Hardware: IBM Thinkpad T42, Dock II. Docking works OK. On pressing the eject button on the Dock, the dock does not unlatch. A WARNING (as follows) is printed on the console and the keyboard becomes unresponsive to anything but the SYSRQ handler. Regression from 2.6.29. The following report is for 2.6.30-rc6, but all 2.6.30-rc has had this behaviour. Jun 6 11:38:05 thinkpad kernel: acpiphp_glue: handle_hotplug_event_func: Device eject notify on \_SB_.PCI0.PCI1.DOCK Jun 6 11:38:05 thinkpad kernel: ------------[ cut here ]------------ Jun 6 11:38:05 thinkpad kernel: WARNING: at kernel/workqueue.c:371 flush_cpu_workqueue+0x23/0x57() Jun 6 11:38:05 thinkpad kernel: Hardware name: 2374BW7 Jun 6 11:38:05 thinkpad kernel: Modules linked in: radeon drm ppdev lp tun aes_i586 aes_generic sco bridge stp llc bnep rfcomm l2cap bluetooth ipv6 microcode ext3 jbd mbcache fuse dm_crypt dm_mod cpufreq_stats acpi_cpufreq acpiphp snd_intel8x0 snd_intel8x0m snd_cs46xx gameport snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss pcmcia snd_pcm arc4 snd_seq_dummy snd_seq_oss ecb snd_seq_midi snd_rawmidi firewire_ohci firewire_core thinkpad_acpi crc_itu_t ath5k joydev snd_seq_midi_event snd_seq rfkill snd_timer snd_seq_device mac80211 ohci1394 led_class snd pata_cmd64x uhci_hcd cfg80211 e1000 ehci_hcd ieee1394 yenta_socket rsrc_nonstatic pcmcia_core intel_agp psmouse nsc_ircc i2c_i801 soundcore usbcore agpgart shpchp pci_hotplug pcspkr serio_raw floppy button nvram battery ac video parport_pc parport irda snd_page_alloc rtc_cmos rtc_core rtc_lib output processor evdev crc_ccitt xfs exportfs sd_mod thermal fan ata_generic ide_pci_generic piix ide_core ata_piix libata scsi_mod radeonfb fb_ddc i2c_algo_bit i2c_core Jun 6 11:38:05 thinkpad kernel: Pid: 5, comm: events/0 Not tainted 2.6.30-rc6 #101 Jun 6 11:38:05 thinkpad kernel: Call Trace: Jun 6 11:38:05 thinkpad kernel: [<c011eefc>] warn_slowpath_common+0x60/0x90 Jun 6 11:38:05 thinkpad kernel: [<c011ef39>] warn_slowpath_null+0xd/0x10 Jun 6 11:38:05 thinkpad kernel: [<c012aad5>] flush_cpu_workqueue+0x23/0x57 Jun 6 11:38:05 thinkpad kernel: [<c012b1d1>] flush_workqueue+0x12/0x15 Jun 6 11:38:05 thinkpad kernel: [<c012b1e1>] flush_scheduled_work+0xd/0xf Jun 6 11:38:05 thinkpad kernel: [<f80c0d54>] hpsb_remove_host+0x2b/0x4f [ieee1394] Jun 6 11:38:05 thinkpad kernel: [<f936db70>] ohci1394_pci_remove+0x4c/0x227 [ohci1394] Jun 6 11:38:05 thinkpad kernel: [<c01a93d1>] ? sysfs_hash_and_remove+0x3d/0x50 Jun 6 11:38:05 thinkpad kernel: [<c01f0fde>] pci_device_remove+0x19/0x39 Jun 6 11:38:05 thinkpad kernel: [<c0249770>] __device_release_driver+0x58/0x75 Jun 6 11:38:05 thinkpad kernel: [<c024980c>] device_release_driver+0x18/0x23 Jun 6 11:38:05 thinkpad kernel: [<c0248f97>] bus_remove_device+0x83/0x9a Jun 6 11:38:05 thinkpad kernel: [<c0247ba6>] device_del+0xec/0x120 Jun 6 11:38:05 thinkpad kernel: [<c0247be5>] device_unregister+0xb/0x15 Jun 6 11:38:05 thinkpad kernel: [<c01ecfe7>] pci_stop_dev+0x23/0x2d Jun 6 11:38:05 thinkpad kernel: [<c01ed01e>] pci_stop_bus_device+0x2d/0x32 Jun 6 11:38:05 thinkpad kernel: [<c01ed00f>] pci_stop_bus_device+0x1e/0x32 Jun 6 11:38:05 thinkpad kernel: [<f973a8f2>] acpiphp_disable_slot+0x5a/0x156 [acpiphp] Jun 6 11:38:05 thinkpad kernel: [<f973b040>] handle_hotplug_event_func+0xd8/0x101 [acpiphp] Jun 6 11:38:05 thinkpad kernel: [<c01e5045>] ? sprintf+0x17/0x19 Jun 6 11:38:05 thinkpad kernel: [<f973af68>] ? handle_hotplug_event_func+0x0/0x101 [acpiphp] Jun 6 11:38:05 thinkpad kernel: [<c020c33e>] hotplug_dock_devices+0x3f/0xe7 Jun 6 11:38:05 thinkpad kernel: [<c020c60e>] handle_eject_request+0xa7/0xd9 Jun 6 11:38:05 thinkpad kernel: [<c02c9e8d>] ? __schedule+0x3dc/0x3f7 Jun 6 11:38:05 thinkpad kernel: [<c020c79d>] acpi_dock_deferred_cb+0x130/0x19c Jun 6 11:38:05 thinkpad kernel: [<c012b1d1>] ? flush_workqueue+0x12/0x15 Jun 6 11:38:05 thinkpad kernel: [<c0207534>] acpi_os_execute_hp_deferred+0x28/0x36 Jun 6 11:38:05 thinkpad kernel: [<c012ae00>] worker_thread+0x11c/0x18e Jun 6 11:38:05 thinkpad kernel: [<c020750c>] ? acpi_os_execute_hp_deferred+0x0/0x36 Jun 6 11:38:05 thinkpad kernel: [<c012d811>] ? autoremove_wake_function+0x0/0x33 Jun 6 11:38:05 thinkpad kernel: [<c012ace4>] ? worker_thread+0x0/0x18e Jun 6 11:38:05 thinkpad kernel: [<c012d497>] kthread+0x42/0x67 Jun 6 11:38:05 thinkpad kernel: [<c012d455>] ? kthread+0x0/0x67 Jun 6 11:38:05 thinkpad kernel: [<c0103013>] kernel_thread_helper+0x7/0x10 Jun 6 11:38:05 thinkpad kernel: ---[ end trace 9c45d0a1e0bb2ecc ]--- Jun 6 11:38:20 thinkpad kernel: SysRq : Emergency Sync
Paul, As 2.6.29 worked and 2.6.30 fails, can you git-bisect to find out where this broke?
It's a bit difficult as there are many bisect results between 2.6.29 and 2.6.30rc1 that are very broken and won't even boot. I'll try. A similar problem happens with the Thinkpad's Ultrabay, with a crash dereferencing a null pointer on swapping the bay device a second time. I'll report that separately.
I think this bug: http://bugzilla.kernel.org/show_bug.cgi?id=13533 is similar
this is a duplicate of bug #13533. please try the patch I attached there. *** This bug has been marked as a duplicate of bug 13533 ***
I will test.
With this patch on the current git head I get an Oops on all docking and ultrabay operations. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c1031250>] queue_work_on+0x20/0x38 *pde = 00000000 Oops: 0000 [#1] last sysfs file: /sys/class/power_supply/BAT0/type Modules linked in: radeon drm ppdev lp tun aes_i586 aes_generic sco bridge stp llc bnep rfcomm l2cap bluetooth ipv6 microcode ext3 jbd mbcache fuse dm_crypt dm_mod cpufreq_stats acpi_cpufreq acpiphp arc4 snd_intel8x0m ecb snd_cs46xx pcmcia snd_intel8x0 gameport snd_pcm_oss snd_ac97_codec ac97_bus snd_mixer_oss ath5k snd_seq_dummy snd_pcm mac80211 snd_seq_oss ath snd_seq_midi yenta_socket snd_rawmidi nsc_ircc cfg80211 rsrc_nonstatic thinkpad_acpi snd_seq_midi_event pcmcia_core e1000 rfkill snd_seq uhci_hcd snd_timer ehci_hcd shpchp joydev led_class snd_seq_device pci_hotplug i2c_i801 snd usbcore soundcore snd_page_alloc irda crc_ccitt rtc_cmos rtc_core rtc_lib intel_agp video output psmouse parport_pc agpgart parport pcspkr serio_raw battery nvram ac floppy button processor evdev xfs exportfs sd_mod thermal fan ata_generic ide_pci_generic piix ide_core ata_piix libata scsi_mod radeonfb fb_ddc i2c_algo_bit i2c_core Pid: 59, comm: kacpi_notify Tainted: G W (2.6.30 #108) 2374BW7 EIP: 0060:[<c1031250>] EFLAGS: 00010246 CPU: 0 EIP is at queue_work_on+0x20/0x38 EAX: e49f746c EBX: 00000000 ECX: 00000000 EDX: e49f7468 ESI: e49f7460 EDI: 00000020 EBP: f7101ebc ESP: f7101eb8 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 Process kacpi_notify (pid: 59, ti=f7100000 task=f70f8900 task.ti=f7100000) Stack: c12ffddc f7101ec4 c1031288 f7101ee4 c11220d7 f6b86e60 c1127139 00000000 <0> c12ffddc f6b86e60 f70406c0 f7101ef0 c112210e 00000001 f7101f10 c1126af0 <0> 00000000 f70180c0 00000010 c12ffddc ffffffff 00000000 f7101f30 c103729b Call Trace: [<c1031288>] ? queue_work+0xe/0x10 [<c11220d7>] ? __acpi_os_execute+0xc1/0xe8 [<c1127139>] ? acpi_dock_deferred_cb+0x0/0x19c [<c112210e>] ? acpi_os_hotplug_execute+0x10/0x12 [<c1126af0>] ? acpi_dock_notifier_call+0x94/0xb6 [<c103729b>] ? notifier_call_chain+0x2b/0x55 [<c1037585>] ? __blocking_notifier_call_chain+0x37/0x4c [<c10375a6>] ? blocking_notifier_call_chain+0xc/0xe [<c11238db>] ? acpi_bus_notify+0x1f/0x59 [<c11238bc>] ? acpi_bus_notify+0x0/0x59 [<c112f6b5>] ? acpi_ev_notify_dispatch+0x38/0x57 [<c1121fbb>] ? acpi_os_execute_deferred+0x20/0x2c [<c103148c>] ? worker_thread+0x11c/0x18e [<c1121f9b>] ? acpi_os_execute_deferred+0x0/0x2c [<c10342f9>] ? autoremove_wake_function+0x0/0x33 [<c1031370>] ? worker_thread+0x0/0x18e [<c1033f7f>] ? kthread+0x42/0x67 [<c1033f3d>] ? kthread+0x0/0x67 [<c1003063>] ? kernel_thread_helper+0x7/0x10 Code: c1 e8 4d fe ff ff 53 9d 5b 5d c3 55 89 e5 53 89 d3 89 ca 0f ba 29 00 19 c0 31 c9 85 c0 75 1f 8d 42 04 39 42 04 74 04 0f 0b eb fe <8b> 03 9c 5b fa 89 c1 e8 1c fe ff ff 53 9d b9 01 00 00 00 5b 89 EIP: [<c1031250>] queue_work_on+0x20/0x38 SS:ESP 0068:f7101eb8 CR2: 0000000000000000 ---[ end trace 4eaa2a86a8e2da24 ]---
Ultrabay activity gave me this oops (the previous comment was an attempt at docking). BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c1031250>] queue_work_on+0x20/0x38 *pde = 00000000 Oops: 0000 [#1] last sysfs file: /sys/class/net/eth0/carrier Modules linked in: radeon drm ppdev lp tun aes_i586 aes_generic sco bridge stp llc bnep rfcomm l2cap bluetooth ipv6 microcode ext3 jbd mbcache fuse dm_crypt dm_mod cpufreq_stats acpi_cpufreq acpiphp snd_intel8x0m snd_cs46xx gameport snd_intel8x0 arc4 snd_ac97_codec ac97_bus ecb snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy ath5k joydev pcmcia snd_seq_oss mac80211 snd_seq_midi uhci_hcd ehci_hcd i2c_i801 ath snd_rawmidi thinkpad_acpi led_class nvram snd_seq_midi_event psmouse cfg80211 rfkill e1000 yenta_socket rsrc_nonstatic pcmcia_core nsc_ircc serio_raw ac battery snd_seq pcspkr usbcore intel_agp agpgart snd_timer snd_seq_device shpchp pci_hotplug snd video rtc_cmos rtc_core rtc_lib floppy output parport_pc parport button evdev processor soundcore irda snd_page_alloc crc_ccitt xfs exportfs sd_mod thermal fan ata_generic ide_pci_generic piix ide_core ata_piix libata scsi_mod radeonfb fb_ddc i2c_algo_bit i2c_core Pid: 59, comm: kacpi_notify Tainted: G W (2.6.30 #108) 2374BW7 EIP: 0060:[<c1031250>] EFLAGS: 00010246 CPU: 0 EIP is at queue_work_on+0x20/0x38 EAX: f69dccec EBX: 00000000 ECX: 00000000 EDX: f69dcce8 ESI: f69dcce0 EDI: 00000020 EBP: f7101ebc ESP: f7101eb8 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 Process kacpi_notify (pid: 59, ti=f7100000 task=f70f8900 task.ti=f7100000) Stack: c12ffddc f7101ec4 c1031288 f7101ee4 c11220d7 f69ace50 c1127139 00000000 <0> c12ffddc f69ace50 f70d0300 f7101ef0 c112210e 00000001 f7101f10 c1126af0 <0> 00000003 f70197e0 00000010 c12ffddc ffffffff 00000000 f7101f30 c103729b Call Trace: [<c1031288>] ? queue_work+0xe/0x10 [<c11220d7>] ? __acpi_os_execute+0xc1/0xe8 [<c1127139>] ? acpi_dock_deferred_cb+0x0/0x19c [<c112210e>] ? acpi_os_hotplug_execute+0x10/0x12 [<c1126af0>] ? acpi_dock_notifier_call+0x94/0xb6 [<c103729b>] ? notifier_call_chain+0x2b/0x55 [<c1037585>] ? __blocking_notifier_call_chain+0x37/0x4c [<c10375a6>] ? blocking_notifier_call_chain+0xc/0xe [<c11238db>] ? acpi_bus_notify+0x1f/0x59 [<c11238bc>] ? acpi_bus_notify+0x0/0x59 [<c112f6b5>] ? acpi_ev_notify_dispatch+0x38/0x57 [<c1121fbb>] ? acpi_os_execute_deferred+0x20/0x2c [<c103148c>] ? worker_thread+0x11c/0x18e [<c1121f9b>] ? acpi_os_execute_deferred+0x0/0x2c [<c10342f9>] ? autoremove_wake_function+0x0/0x33 [<c1031370>] ? worker_thread+0x0/0x18e [<c1033f7f>] ? kthread+0x42/0x67 [<c1033f3d>] ? kthread+0x0/0x67 [<c1003063>] ? kernel_thread_helper+0x7/0x10 Code: c1 e8 4d fe ff ff 53 9d 5b 5d c3 55 89 e5 53 89 d3 89 ca 0f ba 29 00 19 c0 31 c9 85 c0 75 1f 8d 42 04 39 42 04 74 04 0f 0b eb fe <8b> 03 9c 5b fa 89 c1 e8 1c fe ff ff 53 9d b9 01 00 00 00 5b 89 EIP: [<c1031250>] queue_work_on+0x20/0x38 SS:ESP 0068:f7101eb8 CR2: 0000000000000000 ---[ end trace 4eaa2a86a8e2da24 ]---
the patch doesn't work. but this bug is still a duplicate of bug #13533. Paul, let's focus on bug #13533 :) *** This bug has been marked as a duplicate of bug 13533 ***
I can confirm that the second patch for bug #13533 also fixes this bug.