Re: 2.6.36-rc7: NULL pointer dereference in ehci_clear_tt_buffer_complete

From: Alan Stern
Date: Sun Oct 17 2010 - 09:50:32 EST


On Sat, 16 Oct 2010, Stefan Richter wrote:

> > What I said above wasn't quite right. This won't help trigger the
> > oops, but it should trigger the line saying something like
> >
> > ehci_hcd 0000:00:12.2: qh ffff880208f07af0 (#00) state 5
> >
> > That's the real bug.
>
> # grep ' qh ' /var/log/messages
> Oct 11 22:29:21 stein kernel: ehci_hcd 0000:00:12.2: qh ffff880208f07af0 (#00)
> state 5
>
> I.e. there was none anymore since the one which I reported on Monday.

Evidently this bug is pretty difficult to get hold of. There has to be
an URB that is unlinked at the time the endpoint gets disabled, and
ideally it should have failed with a communications error (because the
device was unplugged). Going to the trouble to arrange all that
doesn't seem worthwhile.

On the whole we shouldn't need to worry about it -- except that I think
the patch itself is worthwhile, pending review by David.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/