Re: kern/48954: USB diagconstic message: actlen (-15996) > len (4)

[Alexander Nasonov <alnsn%yandex.ru@localhost>]

matthew green wrote:
>  i've not see anything that suggested corrupted memory, though it
>  does seem possible.  i have seen it lock up twice, unable to talk
>  to the network at all, requiring being unplugged and reinserted
>  to work again.

Repluging my card almost surely leads to a crash. Location of a crash
is quite predictable but it depends on compilation flags and a verbosity
of debugging messages.

I picked one crash between usbd_setup_xfer and usbd_transfer
calls:

ffffffff8044b34c:       48 8b bb f8 32 00 00    mov    0x32f8(%rbx),%rdi
ffffffff8044b353:       48 c7 44 24 08 4d 75    movq 
$0xffffffff8044754d,0x8(%rsp)
ffffffff8044b35a:       44 80
ffffffff8044b35c:       c7 04 24 00 00 00 00    movl   $0x0,(%rsp)
ffffffff8044b363:       41 b9 05 00 00 00       mov    $0x5,%r9d
ffffffff8044b369:       41 b8 00 40 00 00       mov    $0x4000,%r8d
ffffffff8044b36f:       4c 89 e2                mov    %r12,%rdx
ffffffff8044b372:       e8 e7 17 41 00          callq  ffffffff8085cb5e 
<usbd_setup_xfer>
ffffffff8044b377:       48 8b bb f8 32 00 00    mov    0x32f8(%rbx),%rdi

                                                       ^^^^^^^^^^^^
                                                       IT CRASHES HERE

ffffffff8044b37e:       e8 78 11 41 00          callq  ffffffff8085c4fb 
<usbd_transfer>

Note that it's reading the same memory location 0x32f8(%rbx) twice but
the second read crashes the kernel.

Alex