Bug #5394
openKernel Oops when loading com_on_air_cs (unable to handle kernel NULL pointer dereference)
0%
Description
When loading the com_on_air_cs module, either auto loaded in-kernel or using modprobe, the loading doesn't succeed and dmesg shows the following:
[ 22.718941] com_on_air_cs 0.0: DOSCH-AMAND MMAP PCMCIA MXM500 V1.00 [ 22.758791] com_on_air_cs 0.0: Radio type LMX3161 [ 22.766869] com_on_air_cs 0.0: Loading firmware ... [ 22.767483] BUG: unable to handle kernel NULL pointer dereference at (null) [ 22.767599] IP: [< (null)>] (null) [ 22.767653] *pde = 00000000 [ 22.767700] Oops: 0000 #1 SMP [ 22.767749] last sysfs file: /sys/module/pcmcia/initstate [ 22.767821] Modules linked in: com_on_air_cs(+) com_on_air dect_csf dect snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi i915 snd_seq_midi_even t pcmcia snd_seq drm_kms_helper snd_timer snd_seq_device drm snd ppdev yenta_socket parport_pc pcmcia_rsrc i2c_algo_bit soundcore intel_agp lp intel_gtt psmouse pcmcia_ core joydev video parport serio_raw dcdbas agpgart snd_page_alloc tg3 usbhid hid [ 22.768006] [ 22.768006] Pid: 746, comm: modprobe Not tainted 2.6.38+ #2 Dell Inc. OptiPlex? GX620 /0FH884 [ 22.768006] EIP: 0060:[<00000000>] EFLAGS: 00010246 CPU: 1 [ 22.768006] EIP is at 0x0 [ 22.768006] EAX: dd0fdddc EBX: dd0fdddc ECX: e005d39c EDX: 00000100 [ 22.768006] ESI: 00000001 EDI: 00000100 EBP: dc6c3d74 ESP: dc6c3d34 [ 22.768006] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 22.768006] Process modprobe (pid: 746, ti=dc6c2000 task=dc82cbc0 task.ti=dc6c2000) [ 22.768006] Stack: [ 22.768006] e005c77a ddaa9470 e005d3e7 c0406ced c0774660 c072d916 e0063534 07fd86b0 [ 22.768006] dc6c3d68 ddaa9400 0700dddc 00000004 00000020 ddaa9400 dd0fdddc 0df519bb [ 22.768006] dc6c3dc0 e006338d ddaa9470 e00634c3 e005d422 dc5f63b0 dd7b86e0 dd7b86b8 [ 22.768006] Call Trace: [ 22.768006] [<e005c77a>] ? sc1442x_init_device+0x35a/0x3d0 [com_on_air] [ 22.768006] [<c0406ced>] ? dev_printk+0x3d/0x80 [ 22.768006] [<e006338d>] com_on_air_probe+0x29d/0x360 [com_on_air_cs] [ 22.768006] [<dff2097b>] pcmcia_device_probe+0xab/0x1a0 [pcmcia] [ 22.768006] [<c040a700>] ? driver_sysfs_add+0x20/0x90 [ 22.768006] [<c040a85f>] driver_probe_device+0x7f/0x190 [ 22.768006] [<dff21646>] ? pcmcia_bus_match+0x226/0x460 [pcmcia] [ 22.768006] [<c040a9f1>] driver_attach+0x81/0x90 [ 22.768006] [<c0409e73>] bus_for_each_dev+0x53/0x80 [ 22.768006] [<c040a6de>] driver_attach+0x1e/0x20 [ 22.768006] [<c040a970>] ? driver_attach+0x0/0x90 [ 22.768006] [<c040a0f0>] bus_add_driver+0xc0/0x240 [ 22.768006] [<dff20780>] ? pcmcia_device_remove+0x0/0x150 [pcmcia] [ 22.768006] [<c040acea>] driver_register+0x6a/0x130 [ 22.768006] [<c01b3ffa>] ? ftrace_process_locs+0x16a/0x270 [ 22.768006] [<dff2121e>] pcmcia_register_driver+0xae/0x130 [pcmcia] [ 22.768006] [<c01b0c34>] ? tracepoint_module_notify+0x24/0x30 [ 22.768006] [<c05de5a3>] ? notifier_call_chain+0x43/0x60 [ 22.768006] [<e006b00d>] init_com_on_air_cs+0xd/0xf [com_on_air_cs] [ 22.768006] [<c0101135>] do_one_initcall+0x35/0x170 [ 22.768006] [<e006b000>] ? init_com_on_air_cs+0x0/0xf [com_on_air_cs] [ 22.768006] [<c0180da6>] sys_init_module+0x116/0x1090 [ 22.768006] [<c010301f>] sysenter_do_call+0x12/0x28 [ 22.768006] Code: Bad EIP value. [ 22.768006] EIP: [<00000000>] 0x0 SS:ESP 0068:dc6c3d34 [ 22.768006] CR2: 0000000000000000 [ 22.814676] ---[ end trace a76f7fec01412f5e ]---
I'm using a desktop P4 with pci-to-pcmcia:
03:00.0 CardBus? bridge: ENE Technology Inc CB1410 Cardbus Controller (rev 01)
root@persephone:/usr/src/linux-2.6# lspcmcia Socket 0 Bridge: [yenta_cardbus] (bus ID: 0000:03:00.0) Socket 0 Device 0: [com_on_air_cs] (bus ID: 0.0)
root@persephone:/usr/src/linux-2.6# pccardctl info PRODID_1="DOSCH-AMAND" PRODID_2="MMAP PCMCIA" PRODID_3="MXM500" PRODID_4="V1.00" MANFID=0204,0000 FUNCID=254
Modules which com_on_air_cs requested internally loaded successfully, but I'm not sure if I'm missing something here.
Updated by over 2 years ago
The LMX3161 is not supported yet. I have an unfinished patch, but didn't get it working so far.
Updated by over 2 years ago
Whoops, my bad :)
Is there a way for me to help out/getting started in testing this?
Although I'm not used to develop and debug in Linux, I should be able to find my way around in C(++) and/or navigating the data sheets
cheers,
::xopr
Updated by over 2 years ago
Well, I could send you the unfinish patch, the problem is most likely either in the radio settings or in the driver firmware. Unfortunately both are hard to debug.
Updated by over 2 years ago
I'm sure interested in seeing the patch. I'm still connecting the dots on how the code is supposed to drive the LMX3161, but I guess I have to understand the working of the SC1442x dect chip before tinkering with the radio.
My bet on testing would be a spectrum analyser, but since it's a bit expensive to buy one, and hard to find a DIY on the 1.8-1.9GHz, I'm kinda stuck there too :)
I do however have the hardware to build a second setup (unfortunately with the same chipset).
I still haven't figured out the firmware part, but then again, I haven't mapped out the whole com-on-air yet, I guess.
So if you have a patch for me to look in to, I would be pleased.
Also, if you have valuable remarks about your progress with the LMX3161, I would be grateful.
Cheers,
::xopr