# I forgot to include gnats-bugs@gnats.netbsd.org in last mail...

taya@ba2.so-net.ne.jp writes:

> >How-To-Repeat:
> 	/sbin/fdisk ld0

David Laight <david@l8s.co.uk> writes:

> Log in on the console, then when it hangs can you enter ddb?
> If so type 'tr' to get the traceback.

The process is sleeping at physio but ddb works.  Since your root is
ld0, I guess you see system hangs.

Actually, attached small program reproduces the bug.  In the
dynamically linked fdisk binary, the struct mboot is layed out across
page boundary and DMA segment is divided but those sizes are not
multiple of words (4 bytes).

enami@memory-leak% nm obj.i386/fdisk |grep mboot
0804eec0 B mboot

# note that actual i/o to mboot starts with 2 byte offset (see the
# code for detail).

I'm not sure if this is limitation of iop(4) or adaptec 2400A.

enami.

#include <fcntl.h>
#include <stdlib.h>
#include <err.h>

int buf[8192 / sizeof(int)];
int
main()
{
	char *p, *q;
	int fd, n;

	/* these are same result */
	p = malloc(8192);
	//p = (char *)buf;

	/* following 2 samples are OK */
	//q = p + 2;
	//q = p + 4096 - (512 - 4);

	/* following 2 samples are NG */
	q = p + 4096 - (512 - 2);
	//q = p + 4096 - (512 - 254);
	printf("p = %p, q = %p - %p\n", p, q, q + 512);

	fd = open("/dev/rld0d", O_RDONLY, 0);
	if (fd == -1)
		err(1, "open");
	n = read(fd, q, 512);
	printf("n = %d\n", n);
}