From nobody Wed Mar 26 22:00:54 2025
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZNLMV73QLz5rGJJ
	for <bugs@mlmmj.nyi.freebsd.org>; Wed, 26 Mar 2025 22:00:54 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZNLMV53pFz3W2x
	for <bugs@FreeBSD.org>; Wed, 26 Mar 2025 22:00:54 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743026454;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=08CizkAW9x7Vcn4LzK34/oxg10UeH3qtVHm4SlciYDo=;
	b=HNqnCGaMoD41VLfiJORKN0IgEeO6V1sMkRyfe8QxmEZlWeml6fMWA0eaTwIsyTRrb61yVO
	Bgw2Jv3n6nNJ3aUps8NdLfBjq+r47M0GeSoG2R5m8iq9WbNv4/Pg5wqcqjHkXZj5J7t4Em
	ZIiVK5f26MrN/NTkyqieH8ISfKoi2RC7YvPcQHcTxIiC6rPk2Y/Qxw+qJgqKcpewsZg3HA
	YoTa5I6hJ47r2PbZWzJWPV4Cv7Tn9Ml6gUd45X+hQil6ninKewl28+5gmmTknzI5wTfBvS
	kILcVcxkZcgCMJcEpyQm33NxM59nE7L9pyaPPUYuRJ/rFVeWfhF31YpkZxTgFw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743026454; a=rsa-sha256; cv=none;
	b=QA1q7UWvPlaEe4FsixNpyKQUVMPy2ftNymlSdnJ8DuHiCOq+R02c5UU/kWnfh6vu9YDO/3
	++PaXBIC2iHp3Wrg2AQBQR766trExcqg0Jf764mwftRdDqK3jw6BDdGL9VJimNOrNkOtT4
	mHofSOYHR9sGxGTHSHup7DBCwLFlsu8sH0SPoNscZ0erVCqxvNnu9Yg2B0VdVwp/zVTUVJ
	EFjkxbVFeDTiG+Bil3wwveHTEo0udqXTVlpNG8XTp3nhUA8kwxBwliJ5qHFwUlv0jGjASk
	5CRW09aom5fp6Hh0aMmq+ZAKUnGBgeaKuXDHgEGSvFqSdQ6Nm9bxRtjqCN/DpA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743026454;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=08CizkAW9x7Vcn4LzK34/oxg10UeH3qtVHm4SlciYDo=;
	b=gglBvZ1woOjmAwjtjQJUsJFNaQdJs+xYV/0gse0IiqacIlzRKamHQO+8k0uBicHCB19DL1
	sHdm46UNdXpoZza7fCtYe5CoyDVC2vqHhiocuMjlUWU/dlm2SPvd88eAbsK+L8oVySQ2/G
	HXXlEMKdKVXDk/xHOyX+KRVF2z8utpYDfMiUBIIL+YNIUTpQ29zJBKnEYEZ/+mK5kH1zjX
	iB0gYt3ydxlabUCZtKvm8I148Di0Cl9WDinyz9BZKZ3SKsCxFG8sWHTGJtNPT9PhF3UWMW
	k/AyON4b5pqYm1qf2MjFmF03c3wxGcgUgQS/FwoF+ivCRXFC0bclbcSvw+lMZQ==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZNLMV4XYXzD45
	for <bugs@FreeBSD.org>; Wed, 26 Mar 2025 22:00:54 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 52QM0sHs071308
	for <bugs@FreeBSD.org>; Wed, 26 Mar 2025 22:00:54 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 52QM0sXv071307
	for bugs@FreeBSD.org; Wed, 26 Mar 2025 22:00:54 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 285681] [Hyper-V] i386 panic during storvsc_xferbuf_prepare()
Date: Wed, 26 Mar 2025 22:00:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 15.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: dim@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-285681-227-JP8PIUo6O1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-285681-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-285681-227@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285681

Dimitry Andric <dim@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |markj@FreeBSD.org

--- Comment #2 from Dimitry Andric <dim@FreeBSD.org> ---
With this patch instead:

--- a/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
+++ b/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
@@ -1820,7 +1820,7 @@ storvsc_xferbuf_prepare(void *arg, bus_dma_segment_t
*segs, int nsegs, int error
        union ccb *ccb =3D reqp->ccb;
        struct ccb_scsiio *csio =3D &ccb->csio;
        struct storvsc_gpa_range *prplist;
-       int i;
+       int i, j;

        prplist =3D &reqp->prp_list;
        prplist->gpa_range.gpa_len =3D csio->dxfer_len;
@@ -1831,6 +1831,10 @@ storvsc_xferbuf_prepare(void *arg, bus_dma_segment_t
*segs, int nsegs, int error
 #if !defined(__aarch64__)
                if (nsegs > 1) {
                        if (i =3D=3D 0) {
+                               for (j =3D 0; j < nsegs; j++)
+                                       printf("segs[%d]: ofs 0x%jx, len
%zu\n",
+                                           j, (uintmax_t)segs[j].ds_addr,
+                                           segs[j].ds_len);
                                KASSERT((segs[i].ds_addr & PAGE_MASK) +
                                    segs[i].ds_len =3D=3D PAGE_SIZE,
                                    ("invalid 1st page, ofs 0x%jx, len %zu",

The output is:

... lots of segs[], all 4096 bytes long
segs[0]: ofs 0x39cc000, len 4096
segs[1]: ofs 0x39cd000, len 4096
segs[0]: ofs 0x39cf000, len 2048
segs[1]: ofs 0x39d0000, len 2048
panic: invalid 1st page, ofs 0x39cf000, len 2048
cpuid =3D 1
time =3D 1743026282
KDB: stack backtrace:
db_trace_self_wrapper(fd,152da780,0,2,24baf780,...) at
db_trace_self_wrapper+0x28/frame 0x36cb3020
vpanic(141534a,36cb305c,36cb305c,36cb3080,132bb2d,...) at vpanic+0xf4/frame
0x36cb303c
panic(141534a,39cf000,0,800,0,...) at panic+0x14/frame 0x36cb3050
storvsc_xferbuf_prepare(26c34000,24baf780,2,0) at
storvsc_xferbuf_prepare+0xed/frame 0x36cb3080
bus_dmamap_load_mem(24ba6100,26c39100,36cb30d4,132ba40,26c34000,1) at
bus_dmamap_load_mem+0x2f2/frame 0x36cb30b4
bus_dmamap_load_ccb(24ba6100,26c39100,37e94bec,132ba40,26c34000,1) at
bus_dmamap_load_ccb+0x4a/frame 0x36cb30f4
storvsc_action(2b104180,37e94bec) at storvsc_action+0x3a7/frame 0x36cb3140
xpt_run_devq(2b100080,36e59000,1cef7030,2b100090,37e94bec,...) at
xpt_run_devq+0x287/frame 0x36cb317c
xpt_action_default(37e94bec) at xpt_action_default+0x3c6/frame 0x36cb31a0
scsi_action(37e94bec) at scsi_action+0x19/frame 0x36cb31b8
dastart(36e29100,37e94bec) at dastart+0x30d/frame 0x36cb31f4
xpt_run_allocq(36e29100,480) at xpt_run_allocq+0x8b/frame 0x36cb321c
cam_iosched_schedule(1cad0b80,36e29100) at cam_iosched_schedule+0x21/frame
0x36cb3230
dastrategy(36f00a78) at dastrategy+0x64/frame 0x36cb324c
g_disk_start(36ebe860,36ef496c,2d1abb00,1000,0,...) at g_disk_start+0x469/f=
rame
0x36cb32ac
g_io_request(36ebe860,36e8df40,200,0,36ed0e00,...) at g_io_request+0x26b/fr=
ame
0x36cb32d4
g_part_start(36ef496c,396c9b14,2d1ab680,1000,0,...) at g_part_start+0x114/f=
rame
0x36cb334c
g_io_request(36ef496c,2499aec0,36cb3398,20b3513,4e,...) at
g_io_request+0x26b/frame 0x36cb3374
vdev_geom_io_start(37076b40,7,36c8ca7b,0,41,...) at
vdev_geom_io_start+0x26f/frame 0x36cb33a0
zio_vdev_io_start(37076b40,7,36c8c503,1df16d7,1e14d3b,...) at
zio_vdev_io_start+0x559/frame 0x36cb33e0
zio_nowait(37076b40,36cb3440,1ffc930,2,2032ca0,...) at zio_nowait+0x143/fra=
me
0x36cb3420
vdev_mirror_io_start(370a0b40,36f87000,370a0b40,2157040,36cb347c,...) at
vdev_mirror_io_start+0x13b/frame 0x36cb344c
zio_vdev_io_start(370a0b40,1df16d7,1e14d3b,1e185c7,1e185a1,...) at
zio_vdev_io_start+0x559/frame 0x36cb348c
zio_execute(370a0b40,1,36cb3524,fcf452,370a0ea0,...) at zio_execute+0x93/fr=
ame
0x36cb34c4
taskq_run_ent(370a0ea0,1) at taskq_run_ent+0x1f/frame 0x36cb34d4
taskqueue_run_locked(152da780,1a55074,36cb3568,36cb3554,f2e09b,...) at
taskqueue_run_locked+0x192/frame 0x36cb3524
taskqueue_thread_loop(36f94f90,36cb3568) at taskqueue_thread_loop+0xae/frame
0x36cb3538
fork_exit(fd0090,36f94f90,36cb3568,0,0,...) at fork_exit+0x6b/frame 0x36cb3=
554
fork_trampoline() at 0xffc0348e/frame 0x36cb3554

So the question seems to become: what initiated these two requests for 2048
bytes?

--=20
You are receiving this mail because:
You are the assignee for the bug.=