Assertion Failure in bdrv_co_write_req_prepare through megasas

Bug #1906693 reported by Alexander Bulekov
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

 affects qemu
 subscribe <email address hidden>
 subscribe <email address hidden>
 subscribe <email address hidden>
 subscribe <email address hidden>

=== Stack Trace ===
qemu-fuzz-i386: block/io.c:1835: int bdrv_co_write_req_prepare(BdrvChild *, int64_t, uint64_t, BdrvTrackedRequest *, int): Assertion `child->perm & BLK_PERM_WRITE' failed.
==1505128== ERROR: libFuzzer: deadly signal
    #0 0x55a083b92cee in __sanitizer_print_stack_trace (qemu-fuzz-i386+0x793cee)
    #1 0x55a083b6c1d1 in fuzzer::PrintStackTrace() (qemu-fuzz-i386+0x76d1d1)
    #2 0x55a083b4f0d6 in fuzzer::Fuzzer::CrashCallback() (.part.0) (qemu-fuzz-i386+0x7500d6)
    #3 0x55a083b4f19b in fuzzer::Fuzzer::StaticCrashSignalCallback() (qemu-fuzz-i386+0x75019b)
    #4 0x7f8d24ed6a8f (/lib64/
    #5 0x7f8d24d079e4 in raise (/lib64/
    #6 0x7f8d24cf0894 in abort (/lib64/
    #7 0x7f8d24cf0768 in __assert_fail_base.cold (/lib64/
    #8 0x7f8d24cffe75 in __assert_fail (/lib64/
    #9 0x55a08423763f in bdrv_co_write_req_prepare block/io.c:1835:13
    #10 0x55a0842343a8 in bdrv_aligned_pwritev block/io.c:1915:11
    #11 0x55a084233765 in bdrv_co_pwritev_part block/io.c:2104:11
    #12 0x55a084260d1a in blk_do_pwritev_part block/block-backend.c:1260:11
    #13 0x55a08426163e in blk_aio_write_entry block/block-backend.c:1476:17
    #14 0x55a0843b0d23 in coroutine_trampoline util/coroutine-ucontext.c:173:9
    #15 0x7f8d24d1d22f (/lib64/

=== Reproducer===
cat << EOF | ./qemu-system-i386 -M q35 \
-device megasas-gen2 -device scsi-cd,drive=null0 \
-blockdev driver=null-co,read-zeroes=on,node-name=null0 \
-monitor none -serial none -display none \
-machine accel=qtest -m 64 -qtest stdio
outl 0xcf8 0x80001804
outl 0xcfc 0xffffff
outl 0xcf8 0x8000181b
outl 0xcfc 0x7052005
write 0x5cc0 0x1 0x03
write 0x5cc7 0x1 0x40
write 0x5ce0 0x1 0x0a
write 0x5cf3 0x1 0x01
write 0x5cf7 0x1 0x40
write 0x5cf8 0x1 0x0a
write 0x5cff 0x1 0x05
write 0x5d03 0x1 0x5b
write 0x5d06 0x1 0x4f
write 0x5d0b 0x1 0x01
write 0x5d0f 0x1 0x40
write 0x5d10 0x1 0x0a
write 0x5d17 0x1 0x05
write 0x5d1b 0x1 0x5b
write 0x5d1e 0x1 0x4f
write 0x5d23 0x1 0x01
write 0x5d27 0x1 0x40
write 0x5d28 0x1 0x0a
write 0x5d2f 0x1 0x05
write 0x5d33 0x1 0x5b
write 0x5d36 0x1 0x4f
write 0x5d3b 0x1 0x01
write 0x5d3f 0x1 0x40
write 0x5d40 0x1 0x0a
write 0x5d47 0x1 0x05
write 0x5d4b 0x1 0x5b
write 0x5d4e 0x1 0x4f
write 0x5d53 0x1 0x01
write 0x5d57 0x1 0x40
write 0x5d58 0x1 0x0a
write 0x5d5f 0x1 0x05
write 0x5d63 0x1 0x5b
write 0x5d66 0x1 0x4f
write 0x5d6b 0x1 0x01
write 0x5d6f 0x1 0x40
write 0x5d70 0x1 0x0a
write 0x5d77 0x1 0x05
write 0x5d7b 0x1 0x5b
write 0x5d7e 0x1 0x4f
write 0x5d83 0x1 0x01
write 0x5d87 0x1 0x40
write 0x5d88 0x1 0x0a
write 0x5d8f 0x1 0x05
write 0x5d93 0x1 0x5b
write 0x5d96 0x1 0x4f
write 0x5d9b 0x1 0x01
write 0x5d9f 0x1 0x40
write 0x5da0 0x1 0x0a
write 0x5da7 0x1 0x05
write 0x5dab 0x1 0x5b
write 0x5dae 0x1 0x4f
write 0x5db3 0x1 0x01
write 0x5db7 0x1 0x40
write 0x5db8 0x1 0x0a
write 0x5dbf 0x1 0x05
write 0x5dc3 0x1 0x5b
write 0x5dc6 0x1 0x4f
write 0x5dcb 0x1 0x01
write 0x5dcf 0x1 0x40
write 0x5dd0 0x1 0x0a
write 0x5dd7 0x1 0x05
write 0x5ddb 0x1 0x5b
write 0x5dde 0x1 0x4f
write 0x5de3 0x1 0x01
write 0x5de7 0x1 0x40
write 0x5de8 0x1 0x0a
write 0x5def 0x1 0x05
write 0x5df3 0x1 0x5b
write 0x5df6 0x1 0x4f
write 0x5dfb 0x1 0x01
write 0x5dff 0x1 0x40
write 0x5e00 0x1 0x0a
write 0x5e07 0x1 0x05
write 0x5e0b 0x1 0x5b
write 0x5e0e 0x1 0x4f
write 0x5e13 0x1 0x01
write 0x5e17 0x1 0x40
write 0x5e18 0x1 0x0a
write 0x5e1f 0x1 0x05
write 0x5e23 0x1 0x5b
write 0x5e26 0x1 0x4f
write 0x5e2b 0x1 0x01
write 0x5e2f 0x1 0x40
write 0x5e30 0x1 0x0a
write 0x5e37 0x1 0x05
write 0x5e3b 0x1 0x5b
write 0x5e3e 0x1 0x4f
write 0x5e43 0x1 0x01
write 0x5e47 0x1 0x40
write 0x5e48 0x1 0x0a
write 0x5e4f 0x1 0x05
write 0x5e53 0x1 0x5b
write 0x5e56 0x1 0x4f
write 0x5e5b 0x1 0x01
write 0x5e5f 0x1 0x40
write 0x5e60 0x1 0x0a
write 0x5e67 0x1 0x05
write 0x5e6b 0x1 0x5b
write 0x5e6e 0x1 0x4f
write 0x5e73 0x1 0x01
write 0x5e77 0x1 0x40
write 0x5e78 0x1 0x0a
write 0x5e7f 0x1 0x05
write 0x5e83 0x1 0x5b
write 0x5e86 0x1 0x4f
write 0x5e8b 0x1 0x01
write 0x5e8f 0x1 0x40
write 0x5e90 0x1 0x0a
write 0x5e97 0x1 0x05
write 0x5e9b 0x1 0x5b
write 0x5e9e 0x1 0x4f
write 0x5ea3 0x1 0x01
write 0x5ea7 0x1 0x40
write 0x5ea8 0x1 0x0a
write 0x5eaf 0x1 0x05
write 0x5eb3 0x1 0x5b
write 0x5eb6 0x1 0x4f
write 0x5ebb 0x1 0x01
write 0x5ebf 0x1 0x40
write 0x5ec0 0x1 0x0a
write 0x5ec7 0x1 0x05
write 0x5ecb 0x1 0x5b
write 0x5ece 0x1 0x4f
write 0x5ed3 0x1 0x01
write 0x5ed7 0x1 0x40
write 0x5ed8 0x1 0x0a
write 0x5edf 0x1 0x05
write 0x5ee3 0x1 0x5b
write 0x5ee6 0x1 0x4f
write 0x5eeb 0x1 0x01
write 0x5eef 0x1 0x40
writeq 0x50000000000003b 0x15cd405b60101c8

Peter Maydell (pmaydell)
tags: added: fuzzer
Revision history for this message
Thomas Huth (th-huth) wrote :
Changed in qemu:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers