Assertion failure in *bmdma_active_if `bmdma->bus->retry_unit != (uint8_t)-1' failed.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
John Snow |
Bug Description
Hello,
Here is a QTest Reproducer:
cat << EOF | ./i386-
-qtest null -nographic -vga qxl -qtest stdio -nodefaults\
-drive if=none,
-drive if=none,
-device ide-cd,drive=drive0 -device ide-hd,drive=drive1
outw 0x176 0x3538
outw 0x376 0x6007
outw 0x376 0x6b6b
outw 0x176 0x985c
outl 0xcf8 0x80000903
outl 0xcfc 0x2f2931
outl 0xcf8 0x80000920
outb 0xcfc 0x6b
outb 0x68 0x7
outw 0x176 0x2530
EOF
Here is the call-stack:
#8 0x7f00e0443091 in __assert_fail /build/
#9 0x55e163f5a1af in bmdma_active_if /home/alxndr/
#10 0x55e163f5a1af in bmdma_prepare_buf /home/alxndr/
#11 0x55e163f4f00d in ide_dma_cb /home/alxndr/
#12 0x55e163de86ad in dma_complete /home/alxndr/
#13 0x55e163de86ad in dma_blk_cb /home/alxndr/
#14 0x55e1642ade85 in blk_aio_complete /home/alxndr/
#15 0x55e1642ade85 in blk_aio_complete_bh /home/alxndr/
#16 0x55e16443556f in aio_bh_call /home/alxndr/
#17 0x55e16443556f in aio_bh_poll /home/alxndr/
#18 0x55e16440fac3 in aio_dispatch /home/alxndr/
#19 0x55e164436dac in aio_ctx_dispatch /home/alxndr/
#20 0x7f00e16e29ed in g_main_
#21 0x55e164442f2b in glib_pollfds_poll /home/alxndr/
#22 0x55e164442f2b in os_host_
#23 0x55e164442f2b in main_loop_wait /home/alxndr/
#24 0x55e164376953 in flush_events /home/alxndr/
#25 0x55e16437b8fa in general_fuzz /home/alxndr/
=======
Here is the same assertion failure but triggered through a different call-stack:
cat << EOF | ./i386-
-qtest null -nographic -vga qxl -qtest stdio -nodefaults\
-drive if=none,
-drive if=none,
-device ide-cd,drive=drive0 -device ide-hd,drive=drive1
outw 0x171 0x2fe9
outb 0x177 0xa0
outl 0x170 0x928
outl 0x170 0x2b923b31
outl 0x170 0x800a24d7
outl 0xcf8 0x80000903
outl 0xcfc 0x842700
outl 0xcf8 0x80000920
outb 0xcfc 0x5e
outb 0x58 0x7
outb 0x376 0x5
outw 0x376 0x11
outw 0x176 0x3538
EOF
Call-stack:
#8 0x7f00e0443091 in __assert_fail /build/
#9 0x55e163f5a622 in bmdma_active_if /home/alxndr/
#10 0x55e163f5a622 in bmdma_rw_buf /home/alxndr/
#11 0x55e163f57577 in ide_atapi_
#12 0x55e163f44c55 in ide_buffered_
#13 0x55e1642ade85 in blk_aio_complete /home/alxndr/
#14 0x55e1642ade85 in blk_aio_complete_bh /home/alxndr/
#15 0x55e16443556f in aio_bh_call /home/alxndr/
#16 0x55e16443556f in aio_bh_poll /home/alxndr/
#17 0x55e16440fac3 in aio_dispatch /home/alxndr/
#18 0x55e164436dac in aio_ctx_dispatch /home/alxndr/
#19 0x7f00e16e29ed in g_main_
#20 0x55e164442f2b in glib_pollfds_poll /home/alxndr/
#21 0x55e164442f2b in os_host_
#22 0x55e164442f2b in main_loop_wait /home/alxndr/
#23 0x55e164376953 in flush_events /home/alxndr/
#24 0x55e16437b8fa in general_fuzz /home/alxndr/
=======
The first reproducer with -trace ide*:
[I 1594579788.601818] OPENED
26995@159457978
26995@159457978
26995@159457978
26995@159457978
26995@159457978
26995@159457978
26995@159457978
26995@159457978
26995@159457978
26995@159457978
[R +0.023386] outw 0x176 0x3538
26995@159457978
26995@159457978
26995@159457978
[S +0.023416] OK
[R +0.023442] outw 0x376 0x6007
26995@159457978
[S +0.023447] OK
[R +0.023455] outw 0x376 0x6b6b
26995@159457978
[S +0.023460] OK
[R +0.023464] outw 0x176 0x985c
26995@159457978
26995@159457978
26995@159457978
[S +0.023473] OK
[R +0.023477] outl 0xcf8 0x80000903
[S +0.023481] OK
[R +0.023485] outl 0xcfc 0x2f2931
[S +0.023492] OK
[R +0.023496] outl 0xcf8 0x80000920
[S +0.023498] OK
[R +0.023503] outb 0xcfc 0x6b
[S +0.023644] OK
[R +0.023651] outb 0x68 0x7
26995@159457978
[S +0.023809] OK
[R +0.023817] outw 0x176 0x2530
26995@159457978
26995@159457978
26995@159457978
[S +0.023827] OK
qemu-system-i386: /home/alxndr/
=======
The second reproducer with -trace ide*:
[I 1594579681.691528] OPENED
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
[R +0.024386] outw 0x171 0x2fe9
8293@1594579681
8293@1594579681
OK
[S +0.024430] OK
[R +0.024436] outb 0x177 0xa0
8293@1594579681
8293@1594579681
OK
[S +0.024444] OK
[R +0.024448] outl 0x170 0x928
8293@1594579681
OK
[S +0.024453] OK
[R +0.024456] outl 0x170 0x2b923b31
8293@1594579681
OK
[S +0.024460] OK
[R +0.024464] outl 0x170 0x800a24d7
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
OK
[S +0.024479] OK
[R +0.024483] outl 0xcf8 0x80000903
OK
[S +0.024485] OK
[R +0.024489] outl 0xcfc 0x842700
OK
[S +0.024604] OK
[R +0.024610] outl 0xcf8 0x80000920
OK
[S +0.024613] OK
[R +0.024616] outb 0xcfc 0x5e
OK
[S +0.024720] OK
[R +0.024726] outb 0x58 0x7
8293@1594579681
OK
[S +0.024786] OK
[R +0.024791] outb 0x376 0x5
8293@1594579681
OK
[S +0.024797] OK
[R +0.024800] outw 0x376 0x11
8293@1594579681
OK
[S +0.024804] OK
[R +0.024807] outw 0x176 0x3538
8293@1594579681
8293@1594579681
8293@1594579681
8293@1594579681
OK
[S +0.024882] OK
qemu-system-i386: /home/alxndr/
Proposed fix: /lists. gnu.org/ archive/ html/qemu- devel/2020- 07/msg05408. html
https:/