Environment
Novell NetWare 6.5 Support Pack 8
N65NSS8C
CIFS
N65NSS8C
CIFS
Situation
Server Abends immediately when CIFS.NLM is loaded
SYS:\SYSTEM\ABEND.LOG shows the following:
Novell Open Enterprise Server, NetWare 6.5
PVER: 6.50.08
Server NOVELL_GO1 halted Friday, 15 April 2011 9:53:46.496 pm
Abend 1 on P00: Server-5.70.08-0: DQ_APPEND would cause memory corruption
Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0023 GS = 0023 SS = 0010
EAX = 8A3EB408 EBX = 8A3EB408 ECX = 8A3EB408 EDX = 801F1FD0
ESI = 0000000B EDI = 8A3EB3AC EBP = 8FA29F08 ESP = 8FA29EF0
EIP = 8A5F3699 FLAGS = 00000292
8A5F3699 83C404 ADD ESP, 00000004
EIP in NSS.NLM at code start +00022699h
The violation occurred while processing the following instruction:
8A5F3699 83C404 ADD ESP, 00000004
8A5F369C 8B4304 MOV EAX, [EBX+04]
8A5F369F 8B55F0 MOV EDX, [EBP-10]
8A5F36A2 8910 MOV [EAX], EDX
8A5F36A4 8B03 MOV EAX, [EBX]
8A5F36A6 8B5204 MOV EDX, [EDX+04]
8A5F36A9 895004 MOV [EAX+04], EDX
8A5F36AC 8B55F0 MOV EDX, [EBP-10]
8A5F36AF 8B5204 MOV EDX, [EDX+04]
8A5F36B2 8B03 MOV EAX, [EBX]
Running process: Server 15 Process --> Note this could be any process
Thread Owned by NLM: SERVER.NLM --> Note this could be any process
Stack pointer: 8FA29F3C
OS Stack limit: 8FA22000
CPU 0 (Thread 9297E080) is in a NO SLEEP state
Scheduling priority: 67371008
Wait state: 50500F0 Waiting for work
Stack: 8A5F3470 (NSS.NLM|Sec20002utcTime+100)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
-8A3EB320 (NSS.NLM|AlarmWork+0)
--00043128 (LOADER.NLM|NestedInterruptCount+28)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
8A5F35E0 (NSS.NLM|fireAlarm+0)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
0036D978 (SERVER.NLM|kDoFastWorkToDo+28)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00000001 (LOADER.NLM|KernelAddressSpace+1)
--00043128 (LOADER.NLM|NestedInterruptCount+28)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
00230E4C (SERVER.NLM|kWorkToDoCheckAllRunFast+A4)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
[snip]
Stack Walk
Current EIP: 8A5F3699 NSS.NLM|fireAlarm+B9
Stack Contents
8FA29F0C 0036D978 SERVER.NLM|kDoFastWorkToDo+28
8FA29F10 8A3EB748 00000000 8A5F35E0 FE1DA740 00000000 ....`5_.@'.~....
8FA29F2C 00230E4C SERVER.NLM|kWorkToDoCheckAllRunFast+A4
8FA29F44 002315C8 SERVER.NLM|MpkSystemWork+68
8FA29F50 0021D48A SERVER.NLM|WorkerThread+336
8FA29F68 0022AC68 SERVER.NLM|TcoNewSystemThreadEntryPoint+40
8FA29F6C 9297E080 00000000 00000000 00000BDA 00000000 ........Z.......
8FA29F70 00000000
(stack end)
SYS:\SYSTEM\ABEND.LOG shows the following:
Novell Open Enterprise Server, NetWare 6.5
PVER: 6.50.08
Server NOVELL_GO1 halted Friday, 15 April 2011 9:53:46.496 pm
Abend 1 on P00: Server-5.70.08-0: DQ_APPEND would cause memory corruption
Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0023 GS = 0023 SS = 0010
EAX = 8A3EB408 EBX = 8A3EB408 ECX = 8A3EB408 EDX = 801F1FD0
ESI = 0000000B EDI = 8A3EB3AC EBP = 8FA29F08 ESP = 8FA29EF0
EIP = 8A5F3699 FLAGS = 00000292
8A5F3699 83C404 ADD ESP, 00000004
EIP in NSS.NLM at code start +00022699h
The violation occurred while processing the following instruction:
8A5F3699 83C404 ADD ESP, 00000004
8A5F369C 8B4304 MOV EAX, [EBX+04]
8A5F369F 8B55F0 MOV EDX, [EBP-10]
8A5F36A2 8910 MOV [EAX], EDX
8A5F36A4 8B03 MOV EAX, [EBX]
8A5F36A6 8B5204 MOV EDX, [EDX+04]
8A5F36A9 895004 MOV [EAX+04], EDX
8A5F36AC 8B55F0 MOV EDX, [EBP-10]
8A5F36AF 8B5204 MOV EDX, [EDX+04]
8A5F36B2 8B03 MOV EAX, [EBX]
Running process: Server 15 Process --> Note this could be any process
Thread Owned by NLM: SERVER.NLM --> Note this could be any process
Stack pointer: 8FA29F3C
OS Stack limit: 8FA22000
CPU 0 (Thread 9297E080) is in a NO SLEEP state
Scheduling priority: 67371008
Wait state: 50500F0 Waiting for work
Stack: 8A5F3470 (NSS.NLM|Sec20002utcTime+100)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
-8A3EB320 (NSS.NLM|AlarmWork+0)
--00043128 (LOADER.NLM|NestedInterruptCount+28)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
8A5F35E0 (NSS.NLM|fireAlarm+0)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
0036D978 (SERVER.NLM|kDoFastWorkToDo+28)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00000001 (LOADER.NLM|KernelAddressSpace+1)
--00043128 (LOADER.NLM|NestedInterruptCount+28)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
00230E4C (SERVER.NLM|kWorkToDoCheckAllRunFast+A4)
-8A3EB748 (NSS.NLM|AlarmWorkToDo+0)
[snip]
Stack Walk
Current EIP: 8A5F3699 NSS.NLM|fireAlarm+B9
Stack Contents
8FA29F0C 0036D978 SERVER.NLM|kDoFastWorkToDo+28
8FA29F10 8A3EB748 00000000 8A5F35E0 FE1DA740 00000000 ....`5_.@'.~....
8FA29F2C 00230E4C SERVER.NLM|kWorkToDoCheckAllRunFast+A4
8FA29F44 002315C8 SERVER.NLM|MpkSystemWork+68
8FA29F50 0021D48A SERVER.NLM|WorkerThread+336
8FA29F68 0022AC68 SERVER.NLM|TcoNewSystemThreadEntryPoint+40
8FA29F6C 9297E080 00000000 00000000 00000BDA 00000000 ........Z.......
8FA29F70 00000000
(stack end)
Resolution
The cifsctxs.cfg file (located in: sys:\etc) was corrupt and causing the server to Abend as soon as CIFS was loaded. After replacing the cifsctxs.cfg file with a good copy from a working server, CIFS was able to load successfully.
Additional Information
Stack walk from coredump in virtual debugger shows the following
Current EIP: 8A5F3699 NSS.NLM|fireAlarm+B9
8FA29F0C 0036D978 SERVER.NLM|kDoFastWorkToDo+28
8FA29F2C 00230E4C SERVER.NLM|kWorkToDoCheckAllRunFast+A4
8FA29F44 002315C8 SERVER.NLM|MpkSystemWork+68
8FA29F50 0021D48A SERVER.NLM|WorkerThread+336
8FA29F68 0022AC68 SERVER.NLM|TcoNewSystemThreadEntryPoint+40
(stack end)
Current EIP: 8A5F3699 NSS.NLM|fireAlarm+B9
8FA29F0C 0036D978 SERVER.NLM|kDoFastWorkToDo+28
8FA29F2C 00230E4C SERVER.NLM|kWorkToDoCheckAllRunFast+A4
8FA29F44 002315C8 SERVER.NLM|MpkSystemWork+68
8FA29F50 0021D48A SERVER.NLM|WorkerThread+336
8FA29F68 0022AC68 SERVER.NLM|TcoNewSystemThreadEntryPoint+40
(stack end)