From owner-freebsd-mobile Sat Jun 8 23:30:51 2002 Delivered-To: freebsd-mobile@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 25D9E37B403 for ; Sat, 8 Jun 2002 23:30:46 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g596UjY89331; Sun, 9 Jun 2002 00:30:45 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g596UhG13421; Sun, 9 Jun 2002 00:30:44 -0600 (MDT) (envelope-from imp@village.org) Date: Sun, 09 Jun 2002 00:30:37 -0600 (MDT) Message-Id: <20020609.003037.08625897.imp@village.org> To: morganw@chemikals.org Cc: mobile@FreeBSD.ORG Subject: Re: newcard panic From: "M. Warner Losh" In-Reply-To: <20020608231828.P19738-100000@volatile.chemikals.org> References: <20020608.114035.14403964.imp@village.org> <20020608231828.P19738-100000@volatile.chemikals.org> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message: <20020608231828.P19738-100000@volatile.chemikals.org> Wesley Morgan writes: : *AHEM* well now that I had the time to rebuild with stabs debugging : symbols, here is the trace: Cool! Thanks for going to the trouble. I hope you've saved the core, since I have a few questions. First, I'm assuming that you are doing this against a fairly recent -current, Please correct me of I'm wrong. : Fatal trap 12: page fault while in kernel mode : fault virtual address = 0xdb6c7000 This is a very very odd address to fault at. : #11 0xc015efcc in pccard_scan_cis (dev=0xd4b1c800, : fct=0xc015fe82 , arg=0xd91dcb8c) : at ../../../dev/pccard/pccard_cis.c:1196 Here's where we get into trouble. It looks like the Fault is at the return line: 1195: return (0); 1196:} Does that match your sources? What is mfc_count and mfc_index claim to be at this point? If you run with a serial console, what effect does adding hw.pccard.cis_debug=1 to /boot/loader.conf tell you? It should print something very verbose. My guess is that we're walking off into the weeds for some reason, and that we're overrunning some array. This overrun is causing us to trash the stack, and we're trying to return to a really bogus address. I'll go take a look at your dumpcis output. I may need you to do something like pccardc rdattr 0 0 512 while running an oldcard kernel and send me the results so I can step through the code with each byte of the CIS that's causing problems (dumpcis sometimes does bad things to cis output). scan_cis is way too complex. I'm seriously thinking about re-writing it to make proper use of functions so that overflows like this are easier to catch and debug. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message