Hi, I was running current amd64 (last updated few weeks ago) when I got a random crash shortly after switching to X mode. If my analysis is correct, it crashed in usb_allocmem_flags inside this loop:
LIST_FOREACH(f, &usb_frag_freelist, next) { KDASSERTMSG(usb_valid_block_p(f->block, &usb_blk_fraglist), "%s: usb frag %p: unknown block pointer %p", __func__, f, f->block); if (f->block->tag == tag) break; } It couldn't access f->block->tag. I wasn't actively using any of the usb devices at that time. I wonder if it's a known problem or should I file a PR? Details of the analysis is below. Thanks, Alex crash> dmesg ... fatal protection fault in supervisor mode trap type 4 code 0 rip ffffffff808515e2 cs 8 rflags 13282 cr2 7f7ff5773020 ilevel 0 rsp fffffe80ca6f16c0 curlwp 0xfffffe811a8aaba0 pid 475.1 lowest kstack 0xfffffe80ca6ee000 panic: trap cpu2: Begin traceback... vpanic() at netbsd:vpanic+0x13e printf_nolog() at netbsd:printf_nolog startlwp() at netbsd:startlwp alltraps() at netbsd:alltraps+0x9e ehci_allocm() at netbsd:ehci_allocm+0x2c usbd_transfer() at netbsd:usbd_transfer+0x5f usbd_open_pipe_intr() at netbsd:usbd_open_pipe_intr+0xcb uhidev_open() at netbsd:uhidev_open+0xb3 wsmouseopen() at netbsd:wsmouseopen+0xf3 cdev_open() at netbsd:cdev_open+0x87 spec_open() at netbsd:spec_open+0x183 VOP_OPEN() at netbsd:VOP_OPEN+0x33 vn_open() at netbsd:vn_open+0x1b0 do_open() at netbsd:do_open+0x102 do_sys_openat() at netbsd:do_sys_openat+0x68 sys_open() at netbsd:sys_open+0x24 syscall() at netbsd:syscall+0x9a --- syscall (number 5) --- 7f7ff403af3a: cpu2: End traceback... rebooting in 10 9 8 7 6 5 4 3 2 1 0 crash> dmesg|grep usb usb0 at xhci0: USB revision 2.0 usb1 at ehci0: USB revision 2.0 uhub0 at usb0: NetBSD xHCI Root Hub, class 9/0, rev 2.00/1.00, addr 0 uhub1 at usb1: vendor 0x8086 EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 usbd_transfer() at netbsd:usbd_transfer+0x5f usbd_open_pipe_intr() at netbsd:usbd_open_pipe_intr+0xcb crash> x 0xffffffff808515e2 usb_allocmem_flags+0xfd: 751a3948 $ objdump -d /netbsd ... ffffffff8085158b: 48 c7 c7 60 15 f8 80 mov $0xffffffff80f81560,%rdi ffffffff80851592: e8 69 42 d3 ff callq ffffffff80585800 <mutex_enter> ffffffff80851597: 48 8b 05 c2 bf 69 00 mov 0x69bfc2(%rip),%rax # ffffffff80eed560 <usb_frag_freelist> ffffffff8085159e: 48 85 c0 test %rax,%rax ffffffff808515a1: 75 3c jne ffffffff808515df <usb_allocmem_flags+0xfa> /* You don't need to look at this block */ ffffffff808515a3: 48 8d 4d c8 lea -0x38(%rbp),%rcx ffffffff808515a7: 45 31 c0 xor %r8d,%r8d ffffffff808515aa: ba 40 00 00 00 mov $0x40,%edx ffffffff808515af: be 00 10 00 00 mov $0x1000,%esi ffffffff808515b4: 48 89 df mov %rbx,%rdi ffffffff808515b7: e8 f4 fb ff ff callq ffffffff808511b0 <usb_block_allocmem> ffffffff808515bc: 89 c3 mov %eax,%ebx ffffffff808515be: 85 c0 test %eax,%eax ffffffff808515c0: 75 ac jne ffffffff8085156e <usb_allocmem_flags+0x89> ffffffff808515c2: 48 8b 4d c8 mov -0x38(%rbp),%rcx ffffffff808515c6: c7 41 38 00 00 00 00 movl $0x0,0x38(%rcx) ffffffff808515cd: bb 40 00 00 00 mov $0x40,%ebx ffffffff808515d2: 31 d2 xor %edx,%edx ffffffff808515d4: eb 57 jmp ffffffff8085162d <usb_allocmem_flags+0x148> /* end of block. */ /* LIST_FOREACH(f, &usb_frag_freelist, next) { */ ffffffff808515d6: 48 8b 40 10 mov 0x10(%rax),%rax ffffffff808515da: 48 85 c0 test %rax,%rax ffffffff808515dd: 74 c4 je ffffffff808515a3 <usb_allocmem_flags+0xbe> ffffffff808515df: 48 8b 10 mov (%rax),%rdx ffffffff808515e2: 48 39 1a cmp %rbx,(%rdx) ffffffff808515e5: 75 ef jne ffffffff808515d6 <usb_allocmem_flags+0xf1> crash> ps PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 475 > 1 7 2 0 fffffe811a8aaba0 Xorg 72 1 2 3 9020000 fffffe811a709b80 xinit 43 1 2 3 8020000 fffffe811a709760 sh 437 1 2 3 8020000 fffffe811d311720 ksh 420 1 2 2 8020000 fffffe811e2b6240 getty 435 1 2 0 8020000 fffffe811e2b6a80 getty 429 1 2 3 8020000 fffffe811e2b6660 login 412 1 2 0 8020000 fffffe811e4c1220 getty 390 1 2 0 8020000 fffffe8119a90b60 cron 407 1 2 0 8020000 fffffe811d767b00 inetd 342 1 2 3 8020000 fffffe811d311300 privoxy 357 1 2 3 8020000 fffffe811c3b9b20 sshd 332 > 1 7 0 8020000 fffffe811d7812a0 tor 319 1 3 1 8020080 fffffe811d7676e0 powerd kqueue 176 > 1 7 3 8020000 fffffe811e28fac0 syslogd 126 1 3 1 8020080 fffffe811e28f280 dhcpcd select 1 1 3 1 8020080 fffffe8107acda40 init wait 0 65 3 2 200 fffffe811e28f6a0 physiod physiod 0 64 3 2 200 fffffe811e4c1640 aiodoned aiodoned 0 63 2 2 200 fffffe81074185c0 ioflush 0 62 3 2 200 fffffe811e4c1a60 pgdaemon pgdaemon 0 58 3 2 200 fffffe81074189e0 usb1 usbevt 0 57 3 2 200 fffffe8107acd200 usb0 usbevt 0 56 3 2 200 fffffe8107409a00 coretemp1 coretemp1 0 55 3 2 200 fffffe81074095e0 coretemp0 coretemp0 0 54 3 2 200 fffffe81074091c0 acpitz0 acpitz0 0 53 3 2 200 fffffe810740ba20 acpibat1 acpibat1 0 52 3 2 200 fffffe81074181a0 acpibat0 acpibat0 0 51 3 2 200 fffffe8107acd620 cryptoret crypto_w 0 50 3 2 200 fffffe810740b1e0 unpgc unpgc 0 49 3 0 200 fffffe810740b600 vmem_rehash vmem_rehash 0 40 3 0 200 fffffe81072e6180 iic0 iicintr 0 39 3 0 200 fffffe81072e65a0 atabus0 atath 0 38 3 0 200 fffffe81072e69c0 usbtask-dr usbtsk 0 37 3 0 200 fffffe81071f7160 usbtask-hc usbtsk 0 36 3 0 200 fffffe81071f7580 pms0 pmsreset 0 35 3 0 200 fffffe81071f79a0 acpiec sci thre ecsci 0 34 3 3 200 fffffe81071e5140 xcall/3 xcall 0 33 1 3 200 fffffe81071e5560 softser/3 0 32 1 3 200 fffffe81071e5980 softclk/3 0 31 1 3 200 fffffe81071e9120 softbio/3 0 30 1 3 200 fffffe81071e9540 softnet/3 0 29 1 3 201 fffffe81071e9960 idle/3 0 28 3 2 200 fffffe81071d1100 xcall/2 xcall 0 27 1 2 200 fffffe81071d1520 softser/2 0 26 1 2 200 fffffe81071d1940 softclk/2 0 25 1 2 200 fffffe81071d70e0 softbio/2 0 24 1 2 200 fffffe81071d7500 softnet/2 0 23 1 2 201 fffffe81071d7920 idle/2 0 22 3 1 200 fffffe81071bf0c0 xcall/1 xcall 0 21 1 1 200 fffffe81071bf4e0 softser/1 0 20 1 1 200 fffffe81071bf900 softclk/1 0 19 1 1 200 fffffe81071b80a0 softbio/1 0 18 1 1 200 fffffe81071b84c0 softnet/1 0 > 17 7 1 201 fffffe81071b88e0 idle/1 0 16 3 0 200 fffffe811e616080 sysmon smtaskq 0 15 3 1 200 fffffe811e6164a0 pmfsuspend pmfsuspend 0 14 3 0 200 fffffe811e6168c0 pmfevent pmfevent 0 13 3 0 200 fffffe811f527060 sopendfree sopendfr 0 12 3 3 200 fffffe811f527480 nfssilly nfssilly 0 11 3 0 200 fffffe811f5278a0 cachegc cachegc 0 10 3 0 200 fffffe811f92d040 vrele vrele 0 9 3 0 200 fffffe811f92d460 vdrain vdrain 0 8 3 0 200 fffffe811f92d880 modunload mod_unld 0 7 3 0 200 fffffe811f939020 xcall/0 xcall 0 6 1 0 200 fffffe811f939440 softser/0 0 > 5 7 0 200 fffffe811f939860 softclk/0 0 4 1 0 200 fffffe811f940000 softbio/0 0 3 1 0 200 fffffe811f940420 softnet/0 0 2 1 0 201 fffffe811f940840 idle/0 0 1 2 2 200 ffffffff80ed6800 swapper