address_space_unmap: Assertion `mr != NULL' failed.
Bug #1883728 reported by
Bugs SysSec
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
To reproduce run the QEMU with the following command line:
```
qemu-system-x86_64 -cdrom hypertrash_
```
QEMU Version:
```
# qemu-5.0.0
$ ./configure --target-
$ x86_64-
QEMU emulator version 5.0.0
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
```
tags: | added: testcase |
To post a comment you must log in.
Here's a qtest reproducer:
cat << EOF | ./i386- softmmu/ qemu-system- i386 \ drive=mydrive \ file=null- co://,size= 2M,format= raw,if= none \
-device nec-usb-xhci -trace usb\* \
-device usb-audio -device usb-storage,
-drive id=mydrive,
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001016
outl 0xcfc 0x3c319f0d
outl 0xcf8 0x80001004
outl 0xcfc 0xc77695e
writel 0x9f0d000000000040 0xffffd855
write 0x1d 0x1 0x27
write 0x2d 0x1 0x2e
write 0x17232 0x1 0x03
write 0x17254 0x1 0x05
write 0x17276 0x1 0x72
write 0x17278 0x1 0x02
write 0x3d 0x1 0x27
write 0x40 0x1 0x2e
write 0x41 0x1 0x72
write 0x42 0x1 0x01
write 0x4d 0x1 0x2e
write 0x4f 0x1 0x01
writeq 0x9f0d000000002000 0x5c05140100000000
writeq 0x9f0d000000002000 0x5c05140100000000
write 0x2008d 0x1 0x13
writeq 0x9f0d000000002000 0x100ef0100000009
write 0x200ad 0x1 0x27
write 0x200bd 0x1 0x5c
write 0x200cd 0x1 0x2e
write 0x200dd 0x1 0x2f
write 0x200e8 0x1 0x08
write 0x200ec 0x1 0xfe
write 0x200ed 0x1 0x08
write 0x200fd 0x1 0x05
write 0x2010d 0x1 0x2e
write 0x2011d 0x1 0x2f
write 0x2012d 0x1 0x08
write 0x20137 0x1 0x5e
write 0x2013a 0x1 0x2f
write 0x2013d 0x1 0x05
write 0x2014d 0x1 0x13
writeq 0x9f0d000000002000 0x100ef0100000009
EOF
... 7.299108: usb_xhci_ doorbell_ write off 0x0000, val 0x00000000 7.299112: usb_xhci_ fetch_trb addr 0x0000000000000000, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000 7.299115: usb_xhci_ doorbell_ write off 0x0004, val 0x5c051401 7.299124: usb_xhci_ doorbell_ write off 0x0000, val 0x00000000 7.299126: usb_xhci_ fetch_trb addr 0x0000000000000010, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700 7.299129: usb_xhci_ slot_enable slotid 1 7.299132: usb_xhci_ fetch_trb addr 0x0000000000000020, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002e00 7.299134: usb_xhci_ fetch_trb addr 0x0000000000000030, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700 7.299137: usb_xhci_ slot_enable slotid 2 7.299139: usb_xhci_ fetch_trb addr 0x0000000000000040, CR_ADDRESS_DEVICE, p 0x000000000001722e, s 0x00000000, c 0x01002e00 7.299144: usb_xhci_ slot_address slotid 1, port 1 7.299148: usb_xhci_ ep_enable slotid 1, epid 1 7.299151: usb_xhci_ fetch_trb addr 0x0000000000000050, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000 7.299154: usb_xhci_ doorbell_ write off 0x0004, val 0x5c051401 7.299157: usb_xhci_ ep_kick slotid 1, epid 1, streamid 23557 7.299161: usb_xhci_ fetch_trb addr 0x0000000000020070, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000 7.299181: usb_xhci_ doorbell_ write off 0x0000, val 0x00000009 7.299183: usb_xhci_ doorbell_ write off 0x0004, val 0x0100ef01 7.299185: usb_x.. .
[S +0.017146] OK
[R +0.017149] writeq 0x9f0d000000002000 0x5c05140100000000
30899@159718314
30899@159718314
30899@159718314
OK
[S +0.017162] OK
[R +0.017166] writeq 0x9f0d000000002000 0x5c05140100000000
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
30899@159718314
OK
[S +0.017210] OK
[R +0.017214] write 0x2008d 0x1 0x13
OK
[S +0.017219] OK
[R +0.017223] writeq 0x9f0d000000002000 0x100ef0100000009
30899@159718314
30899@159718314
30899@159718314