> Yeah, I think I found the problem. Next time however, run the oops through
> ksymoops which is in /usr/src/linux/tools/ksymoops, as it will decode the
> Code: part and helps pinpointing the exact part of the code where the crash
> occurs.
>
> It seems to be the classic case of removing a listentry we need later on to
> get to the next item, does the following patch help? (ps. I haven't tested
> this myself, but then again, I haven't had such an oops yet).
No, the oops happens just the same. Only with the patch added, it
happens in a slightly different place. Here is the oops done with the
patched coda:
Unable to handle kernel NULL pointer dereference at virtual address 00000000
current->tss.cr3 = 0132e000, %cr3 = 0132e000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c0135eaf>]
EFLAGS: 00000215
eax: c10fda34 ebx: fffffff8 ecx: c10fd878 edx: c10fda3c
esi: 00000000 edi: c10fda34 ebp: 00000389 esp: c1331e84
ds: 0018 es: 0018 ss: 0018
Process avfscoda (pid: 655, process nr: 31, stackpage=c1331000)
Stack: c10fda1c c0136e5e c10fd980 c01e1b40 c10fd980 00000000 c012ded4 c10fd980
c10ff7a0 c10ff780 c10fd980 c012cb76 c10fd980 00000403 c0207c08 c01e18dc
c0207c08 c012d9ca 00000403 00000000 00000000 00000000 c012da02 00000403
Call Trace: [<c0136e5e>] [<c012ded4>] [<c012cb76>] [<c012d9ca>] [<c012da02>]
[<c012dd41>] [<c012ddf8>]
[<c0141b54>] [<c012885e>] [<c0128a26>] [<c0128b18>] [<c0126cda>] [<c010798c>]
Code: 8b 36 53 e8 b5 fd ff ff 53 e8 63 fd ff ff 83 c4 08 6a 34 53
>>EIP: c0135eaf <coda_cache_clear_inode+7b/cc>
Trace: c0136e5e <coda_delete_inode+ee/168>
Trace: c012ded4 <iput+7c/1f0>
Trace: c012cb76 <prune_dcache+96/f8>
Trace: c012d9ca <try_to_free_inodes+22/34>
Trace: c012da02 <grow_inodes+1e/174>
Trace: c012dd41 <get_new_inode+bd/11c>
Trace: c012ddf8 <iget+58/60>
Trace: c0141b54 <ext2_lookup+54/7c>
Code: c0135eaf <coda_cache_clear_inode+7b/cc> 00000000 <_EIP>: <===
Code: c0135eaf <coda_cache_clear_inode+7b/cc> 0: 8b 36 movl
(%esi),%esi <===
Code: c0135eb1 <coda_cache_clear_inode+7d/cc> 2: 53 pushl
%ebx
Code: c0135eb2 <coda_cache_clear_inode+7e/cc> 3: e8 b5 fd ff ff call
c0135c6c <coda_cnremove+0/50>
Code: c0135eb7 <coda_cache_clear_inode+83/cc> 8: 53 pushl
%ebx
Code: c0135eb8 <coda_cache_clear_inode+84/cc> 9: e8 63 fd ff ff call
c0135c20 <coda_ccremove+0/4c>
Code: c0135ebd <coda_cache_clear_inode+89/cc> e: 83 c4 08 addl
$0x8,%esp
Code: c0135ec0 <coda_cache_clear_inode+8c/cc> 11: 6a 34 pushl
$0x34
Code: c0135ec2 <coda_cache_clear_inode+8e/cc> 13: 53 pushl
%ebx