Bug 7121

Summary: EIP is at dv1394_remove_host+0x17/0xad [dv1394]
Product: Drivers Reporter: Miles Lane (miles.lane)
Component: IEEE1394Assignee: Stefan Richter (stefanr)
Status: CLOSED CODE_FIX    
Severity: normal CC: stefanr
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: all Subsystem:
Regression: --- Bisected commit-id:
Attachments: ieee1394: dv1394: fix CardBus card ejection

Description Miles Lane 2006-09-08 00:46:45 UTC 
Most recent kernel where this bug did not occur:  Don't know yet.
Distribution: Ubuntu Development (6.06.1 + devel/devel-extras/security updates)
Hardware Environment: 
X86 Laptop (HP Pavillion dv1240us)
The ieee1394 pcmcia card is a "Western Digital 1394 Cardbus PC Card", model
WDAD003-RNW (The card was made in year 2000)

Problem Description:

I tried testing the patches from
http://groups.google.com/group/linux.kernel/browse_thread/thread/e25d2d810b7cf9cb
applied to 2.6.18-rc5-git1.  Things went pretty well (I attached a firewire
drive and a videocam), until I ran "pccardctl eject" and then popped out the
Firewire card.

ieee1394: Node changed: 1-02:1023 -> 1-00:1023
ieee1394: Node suspended: ID:BUS[1-00:1023]  GUID[0080880002103eae]
ieee1394: Node suspended: ID:BUS[1-01:1023]  GUID[0090a950000b2255]
pccard: card ejected from slot 0
ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[0080880002103eae]
PM: Removing info for ieee1394:0080880002103eae-0
PM: Removing info for ieee1394:0080880002103eae
ieee1394: Node removed: ID:BUS[1-01:1023]  GUID[0090a950000b2255]
PM: Removing info for ieee1394:0090a950000b2255-0
PM: Removing info for ieee1394:0090a950000b2255
ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[0090a94000007475]
PM: Removing info for ieee1394:0090a94000007475-0
PM: Removing info for ieee1394:0090a94000007475
BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000000
 printing eip:
f955b309
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: dv1394 raw1394 binfmt_misc apm i915 drm ipv6
speedstep_centrino freq_table cpufreq_powersave cpufreq_performance
cpufreq_ondemand cpufreq_conservative video thermal processor fan
button battery ac nls_ascii nls_cp437 vfat fat nls_utf8 ntfs nls_base
sr_mod sbp2 scsi_mod parport_pc lp parport 8139cp pcmcia 8139too
ipw2200 sdhci mmc_core ohci1394 ieee1394 yenta_socket rsrc_nonstatic
pcmcia_core mii snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss
snd_mixer_oss ide_cd snd_pcm snd_timer cdrom psmouse shpchp
pci_hotplug snd soundcore snd_page_alloc ehci_hcd uhci_hcd intel_agp
agpgart usbcore rtc evdev
CPU:    0
EIP:    0060:[<f955b309>]    Not tainted VLI
EFLAGS: 00010282   (2.6.18-rc5-git1 #4)
EIP is at dv1394_remove_host+0x17/0xad [dv1394]
eax: f91ac0f4   ebx: 00000001   ecx: 00000000   edx: f955b2f2
esi: 00000000   edi: f955c4d9   ebp: f955d980   esp: eab03e74
ds: 007b   es: 007b   ss: 0068
Process pccardctl (pid: 7111, ti=eab02000 task=f0a02ab0 task.ti=eab02000)
Stack: f955d980 ed5c4000 ed5c4000 f91788c2 00000000 f955d980 ed5c4000 f91310cc
      f7c0b448 f9178945 ed5c4000 ed5c5d48 f9177e65 ed5c5f64 f912c9f2 f52ae800
      f52ae848 f91310cc c10c5d24 f52ae8b0 c111dcbd f52ae848 f52ae848 c11f4aa0
Call Trace:
 [<f91788c2>] __unregister_host+0x17/0x79 [ieee1394]
 [<f9178945>] highlevel_remove_host+0x21/0x42 [ieee1394]
 [<f9177e65>] hpsb_remove_host+0x37/0x56 [ieee1394]
 [<f912c9f2>] ohci1394_pci_remove+0x41/0x1cd [ohci1394]
 [<c10c5d24>] pci_device_remove+0x16/0x28
 [<c111dcbd>] __device_release_driver+0x5a/0x72
 [<c111de8f>] device_release_driver+0x1b/0x29
 [<c111d705>] bus_remove_device+0x78/0x8a
 [<c111c8a7>] device_del+0xe9/0x11a
 [<c111c8e0>] device_unregister+0x8/0x10
 [<c10c3ee5>] pci_remove_bus_device+0x39/0xcf
 [<c10c3f95>] pci_remove_behind_bridge+0x1a/0x2d
 [<f910d5ae>] socket_shutdown+0x89/0xdd [pcmcia_core]
 [<f910d675>] pcmcia_eject_card+0x56/0x65 [pcmcia_core]
 [<f9110070>] pccard_store_eject+0x19/0x20 [pcmcia_core]
 [<c111e2e7>] class_device_attr_store+0x1b/0x1f
 [<c1075495>] sysfs_write_file+0x97/0xbe
 [<c1044a48>] vfs_write+0xa6/0x14b
 [<c10452d4>] sys_write+0x3c/0x63
 [<c10029a5>] sysenter_past_esp+0x56/0x79
DWARF2 unwinder stuck at sysenter_past_esp+0x56/0x79
Leftover inexact backtrace:
Code: c2 ff c7 87 90 01 00 00 00 00 00 00 83 c4 10 5b 5e 5f 5d c3 57
56 53 8b 98 44 1d 00 00 8b 80 3c 1d 00 00 8b 70 04 bf d9 c4 55 f9 <ac>
ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 85 c0 75 7e 9c
EIP: [<f955b309>] dv1394_remove_host+0x17/0xad [dv1394] SS:ESP 0068:eab03e74
Comment 1 Stefan Richter 2006-09-08 01:21:28 UTC 
It's obviously a long-standing issue. Cf. 2.6.4's bug 2228.
Comment 2 Stefan Richter 2006-12-01 03:08:24 UTC 
Did this happen even though no transmissions were captured from the camera
before? Would it also happen with all FireWire drivers including dv1394 loaded
but no camera connected?
Comment 3 Miles Lane 2006-12-01 18:34:11 UTC 
I will test with the latest kernel code and let you know.  It may take a few
days for me to get to this.

Thanks.
Comment 4 Stefan Richter 2006-12-31 08:55:28 UTC 
Does also happen with 2.6.19 + IEEE 1394 drivers equivalent to 2.6.20-rc2.

pccard: card ejected from slot 0
ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[00d0f5200800613d]
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
f8dc7980
*pde = 00000000
Oops: 0000 [#1]
PREEMPT SMP
Modules linked in: dv1394 nfsd exportfs nfs lockd sunrpc ohci1394 ieee1394
fw_core yenta_socket rsrc_nonstatic pcmcia_core nvidia(P) snd_via82xx
snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart
snd_rawmidi snd lp af_packet 8139too mii loop via_agp agpgart uhci_hcd
CPU:    0
EIP:    0060:[<f8dc7980>]    Tainted: P      VLI
EFLAGS: 00010296   (2.6.19 #2)
EIP is at dv1394_remove_host+0x20/0xe0 [dv1394]
eax: f8d6c400   ebx: 00000001   ecx: 00000000   edx: f8dc9220
esi: 00000000   edi: f8dc7de6   ebp: f5be9db4   esp: f5be9d9c
ds: 007b   es: 007b   ss: 0068
Process pccardd (pid: 5801, ti=f5be8000 task=f5ace150 task.ti=f5be8000)
Stack: f5be9db4 f8d59f66 f5bd1400 f8dc9220 f4e2e000 f4e2e000 f5be9dd8 f8d5a1fc
       f4e2e000 f4e2e000 00000000 00000282 f8dc9220 f4e2e000 f65c0254 f5be9df4
       f8d5ab56 f8dc9220 f4e2e000 00000000 f4e2e000 f4e2e0c4 f5be9e04 f8d59c63
Call Trace:
 [<c010403f>] show_trace_log_lvl+0x2f/0x50
 [<c0104127>] show_stack_log_lvl+0x97/0xc0
 [<c0104382>] show_registers+0x1c2/0x270
 [<c0104629>] die+0x129/0x220
 [<c011492a>] do_page_fault+0x3ca/0x650
 [<c02e37e1>] error_code+0x39/0x40
 [<f8d5a1fc>] __unregister_host+0x8c/0xd0 [ieee1394]
 [<f8d5ab56>] highlevel_remove_host+0x36/0x60 [ieee1394]
 [<f8d59c63>] hpsb_remove_host+0x43/0x70 [ieee1394]
 [<f8d4ffb8>] ohci1394_pci_remove+0x68/0x240 [ohci1394]
 [<c01ff836>] pci_device_remove+0x46/0x50
 [<c023bb83>] __device_release_driver+0xa3/0xc0
 [<c023bbda>] device_release_driver+0x3a/0x60
 [<c023ae29>] bus_remove_device+0x89/0xc0
 [<c02395e5>] device_del+0x75/0x200
 [<c0239782>] device_unregister+0x12/0x20
 [<c01fc65b>] pci_stop_dev+0x3b/0x70
 [<c01fc6a2>] pci_destroy_dev+0x12/0x70
 [<c01fc7ae>] pci_remove_bus_device+0x1e/0x50
 [<c01fc80b>] pci_remove_behind_bridge+0x2b/0x40
 [<f8d1ac84>] cb_free+0x24/0x60 [pcmcia_core]
 [<f8d16936>] socket_shutdown+0x86/0x130 [pcmcia_core]
 [<f8d16eb8>] socket_remove+0x28/0x30 [pcmcia_core]
 [<f8d16f2a>] socket_detect_change+0x6a/0x80 [pcmcia_core]
 [<f8d170cd>] pccardd+0x18d/0x220 [pcmcia_core]
 [<c0133f8b>] kthread+0xbb/0xf0
 [<c0103e1f>] kernel_thread_helper+0x7/0x18
 =======================
Code: 5b c9 c3 90 8d b4 26 00 00 00 00 55 89 e5 57 bf e6 7d dc f8 56 53 83 ec 0c
8b 45 08 8b 98 b8 00 00 00 8b 80 bc 00 00 00 8b 70 04 <ac> ae 75 08 84 c0 75 f8
31 c0 eb 04 19 c0 0c 01 85 c0 74 3c 83
EIP: [<f8dc7980>] dv1394_remove_host+0x20/0xe0 [dv1394] SS:ESP 0068:f5be9d9c
Comment 5 Stefan Richter 2007-01-27 05:05:28 UTC 
Created attachment 10201 [details]
ieee1394: dv1394: fix CardBus card ejection

posted at http://thread.gmane.org/gmane.linux.kernel/486738/focus=486844
Comment 6 Stefan Richter 2007-01-27 14:26:12 UTC 
Patch committed to linux1394-2.6.git, will send it to Linus after 2.6.20 was
released, i.e. for 2.6.21-rc1. Please reopen this bug entry if dv1394 is still
causing trouble on card ejection.