Here is a brief look at how to debug from the screen
dump that occurs when the kernel panics..

Suppose the kernel dump provides an EIP address of

   0xC8865270

Inspect /var/log/messages looking for where the driver
was last loaded.  Suppose you find:

IA 5515: Alloc buffers is at c886235c

Then you know that the fault occurred at offset

   0xc886235c
 - 0xC8865270
   ==========
         2f14

from ia_alloc_buffers

Now open the file atm.map and find

  0x00000308                ia_alloc_buffers

This tells you the fault occured at offset....


  0x00000308
  +     2f14
  ==========
        321c

from the start of the module.

Now sort the map file by address and locate the relative
address of the fault...

    36  0x00002ff4                ia_host_rx_intr
    37  0x000032e0                ia_recv5u

This indicates that the fault occured in  ia_host_rx_intr
since the fault address is greater than 0x00002ff4 but
less than 0x000032e0.

Finally find the relative address within ia_host_rx_intr
by subtracting:

 0x321c
 - 2ff4
 ======
  0x228

To find the faulting instruction add -S to the CFLAGS in
the makefile, touch ia_rfred.c (which contains  ia_host_rx_intr)
and run make.  This creates ia_rfred.s.  Now run

  as -A ia_rfred.s > ia_rfred.lst
  or
  as -alh ia_..

creating an assembler listing.

Locate the start of the offending function in the listing:

 959                    .type  ia_host_rx_intr,@function
 960                 ia_host_rx_intr:
 961 0a90 55            pushl %ebp
 962 0a91 57            pushl %edi

Here we see that it is at offset 0xa90 in the module

Add

  0x0a90     The offset of ia_host_rx_intr
 +0x0228     The offset of the fault relative to ia_host_rx_intr
 =======
   0xcb8      The offset of the fault relative to the start of the module

Find offset 0xcb8 in the listing

 1133 0ca5 E8FCFFFF     call  ia5515_getvcc
 1133      FF
 1134 0caa 83C410       addl  $16, %esp
 1135 0cad 837C2414     cmpl  $64, 20(%esp)
 1135      40
 1136 0cb2 761B         jbe   .L2251
 1137 0cb4 8B442428     movl  40(%esp), %eax
 1138 0cb8 8378081F     cmpl  $31, 8(%eax)
 1139 0cbc 7E15         jle   .L2239

The code string shown there  8378081F should match that at the bottom
of the original dump screen.  Finally map that code back to
the source and hopefully figure out what the problem was.


      ia5515_getvcc(rx_buf->desc->vci & R_VC_MASK, &vcc);
      if ((len > 64) && (vcc->vci > 31))
              /*  (softc->vcctab[vcc->vci].r_ipaddr == 0)) */
      {
         /*  softc->vcctab[vcc->vci].l_ipaddr = ia_ipfromvcc(vcc); */
             ia5515_ips(softc, vcc, skb, 1);
      }

      if (vcc != NULL)
      {
         if ((len > 64) && (vcc->vci > 31))

Here some diagnostic code had been improperly inserted before
the check for null vcc and the attempt to dereference the
vcc pointer in   0cb8 8378081F     cmpl  $31, 8(%eax) caused
the fault.