id = 2415 title = "Assertion `r->req.aiocb == NULL' in am53c974 device" state = "closed" created_at = "2024-06-30T09:28:03.748Z" closed_at = "2024-07-17T05:40:17.595Z" labels = ["Fuzzer", "Storage"] url = "https://gitlab.com/qemu-project/qemu/-/issues/2415" host-os = "Ubuntu 22.04.4 LTS" host-arch = "x86_64" qemu-version = "commit 3665dd6bb9" guest-os = "n/a" guest-arch = "n/a" description = """The following log reveals it: ``` qemu-truman-x86_64-4467afcc: qemu/hw/scsi/scsi-disk.c:558: void scsi_write_data(SCSIRequest *): Assertion `r->req.aiocb == NULL' failed. ==2957464== ERROR: libFuzzer: deadly signal #0 0x55e76f00e911 in __sanitizer_print_stack_trace llvm/compiler-rt/lib/asan/asan_stack.cpp:87:3 #1 0x55e76ef88fb8 in fuzzer::PrintStackTrace() llvm/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 #2 0x55e76ef6d1b3 in fuzzer::Fuzzer::CrashCallback() llvm/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3 #3 0x7f83d604251f (/lib/x86_64-linux-gnu/libc.so.6+0x4251f) #4 0x7f83d60969fb in __pthread_kill_implementation nptl/./nptl/pthread_kill.c:43:17 #5 0x7f83d60969fb in __pthread_kill_internal nptl/./nptl/pthread_kill.c:78:10 #6 0x7f83d60969fb in pthread_kill nptl/./nptl/pthread_kill.c:89:10 #7 0x7f83d6042475 in gsignal signal/../sysdeps/posix/raise.c:26:13 #8 0x7f83d60287f2 in abort stdlib/./stdlib/abort.c:79:7 #9 0x7f83d602871a in __assert_fail_base assert/./assert/assert.c:92:3 #10 0x7f83d6039e95 in __assert_fail assert/./assert/assert.c:101:3 #11 0x55e76fbb55a5 in scsi_write_data qemu/hw/scsi/scsi-disk.c:558:5 #12 0x55e76fb95a1f in scsi_req_continue qemu/hw/scsi/scsi-bus.c #13 0x55e76fbfe0cc in esp_do_dma qemu/hw/scsi/esp.c #14 0x55e76fc0be39 in handle_ti qemu/hw/scsi/esp.c:1104:9 #15 0x55e76fc042f6 in esp_run_cmd qemu/hw/scsi/esp.c:1186:9 #16 0x55e76fc042f6 in esp_reg_write qemu/hw/scsi/esp.c:1304:9 #17 0x55e76fc1329b in esp_pci_io_write qemu/hw/scsi/esp-pci.c:248:9 ```""" reproduce = """``` cat << EOF | qemu-system-x86_64 -display none\\ -machine accel=qtest, -m 512M -device am53c974,id=scsi -device \\ scsi-hd,drive=disk0 -drive id=disk0,if=none,file=null-co://,format=raw \\ -nodefaults -qtest stdio outl 0xcf8 0x80001010 outl 0xcfc 0xc000 outl 0xcf8 0x80001004 outw 0xcfc 0x05 outl 0xc03e 0x030000 outl 0xc009 0xc1000000 outl 0xc008 0x8a outl 0xc00d 0x0 outl 0xc009 0x00 outl 0xc00c 0x11 outl 0xc00d 0x0 outl 0xc00d 0x00 outl 0xc00d 0x0 outw 0xc00f 0x00 outb 0xc00d 0x0 outl 0xc00d 0x0 outl 0xc009 0x41000000 outb 0xc00c 0x90 outl 0xc00d 0x0 EOF ```""" additional = "n/a"