Comment 2 for bug 44599

I'm seeing the same basic problem on my IBM Thinkpad T40 running 2.6.15-27-686 #1 SMP PREEMPT Sat Sep 16 02:13:27 UTC 2006 i686 GNU/Linux.

If the IDE device (CF card) is inserted at boot, the device works ok. If ejected and reinserted, this Oops occurs:

pccard: card ejected from slot 0
enabled 0001
pccard: PCMCIA card inserted into slot 0
pcmcia: registering new device pcmcia0.0
Probing IDE interface ide2...
hde: Flash Card, CFA DISK drive
ide2 at 0x4100-0x4107,0x410e on irq 3
hde: max request size: 128KiB
hde: 4062240 sectors (2079 MB) w/0KiB Cache, CHS=4030/16/63
hde: cache flushes not supported
 hde: hde1
Unable to handle kernel NULL pointer dereference at virtual address 00000078
 printing eip:
c01bcb83
*pde = 00000000
Oops: 0002 [#1]
PREEMPT SMP
Modules linked in: rfcomm l2cap nvram uinput ppdev speedstep_centrino cpufreq_userspace cpufreq_stats freq_table cpufreq_powersave cpufreq_ondemand cpufreq_conservative video tc1100_wmi sony_acpi pcc_acpi ibm_acpi hotkey dev_acpi container button acpi_sbs battery ac i2c_acpi_ec i2c_core nls_iso8859_1 nls_cp437 vfat ipv6 fat dm_mod md_mod fglrx lp af_packet arc4 ieee80211_crypt_wep ide_cs pcmcia joydev tsdev ipw2100 ieee80211 ieee80211_crypt e1000 irtty_sir snd_intel8x0 yenta_socket rsrc_nonstatic pcmcia_core sir_dev nsc_ircc hci_usb snd_ac97_codec snd_ac97_bus irda bluetooth snd_pcm_oss snd_mixer_oss crc_ccitt pcspkr parport_pc parport psmouse floppy serio_raw snd_pcm snd_timer snd soundcore snd_page_alloc intel_agp agpgart shpchp pci_hotplug evdev ext3 jbd ide_generic ehci_hcd uhci_hcd usbcore ide_disk piix generic thermal processor fan capability commoncap vga16fb vgastate fbcon tileblit font bitblit softcursor
CPU: 0
EIP: 0060:[create_dir+35/464] Tainted: P VLI
EFLAGS: 00210286 (2.6.15-27-686)
EIP is at create_dir+0x23/0x1d0
eax: f79a3a18 ebx: f6e311d4 ecx: c0326677 edx: 00000000
esi: f6e311d0 edi: f79c5450 ebp: f7a7f93c esp: f7a7f900
ds: 007b es: 007b ss: 0068
Process pccardd (pid: 3155, threadinfo=f7a7e000 task=f7a9ba90)
Stack: c01b571b f75c10c0 00000001 00000001 ffffffff f6e311d7 f6e311d0 f6e311d0
       f79c5450 f79c53c0 c01bcd96 f6e311d0 f79a3a18 f6e311d4 f7a7f93c 00000000
       00000000 c01f92ef f6e311d0 f6e311d0 fffffffe c01f95ad f6e311d0 f6e311d0
Call Trace:
 [read_dev_sector+155/208] read_dev_sector+0x9b/0xd0
 [sysfs_create_dir+54/128] sysfs_create_dir+0x36/0x80
 [create_dir+31/96] create_dir+0x1f/0x60
 [kobject_add+125/224] kobject_add+0x7d/0xe0
 [kobject_register+40/128] kobject_register+0x28/0x80
 [add_partition+207/288] add_partition+0xcf/0x120
 [rescan_partitions+282/368] rescan_partitions+0x11a/0x170
 [do_open+861/960] do_open+0x35d/0x3c0
 [acpi_os_acquire_object+29/74] acpi_os_acquire_object+0x1d/0x4a
 [blkdev_get+148/192] blkdev_get+0x94/0xc0
 [register_disk+193/224] register_disk+0xc1/0xe0
 [add_disk+73/96] add_disk+0x49/0x60
 [exact_match+0/16] exact_match+0x0/0x10
 [exact_lock+0/32] exact_lock+0x0/0x20
 [pg0+943933151/1069167616] ide_disk_probe+0x14f/0x18b [ide_disk]
 [driver_probe_device+84/240] driver_probe_device+0x54/0xf0
 [__device_attach+0/16] __device_attach+0x0/0x10
 [bus_for_each_drv+93/128] bus_for_each_drv+0x5d/0x80
 [device_attach+99/112] device_attach+0x63/0x70
 [__device_attach+0/16] __device_attach+0x0/0x10
 [bus_add_device+53/208] bus_add_device+0x35/0xd0
 [device_pm_add+81/144] device_pm_add+0x51/0x90
 [device_add+295/416] device_add+0x127/0x1a0
 [probe_hwif_init_with_fixup+109/144] probe_hwif_init_with_fixup+0x6d/0x90
 [ide_register_hw_with_fixup+424/448] ide_register_hw_with_fixup+0x1a8/0x1c0
 [ide_undecoded_slave+0/192] ide_undecoded_slave+0x0/0xc0
 [pg0+946311689/1069167616] idecs_register+0x89/0x90 [ide_cs]
 [ide_undecoded_slave+0/192] ide_undecoded_slave+0x0/0xc0
 [pg0+946312715/1069167616] ide_config+0x3fb/0x650 [ide_cs]
 [pg0+946159313/1069167616] pccard_read_tuple+0x71/0xc0 [pcmcia_core]
 [pg0+946313644/1069167616] ide_event+0xdc/0xf0 [ide_cs]
 [pg0+946485222/1069167616] pcmcia_register_client+0x1d6/0x2a0 [pcmcia]
 [kzalloc+31/80] kzalloc+0x1f/0x50
 [pg0+946311315/1069167616] ide_attach+0x93/0xd0 [ide_cs]
 [kobject_get+23/32] kobject_get+0x17/0x20
 [pg0+946480299/1069167616] pcmcia_device_probe+0x8b/0x160 [pcmcia]
 [driver_probe_device+84/240] driver_probe_device+0x54/0xf0
 [__device_attach+0/16] __device_attach+0x0/0x10
 [bus_for_each_drv+93/128] bus_for_each_drv+0x5d/0x80
 [device_attach+99/112] device_attach+0x63/0x70
 [__device_attach+0/16] __device_attach+0x0/0x10
 [bus_add_device+53/208] bus_add_device+0x35/0xd0
 [device_pm_add+81/144] device_pm_add+0x51/0x90
 [device_add+295/416] device_add+0x127/0x1a0
 [pg0+946481513/1069167616] pcmcia_device_add+0x159/0x1e0 [pcmcia]
 [pg0+946481807/1069167616] pcmcia_card_add+0x9f/0xc0 [pcmcia]
 [vprintk+654/784] vprintk+0x28e/0x310
 [kobject_get+23/32] kobject_get+0x17/0x20
 [class_device_get+24/32] class_device_get+0x18/0x20
 [pg0+946484693/1069167616] ds_event+0x115/0x150 [pcmcia]
 [pg0+946145438/1069167616] send_event+0x8e/0xf0 [pcmcia_core]
 [pg0+946146595/1069167616] socket_insert+0xf3/0x1d0 [pcmcia_core]
 [pg0+946147500/1069167616] socket_detect_change+0x3c/0x90 [pcmcia_core]
 [pg0+946148033/1069167616] pccardd+0x1c1/0x210 [pcmcia_core]
 [ret_from_fork+6/20] ret_from_fork+0x6/0x14
 [default_wake_function+0/32] default_wake_function+0x0/0x20
 [pg0+946147584/1069167616] pccardd+0x0/0x210 [pcmcia_core]
 [kernel_thread_helper+5/16] kernel_thread_helper+0x5/0x10
Code: 00 8d bc 27 00 00 00 00 83 ec 28 8b 44 24 30 89 5c 24 18 8b 5c 24 34 89 6c 24 24 8b 6c 24 38 89 74 24 1c 89 7c 24 20 8b 50 10 90 <ff> 4a 78 0f 88 28 0e 00 00 31 c0 b9 ff ff ff ff 89 df f2 ae f7

Re-ejecting and inserting locks the system hard as Paul Sladen mentions above.