[Bug 223813] [mps] page fault in mps_user_pass_thru() -> copyout() on 11.1-RELEASE-p4, sys/dev/mps/mps_user.c:1040
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Mar 17 14:52:23 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223813
Babak Farrokhi <farrokhi at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |farrokhi at FreeBSD.org
--- Comment #3 from Babak Farrokhi <farrokhi at FreeBSD.org> ---
You could easily reproduce it by calling `sas2ircu LABEL` sub-command on any
vdev in a zpool. It does not happen (in my case) if physical disk is not in a
zpool.
Some more information taken from vmcore:
(kgdb) bt
#0 doadump () at pcpu.h:234
#1 0xffffffff80b050e8 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:388
#2 0xffffffff80b05508 in vpanic (fmt=<value optimized out>, ap=<value
optimized out>) at /usr/src/sys/kern/kern_shutdown.c:781
#3 0xffffffff80b05343 in panic (fmt=<value optimized out>) at
/usr/src/sys/kern/kern_shutdown.c:712
#4 0xffffffff80dfc2c6 in vm_fault_hold (map=<value optimized out>,
vaddr=<value optimized out>, fault_type=<value optimized out>,
fault_flags=<value optimized out>, m_hold=<value optimized out>) at
/usr/src/sys/vm/vm_fault.c:561
#5 0xffffffff80df9db5 in vm_fault (map=0xfffff80003000000, vaddr=<value
optimized out>, fault_type=1 '\001', fault_flags=0)
at /usr/src/sys/vm/vm_fault.c:512
#6 0xffffffff80f89675 in trap_pfault (frame=0xfffffe085b757610, usermode=0) at
/usr/src/sys/amd64/amd64/trap.c:805
#7 0xffffffff80f88bdd in trap (frame=0xfffffe085b757610) at
/usr/src/sys/amd64/amd64/trap.c:438
#8 0xffffffff80f68d9c in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:231
#9 0xffffffff80f8696e in copyout () at /usr/src/sys/amd64/amd64/support.S:254
#10 0xffffffff8069c502 in mps_ioctl (dev=<value optimized out>, cmd=<value
optimized out>, arg=<value optimized out>)
at /usr/src/sys/dev/mps/mps_user.c:1040
#11 0xffffffff809d24a8 in devfs_ioctl_f (fp=0xfffff80010ed3320, com=3224914180,
data=0xfffffe085b7578d0, cred=0xfffff80100e65e00, td=0xfffff800251f5000)
at /usr/src/sys/fs/devfs/devfs_vnops.c:791
#12 0xffffffff80b68637 in kern_ioctl (td=0xfffff800251f5000, fd=5,
com=3224914180, data=<value optimized out>) at src/sys/sys/file.h:323
#13 0xffffffff80b6835b in sys_ioctl (td=0xfffff800251f5000,
uap=0xfffff800251f5538) at /usr/src/sys/kern/sys_generic.c:745
#14 0xffffffff80f8a5f6 in amd64_syscall (td=0xfffff800251f5000, traced=0) at
src/sys/amd64/amd64/../../kern/subr_syscall.c:132
#15 0xffffffff80f6967d in fast_syscall_common () at
/usr/src/sys/amd64/amd64/exception.S:494
#16 0x0000000000446adc in ?? ()
Previous frame inner to this frame (corrupt stack?)
Frame 10:
(kgdb) up
#10 0xffffffff8069c502 in mps_ioctl (dev=<value optimized out>, cmd=<value
optimized out>, arg=<value optimized out>)
at /usr/src/sys/dev/mps/mps_user.c:1040
1040 copyout(cm->cm_reply, PTRIN(data->PtrReply),
data->ReplySize);
Current language: auto; currently minimal
(kgdb) list
1035 mps_printf(sc, "%s: user reply buffer (%d)
smaller "
1036 "than returned buffer (%d)\n", __func__,
1037 data->ReplySize, sz);
1038 }
1039 mps_unlock(sc);
1040 copyout(cm->cm_reply, PTRIN(data->PtrReply),
data->ReplySize);
1041 mps_lock(sc);
1042
1043 if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
1044 (function ==
MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
Frame 11:
(kgdb) up
#11 0xffffffff809d24a8 in devfs_ioctl_f (fp=0xfffff80010ed3320, com=3224914180,
data=0xfffffe085b7578d0, cred=0xfffff80100e65e00, td=0xfffff800251f5000)
at /usr/src/sys/fs/devfs/devfs_vnops.c:791
791 error = dsw->d_ioctl(dev, com, data, fp->f_flag, td);
(kgdb) list
786 error = copyout(p, fgn->buf, i);
787 td->td_fpop = fpop;
788 dev_relthread(dev, ref);
789 return (error);
790 }
791 error = dsw->d_ioctl(dev, com, data, fp->f_flag, td);
792 td->td_fpop = NULL;
793 dev_relthread(dev, ref);
794 if (error == ENOIOCTL)
795 error = ENOTTY;
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list