[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1878255] Re: Assertion failure in bdrv_aio_cancel, through ide
|
From: |
Thomas Huth |
|
Subject: |
[Bug 1878255] Re: Assertion failure in bdrv_aio_cancel, through ide |
|
Date: |
Thu, 20 Aug 2020 14:46:26 -0000 |
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878255
Title:
Assertion failure in bdrv_aio_cancel, through ide
Status in QEMU:
Fix Released
Bug description:
Hello,
While fuzzing, I found an input that triggers an assertion failure in
bdrv_aio_cancel, through ide:
#1 0x00007ffff685755b in __GI_abort () at abort.c:79
#2 0x0000555556a8d396 in bdrv_aio_cancel (acb=0x607000061290) at
/home/alxndr/Development/qemu/block/io.c:2746
#3 0x0000555556a58525 in blk_aio_cancel (acb=0x2) at
/home/alxndr/Development/qemu/block/block-backend.c:1540
#4 0x0000555556552f5b in ide_reset (s=<optimized out>) at
/home/alxndr/Development/qemu/hw/ide/core.c:1318
#5 0x0000555556552aeb in ide_bus_reset (bus=0x62d000017398) at
/home/alxndr/Development/qemu/hw/ide/core.c:2422
#6 0x0000555556579ba5 in ahci_reset_port (s=<optimized out>, port=<optimized
out>) at /home/alxndr/Development/qemu/hw/ide/ahci.c:650
#7 0x000055555657bd8d in ahci_port_write (s=0x61e000014d70, port=0x2,
offset=<optimized out>, val=0x10) at
/home/alxndr/Development/qemu/hw/ide/ahci.c:360
#8 0x000055555657bd8d in ahci_mem_write (opaque=<optimized out>,
addr=<optimized out>, val=<optimized out>, size=<optimized out>) at
/home/alxndr/Development/qemu/hw/ide/ahci.c:513
#9 0x00005555560028d7 in memory_region_write_accessor (mr=<optimized out>,
addr=<optimized out>, value=<optimized out>, size=<optimized out>,
shift=<optimized out>, mask=<optimized out>, attrs=...) at
/home/alxndr/Development/qemu/memory.c:483
#10 0x0000555556002280 in access_with_adjusted_size (addr=<optimized out>,
value=<optimized out>, size=<optimized out>, access_size_min=<optimized out>,
access_size_max=<optimized out>, access_fn=<optimized out>, mr=0x61e000014da0,
attrs=...) at /home/alxndr/Development/qemu/memory.c:544
#11 0x0000555556002280 in memory_region_dispatch_write (mr=<optimized out>,
addr=<optimized out>, data=0x10, op=<optimized out>, attrs=...) at
/home/alxndr/Development/qemu/memory.c:1476
#12 0x0000555555f171d4 in flatview_write_continue (fv=<optimized out>,
addr=0xe106c22c, attrs=..., ptr=<optimized out>, len=0x1, addr1=0x7fffffffb8d0,
l=<optimized out>, mr=0x61e000014da0) at
/home/alxndr/Development/qemu/exec.c:3137
#13 0x0000555555f0fb98 in flatview_write (fv=0x60600003b180, addr=<optimized
out>, attrs=..., buf=<optimized out>, len=<optimized out>) at
/home/alxndr/Development/qemu/exec.c:3177
I can reproduce it in qemu 5.0 using:
cat << EOF | ~/Development/qemu/build/i386-softmmu/qemu-system-i386 -qtest
stdio -monitor none -serial none -M pc-q35-5.0 -nographic
outl 0xcf8 0x8000fa24
outl 0xcfc 0xe106c000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x7
outl 0xcf8 0x8000fb20
write 0x0 0x3 0x2780e7
write 0xe106c22c 0xd 0x1130c218021130c218021130c2
write 0xe106c218 0x15 0x110010110010110010110010110010110010110010
EOF
I also attached the commands to this launchpad report, in case the
formatting is broken:
qemu-system-i386 -qtest stdio -monitor none -serial none -M pc-q35-5.0
-nographic < attachment
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878255/+subscriptions
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug 1878255] Re: Assertion failure in bdrv_aio_cancel, through ide,
Thomas Huth <=