Re: [USB boot crash, -git] ecm_do_notify(), list_add corruption.prev->next should be next (ffff88003b8f82f8)

From: Alan Stern
Date: Wed Jul 23 2008 - 23:47:12 EST

Previous message: Rusty Russell: "Re: [PATCH 1/1] cpumask: Change cpumask_of_cpu to use cpumask_of_cpu_map"
In reply to: David Brownell: "Re: [USB boot crash, -git] ecm_do_notify(), list_add corruption. prev->next should be next (ffff88003b8f82f8)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 23 Jul 2008, David Brownell wrote:

> So far, the fingers point at dummy_hcd... the merge doesn't
> seem to have had problems, and the gadget driver had been
> tested with four different peripheral controller drivers
> (pre-merge).

> But the link state notification (probably using ep-e) message
> couldn't be queued (list_add_tail) because of this oopsing:
>
>
> > usb0: qlen 10
> > g_cdc gadget: notify connect false
> > list_add corruption. prev->next should be next (ffff88003b8f82f8), but was ffff88003b8f8e80. (prev=ffff88003b8f8e80).
>
> Now, prev->next == prev is expected here: that list of messages
> should be empty.
>
> What's wrong is that head->prev != head, meaning something
> trashed a dummy_hcd data structure.

The problem could easily be that dummy-hcd simply isn't
list-debugging-safe. I wouldn't be at all surprised if, for example,
it adds a node to a list without initializing the node first.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Previous message: Rusty Russell: "Re: [PATCH 1/1] cpumask: Change cpumask_of_cpu to use cpumask_of_cpu_map"
In reply to: David Brownell: "Re: [USB boot crash, -git] ecm_do_notify(), list_add corruption. prev->next should be next (ffff88003b8f82f8)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]