qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1887303] Re: Assertion failure in *bmdma_active_if `bmdma->bus->ret

From: Philippe Mathieu-Daudé
Subject: [Bug 1887303] Re: Assertion failure in *bmdma_active_if `bmdma->bus->retry_unit != (uint8_t)-1' failed.
Date: Fri, 17 Jul 2020 08:31:36 -0000 
Proposed fix:
https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05408.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1887303

Title:
  Assertion failure in *bmdma_active_if `bmdma->bus->retry_unit !=
  (uint8_t)-1' failed.

Status in QEMU:
  New

Bug description:
  Hello,
  Here is a QTest Reproducer:

  cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
   -qtest null -nographic -vga qxl -qtest stdio -nodefaults\
   -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
   -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\
   -device ide-cd,drive=drive0 -device ide-hd,drive=drive1
  outw 0x176 0x3538
  outw 0x376 0x6007
  outw 0x376 0x6b6b
  outw 0x176 0x985c
  outl 0xcf8 0x80000903
  outl 0xcfc 0x2f2931
  outl 0xcf8 0x80000920
  outb 0xcfc 0x6b
  outb 0x68 0x7
  outw 0x176 0x2530
  EOF

  Here is the call-stack:

      #8 0x7f00e0443091 in __assert_fail 
/build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
      #9 0x55e163f5a1af in bmdma_active_if 
/home/alxndr/Development/qemu/include/hw/ide/pci.h:59:5
      #10 0x55e163f5a1af in bmdma_prepare_buf 
/home/alxndr/Development/qemu/hw/ide/pci.c:132:19
      #11 0x55e163f4f00d in ide_dma_cb 
/home/alxndr/Development/qemu/hw/ide/core.c:898:17
      #12 0x55e163de86ad in dma_complete 
/home/alxndr/Development/qemu/dma-helpers.c:120:9
      #13 0x55e163de86ad in dma_blk_cb 
/home/alxndr/Development/qemu/dma-helpers.c:138:9
      #14 0x55e1642ade85 in blk_aio_complete 
/home/alxndr/Development/qemu/block/block-backend.c:1402:9
      #15 0x55e1642ade85 in blk_aio_complete_bh 
/home/alxndr/Development/qemu/block/block-backend.c:1412:5
      #16 0x55e16443556f in aio_bh_call 
/home/alxndr/Development/qemu/util/async.c:136:5
      #17 0x55e16443556f in aio_bh_poll 
/home/alxndr/Development/qemu/util/async.c:164:13
      #18 0x55e16440fac3 in aio_dispatch 
/home/alxndr/Development/qemu/util/aio-posix.c:380:5
      #19 0x55e164436dac in aio_ctx_dispatch 
/home/alxndr/Development/qemu/util/async.c:306:5
      #20 0x7f00e16e29ed in g_main_context_dispatch 
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed)
      #21 0x55e164442f2b in glib_pollfds_poll 
/home/alxndr/Development/qemu/util/main-loop.c:219:9
      #22 0x55e164442f2b in os_host_main_loop_wait 
/home/alxndr/Development/qemu/util/main-loop.c:242:5
      #23 0x55e164442f2b in main_loop_wait 
/home/alxndr/Development/qemu/util/main-loop.c:518:11
      #24 0x55e164376953 in flush_events 
/home/alxndr/Development/qemu/tests/qtest/fuzz/fuzz.c:47:9
      #25 0x55e16437b8fa in general_fuzz 
/home/alxndr/Development/qemu/tests/qtest/fuzz/general_fuzz.c:544:17

  =================================

  Here is the same assertion failure but triggered through a different
  call-stack:

  cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
   -qtest null -nographic -vga qxl -qtest stdio -nodefaults\
   -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
   -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\
   -device ide-cd,drive=drive0 -device ide-hd,drive=drive1
  outw 0x171 0x2fe9
  outb 0x177 0xa0
  outl 0x170 0x928
  outl 0x170 0x2b923b31
  outl 0x170 0x800a24d7
  outl 0xcf8 0x80000903
  outl 0xcfc 0x842700
  outl 0xcf8 0x80000920
  outb 0xcfc 0x5e
  outb 0x58 0x7
  outb 0x376 0x5
  outw 0x376 0x11
  outw 0x176 0x3538
  EOF

  Call-stack:
      #8 0x7f00e0443091 in __assert_fail 
/build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
      #9 0x55e163f5a622 in bmdma_active_if 
/home/alxndr/Development/qemu/include/hw/ide/pci.h:59:5
      #10 0x55e163f5a622 in bmdma_rw_buf 
/home/alxndr/Development/qemu/hw/ide/pci.c:187:19
      #11 0x55e163f57577 in ide_atapi_cmd_read_dma_cb 
/home/alxndr/Development/qemu/hw/ide/atapi.c:375:13
      #12 0x55e163f44c55 in ide_buffered_readv_cb 
/home/alxndr/Development/qemu/hw/ide/core.c:650:9
      #13 0x55e1642ade85 in blk_aio_complete 
/home/alxndr/Development/qemu/block/block-backend.c:1402:9
      #14 0x55e1642ade85 in blk_aio_complete_bh 
/home/alxndr/Development/qemu/block/block-backend.c:1412:5
      #15 0x55e16443556f in aio_bh_call 
/home/alxndr/Development/qemu/util/async.c:136:5
      #16 0x55e16443556f in aio_bh_poll 
/home/alxndr/Development/qemu/util/async.c:164:13
      #17 0x55e16440fac3 in aio_dispatch 
/home/alxndr/Development/qemu/util/aio-posix.c:380:5
      #18 0x55e164436dac in aio_ctx_dispatch 
/home/alxndr/Development/qemu/util/async.c:306:5
      #19 0x7f00e16e29ed in g_main_context_dispatch 
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed)
      #20 0x55e164442f2b in glib_pollfds_poll 
/home/alxndr/Development/qemu/util/main-loop.c:219:9
      #21 0x55e164442f2b in os_host_main_loop_wait 
/home/alxndr/Development/qemu/util/main-loop.c:242:5
      #22 0x55e164442f2b in main_loop_wait 
/home/alxndr/Development/qemu/util/main-loop.c:518:11
      #23 0x55e164376953 in flush_events 
/home/alxndr/Development/qemu/tests/qtest/fuzz/fuzz.c:47:9
      #24 0x55e16437b8fa in general_fuzz 
/home/alxndr/Development/qemu/tests/qtest/fuzz/general_fuzz.c:544:17

  =================================

  The first reproducer with -trace ide*:
  [I 1594579788.601818] OPENED
  26995@1594579788.617583:ide_reset IDEstate 0x565534a7b898
  26995@1594579788.617684:ide_reset IDEstate 0x565534a7bc68
  26995@1594579788.618019:ide_reset IDEstate 0x565534a7c188
  26995@1594579788.618087:ide_reset IDEstate 0x565534a7c558
  26995@1594579788.619271:ide_reset IDEstate 0x565534a7c188
  26995@1594579788.619377:ide_reset IDEstate 0x565534a7c558
  26995@1594579788.623224:ide_reset IDEstate 0x565534a7b898
  26995@1594579788.623267:ide_reset IDEstate 0x565534a7bc68
  26995@1594579788.623273:ide_reset IDEstate 0x565534a7c188
  26995@1594579788.623275:ide_reset IDEstate 0x565534a7c558
  [R +0.023386] outw 0x176 0x3538
  26995@1594579788.625224:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); 
val 0x38; bus 0x565534a7c100 IDEState 0x565534a7c188
  26995@1594579788.625228:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
0x35; bus 0x565534a7c100 IDEState 0x565534a7c558
  26995@1594579788.625230:ide_exec_cmd IDE exec cmd: bus 0x565534a7c100; state 
0x565534a7c558; cmd 0x35
  [S +0.023416] OK
  [R +0.023442] outw 0x376 0x6007
  26995@1594579788.625263:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); 
val 0x07; bus 0x565534a7c100
  [S +0.023447] OK
  [R +0.023455] outw 0x376 0x6b6b
  26995@1594579788.625276:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); 
val 0x6b; bus 0x565534a7c100
  [S +0.023460] OK
  [R +0.023464] outw 0x176 0x985c
  26995@1594579788.625285:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); 
val 0x5c; bus 0x565534a7c100 IDEState 0x565534a7c558
  26995@1594579788.625287:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
0x98; bus 0x565534a7c100 IDEState 0x565534a7c558
  26995@1594579788.625289:ide_exec_cmd IDE exec cmd: bus 0x565534a7c100; state 
0x565534a7c558; cmd 0x98
  [S +0.023473] OK
  [R +0.023477] outl 0xcf8 0x80000903
  [S +0.023481] OK
  [R +0.023485] outl 0xcfc 0x2f2931
  [S +0.023492] OK
  [R +0.023496] outl 0xcf8 0x80000920
  [S +0.023498] OK
  [R +0.023503] outb 0xcfc 0x6b
  [S +0.023644] OK
  [R +0.023651] outb 0x68 0x7
  26995@1594579788.625548:ide_dma_cb IDEState 0x565534a7c558; sector_num=1 
n=255 cmd=DMA WRITE
  [S +0.023809] OK
  [R +0.023817] outw 0x176 0x2530
  26995@1594579788.625638:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); 
val 0x30; bus 0x565534a7c100 IDEState 0x565534a7c558
  26995@1594579788.625640:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
0x25; bus 0x565534a7c100 IDEState 0x565534a7c558
  26995@1594579788.625642:ide_exec_cmd IDE exec cmd: bus 0x565534a7c100; state 
0x565534a7c558; cmd 0x25
  [S +0.023827] OK
  qemu-system-i386: /home/alxndr/Development/qemu/include/hw/ide/pci.h:59: 
IDEState *bmdma_active_if(BMDMAState *): Assertion `bmdma->bus->retry_unit != 
(uint8_t)-1' failed.

  =================================

  The second reproducer with -trace ide*:

  [I 1594579681.691528] OPENED
  8293@1594579681.707423:ide_reset IDEstate 0x55fc044c3898
  8293@1594579681.707540:ide_reset IDEstate 0x55fc044c3c68
  8293@1594579681.707902:ide_reset IDEstate 0x55fc044c4188
  8293@1594579681.707969:ide_reset IDEstate 0x55fc044c4558
  8293@1594579681.709859:ide_reset IDEstate 0x55fc044c4188
  8293@1594579681.709976:ide_reset IDEstate 0x55fc044c4558
  8293@1594579681.714051:ide_reset IDEstate 0x55fc044c3898
  8293@1594579681.714073:ide_reset IDEstate 0x55fc044c3c68
  8293@1594579681.714076:ide_reset IDEstate 0x55fc044c4188
  8293@1594579681.714079:ide_reset IDEstate 0x55fc044c4558
  [R +0.024386] outw 0x171 0x2fe9
  8293@1594579681.715950:ide_ioport_write IDE PIO wr @ 0x171 (Features); val 
0xe9; bus 0x55fc044c4100 IDEState 0x55fc044c4188
  8293@1594579681.715955:ide_ioport_write IDE PIO wr @ 0x172 (Sector Count); 
val 0x2f; bus 0x55fc044c4100 IDEState 0x55fc044c4188
  OK
  [S +0.024430] OK
  [R +0.024436] outb 0x177 0xa0
  8293@1594579681.715967:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
0xa0; bus 0x55fc044c4100 IDEState 0x55fc044c4188
  8293@1594579681.715970:ide_exec_cmd IDE exec cmd: bus 0x55fc044c4100; state 
0x55fc044c4188; cmd 0xa0
  OK
  [S +0.024444] OK
  [R +0.024448] outl 0x170 0x928
  8293@1594579681.715978:ide_data_writel IDE PIO wr @ 0x170 (Data: Long); val 
0x00000928; bus 0x55fc044c4100; IDEState 0x55fc044c4188
  OK
  [S +0.024453] OK
  [R +0.024456] outl 0x170 0x2b923b31
  8293@1594579681.715986:ide_data_writel IDE PIO wr @ 0x170 (Data: Long); val 
0x2b923b31; bus 0x55fc044c4100; IDEState 0x55fc044c4188
  OK
  [S +0.024460] OK
  [R +0.024464] outl 0x170 0x800a24d7
  8293@1594579681.715994:ide_data_writel IDE PIO wr @ 0x170 (Data: Long); val 
0x800a24d7; bus 0x55fc044c4100; IDEState 0x55fc044c4188
  8293@1594579681.715996:ide_atapi_cmd IDEState: 0x55fc044c4188; cmd: 0x28
  8293@1594579681.716000:ide_atapi_cmd_packet IDEState: 0x55fc044c4188; 
limit=0xeb14 packet: 28 09 00 00 31 3b 92 2b d7 24 0a 80
  8293@1594579681.716004:ide_atapi_cmd_read IDEState: 0x55fc044c4188; read dma: 
LBA=12603 nb_sectors=11223
  OK
  [S +0.024479] OK
  [R +0.024483] outl 0xcf8 0x80000903
  OK
  [S +0.024485] OK
  [R +0.024489] outl 0xcfc 0x842700
  OK
  [S +0.024604] OK
  [R +0.024610] outl 0xcf8 0x80000920
  OK
  [S +0.024613] OK
  [R +0.024616] outb 0xcfc 0x5e
  OK
  [S +0.024720] OK
  [R +0.024726] outb 0x58 0x7
  8293@1594579681.716258:ide_atapi_cmd_read_dma_cb_aio IDEState: 
0x55fc044c4188; aio read: lba=12603 n=64
  OK
  [S +0.024786] OK
  [R +0.024791] outb 0x376 0x5
  8293@1594579681.716322:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); val 
0x05; bus 0x55fc044c4100
  OK
  [S +0.024797] OK
  [R +0.024800] outw 0x376 0x11
  8293@1594579681.716330:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); val 
0x11; bus 0x55fc044c4100
  OK
  [S +0.024804] OK
  [R +0.024807] outw 0x176 0x3538
  8293@1594579681.716337:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); val 
0x38; bus 0x55fc044c4100 IDEState 0x55fc044c4188
  8293@1594579681.716340:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 
0x35; bus 0x55fc044c4100 IDEState 0x55fc044c4558
  8293@1594579681.716342:ide_exec_cmd IDE exec cmd: bus 0x55fc044c4100; state 
0x55fc044c4558; cmd 0x35
  8293@1594579681.716388:ide_dma_cb IDEState 0x55fc044c4558; sector_num=504 
n=257 cmd=DMA WRITE
  OK
  [S +0.024882] OK
  qemu-system-i386: /home/alxndr/Development/qemu/include/hw/ide/pci.h:59: 
IDEState *bmdma_active_if(BMDMAState *): Assertion `bmdma->bus->retry_unit != 
(uint8_t)-1' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1887303/+subscriptions
reply via email to
[Prev in Thread] Current Thread [Next in Thread]