From nobody@FreeBSD.org  Thu Mar 18 02:22:04 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CE272106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Mar 2010 02:22:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id B23A38FC17
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Mar 2010 02:22:04 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2I2M4mg046124
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Mar 2010 02:22:04 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o2I2M4FV046123;
	Thu, 18 Mar 2010 02:22:04 GMT
	(envelope-from nobody)
Message-Id: <201003180222.o2I2M4FV046123@www.freebsd.org>
Date: Thu, 18 Mar 2010 02:22:04 GMT
From: Dieter <freebsd@sopwith.solgatos.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [firewire] fwcontrol(8) -S causes kernel panic
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         144843
>Category:       kern
>Synopsis:       [firewire] [panic] fwcontrol(8) -S causes kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-firewire
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 18 02:30:01 UTC 2010
>Closed-Date:    
>Last-Modified:  Sat Sep  3 04:00:19 UTC 2011
>Originator:     Dieter
>Release:        8.0
>Organization:
>Environment:
8.0 RELEASE   amd64
>Description:
FreeBSD 8.0
amd64
fwohci1: <NEC uPD72871/2> mem 0xfdeff000-0xfdefffff irq 19 at device 8.0 on pci2

The command
        /usr/sbin/fwcontrol -u 1 -S  file.dv
quickly and reproducably panics the kernel.
4 attempts -> 4 panics.

Panic #1: I wasn't expecting the panic the first time,
so by the time I got to the console the lovely firmware
had already scribbled all over the panic (I assume)
message.

======================================================

Panic #2: Output of fwcontrol:

        NTSC
        012

On the console:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x4b631d1411d0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80857d67
stack pointer           = 0x28:0xffffff8040677830
frame pointer           = 0x28:0xffffff8040677860
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2177 (fwcontrol)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 7m28s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort

======================================================

Panic #3: No output from fwcontrol this time.

On the console:

kernel trap 9 with interrupts disabled


Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer     = 0x20:0xffffffff80846e63
stack pointer           = 0x28:0xffffff80406db880
frame pointer           = 0x28:0xffffff80406db8e0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 2156 (fwcontrol)
trap number             = 9
panic: general protection fault
cpuid = 0
Uptime: 4m51s


<HUNG>  Had to press reset.

======================================================

Panic #4: this time in single user mode.  Userlnd was
still scribling on the screen, after the page fault,
but it is another trap 12: page fault while in kernel mode,
probably the same as #2.

======================================================

Using a FreeBSD 7.1 binary of fwcontrol with 8.0 kernel does not cause a panic.

Developers please note: you do NOT need a firewire device
to receive the DV data.  All you need is a firewire controller
and a DV file.  If you don't have a DV file, ffmpeg can transcode
mpeg to DV.  The file doesn't need to be very long, the panic
happens in less than one second.

The good news: it should be easy and fast to reproduce.

>How-To-Repeat:
# fwcontrol -S file.dv

>Fix:
Workaround: use 7.1 binary of fwcontrol(8).


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-firewire 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Mar 18 04:20:49 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144843 

From: dieterbsd@engineer.com
To: bug-followup@FreeBSD.org
Cc: freebsd-firewire@freebsd.org, freebsd@sopwith.solgatos.com
Subject: Re: kern/144843: [firewire] fwcontrol(8) -S causes kernel panic
Date: Sun, 02 Jan 2011 21:40:03 -0500

 New info:
 
 I compiled the 7.1 fwcontrol(8) sources under 8.0  -> kernel panic.  :-(
 I compiled the 8.0 fwcontrol(8) sources under 7.1  -> no panic.
 (I made /usr/include a symlink to the include directory that matched=20
 the sources.)
 
 Can anyone duplicate these results?
 
 So it appears that the problem is the compiler rather than the=20
 fwcontrol(8) sources?
 
 

From: dieterbsd@engineer.com
To: bug-followup@FreeBSD.org
Cc: freebsd-firewire@freebsd.org, freebsd@sopwith.solgatos.com
Subject: Re: kern/144843: [firewire] fwcontrol(8) -S causes kernel panic
Date: Fri, 07 Jan 2011 19:26:43 -0500

 > All you need is a firewire controller and a DV file. If you
 > don't have a DV file, ffmpeg can transcode mpeg to DV.
 
 As it turns out, you don't even need a DV file.  The problem
 can be duplicated using bits from /dev/zero.
 
 

From: Sean Bruno <seanbru@yahoo-inc.com>
To: bug-followup@FreeBSD.org, freebsd@sopwith.solgatos.com
Cc:  
Subject: Re: kern/144843: [firewire] [panic] fwcontrol(8) -S causes kernel
 panic
Date: Fri, 02 Sep 2011 15:56:00 -0700

 I think that this panic looks like this?
 
 -bash-4.2# fwcontrol -u 0 -S file.dv 
 NTSC
 pa01nic: vm_phys_alloc_contig: alignment must be a power of 2
 cpuid = 1
 KDB: stack backtrace:
 db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
 kdb_backtrace() at kdb_backtrace+0x37
 panic() at panic+0x187
 vm_phys_alloc_contig() at vm_phys_alloc_contig+0x5e5
 kmem_alloc_contig() at kmem_alloc_contig+0x8e
 contigmalloc() at contigmalloc+0x39
 bus_dmamem_alloc() at bus_dmamem_alloc+0x8b
 fwdma_malloc_size() at fwdma_malloc_size+0x33
 fwdma_malloc_multiseg() at fwdma_malloc_multiseg+0x18b
 fwohci_db_init() at fwohci_db_init+0x10d
 fwohci_itxbuf_enable() at fwohci_itxbuf_enable+0x69
 fw_write() at fw_write+0x359
 devfs_write_f() at devfs_write_f+0xb1
 dofilewrite() at dofilewrite+0x85
 kern_writev() at kern_writev+0x6c
 writev() at writev+0x41
 syscallenter() at syscallenter+0x1aa
 syscall() at syscall+0x4c
 Xfast_syscall() at Xfast_syscall+0xdd
 
 

From: "Dieter BSD" <dieterbsd@engineer.com>
To: bug-followup@FreeBSD.org
Cc: freebsd-firewire@freebsd.org
Subject: Re: kern/144843: [firewire] fwcontrol(8) -S causes kernel panic
Date: Fri, 02 Sep 2011 23:51:48 -0400

 Sean writes:
 > I think that this panic looks like this?
 >
 > -bash-4.2# fwcontrol -u 0 -S file.dv
 > NTSC
 > pa01nic: vm_phys_alloc_contig: alignment must be a power of 2
 
 That certainly looks like a panic.  Do you get the same
 power of 2 alignment one every time?  As you can see in the PR,
 I got at least 2 different panics. (seems odd)  Mine didn't
 say anything about power of 2 alignment, unless the first one did.
 
 Does compiling the 8.x fwcontrol with a 7.x compiler avoid the
 panic for you?
>Unformatted:
