From: David Brownell <david-b@pacbell.net>

This is a multi-part message in MIME format.
--------------010506030900090306080906
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Bill Nottingham wrote:
> With a 2.6.6-rc1 based kernel. Happened when loading ehci_hcd some
> 10 hours after booting, couldn't reproduce in initial attempts. I
> suppose the question is also why it failed to init, but it certainly
> didn't like the failure...

Hmm, no it didn't.  The "illegal capability" is the hardware acting
broken (what kind of EHCI hardware?); I've had reports of similar
stuff happening after ACPI resume (bogus PCI config space values,
in this case zero).

The "-19" means -ENODEV, which seem likely to be another case of a PCI
request not responding correctly:  handshake() failing because reading
a register returned 0xffffffff.

Looks like a cleanup path needs to handle early failure a bit better;
likely just having ehci_stop test for ehci->async non-null (before
calling scan-async to clean up any pending work) would suffice.

- Dave

> Bill
> 
> PCI: Enabling device 0000:00:1d.7 (0000 -> 0002)
> ehci_hcd 0000:00:1d.7: EHCI Host Controller
> ehci_hcd 0000:00:1d.7: illegal capability!
> PCI: Setting latency timer of device 0000:00:1d.7 to 64
> ehci_hcd 0000:00:1d.7: irq 11, pci mem 22946000
> ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 1
> ehci_hcd 0000:00:1d.7: init error -19ehci_hcd 0000:00:1d.7: remove, state 0
> Unable to handle kernel NULL pointer dereference at virtual address 00000048
> ...

--------------010506030900090306080906
Content-Type: text/plain;
 name="Diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Diff"



---

 25-akpm/drivers/usb/host/ehci-hcd.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletion(-)

diff -puN drivers/usb/host/ehci-hcd.c~ehci-oops-fix drivers/usb/host/ehci-hcd.c
--- 25/drivers/usb/host/ehci-hcd.c~ehci-oops-fix	2004-04-16 21:11:30.337647640 -0700
+++ 25-akpm/drivers/usb/host/ehci-hcd.c	2004-04-16 21:11:30.342646880 -0700
@@ -577,7 +577,8 @@ static void ehci_stop (struct usb_hcd *h
 
 	/* root hub is shut down separately (first, when possible) */
 	spin_lock_irq (&ehci->lock);
-	ehci_work (ehci, NULL);
+	if (ehci->async)
+		ehci_work (ehci, NULL);
 	spin_unlock_irq (&ehci->lock);
 	ehci_mem_cleanup (ehci);
 

_