From: Gaoning Pan <1901981@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Bug 1901981] Re: assert issue locates in hw/usb/dev-storage.c:248: usb_msd_send_status
Date: Wed, 04 Nov 2020 10:54:08 -0000 [thread overview]
Message-ID: <160448724836.7104.8035875855775706417.malone@chaenomeles.canonical.com> (raw)
In-Reply-To: 160395133608.8291.17236692663498581160.malonedeb@soybean.canonical.com
Sorry, my reproduced environment is as follows:
Host: ubuntu 18.04
Guest: ubuntu 18.04
Stderr log is as follows:
usb-msd: Reset
usb-msd: Command on LUN 0
usb-msd: Command tag 0x0 flags 00000000 len 0 data 0
[scsi.0 id=0] INQUIRY 0x00 0x00 0x00 0x01 0x00 - from-dev len=1
usb-msd: Deferring packet 0x6110002d2d40 [wait status]
usb-msd: Command status 0 tag 0x0, len 256
qemu-system-x86_64: hw/usb/dev-storage.c:248: usb_msd_send_status: Assertion `s->csw.sig == cpu_to_le32(0x53425355)' failed.
[1] 643 abort sudo -enable-kvm -boot c -m 4G -drive format=qcow2,file=./ubuntu.img -nic
Backtrace is as follows:
#0 0x00007f8b36a63f47 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007f8b36a658b1 in __GI_abort () at abort.c:79
#2 0x00007f8b36a5542a in __assert_fail_base (fmt=0x7f8b36bdca38 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55aef41e7440 "s->csw.sig == cpu_to_le32(0x53425355)", file=file@entry=0x55aef41e7180 "hw/usb/dev-storage.c", line=line@entry=248, function=function@entry=0x55aef41e7980 <__PRETTY_FUNCTION__.29124> "usb_msd_send_status") at assert.c:92
#3 0x00007f8b36a554a2 in __GI___assert_fail (assertion=assertion@entry=0x55aef41e7440 "s->csw.sig == cpu_to_le32(0x53425355)", file=file@entry=0x55aef41e7180 "hw/usb/dev-storage.c", line=line@entry=248, function=function@entry=0x55aef41e7980 <__PRETTY_FUNCTION__.29124> "usb_msd_send_status") at assert.c:101
#4 0x000055aef32226d5 in usb_msd_send_status (s=0x623000001d00, p=0x6110002e3500) at hw/usb/dev-storage.c:248
#5 0x000055aef322804e in usb_msd_handle_data (dev=0x623000001d00, p=0x6110002e3500) at hw/usb/dev-storage.c:525
#6 0x000055aef30bc46a in usb_device_handle_data (dev=dev@entry=0x623000001d00, p=p@entry=0x6110002e3500) at hw/usb/bus.c:179
#7 0x000055aef30a0ab4 in usb_process_one (p=p@entry=0x6110002e3500) at hw/usb/core.c:387
#8 0x000055aef30a9db0 in usb_handle_packet (dev=0x623000001d00, p=p@entry=0x6110002e3500) at hw/usb/core.c:419
#9 0x000055aef30fe890 in uhci_handle_td (s=s@entry=0x61f000002a80, q=0x6060000c9200, q@entry=0x0, qh_addr=qh_addr@entry=0, td=td@entry=0x7ffd88f90620, td_addr=<optimized out>, int_mask=int_mask@entry=0x7ffd88f905a0) at hw/usb/hcd-uhci.c:899
#10 0x000055aef3104c6f in uhci_process_frame (s=s@entry=0x61f000002a80) at hw/usb/hcd-uhci.c:1075
#11 0x000055aef31098e0 in uhci_frame_timer (opaque=0x61f000002a80) at hw/usb/hcd-uhci.c:1174
#12 0x000055aef3ae5f95 in timerlist_run_timers (timer_list=0x60b000051be0) at util/qemu-timer.c:572
#13 0x000055aef3ae619b in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at util/qemu-timer.c:586
#14 0x000055aef3ae6922 in qemu_clock_run_all_timers () at util/qemu-timer.c:672
#15 0x000055aef3aca63d in main_loop_wait (nonblocking=0) at util/main-loop.c:523
#16 0x000055aef1f320f5 in qemu_main_loop () at /home/zjusvn/new-hyper/qemu-5.1.0/softmmu/vl.c:1676
#17 0x000055aef397475c in main (argc=18, argv=0x7ffd88f90e98, envp=0x7ffd88f90f30) at /home/zjusvn/new-hyper/qemu-5.1.0/softmmu/main.c:49
#18 0x00007f8b36a46b97 in __libc_start_main (main=0x55aef397471d <main>, argc=18, argv=0x7ffd88f90e98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd88f90e88) at ../csu/libc-start.c:310
#19 0x000055aef1a3481a in _start ()
thanks.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1901981
Title:
assert issue locates in hw/usb/dev-storage.c:248: usb_msd_send_status
Status in QEMU:
New
Bug description:
Hello,
I found an assertion failure through hw/usb/dev-storage.c.
This was found in latest version 5.1.0.
--------
qemu-system-x86_64: hw/usb/dev-storage.c:248: usb_msd_send_status: Assertion `s->csw.sig == cpu_to_le32(0x53425355)' failed.
[1] 29544 abort sudo -enable-kvm -boot c -m 2G -drive format=qcow2,file=./ubuntu.img -nic
To reproduce the assertion failure, please run the QEMU with following
command line.
$ qemu-system-x86_64 -enable-kvm -boot c -m 2G -drive format=qcow2,file=./ubuntu.img -nic user,model=rtl8139,hostfwd=tcp:0.0.0.0:5555-:22 -device piix4-usb-uhci,id=uhci -device usb-storage,drive=mydrive -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none
The poc is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1901981/+subscriptions
next prev parent reply other threads:[~2020-11-04 11:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-29 6:02 [Bug 1901981] [NEW] assert issue locates in hw/usb/dev-storage.c:248: usb_msd_send_status Gaoning Pan
2020-11-03 1:58 ` [Bug 1901981] " Gaoning Pan
2020-11-04 10:24 ` Gerd Hoffmann
2020-11-04 10:54 ` Gaoning Pan [this message]
2020-11-04 13:55 ` Gerd Hoffmann
2020-11-05 2:23 ` Gaoning Pan
2020-11-06 1:07 ` Gaoning Pan
2020-12-10 9:06 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=160448724836.7104.8035875855775706417.malone@chaenomeles.canonical.com \
--to=1901981@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.