Subject: Re: uvm_fault kernel: page fault trap while un-tar-ing a large file
To: Edgar =?iso-8859-1?B?RnXf?= <ef@math.uni-bonn.de>
From: Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
List: tech-kern
Date: 06/22/2007 18:24:28
On Fri, Jun 22, 2007 at 04:58:37PM +0200, Edgar Fuß wrote:
> > gdb netbsd.gdb
> > (gdb) info line *(dqget+0x118)
> > Line 729 of "/var/tmp/src-4.0beta2/sys/ufs/ufs/ufs_quota.c"
> > starts at address 0xffffffff8028e4df <dqget+255>
> > and ends at 0xffffffff8028e4fb <dqget+283>.
>
> After spending several hours trying to find out what might go wrong in that
> TAILQ_REMOVE, I disassembled dqget and it looks like gdb lied about the
> line number.
>
> The problem seems in fact to be the
> *dqp = dq;
> two lines below but how can dqp be NULL?
>
Just built GENERIC.MP from my NetBSD4 tree and it looks like Line 729
is right and the error comes from TAILQ_REMOVE when it assigns
*(elm)->field.tqe_prev = (elm)->field.tqe_next.
? rdx = (elm)->field.tqe_next
? (elm)->field.tqe_next->field.tqe_prev = (elm)->field.tqe_prev;
dqget+0x10c 8037bc2c 48 8b 43 18 mov 0x18(%rbx),%rax
dqget+0x110 8037bc30 48 89 42 18 mov %rax,0x18(%rdx)
? *(elm)->field.tqe_prev = (elm)->field.tqe_next;
dqget+0x114 8037bc34 48 8b 43 18 mov 0x18(%rbx),%rax
dqget+0x118 8037bc38 48 89 10 mov %rdx,(%rax)
dqget+0x11b 8037bc3b 48 89 df mov %rbx,%rdi
dqget+0x11e 8037bc3e e8 2d fc ff ff callq 8037b870 <dqref>
It could help to enable queue debugging with `options QUEUEDEBUG'.
--
Juergen Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)