Assertion `r->req.aiocb == NULL' in am53c974 emulator
Host environment
-
Operating system: Ubuntu-18.04
-
OS/kernel version: Linux 5.4.0-87-generic
-
Architecture: x86
-
QEMU flavor: qemu-system-i386
-
QEMU version: 6.1.50 (v6.1.0-1310-g15a05789)
-
QEMU command line:
qemu-system-i386 -m 512 -drive file=./hyfuzz.img,index=0,media=disk,format=raw -device am53c974,id=scsi -device scsi-hd,drive=SysDisk -drive id=SysDisk,if=none,file=./disk.img
Emulated/Virtualized environment
- Operating system: Custom OS
- OS/kernel version: -
- Architecture: x86
Description of problem
Steps to reproduce
1../configure --target-list=i386-softmmu --disable-werror --enable-sanitizers
2.make -j12
3.qemu-system-i386 -m 512 -drive file=./hyfuzz.img,index=0,media=disk,format=raw -device am53c974,id=scsi -device scsi-hd,drive=SysDisk -drive id=SysDisk,if=none,file=./disk.img
Additional information
Stack trace
qemu-system-i386: ../hw/scsi/scsi-disk.c:474: scsi_read_data: Assertion `r->req.aiocb == NULL' failed.
#0 0x00007fffef5b6fb7 in __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007fffef5b8921 in __GI_abort () at abort.c:79
#2 0x00007fffef5a848a in __assert_fail_base (fmt=0x7fffef72f750 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555558b4d760 "r->req.aiocb == NULL", file=file@entry=0x555558b4cd80 "../hw/scsi/scsi-disk.c", line=line@entry=0x1da, function=function@entry=0x555558b4fee0 <__PRETTY_FUNCTION__.34961> "scsi_read_data") at assert.c:92
#3 0x00007fffef5a8502 in __GI___assert_fail (assertion=assertion@entry=0x555558b4d760 "r->req.aiocb == NULL", file=file@entry=0x555558b4cd80 "../hw/scsi/scsi-disk.c", line=line@entry=0x1da, function=function@entry=0x555558b4fee0 <__PRETTY_FUNCTION__.34961> "scsi_read_data") at assert.c:101
#4 0x0000555557a7e957 in scsi_read_data (req=0x6150000ec200) at ../hw/scsi/scsi-disk.c:474
#5 0x0000555557a642f8 in scsi_req_continue (req=0x6150000ec200) at ../hw/scsi/scsi-bus.c:1394
#6 0x0000555557a9f40d in esp_do_dma (s=s@entry=0x61f000002708) at ../hw/scsi/esp.c:698
#7 0x0000555557aa1ca0 in handle_ti (s=0x61f000002708) at ../hw/scsi/esp.c:884
#8 0x0000555557aa626d in esp_reg_write (s=0x61f000002708, saddr=saddr@entry=0x3, val=<optimized out>) at ../hw/scsi/esp.c:1048
#9 0x0000555557aab4a9 in esp_pci_io_write (opaque=0x61f000001c80, addr=0xc, val=<optimized out>, size=<optimized out>) at ../hw/scsi/esp-pci.c:214
#10 0x0000555557fc35fc in memory_region_write_accessor (mr=0x61f0000025e0, addr=<optimized out>, value=<optimized out>, size=<optimized out>, shift=<optimized out>, mask=<optimized out>, attrs=...) at ../softmmu/memory.c:492
#11 0x0000555557faf8b1 in access_with_adjusted_size (addr=addr@entry=0xc, value=value@entry=0x7fff741fb098, size=size@entry=0x1, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=
0x555557fc33b0 <memory_region_write_accessor>, mr=0x61f0000025e0, attrs=...) at ../softmmu/memory.c:554
#12 0x0000555557fc02eb in memory_region_dispatch_write (mr=mr@entry=0x61f0000025e0, addr=<optimized out>, data=<optimized out>, data@entry=0x90, op=op@entry=MO_8, attrs=..., attrs@entry=...) at ../softmmu/memory.c:1511
#13 0x0000555557f954d9 in address_space_stb (as=<optimized out>, addr=<optimized out>, val=<optimized out>, attrs=..., result=<optimized out>) at /home/cwmyung/prj/hyfuzz/src/qemu-asan/memory_ldst.c.inc:382
#14 0x00007fff949943c8 in code_gen_buffer ()
#15 0x0000555558382f99 in cpu_tb_exec (tb_exit=<optimized out>, itb=<optimized out>, cpu=0x7fff94994140 <code_gen_buffer+4350227>) at ../accel/tcg/cpu-exec.c:353
#16 0x0000555558382f99 in cpu_loop_exec_tb (tb_exit=<optimized out>, last_tb=<optimized out>, tb=<optimized out>, cpu=0x7fff94994140 <code_gen_buffer+4350227>) at ../accel/tcg/cpu-exec.c:818
#17 0x0000555558382f99 in cpu_exec (cpu=cpu@entry=0x62e000000400) at ../accel/tcg/cpu-exec.c:976
#18 0x00005555583ea35e in tcg_cpus_exec (cpu=cpu@entry=0x62e000000400) at ../accel/tcg/tcg-accel-ops.c:67
#19 0x00005555583ea69f in mttcg_cpu_thread_fn (arg=arg@entry=0x62e000000400) at ../accel/tcg/tcg-accel-ops-mttcg.c:70
#20 0x0000555558858672 in qemu_thread_start (args=<optimized out>) at ../util/qemu-thread-posix.c:557
#21 0x00007fffef9706db in start_thread (arg=0x7fff741ff700) at pthread_create.c:463
#22 0x00007fffef69971f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95