* Assertion failure in pci_bus_get_irq_level through ich9_lpc_update_apic
@ 2020-05-11 5:08 Alexander Bulekov
0 siblings, 0 replies; only message in thread
From: Alexander Bulekov @ 2020-05-11 5:08 UTC (permalink / raw)
To: qemu-devel; +Cc: Stefan Hajnoczi, Michael S. Tsirkin
Hello,
While fuzzing, I found an input that triggers an assertion failure in
pci_bus_get_irq_level through ich9_lpc_update_apic:
int pci_bus_get_irq_level(PCIBus *, int): Assertion `irq_num < bus->nirq' failed.
#8 0x7fc7d4fa4091 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 0x5557c8639fe1 in pci_bus_get_irq_level hw/pci/pci.c:268:5
#10 0x5557c6b05693 in ich9_lpc_update_apic hw/isa/lpc_ich9.c:250:14
#11 0x5557c6b09167 in ich9_set_sci hw/isa/lpc_ich9.c:355:9
#12 0x5557c7c96f42 in qemu_set_irq hw/core/irq.c:44:5
#13 0x5557c7959379 in acpi_update_sci hw/acpi/core.c:723:5
#14 0x5557c7977dc3 in ich9_pm_update_sci_fn hw/acpi/ich9.c:56:5
#15 0x5557c795a80f in acpi_pm_evt_write hw/acpi/core.c:456:9
#16 0x5557c671a17b in memory_region_write_accessor memory.c:496:5
I can reproduce it in a qemu 5.0 build using:
cat << EOF | qemu-system-i386 -M pc-q35-5.0 -display none -nodefaults -nographic -qtest stdio
outl 0xcf8 0x8400f841
outl 0xcfc 0xebed205d
outl 0x5d02 0xedf82049
EOF
I also uploaded the above trace, in case the formatting is broken:
curl https://paste.debian.net/plain/1146096 | qemu-system-i386 -M pc-q35-5.0 -display none -nodefaults -nographic -qtest stdio
Please let me know if I can provide any further info.
-Alex
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-05-11 5:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-11 5:08 Assertion failure in pci_bus_get_irq_level through ich9_lpc_update_apic Alexander Bulekov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).