Re: 2.6.36-rc7: NULL pointer dereference in ehci_clear_tt_buffer_complete
From: Stefan Richter
Date: Sat Oct 16 2010 - 15:44:25 EST
Alan Stern wrote:
> On Thu, 14 Oct 2010, Stefan Richter wrote:
>
>> Alan Stern wrote:
>>> Stefan, is it possible for you to tell whether this really does work?
>> That will be hard. So far I was unable to reproduce the oops; still running
>> unmodified 2.6.36-rc7.
>
> Was this on an SMP machine?
Yes.
> If yes, the untested patch below may help
> trigger the oops. To use it, insert (but don't mount) a memory card
> into the card reader, and use dd to copy a large amount of data from
> the card to /dev/null. While that's running, unplug either the monitor
> or the card reader. You may want to do this at a VT console so you can
> see directly when the delay occurs.
>
> Alan Stern
>
>
>
> Index: usb-2.6/drivers/usb/core/message.c
> ===================================================================
> --- usb-2.6.orig/drivers/usb/core/message.c
> +++ usb-2.6/drivers/usb/core/message.c
> @@ -323,8 +323,13 @@ static void sg_complete(struct urb *urb)
> /* on the last completion, signal usb_sg_wait() */
> io->bytes += urb->actual_length;
> io->count--;
> - if (!io->count)
> + if (!io->count) {
> + if (status == -ECONNRESET) {
> + printk(KERN_ERR "Delaying for test\n");
> + mdelay(600);
> + }
> complete(&io->complete);
> + }
>
> spin_unlock(&io->lock);
> }
>
I did so today on 2.6.36-rc8, without your other patch. I was still unable to
reproduce the bug. Forget the whole thing as unreproducible?
--
Stefan Richter
-=====-==-=- =-=- =----
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/