current-users: help requested with kernel crash backtrace (i386)

Subject: help requested with kernel crash backtrace (i386)
To: None <current-users@netbsd.org>
From: Greg Troxel <gdt@ir.bbn.com>
List: current-users
Date: 02/28/2006 12:18:46
I have a machine that's been running coda (venus, client only) for a
very long time.  I recently updated to 2006-02-05 sources from roughly
2006-12-06, and the machine has crashed twice in a short period of
time.

The second time I got a core dump, but unfortunately GENERIC had been
compiled without -g.  I am a bit baffled as to the faulting
instruction.  The coda_readlink frame gives 0xc02f5126, and that's an
add instruction to %esp, which is suspiciously immediately following a
call to venus_readlink.

Is it fair to expect the eip in frame 5 to be the address of the
faulting instruction?  Or the next instruction to be executed?  I
don't see how the return instruction would fault in venus_readlink.

I have obtained traces with the eip at the same place in the code from
previous crashes on different machines.

I know there are locking issues in lookup, and probably I should fix
those first.  In particular version 1.46 of coda_vnops (my fault) may
be off - I have advice from wrstuden@ about locking rules that I have
not fully digested.  But I'd still like to understand this backtrace.


(gdb) bt
#0  0x3f640000 in ?? ()
#1  0xc046c4ab in cpu_reboot ()
#2  0xc03f6b62 in panic ()
#3  0xc0476c31 in trap ()
#4  0xc0102f43 in calltrap ()
#5  0xc02f5126 in coda_readlink ()
#6  0xc04239da in VOP_READLINK ()
#7  0xc0418184 in namei ()
#8  0xc041efa0 in sys___stat30 ()
#9  0xc047659e in syscall_plain ()
(gdb) fr 5
#5  0xc02f5126 in coda_readlink ()
(gdb) i fr
Stack level 5, frame at 0xcc54fdac:
 eip = 0xc02f5126 in coda_readlink; saved eip 0xc04239da
 called by frame at 0xcc54fddc, caller of frame at 0xcc54fd6c
 Arglist at 0xcc54fdac, args: 
 Locals at 0xcc54fdac, Previous frame's sp in esp
 Saved registers:
  ebx at 0xcc54fda0, ebp at 0xcc54fdac, esi at 0xcc54fda4, edi at 0xcc54fda8,
  eip at 0xcc54fdb0
(gdb) i reg
eax            0xc079c3d8       -1065761832
ecx            0x0      0
edx            0x0      0
ebx            0xc1feb000       -1040273408
esp            0xcc54fbfc       0xcc54fbfc
ebp            0xcc54fdac       0xcc54fdac
esi            0xc1ce1e08       -1043456504
edi            0xcdb7ca8c       -843593076
eip            0xc02f5126       0xc02f5126
eflags         0x0      0
cs             0x0      0
ss             0x0      0
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
fctrl          0x0      0
fstat          0x0      0
ftag           0x0      0
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0

(gdb) disass coda_readlink
Dump of assembler code for function coda_readlink:
0xc02f50c4 <coda_readlink>:     push   %ebp
0xc02f50c5 <coda_readlink+1>:   mov    %esp,%ebp
0xc02f50c7 <coda_readlink+3>:   push   %edi
0xc02f50c8 <coda_readlink+4>:   push   %esi
0xc02f50c9 <coda_readlink+5>:   push   %ebx
0xc02f50ca <coda_readlink+6>:   sub    $0xc,%esp
0xc02f50cd <coda_readlink+9>:   mov    0x8(%ebp),%eax
0xc02f50d0 <coda_readlink+12>:  mov    0x4(%eax),%edx
0xc02f50d3 <coda_readlink+15>:  mov    0x8(%eax),%edi
0xc02f50d6 <coda_readlink+18>:  incl   0xc08bd1e4
0xc02f50dc <coda_readlink+24>:  cmp    0xc08bd110,%edx
0xc02f50e2 <coda_readlink+30>:  mov    0xa0(%edx),%esi
0xc02f50e8 <coda_readlink+36>:  mov    0xc(%eax),%ebx
0xc02f50eb <coda_readlink+39>:  mov    0x1c(%edi),%ecx
0xc02f50ee <coda_readlink+42>:  je     0xc02f51fb <coda_readlink+311>
0xc02f50f4 <coda_readlink+48>:  mov    0xc0837838,%eax
0xc02f50f9 <coda_readlink+53>:  test   %eax,%eax
0xc02f50fb <coda_readlink+55>:  je     0xc02f5107 <coda_readlink+67>
0xc02f50fd <coda_readlink+57>:  testb  $0x2,0x4(%esi)
0xc02f5101 <coda_readlink+61>:  jne    0xc02f51c0 <coda_readlink+252>
0xc02f5107 <coda_readlink+67>:  sub    $0x8,%esp
0xc02f510a <coda_readlink+70>:  lea    0xfffffff0(%ebp),%eax
0xc02f510d <coda_readlink+73>:  push   %eax
0xc02f510e <coda_readlink+74>:  lea    0xffffffec(%ebp),%eax
0xc02f5111 <coda_readlink+77>:  push   %eax
0xc02f5112 <coda_readlink+78>:  push   %ecx
0xc02f5113 <coda_readlink+79>:  push   %ebx
0xc02f5114 <coda_readlink+80>:  lea    0x8(%esi),%eax
0xc02f5117 <coda_readlink+83>:  push   %eax
0xc02f5118 <coda_readlink+84>:  mov    0x30(%edx),%eax
0xc02f511b <coda_readlink+87>:  pushl  0x908(%eax)
0xc02f5121 <coda_readlink+93>:  call   0xc02f27f4 <venus_readlink>
0xc02f5126 <coda_readlink+98>:  add    $0x20,%esp
0xc02f5129 <coda_readlink+101>: test   %eax,%eax
0xc02f512b <coda_readlink+103>: mov    %eax,%ebx
0xc02f512d <coda_readlink+105>: je     0xc02f516c <coda_readlink+168>
0xc02f512f <coda_readlink+107>: testb  $0x8,0xc08377ce
0xc02f5136 <coda_readlink+114>: je     0xc02f5152 <coda_readlink+142>
0xc02f5138 <coda_readlink+116>: mov    0xc0837840,%eax
0xc02f513d <coda_readlink+121>: test   %eax,%eax
0xc02f513f <coda_readlink+123>: jne    0xc02f515c <coda_readlink+152>
0xc02f5141 <coda_readlink+125>: sub    $0x8,%esp
0xc02f5144 <coda_readlink+128>: push   %ebx
0xc02f5145 <coda_readlink+129>: push   $0xc079421f
0xc02f514a <coda_readlink+134>: call   0xc03f74c8 <printf>
[rest omitted]