On Tue, 2009-07-14 at 15:03 -0700, Greg KH wrote: > On Tue, Jul 14, 2009 at 05:52:11PM -0400, Alan Stern wrote: > > On Tue, 14 Jul 2009, Andrew Morton wrote: > > > > > > http://bugzilla.kernel.org/show_bug.cgi?id=13772 > > > > > > > > Summary: khubd bug: unable to handle kernel NULL pointer > > > > dereference > > > > > > This issue occurs occasionally just removing usb drives, but can be stimulated > > > > to occur in about 30 seconds by alternatively plugging and unplugging two usb > > > > flash drives repeatedly (plug/unplug one drive every 2-5 seconds). Once this > > > > error occurs, no other USB connection events are reported in dmesg or via hal. > > > > > > > > usb 4-1: USB disconnect, address 33 > > > > BUG: unable to handle kernel NULL pointer dereference at 00000008 > > > > IP: [<c02562c4>] device_del+0x8/0x124 > > > > > > Pid: 706, comm: khubd Not tainted (2.6.30-strike #1) CF-18KJHZXBM > > > > EIP: 0060:[<c02562c4>] EFLAGS: 00010286 CPU: 0 > > > > EIP is at device_del+0x8/0x124 > > > > EAX: 00000008 EBX: 00000008 ECX: f1c558ac EDX: f854cee7 > > > > ESI: f1c558ac EDI: 00000008 EBP: f73dbdc8 ESP: f73dbdbc > > > > DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 > > > > Process khubd (pid: 706, ti=f73da000 task=f6863140 task.ti=f73da000) > > > > Stack: > > > > 00000000 f1c558ac 00000008 f73dbddc f854cefc f1c558ac f8552d70 f842db9c > > > > f73dbdec f8415fa6 f1c558ac f8552d70 f73dbdfc c0257f84 f1c558ac f1c558e0 > > > > f73dbe0c c0258036 00000000 f1c558ac f73dbe20 c02577b2 f1c558ac f1c558b4 > > > > Call Trace: > > > > [<f854cefc>] ? sd_remove+0x15/0x50 [sd_mod] > > > > [<f8415fa6>] ? scsi_bus_remove+0x29/0x2f [scsi_mod] > > > > [<c0257f84>] ? __device_release_driver+0x58/0x75 > > > > [<c0258036>] ? device_release_driver+0x18/0x23 > > > > I believe this is a known problem in the SCSI disk driver. (NOT a bug > > in khubd, despite what the title says.) That bug has been fixed in > > 2.6.31-rc1; I have no idea why the fix hasn't been submitted for the > > 2.6.30.stable series. > > > > If I'm right, the fix is available here: > > > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=601e7638254c118fca135af9b1a9f35061420f62 > > James, any reason to not apply this to the .30 stable tree? Well, the race window is incredibly narrow and it does alter the flow of control ... I suppose it's been in -rc for three weeks now, but I think we should first confirm that it fixes the bug. If it doesn't, I don't think backporting this is safe. James -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
