Project

General

Profile

Actions

Bug #14694

open

format can induce panic in nvme

Added by Joshua M. Clulow about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
driver - device drivers
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

In format:

root@unknown:~# format
Searching for disks...done

AVAILABLE DISK SELECTIONS:
       0. c1t1d0 <HP-SSD EX950 1TB-42A4SBMA-953.87GB>
          /pci@0,0/pci1022,1483@3,3/pci1dee,1dee@0/blkdev@1,0
       1. c2t1d0 <HP-SSD EX950 1TB-42A4SBMA-953.87GB>
          /pci@0,0/pci1022,1483@3,4/pci1dee,1dee@0/blkdev@1,0
Specify disk (enter its number): 0
selecting c1t1d0
No defect list found
[disk formatted, no defect list found]

FORMAT MENU:
        disk       - select a disk
        type       - select (define) a disk type
        partition  - select (define) a partition table
        current    - describe the current disk
        format     - format and analyze the disk
        fdisk      - run the fdisk program
        repair     - repair a defective sector
        show       - translate a disk address
        label      - write label to the disk
        analyze    - surface analysis
        defect     - defect list management
        backup     - search for backup labels
        verify     - read and display labels
        volname    - set 8-character volume name
        !<cmd>     - execute <cmd>, then return
        quit
format> p

PARTITION MENU:
        0      - change `0' partition
        1      - change `1' partition
        2      - change `2' partition
        3      - change `3' partition
        4      - change `4' partition
        5      - change `5' partition
        6      - change `6' partition
        expand - expand label to use whole disk
        select - select a predefined table
        modify - modify a predefined partition table
        name   - name the current table
        print  - display the current table
        label  - write partition map and label to the disk
        !<cmd> - execute <cmd>, then return
        quit
partition> 0
Part      Tag    Flag     First Sector          Size          Last Sector
  0        usr    wm            524544       953.61GB           2000392846

Enter partition id tag[usr]: unassigned
Enter partition permission flags[wm]:
Enter new starting Sector[524544]: 0
`0' is out of range.
Enter new starting Sector[524544]: 0
`0' is out of range.
Enter new starting Sector[524544]: 1
`1' is out of range.
Enter new starting Sector[524544]: 0
`0' is out of range.
Enter new starting Sector[524544]:
Enter partition size[1999868303b, 2000392846e, 976498mb, 953gb, 0tb]: 0
partition> p
Current partition table (unnamed):
Total disk sectors available: 2000392842 + 16384 (reserved sectors)

Part      Tag    Flag     First Sector          Size          Last Sector
  0 unassigned    wm                 0            0                0
  1   reserved    wm        2000392847         8.00MB           2000409230
  2 unassigned    wm                 0            0                0
  3 unassigned    wm                 0            0                0
  4 unassigned    wm                 0            0                0
  5 unassigned    wm                 0            0                0
  6 unassigned    wm                 0            0                0

partition> label
Ready to label disk, continue? y

panic[cpu0]/thread=fffffbe3627f5c20: programming error: LBA out of range in cmd fffffdf4b5f43840

Warning - stack not written to the dump buffer
fffffbe3627f5ad0 genunix:dev_err+7f ()
fffffbe3627f5b10 nvme:nvme_check_generic_cmd_status+a7 ()
fffffbe3627f5b50 nvme:nvme_bd_xfer_done+99 ()
fffffbe3627f5c00 genunix:taskq_thread+2cd ()
fffffbe3627f5c10 unix:thread_start+b ()

skipping system dump - no dump device configured
rebooting...

Whoops!

Actions #1

Updated by Joshua M. Clulow about 2 months ago

I think this is more generally true of any I/O sadly:

root@unknown:~# prtvtoc /dev/dsk/c1t1d0p0
* /dev/dsk/c1t1d0p partition map
*
* Dimensions:
*         512 bytes/sector
*  2000409264 sectors
*  2000409226 accessible sectors
*
* Flags:
*   1: unmountable
*  10: read-only
*
* Unallocated space:
*         First       Sector      Last
*         Sector       Count      Sector
*            34  2000392813  2000392846
*    2000409231          28  2000409258
*
*                            First       Sector      Last
* Partition  Tag  Flags      Sector       Count      Sector  Mount Directory
       1     11    00   2000392847       16384  2000409230

root@unknown:~# dd if=/dev/zero of=/dev/dsk/c1t1d0p0 bs=512 count=1024 seek=0
1024+0 records in
1024+0 records out
524288 bytes (512 KiB) transferred in 0.008005 secs (62 MiB/sec)

root@unknown:~# dd if=/dev/zero of/dev/dsk/c1t1d0p0 bs=512 count=1024 seek=$((
 2000409230-1024))
May 16 00:28:40 un
pannown cmlb: WARNiNG: /pci@0,0/pc1c022,1483@3,3/pi[1dee,1dee@0/cpu22]/thread=fffffbe362137c20: programming error: LBA out of range in cmd fffffdf4b6053a40

Warning - stack not written to the dump buffer
fffffbe362137ad0 genunix:dev_err+7f ()
fffffbe362137b10 nvme:nvme_check_generic_cmd_status+a7 ()
fffffbe362137b50 nvme:nvme_bd_xfer_done+99 ()
fffffbe362137c00 genunix:taskq_thread+2cd ()
fffffbe362137c10 unix:thread_start+b ()

skipping system dump - no dump device configured
rebooting...

This should be some kind of error (EIO?), not a panic.

Actions #2

Updated by Joshua M. Clulow about 2 months ago

It seems that I was able to write or break a partition table to the extent that merely looking at the disk now panics the system.

Actions #3

Updated by Toomas Soome about 2 months ago

Joshua M. Clulow wrote in #note-2:

It seems that I was able to write or break a partition table to the extent that merely looking at the disk now panics the system.

Do you happen to have initial layout? As we should survive bad label, partition edit menu in format also seems to create some sort of mess. With GPT (128 partitions) and 512B sector size, the first usable sector is 34, with sector size 4096, it is 9, apparently we could improve the error message there too...

Actions

Also available in: Atom PDF