Konstantin Belousov <kostikbel_at_gmail.com> wrote: > On Sun, Dec 06, 2015 at 06:51:36PM +0100, Fabian Keil wrote: > > > > #16 0xffffffff80877d5a in bcopy () at /usr/src/sys/amd64/amd64/support.S:118 > > > > #17 0xffffffff805f64e8 in uiomove_faultflag (cp=<value optimized out>, n=<value optimized out>, uio=0xfffffe009444aae0, nofault=<value optimized out>) at /usr/src/sys/kern/subr_uio.c:208 > > > > #18 0xffffffff8046236f in msdosfs_read (ap=<value optimized out>) at /usr/src/sys/fs/msdosfs/msdosfs_vnops.c:596 > > > > #19 0xffffffff808feb20 in VOP_READ_APV (vop=<value optimized out>, a=<value optimized out>) at vnode_if.c:930 > > > > #20 0xffffffff8039bf3a in mdstart_vnode (sc=0xfffff8004c7ce000, bp=0xfffff80028fc81f0) at vnode_if.h:384 > > > From the frame 20, do 'p *bp' in kgdb and mail the result. Do you have > > > any non-standard values for buffer cache knobs, esp. for MAXPHYS ? > > > > (kgdb) p *bp > > $1 = {bio_cmd = 1 '\001', bio_flags = 16 '\020', bio_cflags = 0 '\0', bio_pflags = 0 '\0', bio_dev = 0x0, bio_disk = 0x0, bio_offset = 0, bio_bcount = 0, > > bio_data = 0xfffffe0077d94000 <Address 0xfffffe0077d94000 out of bounds>, bio_ma = 0xfffff8000275bc00, bio_ma_offset = 960, > > bio_ma_n = 33, > This is the issue. The upper layer (ZFS ?) passed down the request > which is max-sized (see bio_length == 32 pages) but not aligned. > The physical buffer used for transient mapping cannot handle this. > > bio_error = 0, bio_resid = 0, > > bio_done = 0xffffffff804e51d0 <g_std_done>, bio_driver1 = 0x0, bio_driver2 = 0x0, bio_caller1 = 0x0, bio_caller2 = 0x0, bio_queue = {tqe_next = 0x0, tqe_prev = 0xfffff8004c7ce018}, bio_attribute = 0x0, > > bio_from = 0xfffff80010131d80, bio_to = 0xfffff800694f2a00, bio_length = 131072, bio_completed = 0, bio_children = 0, bio_inbed = 0, bio_parent = 0xfffff8000628bd90, bio_t0 = {sec = 33029, > > frac = 13163670047247984455}, bio_task = 0, bio_task_arg = 0x0, bio_classifier1 = 0x0, bio_classifier2 = 0x0, bio_pblkno = 0} > > > > I don't use non-standard values for MAXPHYS or other buffer cache settings. > > > > Try the following patch. With this patch I got: [400] Fatal trap 9: general protection fault while in kernel mode [400] cpuid = 0; apic id = 00 [400] instruction pointer = 0x20:0xffffffff8086c603 [400] stack pointer = 0x28:0xfffffe0094422a60 [400] frame pointer = 0x28:0xfffffe0094422a80 [400] code segment = base 0x0, limit 0xfffff, type 0x1b [400] = DPL 0, pres 1, long 1, def32 0, gran 1 [400] processor eflags = interrupt enabled, resume, IOPL = 0 [400] current process = 34142 (md0) [...] (kgdb) where #0 doadump (textdump=0) at pcpu.h:221 #1 0xffffffff80316e5b in db_dump (dummy=<value optimized out>, dummy2=false, dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533 #2 0xffffffff80316c4e in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440 #3 0xffffffff803169e4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 #4 0xffffffff803194eb in db_trap (type=<value optimized out>, code=0) at /usr/src/sys/ddb/db_main.c:251 #5 0xffffffff805e2933 in kdb_trap (type=9, code=0, tf=<value optimized out>) at /usr/src/sys/kern/subr_kdb.c:654 #6 0xffffffff8087d161 in trap_fatal (frame=0xfffffe00944229b0, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:829 #7 0xffffffff8087ce3c in trap (frame=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:203 #8 0xffffffff80861ae7 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:234 #9 0xffffffff8086c603 in pmap_qenter (sva=18446741876956168192, ma=<value optimized out>, count=32) at /usr/src/sys/amd64/amd64/pmap.c:1991 #10 0xffffffff8039e673 in mdstart_vnode (sc=0xfffff80029ac7800, bp=0xfffff800270c15d0) at /usr/src/sys/dev/md/md.c:928 #11 0xffffffff8039c73c in md_kthread (arg=0xfffff80029ac7800) at /usr/src/sys/dev/md/md.c:1158 #12 0xffffffff8055c16c in fork_exit (callout=0xffffffff8039c510 <md_kthread>, arg=0xfffff80029ac7800, frame=0xfffffe0094422c00) at /usr/src/sys/kern/kern_fork.c:1011 #13 0xffffffff8086201e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:609 #14 0x0000000000000000 in ?? () Current language: auto; currently minimal (kgdb) f 9 #9 0xffffffff8086c603 in pmap_qenter (sva=18446741876956168192, ma=<value optimized out>, count=32) at /usr/src/sys/amd64/amd64/pmap.c:1991 1991 m = *ma++; (kgdb) f 10 #10 0xffffffff8039e673 in mdstart_vnode (sc=0xfffff80029ac7800, bp=0xfffff800270c15d0) at /usr/src/sys/dev/md/md.c:928 928 pmap_qenter((vm_offset_t)pb->b_data, (kgdb) l 923 unmapped_step: 924 npages = min(MAXPHYS, roundup2(len + ma_offs, PAGE_SIZE)) / 925 PAGE_SIZE; 926 iolen = min(npages * PAGE_SIZE - ma_offs, len); 927 KASSERT(iolen > 0, ("zero iolen")); 928 pmap_qenter((vm_offset_t)pb->b_data, 929 &bp->bio_ma[ma_offs / PAGE_SIZE], npages); 930 aiov.iov_base = (void *)((vm_offset_t)pb->b_data + 931 ma_offs % PAGE_SIZE); 932 aiov.iov_len = iolen; [...] (kgdb) p *pb $8 = {b_bufobj = 0x1001, b_bcount = 0, b_caller1 = 0x0, b_data = 0x0, b_error = 0, b_iocmd = 0 '\0', b_ioflags = 0 '\0', b_iooffset = -2197012545536, b_resid = -8795990460928, b_iodone = 0x2100000400, b_blkno = 0, b_offset = 1024, b_bobufs = {tqe_next = 0xffffffff804e7bb0, tqe_prev = 0x0}, b_vflags = 0, b_qindex = 0, b_flags = 0, b_xflags = 0 '\0', b_lock = {lock_object = {lo_name = 0x0, lo_flags = 0, lo_data = 0, lo_witness = 0xfffff80029ac7818}, lk_lock = 0, lk_exslpfail = 103222784, lk_timo = -2048, lk_pri = 655147520}, b_bufsize = 131072, b_runningbufspace = 0, b_kvasize = 0, b_dirtyoff = 0, b_dirtyend = 0, b_kvabase = 0xfffff800062853e0 "\001\020", b_lblkno = 398, b_vp = 0xca3691a05b0bac47, b_rcred = 0x0, b_wcred = 0x0, b_union = {bu_freelist = {tqe_next = 0x0, tqe_prev = 0x0}, bu_pager = { pg_iodone = 0, pg_reqpage = 0}}, b_cluster = {cluster_head = {tqh_first = 0x0, tqh_last = 0x401}, cluster_entry = {tqe_next = 0x0, tqe_prev = 0x401}}, b_pages = 0xfffff800270c16d0, b_npages = 0, b_dep = {lh_first = 0xc22730000}, b_fsprivate1 = 0x4000, b_fsprivate2 = 0xfffffe00874b8000, b_fsprivate3 = 0x0, b_pin_count = 0} Fabian
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:01 UTC