NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/48954: USB diagconstic message: actlen (-15996) > len (4)
The following reply was made to PR kern/48954; it has been noted by GNATS.
From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: kern/48954: USB diagconstic message: actlen (-15996) > len (4)
Date: Fri, 27 Jun 2014 14:13:41 +0000
On Fri, Jun 27, 2014 at 02:10:14PM +0000, Alexander Nasonov wrote:
> ffffffff8044b34c: 48 8b bb f8 32 00 00 mov 0x32f8(%rbx),%rdi
> ffffffff8044b353: 48 c7 44 24 08 4d 75 movq
$0xffffffff8044754d,0x8(%rsp)
> ffffffff8044b35a: 44 80
> ffffffff8044b35c: c7 04 24 00 00 00 00 movl $0x0,(%rsp)
> ffffffff8044b363: 41 b9 05 00 00 00 mov $0x5,%r9d
> ffffffff8044b369: 41 b8 00 40 00 00 mov $0x4000,%r8d
> ffffffff8044b36f: 4c 89 e2 mov %r12,%rdx
> ffffffff8044b372: e8 e7 17 41 00 callq ffffffff8085cb5e
<usbd_setup_xfer>
> ffffffff8044b377: 48 8b bb f8 32 00 00 mov 0x32f8(%rbx),%rdi
>
> ^^^^^^^^^^^^
> IT CRASHES HERE
>
> ffffffff8044b37e: e8 78 11 41 00 callq ffffffff8085c4fb
<usbd_transfer>
>
> Note that it's reading the same memory location 0x32f8(%rbx) twice but
> the second read crashes the kernel.
That means either compiled code isn't preserving %rbx according to the
function call ABI (unlikely) or the stack's being overwritten.
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index