NetBSD Problem Report #44751

From www@NetBSD.org  Mon Mar 21 12:53:07 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 16A1F63BCA0
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 21 Mar 2011 12:53:07 +0000 (UTC)
Message-Id: <20110321125306.16D6963B8DE@www.NetBSD.org>
Date: Mon, 21 Mar 2011 12:53:06 +0000 (UTC)
From: netbsd@eq.cz
Reply-To: netbsd@eq.cz
To: gnats-bugs@NetBSD.org
Subject: mount_udf panics netbsd-5
X-Send-Pr-Version: www-1.0

>Number:         44751
>Category:       kern
>Synopsis:       mount_udf panics netbsd-5
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 21 12:55:00 +0000 2011
>Originator:     rudolf
>Release:        5.1_STABLE
>Organization:
>Environment:
NetBSD 5.1_STABLE i386 (netbsd-5 sources from 03/19/2011)
>Description:
I am able to reliably panic the system by trying to mount a dvd+rw medium formatted by Windows 7 OS with UDF file system (version 2.50).

hand-copy ("sync" in ddb works, but savecore(8) finds nothing) of a session in single-user regime:

###################

# mount_udf /dev/cd0d /mnt
CD mmc 26, mmc_cur 0xb2, mmc_cap 0xd2b
cd0(ahcisata0:1:0):  check condition on CDB: 0x28 00 23 05 3e ff 00 00 01 00
    SENSE KEY:  Illegal Request
   INFO FIELD:  587546367
 COMMAND INFO:  671088655 (0x2800000f)
     ASC/ASCQ:  Logical Block Address Out of Range

[ this block from "cd0(ahcisata0:1:0)" is printed twice, the second time with "INFO FIELD:  587546623", otherwise it is same ]

panic: kernel diagnostic assertion "ump->packet_size <= 64" failed: file "/usr/src/sys/fs/udf/udf_strat_rmw.c", line 1403
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c074cb3c cs 8 eflags 286 cr2 bbb53df0 ilevel 0
stopped in pid 3.1 (mount_udf) at netbsd:breakpoint+0x4:  popl  %ebp
db{1}> bt
breakpoint([...]) at netbsd:breakpoint+0x4
cpu_Debugger([...]) at netbsd:cpu_Debugger+0xb
panic([...]) at netbsd:panic+0x157
__kernassert([...]) at netbsd:__kernassert+0x37
udf_discstrat_init_rmw([...]) at netbsd:udf_discstrat_init_rmw+0x145
udf_discstrat_init([...]) at netbsd:udf_discstrat_init+0x58
udf_mountfs([...]) at netbsd:udf_mountfs+0x3f8
udf_mount([...]) at netbsd:udf_mount+0x2a6
VFS_MOUNT([...]) at netbsd:VFS_MOUNT+0x38
mount_domount([...]) at netbsd:mount_domount+0x2d3
[...]

###################

$ ident /netbsd | grep udf
     $NetBSD: udf_osta.c,v 1.7.8.1 2009/07/09 19:44:34 snj Exp $
     $NetBSD: udf_vfsops.c,v 1.52.2.3 2009/07/09 19:44:34 snj Exp $
     $NetBSD: udf_vnops.c,v 1.30.4.8 2009/09/26 18:38:07 snj Exp $
     $NetBSD: udf_subr.c,v 1.73.4.12 2009/07/09 19:44:34 snj Exp $
     $NetBSD: udf_readwrite.c,v 1.8.4.2 2009/07/09 19:44:34 snj Exp $
     $NetBSD: udf_strat_bootstrap.c,v 1.2.4.1 2009/07/09 19:44:34 snj Exp $
     $NetBSD: udf_strat_sequential.c,v 1.5.4.4 2009/07/09 19:44:34 snj Exp $
     $NetBSD: udf_strat_direct.c,v 1.5.4.5 2009/07/09 19:44:34 snj Exp $
     $NetBSD: udf_strat_rmw.c,v 1.9.4.10 2009/07/09 19:53:49 snj Exp $
     $NetBSD: udf_allocation.c,v 1.18.4.4 2009/07/09 19:44:34 snj Exp $

###################

# dvd+rw-mediainfo /dev/rcd0d
INQUIRY:                [HL-DT-ST][DVDRAM GSA-T50N ][RS06]
GET [CURRENT] CONFIGURATION:
 Mounted Media:         1Ah, DVD+RW
 Current Write Speed:   4.0x1385=5540KB/s
 Write Speed #0:        4.0x1385=5540KB/s
 Write Speed #1:        2.4x1385=3324KB/s
GET [CURRENT] PERFORMANCE:
 Write Performance:     2.4x1385=3324KB/s@[0 -> 125951]
                        4.0x1385=5540KB/s@[125952 -> 2295103]
 Speed Descriptor#0:    02/2295103 R@3.3x1385=4584KB/s W@4.0x1385=5540KB/s
 Speed Descriptor#1:    02/2295103 R@3.3x1385=4584KB/s W@2.4x1385=3324KB/s
READ DVD STRUCTURE[#0h]:
 Media Book Type:       00h, DVD-ROM book [revision 0]
 Media ID:              DAXON/D42
 Legacy lead-out at:    2295104*2KB=4700372992
READ DISC INFORMATION:
 Disc status:           complete
 Number of Sessions:    1
 State of Last Session: complete
 Number of Tracks:      1
 BG Format Status:      suspended
READ FORMAT CAPACITIES:
 formatted:             2295104*2048=4700372992
 26h(0):                2295104*2048=4700372992
READ TRACK INFORMATION[#1]:
 Track State:           complete
 Track Start Address:   0*2KB
 Free Blocks:           0*2KB
 Track Size:            2295104*2KB
FABRICATED TOC:
 Track#1  :             14@0
 Track#AA :             14@2295104
 Multi-session Info:    #1@0
READ CAPACITY:          2295104*2048=4700372992

###################

The kernel is slightly modified GENERIC:

-options        LKM             # loadable kernel modules
-options                MODULAR         # new style module framework
+#options       LKM             # loadable kernel modules
+#options               MODULAR         # new style module framework

-#options       DIAGNOSTIC      # expensive kernel consistency checks
-#options       DEBUG           # expensive debugging checks/support
-#options       KMEMSTATS       # kernel memory statistics (vmstat -m)
+options        DIAGNOSTIC      # expensive kernel consistency checks
+options        DEBUG           # expensive debugging checks/support
+options        LOCKDEBUG
+options        KMEMSTATS       # kernel memory statistics (vmstat -m)

-#options       DDB_ONPANIC=1   # see also sysctl(8): `ddb.onpanic'
+options        DDB_ONPANIC=1   # see also sysctl(8): `ddb.onpanic'

-#makeoptions   DEBUG="-g"      # compile full symbol table
+makeoptions    DEBUG="-g"      # compile full symbol table

-#file-system   UDF             # experimental - OSTA UDF CD/DVD file-system
+file-system    UDF             # experimental - OSTA UDF CD/DVD file-system

+i915drm*       at vga? # Intel i915, i945 DRM driver

-azalia*        at pci? dev ? function ?        # High Definition Audio
+#azalia*       at pci? dev ? function ?        # High Definition Audio

-#hdaudio*      at pci? dev ? function ?        # High Definition Audio
-#hdafg*                at hdaudiobus?
+hdaudio*       at pci? dev ? function ?        # High Definition Audio
+hdafg*         at hdaudiobus?
+options        HDAUDIO_DEBUG
+options        HDAUDIO_CFG_DEBUG

>How-To-Repeat:

>Fix:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.