Re: [USB boot crash, -git] ecm_do_notify(), list_add corruption.prev->next should be next (ffff88003b8f82f8)

From: Alan Stern
Date: Wed Jul 23 2008 - 23:47:12 EST

On Wed, 23 Jul 2008, David Brownell wrote:

> So far, the fingers point at dummy_hcd... the merge doesn't
> seem to have had problems, and the gadget driver had been
> tested with four different peripheral controller drivers
> (pre-merge).

> But the link state notification (probably using ep-e) message
> couldn't be queued (list_add_tail) because of this oopsing:
> > usb0: qlen 10
> > g_cdc gadget: notify connect false
> > list_add corruption. prev->next should be next (ffff88003b8f82f8), but was ffff88003b8f8e80. (prev=ffff88003b8f8e80).
> Now, prev->next == prev is expected here: that list of messages
> should be empty.
> What's wrong is that head->prev != head, meaning something
> trashed a dummy_hcd data structure.

The problem could easily be that dummy-hcd simply isn't
list-debugging-safe. I wouldn't be at all surprised if, for example,
it adds a node to a list without initializing the node first.

Alan Stern

