[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 697510] Re: Machine shut off after tons of lsi_scsi: error: MSG IN
From: |
Bugs SysSec |
Subject: |
[Bug 697510] Re: Machine shut off after tons of lsi_scsi: error: MSG IN data too long |
Date: |
Tue, 16 Jun 2020 15:47:33 -0000 |
We found a reproducer during fuzzing:
```
qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion
`s->current' failed.
```
To reproduce run the QEMU with the following command line:
```
qemu-system-x86_64 -cdrom hypertrash.iso -nographic -m 100 -enable-kvm -net
none -device ich9-usb-ehci1 -device usb-tablet -device lsi53c810,id=scsi0
-drive file=hda.img,if=none,format=raw,discard=unmap,cache=none,id=someid
-device scsi-hd,drive=someid,bus=scsi0.0
```
QEMU Version:
```
# qemu-5.0.0
$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
$ x86_64-softmmu/qemu-system-x86_64 --version
QEMU emulator version 5.0.0
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
```
To create disk image run:
```
dd if=/dev/zero of=hda.img bs=1024 count=1024
```
** Attachment added: "lsi_assert1.zip"
https://bugs.launchpad.net/qemu/+bug/697510/+attachment/5384436/+files/lsi_assert1.zip
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697510
Title:
Machine shut off after tons of lsi_scsi: error: MSG IN data too long
Status in QEMU:
New
Bug description:
The problem mostly happens during our backup, syslog does not have any
problematic messages.
Host is Ubuntu 10.10 x86 64 bits
Guest is Windows 2003 Server 32 bits
Using Virtio and Red Hat driver I get a STOP screen 0x100000d1 and machine
either reboot, stay frozen or shut off.
Using SCSI the machine shuts off and I get tons of message on stdout;
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 3500 -smp
4,sockets=4,cores=1,threads=1 -name BMSRV0101 -uuid
6ccbb5fa-5880-a1ab-3b7a-fb7ccc7c8ccf -nodefaults -chardev
socket,id=monitor,path=/var/lib/libvirt/qemu/BMSRV0101.monitor,server,nowait
-mon chardev=monitor,mode=readline -rtc base=localtime -boot c -device
lsi,id=scsi0,bus=pci.0,addr=0x4 -drive
if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device
ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive
file=/dev/vgUbuntu/vmBMSRV0101,if=none,id=drive-scsi0-0-0,boot=on,format=raw
-device scsi-disk,bus=scsi0.0,scsi-id=0,drive=drive-scsi0-0-0,id=scsi0-0-0
-device virtio-net-pci,vlan=0,id=net0,mac=52:54:00:5d:7b:07,bus=pci.0,addr=0x3
-net tap,fd=63,vlan=0,name=hostnet0 -chardev pty,id=serial0 -device
isa-serial,chardev=serial0 -usb -device usb-tablet,id=input0 -vnc 127.0.0.1:0
-vga cirrus -device usb-host,hostbus=002,hostaddr=005,id=hostdev0 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
char device redirected to /dev/pts/0
pci_add_option_rom: failed to find romfile "pxe-virtio.bin"
husb: open device 2.5
husb: config #1 need -1
husb: 1 interfaces claimed for configuration 1
husb: grabbed usb device 2.5
husb: config #1 need 1
husb: 1 interfaces claimed for configuration 1
lsi_scsi: error: Unimplemented message 0x00
(x8)
lsi_scsi: error: MSG IN data too long
lsi_scsi: error: Unimplemented message 0x00
(x760)
lsi_scsi: error: MSG IN data too long
lsi_scsi: error: MSG IN data too long
kvm: /build/buildd/qemu-kvm-0.12.5+noroms/hw/lsi53c895a.c:512: lsi_do_dma:
Assertion `s->current' failed.
I can include minidump file if needed.
I am currently using IDE and it seems OK.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/697510/+subscriptions
- [Bug 697510] Re: Machine shut off after tons of lsi_scsi: error: MSG IN data too long,
Bugs SysSec <=