Created attachment 227185 [details] Causes a kernel page fault if placed at the end of a memory stick. If I dd the attached data to the end of a memory stick, or run mdconfig -f si160.img I get a kernel page fault on my 13.0-RELEASE-p3 machine: GEOM_RAID: SiI-36f0f5d40c31: Array SiI-36f0f5d40c31 created. GEOM_RAID: SiI-36f0f5d40c31: Disk md0 state changed from NONE to FAILED. GEOM_RAID: SiI-36f0f5d40c31: Subdisk @aA¸sD|/s:0-md0 state changed from NONE to FAILED. GEOM_RAID: SiI-36f0f5d40c31: Array started. GEOM_RAID: SiI-36f0f5d40c31: Volume @aA¸sD|/s state changed from STARTING to SUBOPTIMAL. GEOM_RAID: SiI-36f0f5d40c31: Provider raid/r0 for volume @aA¸sD|/s created. GEOM_RAID: Warning! I/O request to an absent disk! [unknown][READ(offset=12642167526035968, length=-12642167526035968)] GEOM_RAID: Warning! I/O request to an absent disk! [unknown][READ(offset=0, length=0)] GEOM_RAID: Warning! I/O request to a disk in a wrong state (NONE)! [unknown][READ(offset=0, length=0)] Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x78 fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff80b618b8 stack pointer = 0x0:0xfffffe0063d5aa80 frame pointer = 0x0:0xfffffe0063d5aaa0 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 725 (g_raid SiI-36f0f5d4) trap number = 12 panic: page fault cpuid = 0 time = 1628953025 KDB: stack backtrace: #0 0xffffffff80c57515 at kdb_backtrace+0x65 #1 0xffffffff80c09ef1 at vpanic+0x181 #2 0xffffffff80c09d63 at panic+0x43 #3 0xffffffff8108b1b7 at trap_fatal+0x387 #4 0xffffffff8108b20f at trap_pfault+0x4f #5 0xffffffff8108a86d at trap+0x27d #6 0xffffffff810619a8 at calltrap+0x8 #7 0xffffffff80b843a4 at g_raid_tr_iostart_concat+0x244 #8 0xffffffff80b62c70 at g_raid_worker+0x530 #9 0xffffffff80bc7e2e at fork_exit+0x7e #10 0xffffffff81062a2e at fork_trampoline+0xe
Thanks for the report. I've posted a potential fix for review at https://reviews.freebsd.org/D41222.
(In reply to John Baldwin from comment #1) D41222 does indeed fix the problem for me.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=4c89c0127dcadaa0d337c23d028f3fea5e76317a commit 4c89c0127dcadaa0d337c23d028f3fea5e76317a Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2023-08-04 23:41:05 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2023-08-04 23:41:05 +0000 g_raid concat: Fail requests to read beyond the end of the volume Previously a debug kernel would trigger an assertion failure if an I/O request attempted to read off the end of a concat volume, but a non-debug kernel would use an invalid sub-disk to try to complete the request eventually resulting in some sort of fault in the kernel. Instead, turn the assertions into explicit checks that fail requests beyond the end of the volume with EIO. For requests which run over the end of the volume, return a short request. PR: 257838 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D41222 sys/geom/raid/tr_concat.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=63f07c05de4eed513054c5b3d1981eb4fffe5ae6 commit 63f07c05de4eed513054c5b3d1981eb4fffe5ae6 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2023-08-04 23:41:05 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2023-09-06 21:56:10 +0000 g_raid concat: Fail requests to read beyond the end of the volume Previously a debug kernel would trigger an assertion failure if an I/O request attempted to read off the end of a concat volume, but a non-debug kernel would use an invalid sub-disk to try to complete the request eventually resulting in some sort of fault in the kernel. Instead, turn the assertions into explicit checks that fail requests beyond the end of the volume with EIO. For requests which run over the end of the volume, return a short request. PR: 257838 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D41222 (cherry picked from commit 4c89c0127dcadaa0d337c23d028f3fea5e76317a) sys/geom/raid/tr_concat.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=0f6ffc7ff3018d54857c361d251d0c89ab88ec0e commit 0f6ffc7ff3018d54857c361d251d0c89ab88ec0e Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2023-08-04 23:41:05 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2023-09-06 20:02:51 +0000 g_raid concat: Fail requests to read beyond the end of the volume Previously a debug kernel would trigger an assertion failure if an I/O request attempted to read off the end of a concat volume, but a non-debug kernel would use an invalid sub-disk to try to complete the request eventually resulting in some sort of fault in the kernel. Instead, turn the assertions into explicit checks that fail requests beyond the end of the volume with EIO. For requests which run over the end of the volume, return a short request. PR: 257838 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D41222 (cherry picked from commit 4c89c0127dcadaa0d337c23d028f3fea5e76317a) sys/geom/raid/tr_concat.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-)