Date: Thu, 18 Mar 2010 02:22:04 GMT From: Dieter <freebsd@sopwith.solgatos.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/144843: [firewire] fwcontrol(8) -S causes kernel panic Message-ID: <201003180222.o2I2M4FV046123@www.freebsd.org> Resent-Message-ID: <201003180230.o2I2U11t061576@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 144843
>Category: kern
>Synopsis: [firewire] fwcontrol(8) -S causes kernel panic
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 18 02:30:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Dieter
>Release: 8.0
>Organization:
>Environment:
8.0 RELEASE amd64
>Description:
FreeBSD 8.0
amd64
fwohci1: <NEC uPD72871/2> mem 0xfdeff000-0xfdefffff irq 19 at device 8.0 on pci2
The command
/usr/sbin/fwcontrol -u 1 -S file.dv
quickly and reproducably panics the kernel.
4 attempts -> 4 panics.
Panic #1: I wasn't expecting the panic the first time,
so by the time I got to the console the lovely firmware
had already scribbled all over the panic (I assume)
message.
======================================================
Panic #2: Output of fwcontrol:
NTSC
012
On the console:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x4b631d1411d0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80857d67
stack pointer = 0x28:0xffffff8040677830
frame pointer = 0x28:0xffffff8040677860
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 2177 (fwcontrol)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 7m28s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort
======================================================
Panic #3: No output from fwcontrol this time.
On the console:
kernel trap 9 with interrupts disabled
Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer = 0x20:0xffffffff80846e63
stack pointer = 0x28:0xffffff80406db880
frame pointer = 0x28:0xffffff80406db8e0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = resume, IOPL = 0
current process = 2156 (fwcontrol)
trap number = 9
panic: general protection fault
cpuid = 0
Uptime: 4m51s
<HUNG> Had to press reset.
======================================================
Panic #4: this time in single user mode. Userlnd was
still scribling on the screen, after the page fault,
but it is another trap 12: page fault while in kernel mode,
probably the same as #2.
======================================================
Using a FreeBSD 7.1 binary of fwcontrol with 8.0 kernel does not cause a panic.
Developers please note: you do NOT need a firewire device
to receive the DV data. All you need is a firewire controller
and a DV file. If you don't have a DV file, ffmpeg can transcode
mpeg to DV. The file doesn't need to be very long, the panic
happens in less than one second.
The good news: it should be easy and fast to reproduce.
>How-To-Repeat:
# fwcontrol -S file.dv
>Fix:
Workaround: use 7.1 binary of fwcontrol(8).
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003180222.o2I2M4FV046123>