Edgar Fuß wrote:
> I just had a panic at dqflush+0x38 during a quotaoff(8) on 4.0/amd64.
>
> The instruction is
> cmp %rdi,0x80(%rdx,%rax,8)
> and both rdx and rax ar zero.
>
> The source seems to be
> if (dq->dq_ump->um_quotas[dq->dq_type] != vp)
> and it looks to me like rdx is dq->dq_ump, rax is dq-dq_type and rdi is vp.
> Is this correct?
%rdx is the base, and 8*%rax is the index; to that, 0x80 is added.
dq_ump lives outside struct dquot, so that's possible. I'm a bit too
lazy to calculate the byte offset where um_quotas lives in struct
ufsmount, but it makes sense if it's at offset 0x80. um_quotas is an
array of pointers, so scale 8 also makes sense (on P64).
I'd put some Poor Man's Debugging panic()'s in dqflush, checking whether
dq is NULL, then dq_ump.
Cheers,
--
Thomas E. Spanjaard
tgen%netphreax.net@localhost
tgen%deepbone.net@localhost
Attachment:
signature.asc
Description: OpenPGP digital signature