* [Bug 1915535] [NEW] Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi
@ 2021-02-12 17:01 Alexander Bulekov
2021-05-18 19:58 ` [Bug 1915535] " John Snow
2021-05-18 23:32 ` Thomas Huth
0 siblings, 2 replies; 3+ messages in thread
From: Alexander Bulekov @ 2021-02-12 17:01 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
Maybe this is a duplicate of https://bugs.launchpad.net/qemu/+bug/1906693 ...
In any case, ATAPI is probably a lot more common than megasas, so this might be a more useful reproducer
==Reproducer==
cat << EOF | ./qemu-system-i386 -display none \
-m 512M -machine q35 -nodefaults \
-drive file=null-co://,if=none,format=raw,id=disk0 \
-device ide-cd,drive=disk0 -machine accel=qtest -qtest stdio
outl 0xcf8 0x8000fa24
outl 0xcfc 0xe0000000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x06
write 0xe0000398 0x1 0x01
write 0x63 0x1 0x06
write 0x68 0x1 0x06
write 0x69 0x1 0xf8
write 0x6a 0x1 0xff
write 0xfff806 0x1 0x27
write 0xfff807 0x1 0x80
write 0xfff808 0x1 0x61
write 0x1005734 0x1 0x3f
write 0x1005774 0x1 0x20
write 0x1005784 0x1 0x34
write 0x10057a4 0x1 0x27
write 0x10057b4 0x1 0x3f
write 0x10057c3 0x1 0xce
write 0x10057d4 0x1 0x1a
write 0x10057e3 0x1 0xff
write 0x10057e4 0x1 0x3f
write 0x10057f4 0x1 0x38
write 0x1005814 0x1 0x3e
write 0x1005823 0x1 0x60
write 0x1005824 0x1 0x2d
write 0x1005833 0x1 0x74
write 0x1005834 0x1 0x01
write 0x1005863 0x1 0xff
write 0x1005883 0x1 0x5a
write 0x1005884 0x1 0x06
write 0xe00003b8 0x1 0x08
EOF
==Stack Trace==
i386: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x5a00)
qemu-fuzz-i386-target-generic-fuzz-ahci-atapi: ../block/io.c:1982: int
bdrv_co_write_req_prepare(BdrvChild *, int64_t, int64_t, BdrvTrackedRequest
*, int): Assertion `child->perm & BLK_PERM_WRITE' failed.
==279048== ERROR: libFuzzer: deadly signal
#0 0x560c92718f50 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:33:3
#1 0x560c926c2f98 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x560c926a7fd3 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
#3 0x7ff7d707038f in libpthread.so.0
#4 0x7ff7d66a8437 in raise
#5 0x7ff7d66aa039 in abort
#6 0x7ff7d66a0be6 in libc.so.6
#7 0x7ff7d66a0c91 in __assert_fail
#8 0x560c92f4fc79 in bdrv_co_write_req_prepare /src/qemu/block/io.c:1982:13
#9 0x560c92f4c974 in bdrv_aligned_pwritev /src/qemu/block/io.c:2065:11
#10 0x560c92f4b937 in bdrv_co_pwritev_part /src/qemu/block/io.c:2270:11
#11 0x560c92f392e7 in blk_do_pwritev_part /src/qemu/block/block-backend.c:1260:11
#12 0x560c92f39a55 in blk_aio_write_entry /src/qemu/block/block-backend.c:1476:17
#13 0x560c930d19d5 in coroutine_trampoline /src/qemu/util/coroutine-ucontext.c:173:9
#14 0x7ff7d66bd5df in libc.so.6
OSS-Fuzz link: https://bugs.chromium.org/p/oss-
fuzz/issues/detail?id=30857
** Affects: qemu
Importance: Undecided
Status: New
** Tags: fuzzer
** Summary changed:
- Assertion Failure in bdrv_co_write_req_prepare through atapi
+ Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1915535
Title:
Assertion `child->perm & BLK_PERM_WRITE' failed in
bdrv_co_write_req_prepare through atapi
Status in QEMU:
New
Bug description:
Maybe this is a duplicate of https://bugs.launchpad.net/qemu/+bug/1906693 ...
In any case, ATAPI is probably a lot more common than megasas, so this might be a more useful reproducer
==Reproducer==
cat << EOF | ./qemu-system-i386 -display none \
-m 512M -machine q35 -nodefaults \
-drive file=null-co://,if=none,format=raw,id=disk0 \
-device ide-cd,drive=disk0 -machine accel=qtest -qtest stdio
outl 0xcf8 0x8000fa24
outl 0xcfc 0xe0000000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x06
write 0xe0000398 0x1 0x01
write 0x63 0x1 0x06
write 0x68 0x1 0x06
write 0x69 0x1 0xf8
write 0x6a 0x1 0xff
write 0xfff806 0x1 0x27
write 0xfff807 0x1 0x80
write 0xfff808 0x1 0x61
write 0x1005734 0x1 0x3f
write 0x1005774 0x1 0x20
write 0x1005784 0x1 0x34
write 0x10057a4 0x1 0x27
write 0x10057b4 0x1 0x3f
write 0x10057c3 0x1 0xce
write 0x10057d4 0x1 0x1a
write 0x10057e3 0x1 0xff
write 0x10057e4 0x1 0x3f
write 0x10057f4 0x1 0x38
write 0x1005814 0x1 0x3e
write 0x1005823 0x1 0x60
write 0x1005824 0x1 0x2d
write 0x1005833 0x1 0x74
write 0x1005834 0x1 0x01
write 0x1005863 0x1 0xff
write 0x1005883 0x1 0x5a
write 0x1005884 0x1 0x06
write 0xe00003b8 0x1 0x08
EOF
==Stack Trace==
i386: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x5a00)
qemu-fuzz-i386-target-generic-fuzz-ahci-atapi: ../block/io.c:1982: int
bdrv_co_write_req_prepare(BdrvChild *, int64_t, int64_t, BdrvTrackedRequest
*, int): Assertion `child->perm & BLK_PERM_WRITE' failed.
==279048== ERROR: libFuzzer: deadly signal
#0 0x560c92718f50 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:33:3
#1 0x560c926c2f98 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x560c926a7fd3 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
#3 0x7ff7d707038f in libpthread.so.0
#4 0x7ff7d66a8437 in raise
#5 0x7ff7d66aa039 in abort
#6 0x7ff7d66a0be6 in libc.so.6
#7 0x7ff7d66a0c91 in __assert_fail
#8 0x560c92f4fc79 in bdrv_co_write_req_prepare /src/qemu/block/io.c:1982:13
#9 0x560c92f4c974 in bdrv_aligned_pwritev /src/qemu/block/io.c:2065:11
#10 0x560c92f4b937 in bdrv_co_pwritev_part /src/qemu/block/io.c:2270:11
#11 0x560c92f392e7 in blk_do_pwritev_part /src/qemu/block/block-backend.c:1260:11
#12 0x560c92f39a55 in blk_aio_write_entry /src/qemu/block/block-backend.c:1476:17
#13 0x560c930d19d5 in coroutine_trampoline /src/qemu/util/coroutine-ucontext.c:173:9
#14 0x7ff7d66bd5df in libc.so.6
OSS-Fuzz link: https://bugs.chromium.org/p/oss-
fuzz/issues/detail?id=30857
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1915535/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 1915535] Re: Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi
2021-02-12 17:01 [Bug 1915535] [NEW] Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi Alexander Bulekov
@ 2021-05-18 19:58 ` John Snow
2021-05-18 23:32 ` Thomas Huth
1 sibling, 0 replies; 3+ messages in thread
From: John Snow @ 2021-05-18 19:58 UTC (permalink / raw)
To: qemu-devel
Not a duplicate of the other bug. Confirmed on development head beyond
6.0.
Please migrate this bug to gitlab and assign me.
--js
** Changed in: qemu
Assignee: (unassigned) => John Snow (jnsnow)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1915535
Title:
Assertion `child->perm & BLK_PERM_WRITE' failed in
bdrv_co_write_req_prepare through atapi
Status in QEMU:
New
Bug description:
Maybe this is a duplicate of https://bugs.launchpad.net/qemu/+bug/1906693 ...
In any case, ATAPI is probably a lot more common than megasas, so this might be a more useful reproducer
==Reproducer==
cat << EOF | ./qemu-system-i386 -display none \
-m 512M -machine q35 -nodefaults \
-drive file=null-co://,if=none,format=raw,id=disk0 \
-device ide-cd,drive=disk0 -machine accel=qtest -qtest stdio
outl 0xcf8 0x8000fa24
outl 0xcfc 0xe0000000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x06
write 0xe0000398 0x1 0x01
write 0x63 0x1 0x06
write 0x68 0x1 0x06
write 0x69 0x1 0xf8
write 0x6a 0x1 0xff
write 0xfff806 0x1 0x27
write 0xfff807 0x1 0x80
write 0xfff808 0x1 0x61
write 0x1005734 0x1 0x3f
write 0x1005774 0x1 0x20
write 0x1005784 0x1 0x34
write 0x10057a4 0x1 0x27
write 0x10057b4 0x1 0x3f
write 0x10057c3 0x1 0xce
write 0x10057d4 0x1 0x1a
write 0x10057e3 0x1 0xff
write 0x10057e4 0x1 0x3f
write 0x10057f4 0x1 0x38
write 0x1005814 0x1 0x3e
write 0x1005823 0x1 0x60
write 0x1005824 0x1 0x2d
write 0x1005833 0x1 0x74
write 0x1005834 0x1 0x01
write 0x1005863 0x1 0xff
write 0x1005883 0x1 0x5a
write 0x1005884 0x1 0x06
write 0xe00003b8 0x1 0x08
EOF
==Stack Trace==
i386: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x5a00)
qemu-fuzz-i386-target-generic-fuzz-ahci-atapi: ../block/io.c:1982: int
bdrv_co_write_req_prepare(BdrvChild *, int64_t, int64_t, BdrvTrackedRequest
*, int): Assertion `child->perm & BLK_PERM_WRITE' failed.
==279048== ERROR: libFuzzer: deadly signal
#0 0x560c92718f50 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:33:3
#1 0x560c926c2f98 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x560c926a7fd3 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
#3 0x7ff7d707038f in libpthread.so.0
#4 0x7ff7d66a8437 in raise
#5 0x7ff7d66aa039 in abort
#6 0x7ff7d66a0be6 in libc.so.6
#7 0x7ff7d66a0c91 in __assert_fail
#8 0x560c92f4fc79 in bdrv_co_write_req_prepare /src/qemu/block/io.c:1982:13
#9 0x560c92f4c974 in bdrv_aligned_pwritev /src/qemu/block/io.c:2065:11
#10 0x560c92f4b937 in bdrv_co_pwritev_part /src/qemu/block/io.c:2270:11
#11 0x560c92f392e7 in blk_do_pwritev_part /src/qemu/block/block-backend.c:1260:11
#12 0x560c92f39a55 in blk_aio_write_entry /src/qemu/block/block-backend.c:1476:17
#13 0x560c930d19d5 in coroutine_trampoline /src/qemu/util/coroutine-ucontext.c:173:9
#14 0x7ff7d66bd5df in libc.so.6
OSS-Fuzz link: https://bugs.chromium.org/p/oss-
fuzz/issues/detail?id=30857
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1915535/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 1915535] Re: Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi
2021-02-12 17:01 [Bug 1915535] [NEW] Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi Alexander Bulekov
2021-05-18 19:58 ` [Bug 1915535] " John Snow
@ 2021-05-18 23:32 ` Thomas Huth
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Huth @ 2021-05-18 23:32 UTC (permalink / raw)
To: qemu-devel
This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/342
** Changed in: qemu
Status: New => Expired
** Changed in: qemu
Assignee: John Snow (jnsnow) => (unassigned)
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #342
https://gitlab.com/qemu-project/qemu/-/issues/342
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1915535
Title:
Assertion `child->perm & BLK_PERM_WRITE' failed in
bdrv_co_write_req_prepare through atapi
Status in QEMU:
Expired
Bug description:
Maybe this is a duplicate of https://bugs.launchpad.net/qemu/+bug/1906693 ...
In any case, ATAPI is probably a lot more common than megasas, so this might be a more useful reproducer
==Reproducer==
cat << EOF | ./qemu-system-i386 -display none \
-m 512M -machine q35 -nodefaults \
-drive file=null-co://,if=none,format=raw,id=disk0 \
-device ide-cd,drive=disk0 -machine accel=qtest -qtest stdio
outl 0xcf8 0x8000fa24
outl 0xcfc 0xe0000000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x06
write 0xe0000398 0x1 0x01
write 0x63 0x1 0x06
write 0x68 0x1 0x06
write 0x69 0x1 0xf8
write 0x6a 0x1 0xff
write 0xfff806 0x1 0x27
write 0xfff807 0x1 0x80
write 0xfff808 0x1 0x61
write 0x1005734 0x1 0x3f
write 0x1005774 0x1 0x20
write 0x1005784 0x1 0x34
write 0x10057a4 0x1 0x27
write 0x10057b4 0x1 0x3f
write 0x10057c3 0x1 0xce
write 0x10057d4 0x1 0x1a
write 0x10057e3 0x1 0xff
write 0x10057e4 0x1 0x3f
write 0x10057f4 0x1 0x38
write 0x1005814 0x1 0x3e
write 0x1005823 0x1 0x60
write 0x1005824 0x1 0x2d
write 0x1005833 0x1 0x74
write 0x1005834 0x1 0x01
write 0x1005863 0x1 0xff
write 0x1005883 0x1 0x5a
write 0x1005884 0x1 0x06
write 0xe00003b8 0x1 0x08
EOF
==Stack Trace==
i386: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x5a00)
qemu-fuzz-i386-target-generic-fuzz-ahci-atapi: ../block/io.c:1982: int
bdrv_co_write_req_prepare(BdrvChild *, int64_t, int64_t, BdrvTrackedRequest
*, int): Assertion `child->perm & BLK_PERM_WRITE' failed.
==279048== ERROR: libFuzzer: deadly signal
#0 0x560c92718f50 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:33:3
#1 0x560c926c2f98 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x560c926a7fd3 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
#3 0x7ff7d707038f in libpthread.so.0
#4 0x7ff7d66a8437 in raise
#5 0x7ff7d66aa039 in abort
#6 0x7ff7d66a0be6 in libc.so.6
#7 0x7ff7d66a0c91 in __assert_fail
#8 0x560c92f4fc79 in bdrv_co_write_req_prepare /src/qemu/block/io.c:1982:13
#9 0x560c92f4c974 in bdrv_aligned_pwritev /src/qemu/block/io.c:2065:11
#10 0x560c92f4b937 in bdrv_co_pwritev_part /src/qemu/block/io.c:2270:11
#11 0x560c92f392e7 in blk_do_pwritev_part /src/qemu/block/block-backend.c:1260:11
#12 0x560c92f39a55 in blk_aio_write_entry /src/qemu/block/block-backend.c:1476:17
#13 0x560c930d19d5 in coroutine_trampoline /src/qemu/util/coroutine-ucontext.c:173:9
#14 0x7ff7d66bd5df in libc.so.6
OSS-Fuzz link: https://bugs.chromium.org/p/oss-
fuzz/issues/detail?id=30857
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1915535/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-18 23:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-12 17:01 [Bug 1915535] [NEW] Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi Alexander Bulekov
2021-05-18 19:58 ` [Bug 1915535] " John Snow
2021-05-18 23:32 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.