Mikolaj Kucharski <[email protected]> wrote: > Index: sys/dev/usb/ehci.c > =================================================================== > RCS file: /cvs/src/sys/dev/usb/ehci.c,v > retrieving revision 1.210 > diff -u -p -u -r1.210 ehci.c > --- sys/dev/usb/ehci.c 3 Apr 2020 20:11:47 -0000 1.210 > +++ sys/dev/usb/ehci.c 13 Apr 2020 18:04:51 -0000 > @@ -869,7 +869,9 @@ ehci_idone(struct usbd_xfer *xfer) > struct ehci_xfer *ex = (struct ehci_xfer *)xfer; > struct ehci_soft_qtd *sqtd; > u_int32_t status = 0, nstatus = 0; > - int actlen, cerr; > + u_int32_t actlen, x_actlen; > + int cerr; > + u_int32_t x1, x2; > > #ifdef DIAGNOSTIC > { > @@ -903,8 +905,33 @@ ehci_idone(struct usbd_xfer *xfer) > actlen += sqtd->len - EHCI_QTD_GET_BYTES(status); > } > > + if (xfer->length < actlen) { > + printf("XXX ehci_idone: len=%u, actlen=%u, xf_actlen=%u, " > + "status=0x%x\n", xfer->length, actlen, xfer->actlen, > status);
actlen hasn't been intialized, so you've introduced a new bug and aren't chasing the same bug. It is random stack garbage.
