Comment 31 for bug 1647389

Hi,

I've figured out the actual problem, and I've made a patch that fixes the issue, not sure if it will apply cleanly as mine is based off the rhel version but thought I'd share it since it gave me a headache and many others it seems.

This is what happens
vdev->vq[i].inuse = (uint16_t)(vdev->vq[i].last_avail_idx - vdev->vq[i].used_idx);

if (vdev->vq[i].inuse > vdev->vq[i].vring.num)

Random example with last_avail_idx 0x1 used_idx 0x2, size 0x80:
1 - 2 = -1 however cast as unsigned it ends up being 65535
so if (65535 > 80) = headache

The patch I made basically checks if it's a negative and sets it to 0 as well as adding inuse to the error_report. I am sure if the error_report initially actually showed the true values being compared and not the source values, it would have been figured out sooner.