Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Mar 2025 22:00:54 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 285681] [Hyper-V] i386 panic during storvsc_xferbuf_prepare()
Message-ID:  <bug-285681-227-JP8PIUo6O1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-285681-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-285681-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285681

Dimitry Andric <dim@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |markj@FreeBSD.org

--- Comment #2 from Dimitry Andric <dim@FreeBSD.org> ---
With this patch instead:

--- a/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
+++ b/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
@@ -1820,7 +1820,7 @@ storvsc_xferbuf_prepare(void *arg, bus_dma_segment_t
*segs, int nsegs, int error
        union ccb *ccb =3D reqp->ccb;
        struct ccb_scsiio *csio =3D &ccb->csio;
        struct storvsc_gpa_range *prplist;
-       int i;
+       int i, j;

        prplist =3D &reqp->prp_list;
        prplist->gpa_range.gpa_len =3D csio->dxfer_len;
@@ -1831,6 +1831,10 @@ storvsc_xferbuf_prepare(void *arg, bus_dma_segment_t
*segs, int nsegs, int error
 #if !defined(__aarch64__)
                if (nsegs > 1) {
                        if (i =3D=3D 0) {
+                               for (j =3D 0; j < nsegs; j++)
+                                       printf("segs[%d]: ofs 0x%jx, len
%zu\n",
+                                           j, (uintmax_t)segs[j].ds_addr,
+                                           segs[j].ds_len);
                                KASSERT((segs[i].ds_addr & PAGE_MASK) +
                                    segs[i].ds_len =3D=3D PAGE_SIZE,
                                    ("invalid 1st page, ofs 0x%jx, len %zu",

The output is:

... lots of segs[], all 4096 bytes long
segs[0]: ofs 0x39cc000, len 4096
segs[1]: ofs 0x39cd000, len 4096
segs[0]: ofs 0x39cf000, len 2048
segs[1]: ofs 0x39d0000, len 2048
panic: invalid 1st page, ofs 0x39cf000, len 2048
cpuid =3D 1
time =3D 1743026282
KDB: stack backtrace:
db_trace_self_wrapper(fd,152da780,0,2,24baf780,...) at
db_trace_self_wrapper+0x28/frame 0x36cb3020
vpanic(141534a,36cb305c,36cb305c,36cb3080,132bb2d,...) at vpanic+0xf4/frame
0x36cb303c
panic(141534a,39cf000,0,800,0,...) at panic+0x14/frame 0x36cb3050
storvsc_xferbuf_prepare(26c34000,24baf780,2,0) at
storvsc_xferbuf_prepare+0xed/frame 0x36cb3080
bus_dmamap_load_mem(24ba6100,26c39100,36cb30d4,132ba40,26c34000,1) at
bus_dmamap_load_mem+0x2f2/frame 0x36cb30b4
bus_dmamap_load_ccb(24ba6100,26c39100,37e94bec,132ba40,26c34000,1) at
bus_dmamap_load_ccb+0x4a/frame 0x36cb30f4
storvsc_action(2b104180,37e94bec) at storvsc_action+0x3a7/frame 0x36cb3140
xpt_run_devq(2b100080,36e59000,1cef7030,2b100090,37e94bec,...) at
xpt_run_devq+0x287/frame 0x36cb317c
xpt_action_default(37e94bec) at xpt_action_default+0x3c6/frame 0x36cb31a0
scsi_action(37e94bec) at scsi_action+0x19/frame 0x36cb31b8
dastart(36e29100,37e94bec) at dastart+0x30d/frame 0x36cb31f4
xpt_run_allocq(36e29100,480) at xpt_run_allocq+0x8b/frame 0x36cb321c
cam_iosched_schedule(1cad0b80,36e29100) at cam_iosched_schedule+0x21/frame
0x36cb3230
dastrategy(36f00a78) at dastrategy+0x64/frame 0x36cb324c
g_disk_start(36ebe860,36ef496c,2d1abb00,1000,0,...) at g_disk_start+0x469/f=
rame
0x36cb32ac
g_io_request(36ebe860,36e8df40,200,0,36ed0e00,...) at g_io_request+0x26b/fr=
ame
0x36cb32d4
g_part_start(36ef496c,396c9b14,2d1ab680,1000,0,...) at g_part_start+0x114/f=
rame
0x36cb334c
g_io_request(36ef496c,2499aec0,36cb3398,20b3513,4e,...) at
g_io_request+0x26b/frame 0x36cb3374
vdev_geom_io_start(37076b40,7,36c8ca7b,0,41,...) at
vdev_geom_io_start+0x26f/frame 0x36cb33a0
zio_vdev_io_start(37076b40,7,36c8c503,1df16d7,1e14d3b,...) at
zio_vdev_io_start+0x559/frame 0x36cb33e0
zio_nowait(37076b40,36cb3440,1ffc930,2,2032ca0,...) at zio_nowait+0x143/fra=
me
0x36cb3420
vdev_mirror_io_start(370a0b40,36f87000,370a0b40,2157040,36cb347c,...) at
vdev_mirror_io_start+0x13b/frame 0x36cb344c
zio_vdev_io_start(370a0b40,1df16d7,1e14d3b,1e185c7,1e185a1,...) at
zio_vdev_io_start+0x559/frame 0x36cb348c
zio_execute(370a0b40,1,36cb3524,fcf452,370a0ea0,...) at zio_execute+0x93/fr=
ame
0x36cb34c4
taskq_run_ent(370a0ea0,1) at taskq_run_ent+0x1f/frame 0x36cb34d4
taskqueue_run_locked(152da780,1a55074,36cb3568,36cb3554,f2e09b,...) at
taskqueue_run_locked+0x192/frame 0x36cb3524
taskqueue_thread_loop(36f94f90,36cb3568) at taskqueue_thread_loop+0xae/frame
0x36cb3538
fork_exit(fd0090,36f94f90,36cb3568,0,0,...) at fork_exit+0x6b/frame 0x36cb3=
554
fork_trampoline() at 0xffc0348e/frame 0x36cb3554

So the question seems to become: what initiated these two requests for 2048
bytes?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-285681-227-JP8PIUo6O1>