qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer

From: Thomas Huth
Subject: [Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer
Date: Fri, 18 Jun 2021 16:01:41 -0000 
** Bug watch removed: gitlab.com/qemu-project/qemu/-/issues #387
   https://gitlab.com/qemu-project/qemu/-/issues/387

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878054

Title:
  Hang with high CPU usage in sdhci_data_transfer

Status in QEMU:
  Incomplete

Bug description:
  Hello,
  While fuzzing, I found an input that causes QEMU to hang with 100% CPU usage.
  I have waited several minutes, and QEMU is still unresponsive. Using gdb, It
  appears that it is stuck in an sdhci_data_transfer:

  #0   memory_region_access_valid (mr=<optimized out>, addr=0x10284920, 
size=<optimized out>, is_write=0xff, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:1378
  #1   memory_region_dispatch_write (mr=<optimized out>, addr=<optimized out>, 
data=<optimized out>, op=MO_32, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:1463
  #2   flatview_write_continue (fv=<optimized out>, addr=0x10284920, attrs=..., 
ptr=<optimized out>, len=0xb7, addr1=0x5555582798e0, l=<optimized out>, 
mr=0x5555582798e0 <io_mem_unassigned>) at 
/home/alxndr/Development/qemu/exec.c:3137
  #3   flatview_write (fv=0x606000045da0, addr=<optimized out>, attrs=..., 
buf=<optimized out>, len=<optimized out>) at 
/home/alxndr/Development/qemu/exec.c:3177
  #4   address_space_write (as=<optimized out>, addr=<optimized out>, 
attrs=..., buf=0xaaaab04f325, len=0x4) at 
/home/alxndr/Development/qemu/exec.c:3268
  #5   address_space_rw (as=0x5555572509ac <unassigned_mem_ops+44>, 
addr=0x5555582798e0, attrs=..., attrs@entry=..., buf=0xaaaab04f325, len=0x4, 
is_write=0xb8, is_write@entry=0x1) at
  /home/alxndr/Development/qemu/exec.c:3278
  #6   dma_memory_rw_relaxed (as=0x5555572509ac <unassigned_mem_ops+44>, 
addr=0x5555582798e0, buf=0xaaaab04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) 
at /home/alxndr/Development/qemu/include/sysemu/dma.h:87
  #7   dma_memory_rw (as=0x5555572509ac <unassigned_mem_ops+44>, 
addr=0x5555582798e0, buf=0xaaaab04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) 
at /home/alxndr/Development/qemu/include/sysemu/dma.h:110
  #8   dma_memory_write (as=0x5555572509ac <unassigned_mem_ops+44>, 
addr=0x5555582798e0, buf=0xaaaab04f325, len=0x4) at 
/home/alxndr/Development/qemu/include/sysemu/dma.h:122
  #9   sdhci_sdma_transfer_multi_blocks (s=<optimized out>) at 
/home/alxndr/Development/qemu/hw/sd/sdhci.c:618
  #10  sdhci_data_transfer (opaque=0x61e000021080) at 
/home/alxndr/Development/qemu/hw/sd/sdhci.c:891
  #11  sdhci_send_command (s=0x61e000021080) at 
/home/alxndr/Development/qemu/hw/sd/sdhci.c:364
  #12  sdhci_write (opaque=<optimized out>, offset=0xc, val=<optimized out>, 
size=<optimized out>) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158
  #13  memory_region_write_accessor (mr=<optimized out>, addr=<optimized out>, 
value=<optimized out>, size=<optimized out>, shift=<optimized out>, 
mask=<optimized out>, attrs=...) at
  /home/alxndr/Development/qemu/memory.c:483
  #14  access_with_adjusted_size (addr=<optimized out>, value=<optimized out>, 
size=<optimized out>, access_size_min=<optimized out>, 
access_size_max=<optimized out>, access_fn=<optimized out>, mr=0x61e0000219f0, 
attrs=...) at /home/alxndr/Development/qemu/memory.c:544
  #15  memory_region_dispatch_write (mr=<optimized out>, addr=<optimized out>, 
data=0x1ffe0ff, op=<optimized out>, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:1476
  #16  flatview_write_continue (fv=<optimized out>, addr=0xe106800c, attrs=..., 
ptr=<optimized out>, len=0xff3, addr1=0x5555582798e0, l=<optimized out>, 
mr=0x61e0000219f0) at /home/alxndr/Development/qemu/exec.c:3137
  #17  flatview_write (fv=0x606000045da0, addr=<optimized out>, attrs=..., 
buf=<optimized out>, len=<optimized out>) at 
/home/alxndr/Development/qemu/exec.c:3177
  #18  address_space_write (as=<optimized out>, addr=<optimized out>, 
attrs=..., attrs@entry=..., buf=0xaaaab04f325, buf@entry=0x62100008ad00, 
len=0x4) at /home/alxndr/Development/qemu/exec.c:3268
  #19  qtest_process_command (chr=<optimized out>, chr@entry=0x55555827c040 
<qtest_chr>, words=<optimized out>) at /home/alxndr/Development/qemu/qtest.c:567
  #20  qtest_process_inbuf (chr=0x55555827c040 <qtest_chr>, 
inbuf=0x61900000f640) at /home/alxndr/Development/qemu/qtest.c:710

  
  I am attaching the qtest commands for reproducing it.
  I can reproduce it in a qemu 5.0 build using:

  qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec-
  version=3 -device sd-card,drive=mydrive -drive if=sd,index=0,file
  =null-co://,format=raw,id=mydrive -nographic -nographic -serial none
  -monitor none < attachment

  Please let me know if I can provide any further info.
  -Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878054/+subscriptions
reply via email to
[Prev in Thread] Current Thread [Next in Thread]