kern/144843: [firewire] fwcontrol(8) -S causes kernel panic

Dieter freebsd at sopwith.solgatos.com
Thu Mar 18 02:30:01 UTC 2010


>Number:         144843
>Category:       kern
>Synopsis:       [firewire] fwcontrol(8) -S causes kernel panic
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 18 02:30:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Dieter
>Release:        8.0
>Organization:
>Environment:
8.0 RELEASE   amd64
>Description:
FreeBSD 8.0
amd64
fwohci1: <NEC uPD72871/2> mem 0xfdeff000-0xfdefffff irq 19 at device 8.0 on pci2

The command
        /usr/sbin/fwcontrol -u 1 -S  file.dv
quickly and reproducably panics the kernel.
4 attempts -> 4 panics.

Panic #1: I wasn't expecting the panic the first time,
so by the time I got to the console the lovely firmware
had already scribbled all over the panic (I assume)
message.

======================================================

Panic #2: Output of fwcontrol:

        NTSC
        012

On the console:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x4b631d1411d0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80857d67
stack pointer           = 0x28:0xffffff8040677830
frame pointer           = 0x28:0xffffff8040677860
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2177 (fwcontrol)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 7m28s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort

======================================================

Panic #3: No output from fwcontrol this time.

On the console:

kernel trap 9 with interrupts disabled


Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer     = 0x20:0xffffffff80846e63
stack pointer           = 0x28:0xffffff80406db880
frame pointer           = 0x28:0xffffff80406db8e0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 2156 (fwcontrol)
trap number             = 9
panic: general protection fault
cpuid = 0
Uptime: 4m51s


<HUNG>  Had to press reset.

======================================================

Panic #4: this time in single user mode.  Userlnd was
still scribling on the screen, after the page fault,
but it is another trap 12: page fault while in kernel mode,
probably the same as #2.

======================================================

Using a FreeBSD 7.1 binary of fwcontrol with 8.0 kernel does not cause a panic.

Developers please note: you do NOT need a firewire device
to receive the DV data.  All you need is a firewire controller
and a DV file.  If you don't have a DV file, ffmpeg can transcode
mpeg to DV.  The file doesn't need to be very long, the panic
happens in less than one second.

The good news: it should be easy and fast to reproduce.

>How-To-Repeat:
# fwcontrol -S file.dv

>Fix:
Workaround: use 7.1 binary of fwcontrol(8).


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list