[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1878263] Re: Assertion-failure in scsi_dma_complete, with megasas
|
From: |
Thomas Huth |
|
Subject: |
[Bug 1878263] Re: Assertion-failure in scsi_dma_complete, with megasas |
|
Date: |
Thu, 10 Dec 2020 08:56:47 -0000 |
Fixed in commit 4773a5f35b0d83674f92816a226a594b03bbcf60
** Changed in: qemu
Status: New => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878263
Title:
Assertion-failure in scsi_dma_complete, with megasas
Status in QEMU:
Fix Released
Bug description:
Hello,
While fuzzing, I found an input that triggers an assertion-failure in
scsi_dma_complete, with megasas:
qemu-system-i386: /home/alxndr/Development/qemu/hw/scsi/scsi-
disk.c:292: void scsi_dma_complete(void *, int): Assertion
`r->req.aiocb != NULL' failed.
#3 0x00007ffff6866092 in __GI___assert_fail (assertion=0x555556efa460 <str>
"r->req.aiocb != NULL", file=0x555556ef9b20 <str>
"/home/alxndr/Development/qemu/hw/scsi/scsi-disk.c", line=0x124,
function=0x555556efa560 <__PRETTY_FUNCTION__.scsi_dma_complete> "void
scsi_dma_complete(void *, int)") at assert.c:101
#4 0x000055555669d473 in scsi_dma_complete (opaque=0x616000040280,
ret=<optimized out>) at /home/alxndr/Development/qemu/hw/scsi/scsi-disk.c:292
#5 0x000055555639c89b in dma_complete (dbs=<optimized out>, ret=<optimized
out>) at /home/alxndr/Development/qemu/dma-helpers.c:118
#6 0x000055555639c89b in dma_blk_cb (opaque=<optimized out>, ret=<optimized
out>) at /home/alxndr/Development/qemu/dma-helpers.c:136
#7 0x000055555639bd58 in dma_blk_io (ctx=<optimized out>, sg=<optimized
out>, offset=<optimized out>, align=<optimized out>, io_func=<optimized
out>, io_func_opaque=<optimized out>, cb=<optimized out>, opaque=<optimized
out>, dir=<optimized out>) at /home/alxndr/Development/qemu/dma-helpers.c:232
#8 0x000055555669baa5 in scsi_write_data (req=0x616000040280) at
/home/alxndr/Development/qemu/hw/scsi/scsi-disk.c:583
#9 0x00005555566b5d93 in scsi_req_continue (req=0x616000040280) at
/home/alxndr/Development/qemu/hw/scsi/scsi-bus.c:1337
#10 0x00005555566f52e3 in megasas_enqueue_req (cmd=<optimized out>,
is_write=<optimized out>) at
/home/alxndr/Development/qemu/hw/scsi/megasas.c:1651
#11 0x00005555566e276f in megasas_handle_io (s=<optimized out>,
cmd=<optimized out>, frame_cmd=<optimized out>) at
/home/alxndr/Development/qemu/hw/scsi/megasas.c:1790
#12 0x00005555566e276f in megasas_handle_frame (s=<optimized out>,
frame_addr=<optimized out>, frame_count=<optimized out>) at
/home/alxndr/Development/qemu/hw/scsi/megasas.c:1969
#13 0x00005555566e276f in megasas_mmio_write (opaque=<optimized out>,
addr=<optimized out>, val=<optimized out>, size=<optimized out>) at
/home/alxndr/Development/qemu/hw/scsi/megasas.c:2122
#14 0x00005555560028d7 in memory_region_write_accessor (mr=<optimized out>,
addr=<optimized out>, value=<optimized out>, size=<optimized out>,
shift=<optimized out>, mask=<optimized out>, attrs=...) at
/home/alxndr/Development/qemu/memory.c:483
#15 0x0000555556002280 in access_with_adjusted_size (addr=<optimized out>,
value=<optimized out>, size=<optimized out>, access_size_min=<optimized out>,
access_size_max=<optimized out>, access_fn=<optimized out>, mr=0x7fffeeb301e0,
attrs=...) at /home/alxndr/Development/qemu/memory.c:544
#16 0x0000555556002280 in memory_region_dispatch_write (mr=<optimized out>,
addr=<optimized out>, data=0x17, op=<optimized out>, attrs=...) at
/home/alxndr/Development/qemu/memory.c:1476
#17 0x0000555555f171d4 in flatview_write_continue (fv=<optimized out>,
addr=0xc1c0, attrs=..., ptr=<optimized out>, len=0x1, addr1=0x7fffffffae00,
l=<optimized out>, mr=0x7fffeeb301e0) at
/home/alxndr/Development/qemu/exec.c:3137
#18 0x0000555555f0fb98 in flatview_write (fv=0x606000038180, addr=<optimized
out>, attrs=..., buf=<optimized out>, len=<optimized out>) at
/home/alxndr/Development/qemu/exec.c:3177
I can reproduce it in qemu 5.0 using:
cat << EOF | ~/Development/qemu/build/i386-softmmu/qemu-system-i386 -qtest
stdio -nographic -monitor none -serial none -M q35 -device megasas -device
scsi-cd,drive=null0 -blockdev driver=null-co,read-zeroes=on,node-name=null0
outl 0xcf8 0x80001818
outl 0xcfc 0xc101
outl 0xcf8 0x8000181c
outl 0xcf8 0x80001804
outw 0xcfc 0x7
outl 0xcf8 0x8000186a
write 0x14 0x1 0xfe
write 0x0 0x1 0x02
outb 0xc1c0 0x17
EOF
I also attached the commands to this launchpad report, in case the
formatting is broken:
qemu-system-i386 -qtest stdio -nographic -monitor none -serial none -M
q35 -device megasas -device scsi-cd,drive=null0 -blockdev driver=null-
co,read-zeroes=on,node-name=null0 < attachment
Please let me know if I can provide any further info.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878263/+subscriptions
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug 1878263] Re: Assertion-failure in scsi_dma_complete, with megasas,
Thomas Huth <=