From robbak@dodo.com.au  Tue Jan 11 01:34:46 2005
Return-Path: <robbak@dodo.com.au>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2304216A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Jan 2005 01:34:46 +0000 (GMT)
Received: from relay01.mail-hub.kbs.net.au (relay01.mail-hub.kbs.net.au [203.220.32.149])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6B0FA43D46
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Jan 2005 01:34:45 +0000 (GMT)
	(envelope-from robbak@dodo.com.au)
Received: from [203.221.10.9] (helo=swegg.robbak.com)
	by relay01.mail-hub.kbs.net.au with esmtp (Exim 3.36 #2)
	id 1CoAvi-0008Qm-00
	for FreeBSD-gnats-submit@freebsd.org; Tue, 11 Jan 2005 12:34:43 +1100
Received: from swegg.robbak.com (localhost [127.0.0.1])
	by swegg.robbak.com (8.13.1/8.13.1) with ESMTP id j0B1XlFU004080
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Jan 2005 11:33:47 +1000 (EST)
	(envelope-from robbak@swegg.robbak.com)
Received: (from robbak@localhost)
	by swegg.robbak.com (8.13.1/8.13.1/Submit) id j0B1XkbJ004079;
	Tue, 11 Jan 2005 11:33:46 +1000 (EST)
	(envelope-from robbak)
Message-Id: <200501110133.j0B1XkbJ004079@swegg.robbak.com>
Date: Tue, 11 Jan 2005 11:33:46 +1000 (EST)
From: Robert Backhaus <robbak@dodo.com.au>
Reply-To: Robert Backhaus <robbak@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: "bio_completed .. greater than bio_length" panic using SONY CRX1611 CD/RW
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         76080
>Category:       kern
>Synopsis:       [ata] [panic] "bio_completed .. greater than bio_length" panic using SONY CRX1611 CD/RW
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 11 01:40:21 GMT 2005
>Closed-Date:    Thu Apr 19 03:33:27 GMT 2007
>Last-Modified:  Thu Apr 19 03:33:27 GMT 2007
>Originator:     Robert Backhaus
>Release:        FreeBSD 6.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD swegg.robbak.com 6.0-CURRENT FreeBSD 6.0-CURRENT #0: Sun Jan 9 18:55:24 EST 2005 robbak@swegg.robbak.com:/usr/obj/usr/src6/src/sys/GENERIC i386


Athlon XP2400, SIS 748FX, Sony CRX1611 CD-RW
dmesg:
	acd0: CDRW <SONY CD-RW CRX1611/TYS3> at ata1-master PIO4
>Description:
Attempts to access this drive cause a panic with the GENERIC kernel
(debugging enabled). With my custom (no debugging) kernel it posts the
errors (below). This locks the drive, and causes instability.

[/var/log/messages, custom kernel, mount attempt]
kernel: acd0: WARNING - READ_BIG DONEDRQ non conformant device
Jan  9 15:02:01 swegg kernel: acd0: WARNING - READ_BIG read data overrun 24>0
Jan  9 15:02:01 swegg kernel: acd0: timeout sending command=a0
Jan  9 15:02:01 swegg kernel: acd0: error issuing ATA PACKET command
Jan  9 15:02:01 swegg kernel: g_vfs_done():acd0[READ(offset=34816, length=2048)] error = 5
Jan  9 15:02:01 swegg kernel: acd0: timeout sending command=a0
Jan  9 15:02:01 swegg kernel: acd0: error issuing ATA PACKET command
Jan  9 15:02:06 swegg kernel: acd0: timeout sending command=a0
Jan  9 15:02:06 swegg kernel: acd0: error issuing ATA PACKET command

[backtrace, GERNERIC kernel, mount attempt in single-user]
(kgdb) bt
#0  doadump () at pcpu.h:159
#1  0xc066bee5 in boot (howto=260)
    at /usr/src6/src/sys/kern/kern_shutdown.c:398
#2  0xc066b969 in panic (
    fmt=0xc08d1ccc "bio_completed can't be greater than bio_length")
    at /usr/src6/src/sys/kern/kern_shutdown.c:554
#3  0xc062dcb9 in g_io_deliver (bp=0xc1731b58, error=5)
    at /usr/src6/src/sys/geom/geom_io.c:308
#4  0xc04ed33c in acd_done (request=0xc1719264)
    at /usr/src6/src/sys/dev/ata/atapi-cd.c:1210
#5  0xc04d55b2 in ata_completed (context=0xc1719264, dummy=1)
    at /usr/src6/src/sys/dev/ata/ata-queue.c:399
#6  0xc0690671 in taskqueue_run (queue=0xc1602200)
    at /usr/src6/src/sys/kern/subr_taskqueue.c:192
#7  0xc0690988 in taskqueue_thread_loop (arg=0x0)
    at /usr/src6/src/sys/kern/subr_taskqueue.c:251
#8  0xc0653fb6 in fork_exit (callout=0xc0690950 <taskqueue_thread_loop>,
    arg=0x0, frame=0x0) at /usr/src6/src/sys/kern/kern_fork.c:790
#9  0xc0853a3c in fork_trampoline ()
    at /usr/src6/src/sys/i386/i386/exception.s:208
(kgdb)


Notes:
This is the same issue as in i386/75090. This new PR commemerates it's
discovery in CURRENT

I have the coredump from which I retrieved that bt, and would be happy to
send it somewhere, but it bzips to 15MB, which would be quite an endeavour
on dial-up...
>How-To-Repeat:

Attempt to use drive in 6.CURRENT
>Fix:
Use a different drive....


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Wed Nov 23 03:05:22 GMT 2005 
State-Changed-Why:  
Is this still a problem on 6.0-RELEASE? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76080 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Thu Apr 19 03:32:28 UTC 2007 
State-Changed-Why:  
Feedback timeout (> 1 year). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76080 
>Unformatted:
