Hello,
The following oops occurs when udev loads p54pci driver (device is an early
SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
2.13.1.0.arm). This is transcribed from a rather bad photo (please see
http://mlau.at/pix/p54oops.jpg ):
BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
PGD 12e433067 PUD 12e46f067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
CPU 0
Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
...
(gdb) list *p54_rx+0xc6
0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
497
498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
499 rx_status.noise = priv->noise;
500 /* XX correct? */
501 rx_status.qual = (100 * hdr->rssi) / 127;
502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
503 hdr->rate : (hdr->rate - 4)) & 0xf;
504 rx_status.freq = freq;
505 rx_status.band = dev->conf.channel->band;
506 rx_status.antenna = hdr->antenna;
...
0x0000000000001b59 <p54_rx+185>: add %ecx,%edx
0x0000000000001b5b <p54_rx+187>: sar $0x6,%edx
0x0000000000001b5e <p54_rx+190>: mov %edx,0x38(%rsp)
0x0000000000001b62 <p54_rx+194>: mov 0x20(%r13),%rdx
0x0000000000001b66 <p54_rx+198>: mov (%rdx),%eax
0x0000000000001b68 <p54_rx+200>: test %eax,%eax
0x0000000000001b6a <p54_rx+202>: je 0x1c70 <p54_rx+464>
0x0000000000001b70 <p54_rx+208>: movzbl 0x7(%rbp),%eax
0x0000000000001b74 <p54_rx+212>: sub $0x4,%eax
0x0000000000001b77 <p54_rx+215>: and $0xf,%eax
0x0000000000001b7a <p54_rx+218>: mov %eax,0x40(%rsp)
...
Loading the module manually gets a bit further:
p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
p54pci 0000:05:01.0: firmware: requesting isl3886
p54: LM86 firmware
p54: FW rev 2.13.1.0 - Softmac protocol 5.5
phy2: device does not respond!
p54pci 0000:05:01.0: PCI INT A disabled
p54pci: probe of 0000:05:01.0 failed with error -16
Thanks,
Manuel Lauss
On Mon, Dec 08, 2008 at 04:24:21PM +0100, Christian Lamparter wrote:
> On Monday 08 December 2008 15:47:27 Manuel Lauss wrote:
> [...]
> > > > But what I can do is to stop the driver from oopsing...
> > > >
> > > > I guess a check to see if the device mode is set to something else than
> > > > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > > > maybe we I should add a hex_dump as well.
> > >
> > > patch attached... tell me what it does on your dev.
> >
> > Thank you, but I think the card is faulty... it doesn't work even on winxp
> > ("device cannot be started Code 10"-error). Do you still want me to test
> > the patch?
> Did you try the card in the same system with 4Gb and with the original SMC driver?
> Well, either way... you could "confirm" that doesn't crash anymore ;-).
Tested on another machine with 1gb ram. It doesn't crash anymore. If you're
still interested, the log output is here http://mlau.at/files/p54log
Thanks!
Manuel Lauss
On Monday 08 December 2008 15:47:27 Manuel Lauss wrote:
[...]
> > > But what I can do is to stop the driver from oopsing...
> > >
> > > I guess a check to see if the device mode is set to something else than
> > > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > > maybe we I should add a hex_dump as well.
> >
> > patch attached... tell me what it does on your dev.
>
> Thank you, but I think the card is faulty... it doesn't work even on winxp
> ("device cannot be started Code 10"-error). Do you still want me to test
> the patch?
Did you try the card in the same system with 4Gb and with the original SMC driver?
Well, either way... you could "confirm" that doesn't crash anymore ;-).
Regards,
Chr
On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> Hello,
Hello!
> The following oops occurs when udev loads p54pci driver (device is an early
> SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> http://mlau.at/pix/p54oops.jpg ):
>
> BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> PGD 12e433067 PUD 12e46f067 PMD 0
> Oops: 0000 [#1] PREEMPT SMP
> last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> CPU 0
> Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
>
> (gdb) list *p54_rx+0xc6
> 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> 497
> 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> 499 rx_status.noise = priv->noise;
> 500 /* XX correct? */
> 501 rx_status.qual = (100 * hdr->rssi) / 127;
> 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> 503 hdr->rate : (hdr->rate - 4)) & 0xf;
That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
from?
> Loading the module manually gets a bit further:
>
> p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
> p54pci 0000:05:01.0: firmware: requesting isl3886
> p54: LM86 firmware
> p54: FW rev 2.13.1.0 - Softmac protocol 5.5
> phy2: device does not respond!
--- no, this time it just doesn't respond at all => crashed
> p54pci 0000:05:01.0: PCI INT A disabled
> p54pci: probe of 0000:05:01.0 failed with error -16
Did it work with an older firmware? (and then which one?)
Or do you have >= 4GB Ram/iommu etc.?
Regards,
Chr
On Monday 08 December 2008 15:09:43 Christian Lamparter wrote:
> On Monday 08 December 2008 14:26:03 Manuel Lauss wrote:
> > Hallo Christian,
> >
> > On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> > > On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > > > Hello,
> > >
> > > Hello!
> > >
> > > > The following oops occurs when udev loads p54pci driver (device is an early
> > > > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > > > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > > > http://mlau.at/pix/p54oops.jpg ):
> > > >
> > > > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > > > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > PGD 12e433067 PUD 12e46f067 PMD 0
> > > > Oops: 0000 [#1] PREEMPT SMP
> > > > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > > > CPU 0
> > > > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > > > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > > > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > > > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > > > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > > > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > > > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > > > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> > > >
> > > > (gdb) list *p54_rx+0xc6
> > > > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > > > 497
> > > > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > > > 499 rx_status.noise = priv->noise;
> > > > 500 /* XX correct? */
> > > > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > > > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > > > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> > > That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> > > But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> > > from?
> >
> > Booted firmware in need of attention? ;-) The other device on irq 17 is
> > a jmicron pata controller with no disks attached.
> the device has a ring-buffer with a counting index => so the firmware must have
> incremented/corrupted the index.
>
> > One more datapoint: this oops only seems to occur if udev loads p54 _and_
> > firmware is present. Without firmware the driver (obviously) does nothing
> > an later I can happily modprobe/rmmod it when firmware is in place without
> > incident (with the timeout error below).
> >
> Well, that's tricky... I've no idea why it's sending "data" frames in the first place.
>
> But what I can do is to stop the driver from oopsing...
>
> I guess a check to see if the device mode is set to something else than
> "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> maybe we I should add a hex_dump as well.
patch attached... tell me what it does on your dev.
Regards,
Chr
On Mon, Dec 08, 2008 at 03:48:32PM +0100, Christian Lamparter wrote:
> On Monday 08 December 2008 15:09:43 Christian Lamparter wrote:
> > On Monday 08 December 2008 14:26:03 Manuel Lauss wrote:
> > > Hallo Christian,
> > >
> > > On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> > > > On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > > > > Hello,
> > > >
> > > > Hello!
> > > >
> > > > > The following oops occurs when udev loads p54pci driver (device is an early
> > > > > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > > > > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > > > > http://mlau.at/pix/p54oops.jpg ):
> > > > >
> > > > > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > > > > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > > PGD 12e433067 PUD 12e46f067 PMD 0
> > > > > Oops: 0000 [#1] PREEMPT SMP
> > > > > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > > > > CPU 0
> > > > > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > > > > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > > > > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > > > > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > > > > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > > > > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > > > > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > > > > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> > > > >
> > > > > (gdb) list *p54_rx+0xc6
> > > > > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > > > > 497
> > > > > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > > > > 499 rx_status.noise = priv->noise;
> > > > > 500 /* XX correct? */
> > > > > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > > > > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > > > > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> > > > That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> > > > But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> > > > from?
> > >
> > > Booted firmware in need of attention? ;-) The other device on irq 17 is
> > > a jmicron pata controller with no disks attached.
> > the device has a ring-buffer with a counting index => so the firmware must have
> > incremented/corrupted the index.
> >
> > > One more datapoint: this oops only seems to occur if udev loads p54 _and_
> > > firmware is present. Without firmware the driver (obviously) does nothing
> > > an later I can happily modprobe/rmmod it when firmware is in place without
> > > incident (with the timeout error below).
> > >
> > Well, that's tricky... I've no idea why it's sending "data" frames in the first place.
> >
> > But what I can do is to stop the driver from oopsing...
> >
> > I guess a check to see if the device mode is set to something else than
> > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > maybe we I should add a hex_dump as well.
>
> patch attached... tell me what it does on your dev.
Thank you, but I think the card is faulty... it doesn't work even on winxp
("device cannot be started Code 10"-error). Do you still want me to test
the patch?
Thanks!
Manuel Lauss
On Monday 08 December 2008 16:32:08 Manuel Lauss wrote:
> On Mon, Dec 08, 2008 at 04:24:21PM +0100, Christian Lamparter wrote:
> > On Monday 08 December 2008 15:47:27 Manuel Lauss wrote:
> > [...]
> > > > > But what I can do is to stop the driver from oopsing...
> > > > >
> > > > > I guess a check to see if the device mode is set to something else than
> > > > > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > > > > maybe we I should add a hex_dump as well.
> > > >
> > > > patch attached... tell me what it does on your dev.
> > >
> > > Thank you, but I think the card is faulty... it doesn't work even on winxp
> > > ("device cannot be started Code 10"-error). Do you still want me to test
> > > the patch?
> > Did you try the card in the same system with 4Gb and with the original SMC driver?
> > Well, either way... you could "confirm" that doesn't crash anymore ;-).
>
> Tested on another machine with 1gb ram. It doesn't crash anymore. If you're
> still interested, the log output is here http://mlau.at/files/p54log
>
interesting, the "logged" data has about the correct size.
But the data is totally screwed up.
So, yes you can kick it into the bin if you want to.
Regards,
Chr
On Monday 08 December 2008 14:26:03 Manuel Lauss wrote:
> Hallo Christian,
>
> On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> > On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > > Hello,
> >
> > Hello!
> >
> > > The following oops occurs when udev loads p54pci driver (device is an early
> > > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > > http://mlau.at/pix/p54oops.jpg ):
> > >
> > > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > PGD 12e433067 PUD 12e46f067 PMD 0
> > > Oops: 0000 [#1] PREEMPT SMP
> > > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > > CPU 0
> > > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> > >
> > > (gdb) list *p54_rx+0xc6
> > > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > > 497
> > > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > > 499 rx_status.noise = priv->noise;
> > > 500 /* XX correct? */
> > > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> > That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> > But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> > from?
>
> Booted firmware in need of attention? ;-) The other device on irq 17 is
> a jmicron pata controller with no disks attached.
the device has a ring-buffer with a counting index => so the firmware must have
incremented/corrupted the index.
> One more datapoint: this oops only seems to occur if udev loads p54 _and_
> firmware is present. Without firmware the driver (obviously) does nothing
> an later I can happily modprobe/rmmod it when firmware is in place without
> incident (with the timeout error below).
>
Well, that's tricky... I've no idea why it's sending "data" frames in the first place.
But what I can do is to stop the driver from oopsing...
I guess a check to see if the device mode is set to something else than
"NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
maybe we I should add a hex_dump as well.
let me make a patch for 2.6.28-rc7..
> > > Loading the module manually gets a bit further:
> > >
> > > p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
> > > p54pci 0000:05:01.0: firmware: requesting isl3886
> > > p54: LM86 firmware
> > > p54: FW rev 2.13.1.0 - Softmac protocol 5.5
> > > phy2: device does not respond!
> > --- no, this time it just doesn't respond at all => crashed
> > > p54pci 0000:05:01.0: PCI INT A disabled
> > > p54pci: probe of 0000:05:01.0 failed with error -16
> >
> > Did it work with an older firmware? (and then which one?)
> > Or do you have >= 4GB Ram/iommu etc.?
>
> Only tried the suggested 2.13.1.0 firmware from the p54 wiki. Reloading
> p54pci with the lmac_2.7.0.0 firmware hard-hangs the machine (no net, no
> sysrq-b). Machine is Intel P35-based with 4GB ram.
Well, could you try with just 2Gb in your machine?
(Don't know, maybe booting with mem=2G is enough?!)
I never tested p54pci with more than 3gb.
Well, the SMC's windows driver ships with an even older one:
http://daemonizer.de/prism54/prism54-fw/fw-softmac/2.5.3.0.arm
you can try that as well, it might "load" this time.
Regards,
Chr
Hallo Christian,
On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > Hello,
>
> Hello!
>
> > The following oops occurs when udev loads p54pci driver (device is an early
> > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > http://mlau.at/pix/p54oops.jpg ):
> >
> > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > PGD 12e433067 PUD 12e46f067 PMD 0
> > Oops: 0000 [#1] PREEMPT SMP
> > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > CPU 0
> > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> >
> > (gdb) list *p54_rx+0xc6
> > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > 497
> > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > 499 rx_status.noise = priv->noise;
> > 500 /* XX correct? */
> > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> from?
Booted firmware in need of attention? ;-) The other device on irq 17 is
a jmicron pata controller with no disks attached.
One more datapoint: this oops only seems to occur if udev loads p54 _and_
firmware is present. Without firmware the driver (obviously) does nothing
an later I can happily modprobe/rmmod it when firmware is in place without
incident (with the timeout error below).
> > Loading the module manually gets a bit further:
> >
> > p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
> > p54pci 0000:05:01.0: firmware: requesting isl3886
> > p54: LM86 firmware
> > p54: FW rev 2.13.1.0 - Softmac protocol 5.5
> > phy2: device does not respond!
> --- no, this time it just doesn't respond at all => crashed
> > p54pci 0000:05:01.0: PCI INT A disabled
> > p54pci: probe of 0000:05:01.0 failed with error -16
>
> Did it work with an older firmware? (and then which one?)
> Or do you have >= 4GB Ram/iommu etc.?
Only tried the suggested 2.13.1.0 firmware from the p54 wiki. Reloading
p54pci with the lmac_2.7.0.0 firmware hard-hangs the machine (no net, no
sysrq-b). Machine is Intel P35-based with 4GB ram.
Thank you,
Manuel Lauss
