On Sun, Feb 23, 2014 at 10:26:21PM +0000, David Laight wrote: > On Sun, Feb 23, 2014 at 09:56:55PM +0100, Thomas Klausner wrote: > > On Sun, Feb 23, 2014 at 10:34:32AM +0000, Nick Hudson wrote: > > > On 02/23/14 09:41, Thomas Klausner wrote: > > > > > Also, x/i in ddb/crash that address and "show registers" > > > > (gdb) x/i usb_allocmem_flags+0x6c > > 0xffffffff808dbe2c <usb_allocmem_flags+108>: cmp %rbx,(%rcx) > > > > > I assume usb_allocmem_flags+0x6c is 0xffffffff808dbe2c > > > > Correct! > > > > Does this help? > > > > I have the kernel (without symbols) and the crash dump if you want to > > know more or look at it. > > The kernels I've build don't have a 'cmp' instruction any where near > that offset in usb_allocmem_flags. > The function isn't that big, so if you run 'objdump -d /netbsd >netbsd.dis' > and search for the function body you'll only have about 120 lines. > I can usually work out the source lines from that. > (gdb's 'disas usb_allocmem_flags' probably gives the same lines.)
David took a closer look and told me: It has blown up in this loop reading block->tag 1.53 mrg 313: mutex_enter(&usb_blk_lock); 1.1 augustss 314: /* Check for free fragments. */ 1.44 matt 315: LIST_FOREACH(f, &usb_frag_freelist, next) { 1.48 matt 316: KDASSERTMSG(usb_valid_block_p(f->block, &usb_blk_fraglist), 1.50 jym 317: "%s: usb frag %p: unknown block pointer %p", 318: __func__, f, f->block); 1.1 augustss 319: if (f->block->tag == tag) 320: break; 1.41 matt 321: } Thomas