Bug 13466

Summary: 2.6.30rc regression - Undocking attempt fails, keyboard dead, flush_cpu_workqueue() warning - IBM Thinkpad T42, Dock II
Product: ACPI Reporter: Paul Martin (pm)
Component: Config-HotplugAssignee: Shaohua (shaohua.li)
Status: CLOSED DUPLICATE    
Severity: normal CC: acpi-bugzilla, lenb, rjw, rui.zhang, vojtech.gondzala
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.30rc Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 13070    

Description Paul Martin 2009-06-06 10:59:57 UTC 
Hardware: IBM Thinkpad T42, Dock II.

Docking works OK.

On pressing the eject button on the Dock, the dock does not unlatch. A WARNING (as follows) is printed on the console and the keyboard becomes unresponsive to anything but the SYSRQ handler.

Regression from 2.6.29. The following report is for 2.6.30-rc6, but all 2.6.30-rc has had this behaviour.

Jun  6 11:38:05 thinkpad kernel: acpiphp_glue: handle_hotplug_event_func: Device eject notify on \_SB_.PCI0.PCI1.DOCK
Jun  6 11:38:05 thinkpad kernel: ------------[ cut here ]------------
Jun  6 11:38:05 thinkpad kernel: WARNING: at kernel/workqueue.c:371 flush_cpu_workqueue+0x23/0x57()
Jun  6 11:38:05 thinkpad kernel: Hardware name: 2374BW7
Jun  6 11:38:05 thinkpad kernel: Modules linked in: radeon drm ppdev lp tun aes_i586 aes_generic sco bridge stp llc bnep rfcomm l2cap bluetooth ipv6 microcode ext3 jbd mbcache fuse dm_crypt dm_mod cpufreq_stats acpi_cpufreq acpiphp snd_intel8x0 snd_intel8x0m snd_cs46xx gameport snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss pcmcia snd_pcm arc4 snd_seq_dummy snd_seq_oss ecb snd_seq_midi snd_rawmidi firewire_ohci firewire_core thinkpad_acpi crc_itu_t ath5k joydev snd_seq_midi_event snd_seq rfkill snd_timer snd_seq_device mac80211 ohci1394 led_class snd pata_cmd64x uhci_hcd cfg80211 e1000 ehci_hcd ieee1394 yenta_socket rsrc_nonstatic pcmcia_core intel_agp psmouse nsc_ircc i2c_i801 soundcore usbcore agpgart shpchp pci_hotplug pcspkr serio_raw floppy button nvram battery ac video parport_pc parport irda snd_page_alloc rtc_cmos rtc_core rtc_lib output processor evdev crc_ccitt xfs exportfs sd_mod thermal fan ata_generic ide_pci_generic piix ide_core ata_piix libata scsi_mod radeonfb fb_ddc i2c_algo_bit i2c_core
Jun  6 11:38:05 thinkpad kernel: Pid: 5, comm: events/0 Not tainted 2.6.30-rc6 #101
Jun  6 11:38:05 thinkpad kernel: Call Trace:
Jun  6 11:38:05 thinkpad kernel:  [<c011eefc>] warn_slowpath_common+0x60/0x90
Jun  6 11:38:05 thinkpad kernel:  [<c011ef39>] warn_slowpath_null+0xd/0x10
Jun  6 11:38:05 thinkpad kernel:  [<c012aad5>] flush_cpu_workqueue+0x23/0x57
Jun  6 11:38:05 thinkpad kernel:  [<c012b1d1>] flush_workqueue+0x12/0x15
Jun  6 11:38:05 thinkpad kernel:  [<c012b1e1>] flush_scheduled_work+0xd/0xf
Jun  6 11:38:05 thinkpad kernel:  [<f80c0d54>] hpsb_remove_host+0x2b/0x4f [ieee1394]
Jun  6 11:38:05 thinkpad kernel:  [<f936db70>] ohci1394_pci_remove+0x4c/0x227 [ohci1394]
Jun  6 11:38:05 thinkpad kernel:  [<c01a93d1>] ? sysfs_hash_and_remove+0x3d/0x50
Jun  6 11:38:05 thinkpad kernel:  [<c01f0fde>] pci_device_remove+0x19/0x39
Jun  6 11:38:05 thinkpad kernel:  [<c0249770>] __device_release_driver+0x58/0x75
Jun  6 11:38:05 thinkpad kernel:  [<c024980c>] device_release_driver+0x18/0x23
Jun  6 11:38:05 thinkpad kernel:  [<c0248f97>] bus_remove_device+0x83/0x9a
Jun  6 11:38:05 thinkpad kernel:  [<c0247ba6>] device_del+0xec/0x120
Jun  6 11:38:05 thinkpad kernel:  [<c0247be5>] device_unregister+0xb/0x15
Jun  6 11:38:05 thinkpad kernel:  [<c01ecfe7>] pci_stop_dev+0x23/0x2d
Jun  6 11:38:05 thinkpad kernel:  [<c01ed01e>] pci_stop_bus_device+0x2d/0x32
Jun  6 11:38:05 thinkpad kernel:  [<c01ed00f>] pci_stop_bus_device+0x1e/0x32
Jun  6 11:38:05 thinkpad kernel:  [<f973a8f2>] acpiphp_disable_slot+0x5a/0x156 [acpiphp]
Jun  6 11:38:05 thinkpad kernel:  [<f973b040>] handle_hotplug_event_func+0xd8/0x101 [acpiphp]
Jun  6 11:38:05 thinkpad kernel:  [<c01e5045>] ? sprintf+0x17/0x19
Jun  6 11:38:05 thinkpad kernel:  [<f973af68>] ? handle_hotplug_event_func+0x0/0x101 [acpiphp]
Jun  6 11:38:05 thinkpad kernel:  [<c020c33e>] hotplug_dock_devices+0x3f/0xe7
Jun  6 11:38:05 thinkpad kernel:  [<c020c60e>] handle_eject_request+0xa7/0xd9
Jun  6 11:38:05 thinkpad kernel:  [<c02c9e8d>] ? __schedule+0x3dc/0x3f7
Jun  6 11:38:05 thinkpad kernel:  [<c020c79d>] acpi_dock_deferred_cb+0x130/0x19c
Jun  6 11:38:05 thinkpad kernel:  [<c012b1d1>] ? flush_workqueue+0x12/0x15
Jun  6 11:38:05 thinkpad kernel:  [<c0207534>] acpi_os_execute_hp_deferred+0x28/0x36
Jun  6 11:38:05 thinkpad kernel:  [<c012ae00>] worker_thread+0x11c/0x18e
Jun  6 11:38:05 thinkpad kernel:  [<c020750c>] ? acpi_os_execute_hp_deferred+0x0/0x36
Jun  6 11:38:05 thinkpad kernel:  [<c012d811>] ? autoremove_wake_function+0x0/0x33
Jun  6 11:38:05 thinkpad kernel:  [<c012ace4>] ? worker_thread+0x0/0x18e
Jun  6 11:38:05 thinkpad kernel:  [<c012d497>] kthread+0x42/0x67
Jun  6 11:38:05 thinkpad kernel:  [<c012d455>] ? kthread+0x0/0x67
Jun  6 11:38:05 thinkpad kernel:  [<c0103013>] kernel_thread_helper+0x7/0x10
Jun  6 11:38:05 thinkpad kernel: ---[ end trace 9c45d0a1e0bb2ecc ]---
Jun  6 11:38:20 thinkpad kernel: SysRq : Emergency Sync
Comment 1 Len Brown 2009-06-09 01:53:05 UTC 
Paul,
As 2.6.29 worked and 2.6.30 fails,
can you git-bisect to find out where this broke?
Comment 2 Paul Martin 2009-06-09 13:51:26 UTC 
It's a bit difficult as there are many bisect results between 2.6.29 and 2.6.30rc1 that are very broken and won't even boot. I'll try.

A similar problem happens with the Thinkpad's Ultrabay, with a crash dereferencing a null pointer on swapping the bay device a second time. I'll report that separately.
Comment 3 Vojtech Gondzala 2009-06-16 19:42:10 UTC 
I think this bug: http://bugzilla.kernel.org/show_bug.cgi?id=13533 is similar
Comment 4 Zhang Rui 2009-06-18 06:19:24 UTC 
this is a duplicate of bug #13533.
please try the patch I attached there.

*** This bug has been marked as a duplicate of bug 13533 ***
Comment 5 Paul Martin 2009-06-18 15:59:24 UTC 
I will test.
Comment 6 Paul Martin 2009-06-18 17:11:28 UTC 
With this patch on the current git head I get an Oops on all docking and ultrabay operations.

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<c1031250>] queue_work_on+0x20/0x38
*pde = 00000000
Oops: 0000 [#1]
last sysfs file: /sys/class/power_supply/BAT0/type
Modules linked in: radeon drm ppdev lp tun aes_i586 aes_generic sco bridge stp llc bnep rfcomm l2cap bluetooth ipv6 microcode ext3 jbd mbcache fuse dm_crypt dm_mod cpufreq_stats acpi_cpufreq acpiphp arc4 snd_intel8x0m ecb snd_cs46xx pcmcia snd_intel8x0 gameport snd_pcm_oss snd_ac97_codec ac97_bus snd_mixer_oss ath5k snd_seq_dummy snd_pcm mac80211 snd_seq_oss ath snd_seq_midi yenta_socket snd_rawmidi nsc_ircc cfg80211 rsrc_nonstatic thinkpad_acpi snd_seq_midi_event pcmcia_core e1000 rfkill snd_seq uhci_hcd snd_timer ehci_hcd shpchp joydev led_class snd_seq_device pci_hotplug i2c_i801 snd usbcore soundcore snd_page_alloc irda crc_ccitt rtc_cmos rtc_core rtc_lib intel_agp video output psmouse parport_pc agpgart parport pcspkr serio_raw battery nvram ac floppy button processor evdev xfs exportfs sd_mod thermal fan ata_generic ide_pci_generic piix ide_core ata_piix libata scsi_mod radeonfb fb_ddc i2c_algo_bit i2c_core

Pid: 59, comm: kacpi_notify Tainted: G        W  (2.6.30 #108) 2374BW7
EIP: 0060:[<c1031250>] EFLAGS: 00010246 CPU: 0
EIP is at queue_work_on+0x20/0x38
EAX: e49f746c EBX: 00000000 ECX: 00000000 EDX: e49f7468
ESI: e49f7460 EDI: 00000020 EBP: f7101ebc ESP: f7101eb8
 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process kacpi_notify (pid: 59, ti=f7100000 task=f70f8900 task.ti=f7100000)
Stack:
 c12ffddc f7101ec4 c1031288 f7101ee4 c11220d7 f6b86e60 c1127139 00000000
<0> c12ffddc f6b86e60 f70406c0 f7101ef0 c112210e 00000001 f7101f10 c1126af0
<0> 00000000 f70180c0 00000010 c12ffddc ffffffff 00000000 f7101f30 c103729b
Call Trace:
 [<c1031288>] ? queue_work+0xe/0x10
 [<c11220d7>] ? __acpi_os_execute+0xc1/0xe8
 [<c1127139>] ? acpi_dock_deferred_cb+0x0/0x19c
 [<c112210e>] ? acpi_os_hotplug_execute+0x10/0x12
 [<c1126af0>] ? acpi_dock_notifier_call+0x94/0xb6
 [<c103729b>] ? notifier_call_chain+0x2b/0x55
 [<c1037585>] ? __blocking_notifier_call_chain+0x37/0x4c
 [<c10375a6>] ? blocking_notifier_call_chain+0xc/0xe
 [<c11238db>] ? acpi_bus_notify+0x1f/0x59
 [<c11238bc>] ? acpi_bus_notify+0x0/0x59
 [<c112f6b5>] ? acpi_ev_notify_dispatch+0x38/0x57
 [<c1121fbb>] ? acpi_os_execute_deferred+0x20/0x2c
 [<c103148c>] ? worker_thread+0x11c/0x18e
 [<c1121f9b>] ? acpi_os_execute_deferred+0x0/0x2c
 [<c10342f9>] ? autoremove_wake_function+0x0/0x33
 [<c1031370>] ? worker_thread+0x0/0x18e
 [<c1033f7f>] ? kthread+0x42/0x67
 [<c1033f3d>] ? kthread+0x0/0x67
 [<c1003063>] ? kernel_thread_helper+0x7/0x10
Code: c1 e8 4d fe ff ff 53 9d 5b 5d c3 55 89 e5 53 89 d3 89 ca 0f ba 29 00 19 c0 31 c9 85 c0 75 1f 8d 42 04 39 42 04 74 04 0f 0b eb fe <8b> 03 9c 5b fa 89 c1 e8 1c fe ff ff 53 9d b9 01 00 00 00 5b 89
EIP: [<c1031250>] queue_work_on+0x20/0x38 SS:ESP 0068:f7101eb8
CR2: 0000000000000000
---[ end trace 4eaa2a86a8e2da24 ]---
Comment 7 Paul Martin 2009-06-18 17:19:08 UTC 
Ultrabay activity gave me this oops (the previous comment was an attempt at docking).

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<c1031250>] queue_work_on+0x20/0x38
*pde = 00000000
Oops: 0000 [#1]
last sysfs file: /sys/class/net/eth0/carrier
Modules linked in: radeon drm ppdev lp tun aes_i586 aes_generic sco bridge stp llc bnep rfcomm l2cap bluetooth ipv6 microcode ext3 jbd mbcache fuse dm_crypt dm_mod cpufreq_stats acpi_cpufreq acpiphp snd_intel8x0m snd_cs46xx gameport snd_intel8x0 arc4 snd_ac97_codec ac97_bus ecb snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy ath5k joydev pcmcia snd_seq_oss mac80211 snd_seq_midi uhci_hcd ehci_hcd i2c_i801 ath snd_rawmidi thinkpad_acpi led_class nvram snd_seq_midi_event psmouse cfg80211 rfkill e1000 yenta_socket rsrc_nonstatic pcmcia_core nsc_ircc serio_raw ac battery snd_seq pcspkr usbcore intel_agp agpgart snd_timer snd_seq_device shpchp pci_hotplug snd video rtc_cmos rtc_core rtc_lib floppy output parport_pc parport button evdev processor soundcore irda snd_page_alloc crc_ccitt xfs exportfs sd_mod thermal fan ata_generic ide_pci_generic piix ide_core ata_piix libata scsi_mod radeonfb fb_ddc i2c_algo_bit i2c_core

Pid: 59, comm: kacpi_notify Tainted: G        W  (2.6.30 #108) 2374BW7
EIP: 0060:[<c1031250>] EFLAGS: 00010246 CPU: 0
EIP is at queue_work_on+0x20/0x38
EAX: f69dccec EBX: 00000000 ECX: 00000000 EDX: f69dcce8
ESI: f69dcce0 EDI: 00000020 EBP: f7101ebc ESP: f7101eb8
 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process kacpi_notify (pid: 59, ti=f7100000 task=f70f8900 task.ti=f7100000)
Stack:
 c12ffddc f7101ec4 c1031288 f7101ee4 c11220d7 f69ace50 c1127139 00000000
<0> c12ffddc f69ace50 f70d0300 f7101ef0 c112210e 00000001 f7101f10 c1126af0
<0> 00000003 f70197e0 00000010 c12ffddc ffffffff 00000000 f7101f30 c103729b
Call Trace:
 [<c1031288>] ? queue_work+0xe/0x10
 [<c11220d7>] ? __acpi_os_execute+0xc1/0xe8
 [<c1127139>] ? acpi_dock_deferred_cb+0x0/0x19c
 [<c112210e>] ? acpi_os_hotplug_execute+0x10/0x12
 [<c1126af0>] ? acpi_dock_notifier_call+0x94/0xb6
 [<c103729b>] ? notifier_call_chain+0x2b/0x55
 [<c1037585>] ? __blocking_notifier_call_chain+0x37/0x4c
 [<c10375a6>] ? blocking_notifier_call_chain+0xc/0xe
 [<c11238db>] ? acpi_bus_notify+0x1f/0x59
 [<c11238bc>] ? acpi_bus_notify+0x0/0x59
 [<c112f6b5>] ? acpi_ev_notify_dispatch+0x38/0x57
 [<c1121fbb>] ? acpi_os_execute_deferred+0x20/0x2c
 [<c103148c>] ? worker_thread+0x11c/0x18e
 [<c1121f9b>] ? acpi_os_execute_deferred+0x0/0x2c
 [<c10342f9>] ? autoremove_wake_function+0x0/0x33
 [<c1031370>] ? worker_thread+0x0/0x18e
 [<c1033f7f>] ? kthread+0x42/0x67
 [<c1033f3d>] ? kthread+0x0/0x67
 [<c1003063>] ? kernel_thread_helper+0x7/0x10
Code: c1 e8 4d fe ff ff 53 9d 5b 5d c3 55 89 e5 53 89 d3 89 ca 0f ba 29 00 19 c0 31 c9 85 c0 75 1f 8d 42 04 39 42 04 74 04 0f 0b eb fe <8b> 03 9c 5b fa 89 c1 e8 1c fe ff ff 53 9d b9 01 00 00 00 5b 89
EIP: [<c1031250>] queue_work_on+0x20/0x38 SS:ESP 0068:f7101eb8
CR2: 0000000000000000
---[ end trace 4eaa2a86a8e2da24 ]---
Comment 8 Zhang Rui 2009-06-19 02:09:44 UTC 
the patch doesn't work.
but this bug is still a duplicate of bug #13533.

Paul, let's focus on bug #13533 :)

*** This bug has been marked as a duplicate of bug 13533 ***
Comment 9 Paul Martin 2009-06-19 09:49:46 UTC 
I can confirm that the second patch for bug #13533 also fixes this bug.