agentic-heuristics.md` are designed to guide the agent toward stable and efficient debugging practices rather than subverting its behavior. The bundle also includes appropriate security warnings regarding the handling of sensitive memory dumps and the dangers of modifying live kernel memory.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
Name/description match the required binaries (crash, gdb, readelf, objdump, makedumpfile). The included wrapper script and reference docs align with vmcore/vmlinux analysis tasks; required tools are appropriate and proportionate for the stated purpose.
Instruction Scope
SKILL.md stays focused on crash analysis and correctly instructs agents to use the provided non-interactive wrapper. However, the agent heuristics explicitly recommend web searches or git greps of crash signatures (upstream verification) and allow arbitrary crash 'run' commands which can dump raw memory — both are sensible for debugging but can leak sensitive data or proprietary source if the agent transmits outputs externally.
Install Mechanism
No install spec (instruction-only) and the only shipped code is a small wrapper script. There are no downloads from untrusted URLs or archive extraction steps. This is low-risk from an installation perspective.
Credentials
The skill requires no environment variables or credentials and does not request config paths. Its access model is limited to invoking local debugging binaries and reading local vmcore/vmlinux files, which is appropriate for its purpose.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide agent settings. It runs transient local commands via a wrapper; no elevated persistence or forced inclusion is requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install linux-kernel-crash-debug
  3. After installation, invoke the skill by name or use /linux-kernel-crash-debug
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
- Added agent/expert workflow support: wrapper script (`scripts/agent-crash.sh`) and heuristic methodology (`references/agentic-heuristics.md`) for safe, batch, or programmatic crash analysis. - Introduced agent execution directives section for non-interactive usage and recommended best practices for agents. - Embedded OpenClaw-specific `metadata` and runtime `requires` blocks for better platform integration. - Added legal and contribution documents: `LICENSE`, `CONTRIBUTING.md`. - Removed user-facing introductory docs (`README.md`, `README_CN.md`); primary usage guidance now lives in `SKILL.md`. - Reference file structure expanded for deeper tooling and methodology documentation.
v1.0.3
- Expanded description to include memory error debugging tools (KASAN, Kprobes, Kmemleak, UBSAN) and memory corruption scenarios. - Added a new reference file: `references/debug-tools-guide.md` for advanced debugging tools. - Updated the reference table to link to the new guide on KASAN, Kprobes, Kmemleak, and UBSAN. - Improved scope to cover memory leak detection, use-after-free, and out-of-bounds access.
v1.0.2
**Summary:** This release adds explicit dependency requirements, detailed OS-specific installation instructions, and highlights security risks when using the crash utility. - Declares skill dependencies: crash, gdb, readelf, objdump, makedumpfile. - Adds detailed package installation and verification steps for Anolis, RHEL/CentOS, and Ubuntu/Debian. - Provides instructions for enabling kernel debug symbols on self-compiled kernels. - Expands documentation with a new Security Warnings section covering dangerous commands and sensitive data risks.
v1.0.1
- Added SKILL_CN.md to provide additional documentation. - Removed five files: issue templates and CONTRIBUTING.md. - SKILL.md rewritten in English, improving clarity and accessibility. - Expanded installation instructions for Claude and OpenClaw users. - Updated contribution instructions and community links. - Content is now more concise and focused on broader user needs.
v1.0.0
Initial release with comprehensive Linux kernel crash dump debugging guide using the crash utility. - Provides step-by-step instructions for installing and using crash to analyze kernel dumps (vmcore). - Covers essential commands for system diagnosis, stack tracing, memory inspection, and deadlock/root-cause analysis. - Includes troubleshooting tips, context management, and advanced techniques like chain queries and bulk slab checking. - Summarizes typical debugging scenarios (kernel BUG, deadlock, memory issues, stack overflows). - Lists common errors and how to resolve them. - Offers reference materials and external documentation links for in-depth learning.
Metadata
Slug linux-kernel-crash-debug
Version 1.0.4
License MIT-0
All-time Installs 3
Active Installs 3
Total Versions 5
Frequently Asked Questions

What is Linux Kernel Crash Debug?

Debug Linux kernel crashes using the crash utility and memory debugging tools. Use when users mention kernel crash, kernel panic, vmcore analysis, kernel dum... It is an AI Agent Skill for Claude Code / OpenClaw, with 583 downloads so far.

How do I install Linux Kernel Crash Debug?

Run "/install linux-kernel-crash-debug" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Linux Kernel Crash Debug free?

Yes, Linux Kernel Crash Debug is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Linux Kernel Crash Debug support?

Linux Kernel Crash Debug is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Linux Kernel Crash Debug?

It is built and maintained by James Wang (@crazyss); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments