[Bug 1878642] Re: Assertion failure in pci_bus_get_irq

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1878642] Re: Assertion failure in pci_bus_get_irq_level

From:	Thomas Huth
Subject:	[Bug 1878642] Re: Assertion failure in pci_bus_get_irq_level
Date:	Thu, 10 Dec 2020 08:57:08 -0000

Released with QEMU v5.2.0.

** Changed in: qemu
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878642

Title:
  Assertion failure in pci_bus_get_irq_level

Status in QEMU:
  Fix Released

Bug description:
  Hello,
  I found an input which triggers an assertion failure in pci_bus_get_irq_level:

  qemu-system-i386: /home/alxndr/Development/qemu/hw/pci/pci.c:268: int 
pci_bus_get_irq_level(PCIBus *, int): Assertion `irq_num < bus->nirq' failed.
  Aborted
  #0  0x00007ffff686d761 in __GI_raise (sig=sig@entry=0x6) at 
../sysdeps/unix/sysv/linux/raise.c:50
  #1  0x00007ffff685755b in __GI_abort () at abort.c:79
  #2  0x00007ffff685742f in __assert_fail_base (fmt=0x7ffff69bdb48 "%s%s%s:%u: 
%s%sAssertion `%s' failed.\n%n", assertion=0x555557f9bca0 <str> "irq_num < 
bus->nirq", file=0x555557f9bbe0 <str> 
"/home/alxndr/Development/qemu/hw/pci/pci.c", line=0x10c, function=<optimized 
out>) at assert.c:92
  #3  0x00007ffff6866092 in __GI___assert_fail (assertion=0x555557f9bca0 <str> 
"irq_num < bus->nirq", file=0x555557f9bbe0 <str> 
"/home/alxndr/Development/qemu/hw/pci/pci.c", line=0x10c, 
function=0x555557f9bc40 <__PRETTY_FUNCTION__.pci_bus_get_irq_level> "int 
pci_bus_get_irq_level(PCIBus *, int)") at assert.c:101
  #4  0x0000555557060c34 in pci_bus_get_irq_level (bus=0x61d000096080, 
irq_num=0xef) at /home/alxndr/Development/qemu/hw/pci/pci.c:268
  #5  0x0000555556657391 in ich9_lpc_update_apic (lpc=0x62a000006200, gsi=0xff) 
at /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:249
  #6  0x0000555556658ea7 in ich9_set_sci (opaque=0x62a000006200, irq_num=0x0, 
level=0x1) at /home/alxndr/Development/qemu/hw/isa/lpc_ich9.c:354
  #7  0x0000555556ccefc6 in qemu_set_irq (irq=0x60600002af80, level=0x1) at 
/home/alxndr/Development/qemu/hw/core/irq.c:44
  #8  0x0000555556bc06fd in acpi_update_sci (regs=0x62a000006c80, 
irq=0x60600002af80) at /home/alxndr/Development/qemu/hw/acpi/core.c:723
  #9  0x0000555556bccb08 in ich9_pm_update_sci_fn (regs=0x62a000006c80) at 
/home/alxndr/Development/qemu/hw/acpi/ich9.c:56
  #10 0x0000555556bc10ee in acpi_pm_evt_write (opaque=0x62a000006c80, addr=0x2, 
val=0x2049, width=0x2) at /home/alxndr/Development/qemu/hw/acpi/core.c:456
  #11 0x00005555564938b5 in memory_region_write_accessor (mr=0x62a000006db0, 
addr=0x2, value=0x7fffffff9c70, size=0x2, shift=0x0, mask=0xffff, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:483
  #12 0x000055555649328a in access_with_adjusted_size (addr=0x2, 
value=0x7fffffff9c70, size=0x2, access_size_min=0x1, access_size_max=0x4, 
access_fn=0x555556493360 <memory_region_write_accessor>, mr=0x62a000006db0, 
attrs=...) at /home/alxndr/Development/qemu/memory.c:544
  #13 0x0000555556491df6 in memory_region_dispatch_write (mr=0x62a000006db0, 
addr=0x2, data=0x2049, op=MO_16, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:1476
  #14 0x00005555562cbbf4 in flatview_write_continue (fv=0x606000033fe0, 
addr=0x5d02, attrs=..., ptr=0x7fffffffa4e0, len=0x4, addr1=0x2, l=0x2, 
mr=0x62a000006db0) at /home/alxndr/Development/qemu/exec.c:3137
  #15 0x00005555562bbad9 in flatview_write (fv=0x606000033fe0, addr=0x5d02, 
attrs=..., buf=0x7fffffffa4e0, len=0x4) at 
/home/alxndr/Development/qemu/exec.c:3177
  #16 0x00005555562bb609 in address_space_write (as=0x55555968f940 
<address_space_io>, addr=0x5d02, attrs=..., buf=0x7fffffffa4e0, len=0x4) at 
/home/alxndr/Development/qemu/exec.c:3268
  #17 0x0000555556478c0a in cpu_outl (addr=0x5d02, val=0xedf82049) at 
/home/alxndr/Development/qemu/ioport.c:80
  #18 0x000055555648166f in qtest_process_command (chr=0x555559691d00 
<qtest_chr>, words=0x60300009ef20) at /home/alxndr/Development/qemu/qtest.c:396
  #19 0x000055555647f187 in qtest_process_inbuf (chr=0x555559691d00 
<qtest_chr>, inbuf=0x61900000f680) at /home/alxndr/Development/qemu/qtest.c:710
  #20 0x000055555647e8b4 in qtest_read (opaque=0x555559691d00 <qtest_chr>, 
buf=0x7fffffffca40 "outl 0xcf8 0x8400f841\noutl 0xcfc 0xebed205d\noutl 0x5d02 
0xedf82049\n-M pc-q35-5.0 -device intel-hda,id=hda0 -device 
hda-output,bus=hda0.0 -device hda-micro,bus=hda0.0 -device 
hda-duplex,bus=hda0.0 -display none -nodefaults -nographic\n", size=0xe9) at 
/home/alxndr/Development/qemu/qtest.c:722
  #21 0x00005555579c260c in qemu_chr_be_write_impl (s=0x60f000001f30, 
buf=0x7fffffffca40 "outl 0xcf8 0x8400f841\noutl 0xcfc 0xebed205d\noutl 0x5d02 
0xedf82049\n-M pc-q35-5.0 -device intel-hda,id=hda0 -device 
hda-output,bus=hda0.0 -device hda-micro,bus=hda0.0 -device 
hda-duplex,bus=hda0.0 -display none -nodefaults -nographic\n", len=0xe9) at 
/home/alxndr/Development/qemu/chardev/char.c:183
  #22 0x00005555579c275b in qemu_chr_be_write (s=0x60f000001f30, 
buf=0x7fffffffca40 "outl 0xcf8 0x8400f841\noutl 0xcfc 0xebed205d\noutl 0x5d02 
0xedf82049\n-M pc-q35-5.0 -device intel-hda,id=hda0 -device 
hda-output,bus=hda0.0 -device hda-micro,bus=hda0.0 -device 
hda-duplex,bus=hda0.0 -display none -nodefaults -nographic\n", len=0xe9) at 
/home/alxndr/Development/qemu/chardev/char.c:195
  #23 0x00005555579cb97a in fd_chr_read (chan=0x6080000026a0, cond=G_IO_IN, 
opaque=0x60f000001f30) at /home/alxndr/Development/qemu/chardev/char-fd.c:68
  #24 0x0000555557a530ea in qio_channel_fd_source_dispatch 
(source=0x60c00002ef00, callback=0x5555579cb540 <fd_chr_read>, 
user_data=0x60f000001f30) at /home/alxndr/Development/qemu/io/channel-watch.c:84
  #25 0x00007ffff7ca8898 in g_main_context_dispatch () at 
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
  #26 0x0000555557c10b85 in glib_pollfds_poll () at 
/home/alxndr/Development/qemu/util/main-loop.c:219
  #27 0x0000555557c0f57e in os_host_main_loop_wait (timeout=0x0) at 
/home/alxndr/Development/qemu/util/main-loop.c:242
  #28 0x0000555557c0f177 in main_loop_wait (nonblocking=0x0) at 
/home/alxndr/Development/qemu/util/main-loop.c:518
  #29 0x000055555689fd1e in qemu_main_loop () at 
/home/alxndr/Development/qemu/softmmu/vl.c:1664
  #30 0x0000555557a6a29d in main (argc=0x17, argv=0x7fffffffe148, 
envp=0x7fffffffe208) at /home/alxndr/Development/qemu/softmmu/main.c:49

  I can reproduce this in qemu 5.0 using these qtest commands:

  cat << EOF | ./qemu-system-i386 \
  -qtest stdio -nographic -monitor none -serial none \
  -M pc-q35-5.0
  outl 0xcf8 0x8400f841
  outl 0xcfc 0xebed205d
  outl 0x5d02 0xedf82049
  EOF

  Please let me know if I can provide any further info.
  -Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878642/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1878642] Re: Assertion failure in pci_bus_get_irq_level, Thomas Huth <=

Prev by Date: [Bug 1887303] Re: Assertion failure in *bmdma_active_if `bmdma->bus->retry_unit != (uint8_t)-1' failed.
Next by Date: [Bug 1878253] Re: null-ptr dereference in address_space_to_flatview through ide
Previous by thread: [Bug 1887303] Re: Assertion failure in *bmdma_active_if `bmdma->bus->retry_unit != (uint8_t)-1' failed.
Next by thread: [Bug 1878253] Re: null-ptr dereference in address_space_to_flatview through ide
Index(es):
- Date
- Thread