Most recent kernel where this bug did not occur: Don't know yet. Distribution: Ubuntu Development (6.06.1 + devel/devel-extras/security updates) Hardware Environment: X86 Laptop (HP Pavillion dv1240us) The ieee1394 pcmcia card is a "Western Digital 1394 Cardbus PC Card", model WDAD003-RNW (The card was made in year 2000) Problem Description: I tried testing the patches from http://groups.google.com/group/linux.kernel/browse_thread/thread/e25d2d810b7cf9cb applied to 2.6.18-rc5-git1. Things went pretty well (I attached a firewire drive and a videocam), until I ran "pccardctl eject" and then popped out the Firewire card. ieee1394: Node changed: 1-02:1023 -> 1-00:1023 ieee1394: Node suspended: ID:BUS[1-00:1023] GUID[0080880002103eae] ieee1394: Node suspended: ID:BUS[1-01:1023] GUID[0090a950000b2255] pccard: card ejected from slot 0 ieee1394: Node removed: ID:BUS[1-00:1023] GUID[0080880002103eae] PM: Removing info for ieee1394:0080880002103eae-0 PM: Removing info for ieee1394:0080880002103eae ieee1394: Node removed: ID:BUS[1-01:1023] GUID[0090a950000b2255] PM: Removing info for ieee1394:0090a950000b2255-0 PM: Removing info for ieee1394:0090a950000b2255 ieee1394: Node removed: ID:BUS[1-00:1023] GUID[0090a94000007475] PM: Removing info for ieee1394:0090a94000007475-0 PM: Removing info for ieee1394:0090a94000007475 BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: f955b309 *pde = 00000000 Oops: 0000 [#1] Modules linked in: dv1394 raw1394 binfmt_misc apm i915 drm ipv6 speedstep_centrino freq_table cpufreq_powersave cpufreq_performance cpufreq_ondemand cpufreq_conservative video thermal processor fan button battery ac nls_ascii nls_cp437 vfat fat nls_utf8 ntfs nls_base sr_mod sbp2 scsi_mod parport_pc lp parport 8139cp pcmcia 8139too ipw2200 sdhci mmc_core ohci1394 ieee1394 yenta_socket rsrc_nonstatic pcmcia_core mii snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss ide_cd snd_pcm snd_timer cdrom psmouse shpchp pci_hotplug snd soundcore snd_page_alloc ehci_hcd uhci_hcd intel_agp agpgart usbcore rtc evdev CPU: 0 EIP: 0060:[<f955b309>] Not tainted VLI EFLAGS: 00010282 (2.6.18-rc5-git1 #4) EIP is at dv1394_remove_host+0x17/0xad [dv1394] eax: f91ac0f4 ebx: 00000001 ecx: 00000000 edx: f955b2f2 esi: 00000000 edi: f955c4d9 ebp: f955d980 esp: eab03e74 ds: 007b es: 007b ss: 0068 Process pccardctl (pid: 7111, ti=eab02000 task=f0a02ab0 task.ti=eab02000) Stack: f955d980 ed5c4000 ed5c4000 f91788c2 00000000 f955d980 ed5c4000 f91310cc f7c0b448 f9178945 ed5c4000 ed5c5d48 f9177e65 ed5c5f64 f912c9f2 f52ae800 f52ae848 f91310cc c10c5d24 f52ae8b0 c111dcbd f52ae848 f52ae848 c11f4aa0 Call Trace: [<f91788c2>] __unregister_host+0x17/0x79 [ieee1394] [<f9178945>] highlevel_remove_host+0x21/0x42 [ieee1394] [<f9177e65>] hpsb_remove_host+0x37/0x56 [ieee1394] [<f912c9f2>] ohci1394_pci_remove+0x41/0x1cd [ohci1394] [<c10c5d24>] pci_device_remove+0x16/0x28 [<c111dcbd>] __device_release_driver+0x5a/0x72 [<c111de8f>] device_release_driver+0x1b/0x29 [<c111d705>] bus_remove_device+0x78/0x8a [<c111c8a7>] device_del+0xe9/0x11a [<c111c8e0>] device_unregister+0x8/0x10 [<c10c3ee5>] pci_remove_bus_device+0x39/0xcf [<c10c3f95>] pci_remove_behind_bridge+0x1a/0x2d [<f910d5ae>] socket_shutdown+0x89/0xdd [pcmcia_core] [<f910d675>] pcmcia_eject_card+0x56/0x65 [pcmcia_core] [<f9110070>] pccard_store_eject+0x19/0x20 [pcmcia_core] [<c111e2e7>] class_device_attr_store+0x1b/0x1f [<c1075495>] sysfs_write_file+0x97/0xbe [<c1044a48>] vfs_write+0xa6/0x14b [<c10452d4>] sys_write+0x3c/0x63 [<c10029a5>] sysenter_past_esp+0x56/0x79 DWARF2 unwinder stuck at sysenter_past_esp+0x56/0x79 Leftover inexact backtrace: Code: c2 ff c7 87 90 01 00 00 00 00 00 00 83 c4 10 5b 5e 5f 5d c3 57 56 53 8b 98 44 1d 00 00 8b 80 3c 1d 00 00 8b 70 04 bf d9 c4 55 f9 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 85 c0 75 7e 9c EIP: [<f955b309>] dv1394_remove_host+0x17/0xad [dv1394] SS:ESP 0068:eab03e74
It's obviously a long-standing issue. Cf. 2.6.4's bug 2228.
Did this happen even though no transmissions were captured from the camera before? Would it also happen with all FireWire drivers including dv1394 loaded but no camera connected?
I will test with the latest kernel code and let you know. It may take a few days for me to get to this. Thanks.
Does also happen with 2.6.19 + IEEE 1394 drivers equivalent to 2.6.20-rc2. pccard: card ejected from slot 0 ieee1394: Node removed: ID:BUS[1-00:1023] GUID[00d0f5200800613d] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: f8dc7980 *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: dv1394 nfsd exportfs nfs lockd sunrpc ohci1394 ieee1394 fw_core yenta_socket rsrc_nonstatic pcmcia_core nvidia(P) snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd lp af_packet 8139too mii loop via_agp agpgart uhci_hcd CPU: 0 EIP: 0060:[<f8dc7980>] Tainted: P VLI EFLAGS: 00010296 (2.6.19 #2) EIP is at dv1394_remove_host+0x20/0xe0 [dv1394] eax: f8d6c400 ebx: 00000001 ecx: 00000000 edx: f8dc9220 esi: 00000000 edi: f8dc7de6 ebp: f5be9db4 esp: f5be9d9c ds: 007b es: 007b ss: 0068 Process pccardd (pid: 5801, ti=f5be8000 task=f5ace150 task.ti=f5be8000) Stack: f5be9db4 f8d59f66 f5bd1400 f8dc9220 f4e2e000 f4e2e000 f5be9dd8 f8d5a1fc f4e2e000 f4e2e000 00000000 00000282 f8dc9220 f4e2e000 f65c0254 f5be9df4 f8d5ab56 f8dc9220 f4e2e000 00000000 f4e2e000 f4e2e0c4 f5be9e04 f8d59c63 Call Trace: [<c010403f>] show_trace_log_lvl+0x2f/0x50 [<c0104127>] show_stack_log_lvl+0x97/0xc0 [<c0104382>] show_registers+0x1c2/0x270 [<c0104629>] die+0x129/0x220 [<c011492a>] do_page_fault+0x3ca/0x650 [<c02e37e1>] error_code+0x39/0x40 [<f8d5a1fc>] __unregister_host+0x8c/0xd0 [ieee1394] [<f8d5ab56>] highlevel_remove_host+0x36/0x60 [ieee1394] [<f8d59c63>] hpsb_remove_host+0x43/0x70 [ieee1394] [<f8d4ffb8>] ohci1394_pci_remove+0x68/0x240 [ohci1394] [<c01ff836>] pci_device_remove+0x46/0x50 [<c023bb83>] __device_release_driver+0xa3/0xc0 [<c023bbda>] device_release_driver+0x3a/0x60 [<c023ae29>] bus_remove_device+0x89/0xc0 [<c02395e5>] device_del+0x75/0x200 [<c0239782>] device_unregister+0x12/0x20 [<c01fc65b>] pci_stop_dev+0x3b/0x70 [<c01fc6a2>] pci_destroy_dev+0x12/0x70 [<c01fc7ae>] pci_remove_bus_device+0x1e/0x50 [<c01fc80b>] pci_remove_behind_bridge+0x2b/0x40 [<f8d1ac84>] cb_free+0x24/0x60 [pcmcia_core] [<f8d16936>] socket_shutdown+0x86/0x130 [pcmcia_core] [<f8d16eb8>] socket_remove+0x28/0x30 [pcmcia_core] [<f8d16f2a>] socket_detect_change+0x6a/0x80 [pcmcia_core] [<f8d170cd>] pccardd+0x18d/0x220 [pcmcia_core] [<c0133f8b>] kthread+0xbb/0xf0 [<c0103e1f>] kernel_thread_helper+0x7/0x18 ======================= Code: 5b c9 c3 90 8d b4 26 00 00 00 00 55 89 e5 57 bf e6 7d dc f8 56 53 83 ec 0c 8b 45 08 8b 98 b8 00 00 00 8b 80 bc 00 00 00 8b 70 04 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 85 c0 74 3c 83 EIP: [<f8dc7980>] dv1394_remove_host+0x20/0xe0 [dv1394] SS:ESP 0068:f5be9d9c
Created attachment 10201 [details] ieee1394: dv1394: fix CardBus card ejection posted at http://thread.gmane.org/gmane.linux.kernel/486738/focus=486844
Patch committed to linux1394-2.6.git, will send it to Linus after 2.6.20 was released, i.e. for 2.6.21-rc1. Please reopen this bug entry if dv1394 is still causing trouble on card ejection.