From owner-freebsd-current@FreeBSD.ORG Thu May 1 00:09:10 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C01EA37B401; Thu, 1 May 2003 00:09:10 -0700 (PDT) Received: from baraca.united.net.ua (vlan1.baraca.united.net.ua [195.234.212.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F44543FAF; Thu, 1 May 2003 00:09:09 -0700 (PDT) (envelope-from max@vega.com) Received: from vega.vega.com (root@xDSL-2-2.united.net.ua [193.111.9.226]) h41793VG038756; Thu, 1 May 2003 10:09:04 +0300 (EEST) (envelope-from max@vega.com) Received: from vega.vega.com (max@localhost.vega.com [127.0.0.1]) by vega.vega.com (8.12.6/8.12.5) with ESMTP id h417ABQ8086378; Thu, 1 May 2003 10:10:11 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Received: (from max@localhost) by vega.vega.com (8.12.6/8.12.5/Submit) id h417ABgT086377; Thu, 1 May 2003 10:10:11 +0300 (EEST) Date: Thu, 1 May 2003 10:10:10 +0300 From: Maxim Sobolev To: imp@FreeBSD.org Message-ID: <20030501071010.GB85687@vega.vega.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 4.7-STABLE i386 cc: current@FreeBSD.org Subject: NEWCARD causes kernel panic when modem is inserted X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2003 07:09:11 -0000 Hi, I found that -current panices when I am trying to insert 3Com 3CXM756 modem card. This doesn't happen when I am inserting my older modem card - TDK DF3000, in this case it is detected attached as sio without any problems. Following is postmortem gdb debugging session, please note that for some reason gdb gets it wrong and displays pccard_read_cis() as a faulty function, while in fact the 0xc019ceb6 address belongs to the pccard_scan_cis(). -Maxim Fatal trap 12: page fault while in kernel mode fault virtual address = 0xd04a8000 fault code = supervisor read, page not present instruction pointer = 0x8:0xc019ceb6 stack pointer = 0x10:0xcb826968 frame pointer = 0x10:0xcb826b94 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 8 (cbb0) trap number = 12 panic: page fault syncing disks, buffers remaining... 909 909 909 909 909 909 909 909 909 909 909 909 909 909 909 909 909 ACPI-0432: *** Error: Handler for [EmbeddedControl] returned AE_ERROR ACPI-1284: *** Error: Method execution failed [\\_TZ_.THRM._TMP] (Node 0xc10 4ea20), AE_ERROR 909 909 909 giving up on 723 buffers Uptime: 39s Dumping 255 MB ata0: resetting devices .. done 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 --- #0 doadump () at ../../../kern/kern_shutdown.c:238 238 dumping++; (kgdb) bt #0 doadump () at ../../../kern/kern_shutdown.c:238 #1 0xc0242ed5 in boot (howto=256) at ../../../kern/kern_shutdown.c:370 #2 0xc02431f4 in poweroff_wait (junk=0xc03a3cad, howto=-1069899426) at ../../../kern/kern_shutdown.c:543 #3 0xc0360a4d in trap_fatal (frame=0xc0ed35f0, eva=0) at ../../../i386/i386/trap.c:834 #4 0xc0360768 in trap_pfault (frame=0xcb826928, usermode=0, eva=3494543360) at ../../../i386/i386/trap.c:748 #5 0xc0360342 in trap (frame= {tf_fs = -1055784936, tf_es = -880672752, tf_ds = -1072168944, tf_edi = 0, tf_esi = -1055764352, tf_ebp = -880645228, tf_isp = -880645804, tf_ebx = -10567 59512, tf_edx = -800428032, tf_ecx = 2054, tf_eax = 4096, tf_trapno = 12, tf_err = 0, tf_eip = -1072050506, tf_cs = 8, tf_eflags = 590338, tf_esp = -1054168768, tf_ss = -1055880064}) at ../../../i386/i386/trap.c:433 #6 0xc0351bd8 in calltrap () at {standard input}:96 #7 0xc019cce4 in pccard_read_cis (sc=0xc1032128) at ../../../dev/pccard/pccard_cis.c:98 #8 0xc019a78a in pccard_attach_card (dev=0xc1108c80) at ../../../dev/pccard/pccard.c:185 #9 0xc01a26de in cbb_insert (sc=0xc10fd400) at card_if.h:66 #10 0xc01a24a3 in cbb_event_thread (arg=0xc10fd400) at ../../../dev/pccbb/pccbb.c:883 #11 0xc022d5dd in fork_exit (callout=0xc01a2415 , arg=0x0, frame=0x0) at ../../../kern/kern_fork.c:797 (kgdb) up #1 0xc0242ed5 in boot (howto=256) at ../../../kern/kern_shutdown.c:370 370 doadump(); (kgdb) up #2 0xc02431f4 in poweroff_wait (junk=0xc03a3cad, howto=-1069899426) at ../../../kern/kern_shutdown.c:543 543 boot(bootopt); (kgdb) up #3 0xc0360a4d in trap_fatal (frame=0xc0ed35f0, eva=0) at ../../../i386/i386/trap.c:834 834 panic("%s", trap_msg[type]); (kgdb) up #4 0xc0360768 in trap_pfault (frame=0xcb826928, usermode=0, eva=3494543360) at ../../../i386/i386/trap.c:748 748 trap_fatal(frame, eva); (kgdb) up #5 0xc0360342 in trap (frame= {tf_fs = -1055784936, tf_es = -880672752, tf_ds = -1072168944, tf_edi = 0, tf_esi = -1055764352, tf_ebp = -880645228, tf_isp = -880645804, tf_ebx = -10567 59512, tf_edx = -800428032, tf_ecx = 2054, tf_eax = 4096, tf_trapno = 12, tf_err = 0, tf_eip = -1072050506, tf_cs = 8, tf_eflags = 590338, tf_esp = -1054168768, tf_ss = -1055880064}) at ../../../i386/i386/trap.c:433 433 (void) trap_pfault(&frame, FALSE, eva); (kgdb) up #6 0xc0351bd8 in calltrap () at {standard input}:96 96 {standard input}: No such file or directory. in {standard input} Current language: auto; currently asm (kgdb) up #7 0xc019cce4 in pccard_read_cis (sc=0xc1032128) at ../../../dev/pccard/pccard_cis.c:98 98 if (pccard_scan_cis(sc->dev, pccard_parse_cis_tuple, Current language: auto; currently c (kgdb) l 93 state.card->product = PCMCIA_PRODUCT_INVALID; 94 STAILQ_INIT(&state.card->pf_head); 95 96 state.pf = NULL; 97 98 if (pccard_scan_cis(sc->dev, pccard_parse_cis_tuple, 99 &state) == -1) 100 state.card->error++; 101 } 102 (kgdb) print sc->dev $1 = (struct device *) 0xc03b8960 (kgdb) print state $2 = {count = 0, gotmfc = 0, temp_cfe = {number = 0, flags = 0, iftype = 0, num_iospace = 0, iomask = 0, iospace = {{length = 0, start = 0}, { length = 0, start = 0}, {length = 0, start = 0}, {length = 0, start = 0}}, irqmask = 0, num_memspace = 0, memspace = {{length = 0, cardaddr = 0, hostaddr = 0}, {length = 0, cardaddr = 0, hostaddr = 0}}, maxtwins = 0, iores = {0x0, 0x0, 0x0, 0x0}, iorid = { 0, 0, 0, 0}, irqres = 0x0, irqrid = 0, memres = {0x0, 0x0}, memrid = {0, 0}, cfe_list = {stqe_next = 0x0}}, default_cfe = 0x0, card = 0xc10fd604, pf = 0x0} (kgdb) print pccard_parse_cis_tuple $3 = {int (struct pccard_tuple *, void *)} 0xc019de53 (kgdb) print state.card $4 = (struct pccard_card *) 0xc10fd604 (kgdb) print state.card->error $5 = 0 (kgdb) print pccard_scan_cis $6 = {int (struct device *, int (*)(struct pccard_tuple *, void *), void *)} 0xc019ccff (kgdb) disass Dump of assembler code for function pccard_read_cis: 0xc019cc30 : push %ebp 0xc019cc31 : mov %esp,%ebp 0xc019cc33 : sub $0xc4,%esp 0xc019cc39 : mov %ebx,0xfffffff8(%ebp) 0xc019cc3c : mov %esi,0xfffffffc(%ebp) 0xc019cc3f : mov 0x8(%ebp),%ebx 0xc019cc42 : movl $0xa8,0x4(%esp,1) 0xc019cc4a : lea 0xffffff48(%ebp),%esi 0xc019cc50 : mov %esi,(%esp,1) 0xc019cc53 : call 0xc035ecb4 0xc019cc58 : lea 0x4(%ebx),%eax 0xc019cc5b : mov %eax,0xffffffe8(%ebp) 0xc019cc5e : movw $0x0,0x122(%eax) 0xc019cc67 : movl $0xffffffff,0x4(%ebx) 0xc019cc6e : movl $0xffffffff,0x4(%eax) 0xc019cc75 : movl $0x0,0x108(%eax) 0xc019cc7f : movl $0x0,0x10c(%eax) 0xc019cc89 : movl $0x0,0x110(%eax) 0xc019cc93 : movl $0x0,0x114(%eax) 0xc019cc9d : movl $0xffffffff,0x118(%eax) 0xc019cca7 : movl $0xffffffff,0x11c(%eax) 0xc019ccb1 : movl $0x0,0x124(%eax) 0xc019ccbb : lea 0x128(%ebx),%edx 0xc019ccc1 : mov %edx,0x128(%eax) 0xc019ccc7 : movl $0x0,0xffffffec(%ebp) 0xc019ccce : mov %esi,0x8(%esp,1) 0xc019ccd2 : movl $0xc019de53,0x4(%esp,1) 0xc019ccda : mov (%ebx),%eax 0xc019ccdc : mov %eax,(%esp,1) 0xc019ccdf : call 0xc019ccff 0xc019cce4 : cmp $0xffffffff,%eax 0xc019cce7 : jne,pt 0xc019ccf5 0xc019ccea : mov 0xffffffe8(%ebp),%eax 0xc019cced : addw $0x1,0x122(%eax) 0xc019ccf5 : mov 0xfffffff8(%ebp),%ebx 0xc019ccf8 : mov 0xfffffffc(%ebp),%esi 0xc019ccfb : mov %ebp,%esp 0xc019ccfd : pop %ebp 0xc019ccfe : ret End of assembler dump. (kgdb) set print symbol-filename on (kgdb) disass 0xc019ceb6 Dump of assembler code for function pccard_scan_cis: 0xc019ccff : push %ebp 0xc019cd00 : mov %esp,%ebp 0xc019cd02 : push %edi 0xc019cd03 : push %esi 0xc019cd04 : push %ebx 0xc019cd05 : sub $0x220,%esp 0xc019cd0b : movl $0x0,0xfffffe14(%ebp) 0xc019cd15 : movl $0x0,0xfffffe30(%ebp) 0xc019cd1f : movl $0x2,0x18(%esp,1) 0xc019cd27 : movl $0x400,0x14(%esp,1) 0xc019cd2f : movl $0xffffffff,0x10(%esp,1) 0xc019cd37 : movl $0x0,0xc(%esp,1) 0xc019cd3f : lea 0xfffffe30(%ebp),%eax 0xc019cd45 : mov %eax,0x8(%esp,1) 0xc019cd49 : movl $0x3,0x4(%esp,1) 0xc019cd51 : mov 0x8(%ebp),%eax 0xc019cd54 : mov %eax,(%esp,1) 0xc019cd57 : call 0xc025a486 0xc019cd5c : mov %eax,0xfffffe2c(%ebp) 0xc019cd62 : test %eax,%eax 0xc019cd64 : jne,pt 0xc019cd93 0xc019cd67 : movl $0xc038ec45,0x4(%esp,1) 0xc019cd6f : mov 0x8(%ebp),%edx 0xc019cd72 : mov %edx,(%esp,1) ---Type to continue, or q to quit--- 0xc019cd75 : call 0xc0258bce 0xc019cd7a : mov $0xffffffff,%eax 0xc019cd7f : jmp 0xc019d97a 0xc019cd84 : movl $0x1,0xfffffe14(%ebp) 0xc019cd8e : jmp 0xc019d94d 0xc019cd93 : mov 0x8(%ebp),%eax 0xc019cd96 : mov %eax,(%esp,1) 0xc019cd99 : call 0xc0258a8d 0xc019cd9e : mov %eax,%esi 0xc019cda0 : mov 0x8(%ebp),%edx 0xc019cda3 : mov %edx,0xfffffe10(%ebp) 0xc019cda9 : mov 0xfffffe30(%ebp),%edi 0xc019cdaf : movzbl 0xc03b8960,%edx 0xc019cdb6 : mov (%eax),%eax 0xc019cdb8 : lea (%eax,%edx,8),%ebx 0xc019cdbb : cmpl $0xc03b8960,(%ebx) 0xc019cdc1 : je 0xc019cde2 0xc019cdc3 : movl $0xc03b8960,0x8(%esp,1) 0xc019cdcb : mov %ebx,0x4(%esp,1) 0xc019cdcf : mov (%esi),%eax 0xc019cdd1 : mov 0x800(%eax),%eax 0xc019cdd7 : mov 0x4(%eax),%eax 0xc019cdda : mov %eax,(%esp,1) 0xc019cddd : call 0xc025d180 0xc019cde2 : mov 0x4(%ebx),%eax 0xc019cde5 : movl $0x1,0x10(%esp,1) 0xc019cded : mov %edi,0xc(%esp,1) 0xc019cdf1 : movl $0x3,0x8(%esp,1) 0xc019cdf9 : mov 0xfffffe10(%ebp),%edx 0xc019cdff : mov %edx,0x4(%esp,1) 0xc019ce03 : mov %esi,(%esp,1) 0xc019ce06 : call *%eax ---Type to continue, or q to quit--- 0xc019ce08 : mov 0xfffffe2c(%ebp),%eax 0xc019ce0e : mov %eax,(%esp,1) 0xc019ce11 : call 0xc0262dd7 0xc019ce16 : mov %eax,0xffffffe4(%ebp) 0xc019ce19 : mov 0xfffffe2c(%ebp),%edx 0xc019ce1f : mov %edx,(%esp,1) 0xc019ce22 : call 0xc0262df0 0xc019ce27 : mov %eax,0xffffffe8(%ebp) 0xc019ce2a : movl $0x0,0xffffffe0(%ebp) 0xc019ce31 : cmpl $0x0,0xc03b8a8c 0xc019ce38 : je,pt 0xc019ce4b 0xc019ce3b : mov %eax,0x4(%esp,1) 0xc019ce3f : movl $0xc038ec6c,(%esp,1) 0xc019ce46 : call 0xc02605b3 0xc019ce4b : movl $0x2,0xffffffdc(%ebp) 0xc019ce52 : movl $0x1,0xfffffe28(%ebp) 0xc019ce5c : movl $0x1,0xfffffe24(%ebp) 0xc019ce66 : movl $0x0,0xfffffe20(%ebp) 0xc019ce70 : movl $0x0,0xfffffe1c(%ebp) 0xc019ce7a : movl $0x0,0xfffffe18(%ebp) 0xc019ce84 : cmpl $0x0,0xc03b8a8c 0xc019ce8b : je,pt 0xc019cea1 0xc019ce8e : movl $0xc038ec7c,0x4(%esp,1) 0xc019ce96 : mov 0x8(%ebp),%eax 0xc019ce99 : ---Type to continue, or q to quit--- mov %eax,(%esp,1) 0xc019ce9c : call 0xc0258bce 0xc019cea1 : mov 0xffffffe8(%ebp),%edx 0xc019cea4 : mov 0xffffffdc(%ebp),%eax 0xc019cea7 : imul 0xffffffe0(%ebp),%eax 0xc019ceab : cmpl $0x0,0xffffffe4(%ebp) 0xc019ceaf : jne 0xc019ceb6 0xc019ceb1 : add %eax,%edx 0xc019ceb3 : in (%dx),%al 0xc019ceb4 : jmp 0xc019ceba 0xc019ceb6 : movzbl (%eax,%edx,1),%eax 0xc019ceba : movzbl %al,%eax 0xc019cebd : movzbl %al,%eax 0xc019cec0 : mov %eax,0xffffffd4(%ebp) 0xc019cec3 : test %eax,%eax