Bug 7121 - EIP is at dv1394_remove_host+0x17/0xad [dv1394]
Summary: EIP is at dv1394_remove_host+0x17/0xad [dv1394]
Alias: None
Product: Drivers
Classification: Unclassified
Component: IEEE1394 (show other bugs)
Hardware: i386 Linux
: P2 normal
Assignee: Stefan Richter
Depends on:
Reported: 2006-09-08 00:46 UTC by Miles Lane
Modified: 2007-02-09 15:38 UTC (History)
1 user (show)

See Also:
Kernel Version: all
Regression: ---
Bisected commit-id:

ieee1394: dv1394: fix CardBus card ejection (1.75 KB, patch)
2007-01-27 05:05 UTC, Stefan Richter
Details | Diff

Description Miles Lane 2006-09-08 00:46:45 UTC
Most recent kernel where this bug did not occur:  Don't know yet.
Distribution: Ubuntu Development (6.06.1 + devel/devel-extras/security updates)
Hardware Environment: 
X86 Laptop (HP Pavillion dv1240us)
The ieee1394 pcmcia card is a "Western Digital 1394 Cardbus PC Card", model
WDAD003-RNW (The card was made in year 2000)

Problem Description:

I tried testing the patches from
applied to 2.6.18-rc5-git1.  Things went pretty well (I attached a firewire
drive and a videocam), until I ran "pccardctl eject" and then popped out the
Firewire card.

ieee1394: Node changed: 1-02:1023 -> 1-00:1023
ieee1394: Node suspended: ID:BUS[1-00:1023]  GUID[0080880002103eae]
ieee1394: Node suspended: ID:BUS[1-01:1023]  GUID[0090a950000b2255]
pccard: card ejected from slot 0
ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[0080880002103eae]
PM: Removing info for ieee1394:0080880002103eae-0
PM: Removing info for ieee1394:0080880002103eae
ieee1394: Node removed: ID:BUS[1-01:1023]  GUID[0090a950000b2255]
PM: Removing info for ieee1394:0090a950000b2255-0
PM: Removing info for ieee1394:0090a950000b2255
ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[0090a94000007475]
PM: Removing info for ieee1394:0090a94000007475-0
PM: Removing info for ieee1394:0090a94000007475
BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000000
 printing eip:
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: dv1394 raw1394 binfmt_misc apm i915 drm ipv6
speedstep_centrino freq_table cpufreq_powersave cpufreq_performance
cpufreq_ondemand cpufreq_conservative video thermal processor fan
button battery ac nls_ascii nls_cp437 vfat fat nls_utf8 ntfs nls_base
sr_mod sbp2 scsi_mod parport_pc lp parport 8139cp pcmcia 8139too
ipw2200 sdhci mmc_core ohci1394 ieee1394 yenta_socket rsrc_nonstatic
pcmcia_core mii snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss
snd_mixer_oss ide_cd snd_pcm snd_timer cdrom psmouse shpchp
pci_hotplug snd soundcore snd_page_alloc ehci_hcd uhci_hcd intel_agp
agpgart usbcore rtc evdev
CPU:    0
EIP:    0060:[<f955b309>]    Not tainted VLI
EFLAGS: 00010282   (2.6.18-rc5-git1 #4)
EIP is at dv1394_remove_host+0x17/0xad [dv1394]
eax: f91ac0f4   ebx: 00000001   ecx: 00000000   edx: f955b2f2
esi: 00000000   edi: f955c4d9   ebp: f955d980   esp: eab03e74
ds: 007b   es: 007b   ss: 0068
Process pccardctl (pid: 7111, ti=eab02000 task=f0a02ab0 task.ti=eab02000)
Stack: f955d980 ed5c4000 ed5c4000 f91788c2 00000000 f955d980 ed5c4000 f91310cc
      f7c0b448 f9178945 ed5c4000 ed5c5d48 f9177e65 ed5c5f64 f912c9f2 f52ae800
      f52ae848 f91310cc c10c5d24 f52ae8b0 c111dcbd f52ae848 f52ae848 c11f4aa0
Call Trace:
 [<f91788c2>] __unregister_host+0x17/0x79 [ieee1394]
 [<f9178945>] highlevel_remove_host+0x21/0x42 [ieee1394]
 [<f9177e65>] hpsb_remove_host+0x37/0x56 [ieee1394]
 [<f912c9f2>] ohci1394_pci_remove+0x41/0x1cd [ohci1394]
 [<c10c5d24>] pci_device_remove+0x16/0x28
 [<c111dcbd>] __device_release_driver+0x5a/0x72
 [<c111de8f>] device_release_driver+0x1b/0x29
 [<c111d705>] bus_remove_device+0x78/0x8a
 [<c111c8a7>] device_del+0xe9/0x11a
 [<c111c8e0>] device_unregister+0x8/0x10
 [<c10c3ee5>] pci_remove_bus_device+0x39/0xcf
 [<c10c3f95>] pci_remove_behind_bridge+0x1a/0x2d
 [<f910d5ae>] socket_shutdown+0x89/0xdd [pcmcia_core]
 [<f910d675>] pcmcia_eject_card+0x56/0x65 [pcmcia_core]
 [<f9110070>] pccard_store_eject+0x19/0x20 [pcmcia_core]
 [<c111e2e7>] class_device_attr_store+0x1b/0x1f
 [<c1075495>] sysfs_write_file+0x97/0xbe
 [<c1044a48>] vfs_write+0xa6/0x14b
 [<c10452d4>] sys_write+0x3c/0x63
 [<c10029a5>] sysenter_past_esp+0x56/0x79
DWARF2 unwinder stuck at sysenter_past_esp+0x56/0x79
Leftover inexact backtrace:
Code: c2 ff c7 87 90 01 00 00 00 00 00 00 83 c4 10 5b 5e 5f 5d c3 57
56 53 8b 98 44 1d 00 00 8b 80 3c 1d 00 00 8b 70 04 bf d9 c4 55 f9 <ac>
ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 85 c0 75 7e 9c
EIP: [<f955b309>] dv1394_remove_host+0x17/0xad [dv1394] SS:ESP 0068:eab03e74
Comment 1 Stefan Richter 2006-09-08 01:21:28 UTC
It's obviously a long-standing issue. Cf. 2.6.4's bug 2228.
Comment 2 Stefan Richter 2006-12-01 03:08:24 UTC
Did this happen even though no transmissions were captured from the camera
before? Would it also happen with all FireWire drivers including dv1394 loaded
but no camera connected?
Comment 3 Miles Lane 2006-12-01 18:34:11 UTC
I will test with the latest kernel code and let you know.  It may take a few
days for me to get to this.

Comment 4 Stefan Richter 2006-12-31 08:55:28 UTC
Does also happen with 2.6.19 + IEEE 1394 drivers equivalent to 2.6.20-rc2.

pccard: card ejected from slot 0
ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[00d0f5200800613d]
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: dv1394 nfsd exportfs nfs lockd sunrpc ohci1394 ieee1394
fw_core yenta_socket rsrc_nonstatic pcmcia_core nvidia(P) snd_via82xx
snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart
snd_rawmidi snd lp af_packet 8139too mii loop via_agp agpgart uhci_hcd
CPU:    0
EIP:    0060:[<f8dc7980>]    Tainted: P      VLI
EFLAGS: 00010296   (2.6.19 #2)
EIP is at dv1394_remove_host+0x20/0xe0 [dv1394]
eax: f8d6c400   ebx: 00000001   ecx: 00000000   edx: f8dc9220
esi: 00000000   edi: f8dc7de6   ebp: f5be9db4   esp: f5be9d9c
ds: 007b   es: 007b   ss: 0068
Process pccardd (pid: 5801, ti=f5be8000 task=f5ace150 task.ti=f5be8000)
Stack: f5be9db4 f8d59f66 f5bd1400 f8dc9220 f4e2e000 f4e2e000 f5be9dd8 f8d5a1fc
       f4e2e000 f4e2e000 00000000 00000282 f8dc9220 f4e2e000 f65c0254 f5be9df4
       f8d5ab56 f8dc9220 f4e2e000 00000000 f4e2e000 f4e2e0c4 f5be9e04 f8d59c63
Call Trace:
 [<c010403f>] show_trace_log_lvl+0x2f/0x50
 [<c0104127>] show_stack_log_lvl+0x97/0xc0
 [<c0104382>] show_registers+0x1c2/0x270
 [<c0104629>] die+0x129/0x220
 [<c011492a>] do_page_fault+0x3ca/0x650
 [<c02e37e1>] error_code+0x39/0x40
 [<f8d5a1fc>] __unregister_host+0x8c/0xd0 [ieee1394]
 [<f8d5ab56>] highlevel_remove_host+0x36/0x60 [ieee1394]
 [<f8d59c63>] hpsb_remove_host+0x43/0x70 [ieee1394]
 [<f8d4ffb8>] ohci1394_pci_remove+0x68/0x240 [ohci1394]
 [<c01ff836>] pci_device_remove+0x46/0x50
 [<c023bb83>] __device_release_driver+0xa3/0xc0
 [<c023bbda>] device_release_driver+0x3a/0x60
 [<c023ae29>] bus_remove_device+0x89/0xc0
 [<c02395e5>] device_del+0x75/0x200
 [<c0239782>] device_unregister+0x12/0x20
 [<c01fc65b>] pci_stop_dev+0x3b/0x70
 [<c01fc6a2>] pci_destroy_dev+0x12/0x70
 [<c01fc7ae>] pci_remove_bus_device+0x1e/0x50
 [<c01fc80b>] pci_remove_behind_bridge+0x2b/0x40
 [<f8d1ac84>] cb_free+0x24/0x60 [pcmcia_core]
 [<f8d16936>] socket_shutdown+0x86/0x130 [pcmcia_core]
 [<f8d16eb8>] socket_remove+0x28/0x30 [pcmcia_core]
 [<f8d16f2a>] socket_detect_change+0x6a/0x80 [pcmcia_core]
 [<f8d170cd>] pccardd+0x18d/0x220 [pcmcia_core]
 [<c0133f8b>] kthread+0xbb/0xf0
 [<c0103e1f>] kernel_thread_helper+0x7/0x18
Code: 5b c9 c3 90 8d b4 26 00 00 00 00 55 89 e5 57 bf e6 7d dc f8 56 53 83 ec 0c
8b 45 08 8b 98 b8 00 00 00 8b 80 bc 00 00 00 8b 70 04 <ac> ae 75 08 84 c0 75 f8
31 c0 eb 04 19 c0 0c 01 85 c0 74 3c 83
EIP: [<f8dc7980>] dv1394_remove_host+0x20/0xe0 [dv1394] SS:ESP 0068:f5be9d9c
Comment 5 Stefan Richter 2007-01-27 05:05:28 UTC
Created attachment 10201 [details]
ieee1394: dv1394: fix CardBus card ejection

posted at http://thread.gmane.org/gmane.linux.kernel/486738/focus=486844
Comment 6 Stefan Richter 2007-01-27 14:26:12 UTC
Patch committed to linux1394-2.6.git, will send it to Linus after 2.6.20 was
released, i.e. for 2.6.21-rc1. Please reopen this bug entry if dv1394 is still
causing trouble on card ejection.

Note You need to log in before you can comment on or make changes to this bug.