Bug : Can't read CIS (2.6.0-test4)

Pavel Roskin proski at gnu.org
Thu Sep 18 05:24:46 BST 2003 

On Wed, 17 Sep 2003, Russell King wrote:

> > Not sure about i82365, but the later would crash with yenta_socket and
> > plx9052, as described here:
> > http://lists.infradead.org/pipermail/linux-pcmcia/2003-August/000184.html
> >
> > Still true with 2.6.0-test5-bk3.  New backtrace is attached.
>
> Hmm, interesting.  I think I can see what's going on here, but I just
> can't reproduce it here:
>
> bash-2.04# lsmod
> Module                  Size  Used by
> ds                     11688  0
> pcmcia_core            63828  1 ds
> bash-2.04# insmod yenta_socket.ko
> irq 21: nobody cared
> Socket status: 30000007
> irq 22: nobody cared
> Socket status: 30000007
> bash-2.04# rmmod yenta_socket
> ... etc ...

Maybe you don't have CONFIG_DEBUG_SLAB=y in Linux .config file.

> So, here's a patch which may solve your problem - as I can't reproduce it,
> please confirm whether this solves it for you:

First of all, the variable "client" should be moved from
pcmcia_remove_socket() to pcmcia_release_socket() to allow compilation.

Unfortunately, I'm getting oops after running cardmgr.  The log is
attached.  The commands were:

modprobe ds
modprobe yenta_socket
cardmgr

-- 
Regards,
Pavel Roskin
-------------- next part --------------
Linux Kernel Card Services 3.1.22
  options:  [pci] [cardbus] [pm]
PCI: Found IRQ 12 for device 0000:00:0a.0
PCI: Sharing IRQ 12 with 0000:00:07.5
Yenta: CardBus bridge found at 0000:00:0a.0 [0000:0000]
Yenta: Using CSCINT to route CSC interrupts to PCI
Yenta: Routing CardBus interrupts to PCI
Yenta: ISA IRQ list 0000, PCI irq12
Socket status: 30000010
cs: IO port probe 0x0c00-0x0cff: clean.
cs: IO port probe 0x0800-0x08ff: clean.
cs: IO port probe 0x0100-0x04ff: excluding 0x3c0-0x3df 0x4d0-0x4d7
cs: IO port probe 0x0a00-0x0aff: clean.
cs: memory probe 0xa0000000-0xa0ffffff:<1>Unable to handle kernel NULL pointer dereference at virtual address 0000001c
 printing eip:
f88cb0bb
*pde = 00000000
Oops: 0000 [#1]
CPU:    0
EIP:    0060:[<f88cb0bb>]    Not tainted
EFLAGS: 00010286
EIP is at set_cis_map+0x3b/0x110 [pcmcia_core]
eax: 00000000   ebx: e3e1f07c   ecx: 00000000   edx: a0000000
esi: e3e1f048   edi: 00000000   ebp: ead23650   esp: ead23630
ds: 007b   es: 007b   ss: 0068
Process cardmgr (pid: 13132, threadinfo=ead22000 task=eb6c9000)
Stack: e3e1f048 e3e1f07c 5a5a5a5a 5a5a5a5a 5a5a5a5a 5a5a5a5a 00000002 ead236ee 
       ead23684 f88cb349 e3e1f048 00000000 00000021 00000021 00000000 00000002 
       5a5a5a5a 5a5a5a5a e3e1f048 00000002 00000000 ead236c8 f88cb7ce e3e1f048 
Call Trace:
 [<f88cb349>] read_cis_mem+0x1b9/0x240 [pcmcia_core]
 [<f88cb7ce>] read_cis_cache+0x1de/0x220 [pcmcia_core]
 [<f88cbea4>] pcmcia_get_next_tuple+0x84/0x2a0 [pcmcia_core]
 [<f88cbb92>] pcmcia_get_first_tuple+0x92/0x130 [pcmcia_core]
 [<f88cd4eb>] pcmcia_validate_cis+0x6b/0x200 [pcmcia_core]
 [<c014e662>] check_poison_obj+0x52/0x1b0
 [<c0119e63>] remap_area_pages+0x263/0x310
 [<c0168821>] __get_vm_area+0x21/0xf0
 [<c01688b2>] __get_vm_area+0xb2/0xf0
 [<f88cdce6>] readable+0x56/0xa0 [pcmcia_core]
 [<f88cde94>] cis_readable+0x74/0xd0 [pcmcia_core]
 [<f88ce16b>] do_mem_probe+0x1ab/0x1c0 [pcmcia_core]
 [<f88ce203>] inv_probe+0x83/0x90 [pcmcia_core]
 [<f88ce1ae>] inv_probe+0x2e/0x90 [pcmcia_core]
 [<f88ce1ae>] inv_probe+0x2e/0x90 [pcmcia_core]
 [<f88ce29e>] validate_mem+0x8e/0x170 [pcmcia_core]
 [<f88cb112>] set_cis_map+0x92/0x110 [pcmcia_core]
 [<c01726f4>] wake_up_buffer+0x14/0x40
 [<c017274e>] unlock_buffer+0x2e/0x50
 [<f88cb349>] read_cis_mem+0x1b9/0x240 [pcmcia_core]
 [<f88cb7ce>] read_cis_cache+0x1de/0x220 [pcmcia_core]
 [<f88cbea4>] pcmcia_get_next_tuple+0x84/0x2a0 [pcmcia_core]
 [<f88cbb92>] pcmcia_get_first_tuple+0x92/0x130 [pcmcia_core]
 [<c017274e>] unlock_buffer+0x2e/0x50
 [<f88cd4eb>] pcmcia_validate_cis+0x6b/0x200 [pcmcia_core]
 [<c01c4c9e>] ext3_do_update_inode+0x16e/0x360
 [<c01d2071>] journal_get_write_access+0x41/0x50
 [<c01c5117>] ext3_mark_iloc_dirty+0x27/0x40
 [<c01726f4>] wake_up_buffer+0x14/0x40
 [<c017274e>] unlock_buffer+0x2e/0x50
 [<c01d1a0d>] do_get_write_access+0x4fd/0xb20
 [<c01751f3>] __find_get_block+0x63/0xe0
 [<c01c4c9e>] ext3_do_update_inode+0x16e/0x360
 [<c01d2071>] journal_get_write_access+0x41/0x50
 [<c01c5117>] ext3_mark_iloc_dirty+0x27/0x40
 [<f88d02ff>] pcmcia_get_socket_by_nr+0x3f/0xd0 [pcmcia_core]
 [<f88bddde>] ds_ioctl+0x2ae/0x670 [ds]
 [<c01d3886>] journal_stop+0x386/0x6e0
 [<c0175fed>] __block_commit_write+0x8d/0x90
 [<c01c9304>] __ext3_journal_stop+0x24/0x50
 [<c0153b26>] __pagevec_lru_add+0x1b6/0x2a0
 [<c0147c12>] generic_file_aio_write_nolock+0x5d2/0xb80
 [<c01751f3>] __find_get_block+0x63/0xe0
 [<c014596a>] find_get_page+0x7a/0x160
 [<c0146f07>] filemap_nopage+0x267/0x2f0
 [<c015c66c>] do_no_page+0x29c/0x610
 [<c0159164>] pte_alloc_map+0x134/0x1f0
 [<c015cc92>] handle_mm_fault+0x132/0x300
 [<c0119911>] do_page_fault+0x271/0x4c7
 [<f88d02e5>] pcmcia_get_socket_by_nr+0x25/0xd0 [pcmcia_core]
 [<f88be421>] get_socket_info_by_nr+0x11/0x30 [ds]
 [<f88bd9dc>] ds_read+0xcc/0xf0 [ds]
 [<c0170973>] vfs_read+0xc3/0x120
 [<c018a9d5>] sys_ioctl+0x205/0x3f0
 [<c0170bef>] sys_read+0x3f/0x60
 [<c010a38f>] syscall_call+0x7/0xb

Code: ff 50 1c f6 86 88 01 00 00 08 74 27 8b 46 44 85 c0 75 32 8b

More information about the linux-pcmcia mailing list