Assertion-failure in scsi_dma_complete, with megasas
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hello,
While fuzzing, I found an input that triggers an assertion-failure in scsi_dma_complete, with megasas:
qemu-system-i386: /home/alxndr/
#3 0x00007ffff6866092 in __GI___assert_fail (assertion=
#4 0x000055555669d473 in scsi_dma_complete (opaque=
#5 0x000055555639c89b in dma_complete (dbs=<optimized out>, ret=<optimized out>) at /home/alxndr/
#6 0x000055555639c89b in dma_blk_cb (opaque=<optimized out>, ret=<optimized out>) at /home/alxndr/
#7 0x000055555639bd58 in dma_blk_io (ctx=<optimized out>, sg=<optimized out>, offset=<optimized out>, align=<optimized out>, io_func=<optimized
out>, io_func_
#8 0x000055555669baa5 in scsi_write_data (req=0x61600004
#9 0x00005555566b5d93 in scsi_req_continue (req=0x61600004
#10 0x00005555566f52e3 in megasas_enqueue_req (cmd=<optimized out>, is_write=<optimized out>) at /home/alxndr/
#11 0x00005555566e276f in megasas_handle_io (s=<optimized out>, cmd=<optimized out>, frame_cmd=
#12 0x00005555566e276f in megasas_
#13 0x00005555566e276f in megasas_mmio_write (opaque=<optimized out>, addr=<optimized out>, val=<optimized out>, size=<optimized out>) at /home/alxndr/
#14 0x00005555560028d7 in memory_
#15 0x0000555556002280 in access_
#16 0x0000555556002280 in memory_
#17 0x0000555555f171d4 in flatview_
#18 0x0000555555f0fb98 in flatview_write (fv=0x606000038180, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /home/alxndr/
I can reproduce it in qemu 5.0 using:
cat << EOF | ~/Development/
outl 0xcf8 0x80001818
outl 0xcfc 0xc101
outl 0xcf8 0x8000181c
outl 0xcf8 0x80001804
outw 0xcfc 0x7
outl 0xcf8 0x8000186a
write 0x14 0x1 0xfe
write 0x0 0x1 0x02
outb 0xc1c0 0x17
EOF
I also attached the commands to this launchpad report, in case the formatting is broken:
qemu-system-i386 -qtest stdio -nographic -monitor none -serial none -M q35 -device megasas -device scsi-cd,drive=null0 -blockdev driver=
Please let me know if I can provide any further info.
-Alex
Fixed in commit 4773a5f35b0d836 74f92816a226a59 4b03bbcf60