[Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1878054 Title: Hang with high CPU usage in sdhci_data_transfer Status in QEMU: Expired Bug description: Hello, While fuzzing, I found an input that causes QEMU to hang with 100% CPU usage. I have waited several minutes, and QEMU is still unresponsive. Using gdb, It appears that it is stuck in an sdhci_data_transfer: #0 memory_region_access_valid (mr=, addr=0x10284920, size=, is_write=0xff, attrs=...) at /home/alxndr/Development/qemu/memory.c:1378 #1 memory_region_dispatch_write (mr=, addr=, data=, op=MO_32, attrs=...) at /home/alxndr/Development/qemu/memory.c:1463 #2 flatview_write_continue (fv=, addr=0x10284920, attrs=..., ptr=, len=0xb7, addr1=0x582798e0, l=, mr=0x582798e0 ) at /home/alxndr/Development/qemu/exec.c:3137 #3 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #4 address_space_write (as=, addr=, attrs=..., buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #5 address_space_rw (as=0x572509ac , addr=0x582798e0, attrs=..., attrs@entry=..., buf=0xb04f325, len=0x4, is_write=0xb8, is_write@entry=0x1) at /home/alxndr/Development/qemu/exec.c:3278 #6 dma_memory_rw_relaxed (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:87 #7 dma_memory_rw (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:110 #8 dma_memory_write (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/include/sysemu/dma.h:122 #9 sdhci_sdma_transfer_multi_blocks (s=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:618 #10 sdhci_data_transfer (opaque=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:891 #11 sdhci_send_command (s=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:364 #12 sdhci_write (opaque=, offset=0xc, val=, size=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158 #13 memory_region_write_accessor (mr=, addr=, value=, size=, shift=, mask=, attrs=...) at /home/alxndr/Development/qemu/memory.c:483 #14 access_with_adjusted_size (addr=, value=, size=, access_size_min=, access_size_max=, access_fn=, mr=0x61e219f0, attrs=...) at /home/alxndr/Development/qemu/memory.c:544 #15 memory_region_dispatch_write (mr=, addr=, data=0x1ffe0ff, op=, attrs=...) at /home/alxndr/Development/qemu/memory.c:1476 #16 flatview_write_continue (fv=, addr=0xe106800c, attrs=..., ptr=, len=0xff3, addr1=0x582798e0, l=, mr=0x61e219f0) at /home/alxndr/Development/qemu/exec.c:3137 #17 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #18 address_space_write (as=, addr=, attrs=..., attrs@entry=..., buf=0xb04f325, buf@entry=0x6218ad00, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #19 qtest_process_command (chr=, chr@entry=0x5827c040 , words=) at /home/alxndr/Development/qemu/qtest.c:567 #20 qtest_process_inbuf (chr=0x5827c040 , inbuf=0x6190f640) at /home/alxndr/Development/qemu/qtest.c:710 I am attaching the qtest commands for reproducing it. I can reproduce it in a qemu 5.0 build using: qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec- version=3 -device sd-card,drive=mydrive -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive -nographic -nographic -serial none -monitor none < attachment Please let me know if I can provide any further info. -Alex To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1878054/+subscriptions
[Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer
** Bug watch removed: gitlab.com/qemu-project/qemu/-/issues #387 https://gitlab.com/qemu-project/qemu/-/issues/387 -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1878054 Title: Hang with high CPU usage in sdhci_data_transfer Status in QEMU: Incomplete Bug description: Hello, While fuzzing, I found an input that causes QEMU to hang with 100% CPU usage. I have waited several minutes, and QEMU is still unresponsive. Using gdb, It appears that it is stuck in an sdhci_data_transfer: #0 memory_region_access_valid (mr=, addr=0x10284920, size=, is_write=0xff, attrs=...) at /home/alxndr/Development/qemu/memory.c:1378 #1 memory_region_dispatch_write (mr=, addr=, data=, op=MO_32, attrs=...) at /home/alxndr/Development/qemu/memory.c:1463 #2 flatview_write_continue (fv=, addr=0x10284920, attrs=..., ptr=, len=0xb7, addr1=0x582798e0, l=, mr=0x582798e0 ) at /home/alxndr/Development/qemu/exec.c:3137 #3 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #4 address_space_write (as=, addr=, attrs=..., buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #5 address_space_rw (as=0x572509ac , addr=0x582798e0, attrs=..., attrs@entry=..., buf=0xb04f325, len=0x4, is_write=0xb8, is_write@entry=0x1) at /home/alxndr/Development/qemu/exec.c:3278 #6 dma_memory_rw_relaxed (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:87 #7 dma_memory_rw (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:110 #8 dma_memory_write (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/include/sysemu/dma.h:122 #9 sdhci_sdma_transfer_multi_blocks (s=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:618 #10 sdhci_data_transfer (opaque=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:891 #11 sdhci_send_command (s=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:364 #12 sdhci_write (opaque=, offset=0xc, val=, size=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158 #13 memory_region_write_accessor (mr=, addr=, value=, size=, shift=, mask=, attrs=...) at /home/alxndr/Development/qemu/memory.c:483 #14 access_with_adjusted_size (addr=, value=, size=, access_size_min=, access_size_max=, access_fn=, mr=0x61e219f0, attrs=...) at /home/alxndr/Development/qemu/memory.c:544 #15 memory_region_dispatch_write (mr=, addr=, data=0x1ffe0ff, op=, attrs=...) at /home/alxndr/Development/qemu/memory.c:1476 #16 flatview_write_continue (fv=, addr=0xe106800c, attrs=..., ptr=, len=0xff3, addr1=0x582798e0, l=, mr=0x61e219f0) at /home/alxndr/Development/qemu/exec.c:3137 #17 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #18 address_space_write (as=, addr=, attrs=..., attrs@entry=..., buf=0xb04f325, buf@entry=0x6218ad00, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #19 qtest_process_command (chr=, chr@entry=0x5827c040 , words=) at /home/alxndr/Development/qemu/qtest.c:567 #20 qtest_process_inbuf (chr=0x5827c040 , inbuf=0x6190f640) at /home/alxndr/Development/qemu/qtest.c:710 I am attaching the qtest commands for reproducing it. I can reproduce it in a qemu 5.0 build using: qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec- version=3 -device sd-card,drive=mydrive -drive if=sd,index=0,file =null-co://,format=raw,id=mydrive -nographic -nographic -serial none -monitor none < attachment Please let me know if I can provide any further info. -Alex To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1878054/+subscriptions
[Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer
So we have 2 bugs then... Filled https://gitlab.com/qemu-project/qemu/-/issues/387, once solve I plan to reopen this issue. ** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #387 https://gitlab.com/qemu-project/qemu/-/issues/387 -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1878054 Title: Hang with high CPU usage in sdhci_data_transfer Status in QEMU: Incomplete Bug description: Hello, While fuzzing, I found an input that causes QEMU to hang with 100% CPU usage. I have waited several minutes, and QEMU is still unresponsive. Using gdb, It appears that it is stuck in an sdhci_data_transfer: #0 memory_region_access_valid (mr=, addr=0x10284920, size=, is_write=0xff, attrs=...) at /home/alxndr/Development/qemu/memory.c:1378 #1 memory_region_dispatch_write (mr=, addr=, data=, op=MO_32, attrs=...) at /home/alxndr/Development/qemu/memory.c:1463 #2 flatview_write_continue (fv=, addr=0x10284920, attrs=..., ptr=, len=0xb7, addr1=0x582798e0, l=, mr=0x582798e0 ) at /home/alxndr/Development/qemu/exec.c:3137 #3 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #4 address_space_write (as=, addr=, attrs=..., buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #5 address_space_rw (as=0x572509ac , addr=0x582798e0, attrs=..., attrs@entry=..., buf=0xb04f325, len=0x4, is_write=0xb8, is_write@entry=0x1) at /home/alxndr/Development/qemu/exec.c:3278 #6 dma_memory_rw_relaxed (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:87 #7 dma_memory_rw (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:110 #8 dma_memory_write (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/include/sysemu/dma.h:122 #9 sdhci_sdma_transfer_multi_blocks (s=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:618 #10 sdhci_data_transfer (opaque=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:891 #11 sdhci_send_command (s=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:364 #12 sdhci_write (opaque=, offset=0xc, val=, size=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158 #13 memory_region_write_accessor (mr=, addr=, value=, size=, shift=, mask=, attrs=...) at /home/alxndr/Development/qemu/memory.c:483 #14 access_with_adjusted_size (addr=, value=, size=, access_size_min=, access_size_max=, access_fn=, mr=0x61e219f0, attrs=...) at /home/alxndr/Development/qemu/memory.c:544 #15 memory_region_dispatch_write (mr=, addr=, data=0x1ffe0ff, op=, attrs=...) at /home/alxndr/Development/qemu/memory.c:1476 #16 flatview_write_continue (fv=, addr=0xe106800c, attrs=..., ptr=, len=0xff3, addr1=0x582798e0, l=, mr=0x61e219f0) at /home/alxndr/Development/qemu/exec.c:3137 #17 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #18 address_space_write (as=, addr=, attrs=..., attrs@entry=..., buf=0xb04f325, buf@entry=0x6218ad00, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #19 qtest_process_command (chr=, chr@entry=0x5827c040 , words=) at /home/alxndr/Development/qemu/qtest.c:567 #20 qtest_process_inbuf (chr=0x5827c040 , inbuf=0x6190f640) at /home/alxndr/Development/qemu/qtest.c:710 I am attaching the qtest commands for reproducing it. I can reproduce it in a qemu 5.0 build using: qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec- version=3 -device sd-card,drive=mydrive -drive if=sd,index=0,file =null-co://,format=raw,id=mydrive -nographic -nographic -serial none -monitor none < attachment Please let me know if I can provide any further info. -Alex To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1878054/+subscriptions
Re: [Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer
I think to fix the reproducer we can swap the if=sd for if=none: qemu-system-i386 -M pc-q35-5.0 \ -qtest stdio \ -device sdhci-pci,sd-spec-version=3 -device sd-card,drive=mydrive \ -drive if=none,index=0,file=null-co://,format=raw,id=mydrive \ -nographic -nographic -serial none -monitor none < attachment2 I confirmed that this reproducer triggers the high-cpu usage for the QEMU 5.2 build I got from Debian. That said, this no longer times-out in my 6.0 build, so I think this is fixed. -Alex On 210603 1500, Thomas Huth wrote: > The latest version of QEMU seems to refuse the provided command line: > > qemu-system-i386: -drive if=sd,index=0,file=null- > co://,format=raw,id=mydrive: machine type does not support > if=sd,bus=0,unit=0 > > ... is there still a way to reproduce this issue with the latest QEMU > version? > > ** Changed in: qemu >Status: New => Incomplete > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1878054 > > Title: > Hang with high CPU usage in sdhci_data_transfer > > Status in QEMU: > Incomplete > > Bug description: > Hello, > While fuzzing, I found an input that causes QEMU to hang with 100% CPU > usage. > I have waited several minutes, and QEMU is still unresponsive. Using gdb, It > appears that it is stuck in an sdhci_data_transfer: > > #0 memory_region_access_valid (mr=, addr=0x10284920, > size=, is_write=0xff, attrs=...) at > /home/alxndr/Development/qemu/memory.c:1378 > #1 memory_region_dispatch_write (mr=, addr= out>, data=, op=MO_32, attrs=...) at > /home/alxndr/Development/qemu/memory.c:1463 > #2 flatview_write_continue (fv=, addr=0x10284920, > attrs=..., ptr=, len=0xb7, addr1=0x582798e0, l= out>, mr=0x582798e0 ) at > /home/alxndr/Development/qemu/exec.c:3137 > #3 flatview_write (fv=0x60645da0, addr=, attrs=..., > buf=, len=) at > /home/alxndr/Development/qemu/exec.c:3177 > #4 address_space_write (as=, addr=, > attrs=..., buf=0xb04f325, len=0x4) at > /home/alxndr/Development/qemu/exec.c:3268 > #5 address_space_rw (as=0x572509ac , > addr=0x582798e0, attrs=..., attrs@entry=..., buf=0xb04f325, len=0x4, > is_write=0xb8, is_write@entry=0x1) at > /home/alxndr/Development/qemu/exec.c:3278 > #6 dma_memory_rw_relaxed (as=0x572509ac , > addr=0x582798e0, buf=0xb04f325, len=0x4, > dir=DMA_DIRECTION_FROM_DEVICE) at > /home/alxndr/Development/qemu/include/sysemu/dma.h:87 > #7 dma_memory_rw (as=0x572509ac , > addr=0x582798e0, buf=0xb04f325, len=0x4, > dir=DMA_DIRECTION_FROM_DEVICE) at > /home/alxndr/Development/qemu/include/sysemu/dma.h:110 > #8 dma_memory_write (as=0x572509ac , > addr=0x582798e0, buf=0xb04f325, len=0x4) at > /home/alxndr/Development/qemu/include/sysemu/dma.h:122 > #9 sdhci_sdma_transfer_multi_blocks (s=) at > /home/alxndr/Development/qemu/hw/sd/sdhci.c:618 > #10 sdhci_data_transfer (opaque=0x61e21080) at > /home/alxndr/Development/qemu/hw/sd/sdhci.c:891 > #11 sdhci_send_command (s=0x61e21080) at > /home/alxndr/Development/qemu/hw/sd/sdhci.c:364 > #12 sdhci_write (opaque=, offset=0xc, val=, > size=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158 > #13 memory_region_write_accessor (mr=, addr= out>, value=, size=, shift=, > mask=, attrs=...) at > /home/alxndr/Development/qemu/memory.c:483 > #14 access_with_adjusted_size (addr=, value= out>, size=, access_size_min=, > access_size_max=, access_fn=, > mr=0x61e219f0, attrs=...) at /home/alxndr/Development/qemu/memory.c:544 > #15 memory_region_dispatch_write (mr=, addr= out>, data=0x1ffe0ff, op=, attrs=...) at > /home/alxndr/Development/qemu/memory.c:1476 > #16 flatview_write_continue (fv=, addr=0xe106800c, > attrs=..., ptr=, len=0xff3, addr1=0x582798e0, l= out>, mr=0x61e219f0) at /home/alxndr/Development/qemu/exec.c:3137 > #17 flatview_write (fv=0x60645da0, addr=, attrs=..., > buf=, len=) at > /home/alxndr/Development/qemu/exec.c:3177 > #18 address_space_write (as=, addr=, > attrs=..., attrs@entry=..., buf=0xb04f325, buf@entry=0x6218ad00, > len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 > #19 qtest_process_command (chr=, chr@entry=0x5827c040 > , words=) at > /home/alxndr/Development/qemu/qtest.c:567 > #20 qtest_process_inbuf (chr=0x5827c040 , > inbuf=0x6190f640) at /home/alxndr/Development/qemu/qtest.c:710 > > > I am attaching the qtest commands for reproducing it. > I can reproduce it in a qemu 5.0 build using: > > qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec- > version=3 -device sd-card,drive=mydrive -drive if=sd,index=0,file > =null-co://,format=raw,id=mydrive -nographic -nographic -serial none > -monitor none < attachment > > Please let me know if I can provide any further info. > -Alex > > To manage notifications about this bug go to: >
[Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer
The latest version of QEMU seems to refuse the provided command line: qemu-system-i386: -drive if=sd,index=0,file=null- co://,format=raw,id=mydrive: machine type does not support if=sd,bus=0,unit=0 ... is there still a way to reproduce this issue with the latest QEMU version? ** Changed in: qemu Status: New => Incomplete -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1878054 Title: Hang with high CPU usage in sdhci_data_transfer Status in QEMU: Incomplete Bug description: Hello, While fuzzing, I found an input that causes QEMU to hang with 100% CPU usage. I have waited several minutes, and QEMU is still unresponsive. Using gdb, It appears that it is stuck in an sdhci_data_transfer: #0 memory_region_access_valid (mr=, addr=0x10284920, size=, is_write=0xff, attrs=...) at /home/alxndr/Development/qemu/memory.c:1378 #1 memory_region_dispatch_write (mr=, addr=, data=, op=MO_32, attrs=...) at /home/alxndr/Development/qemu/memory.c:1463 #2 flatview_write_continue (fv=, addr=0x10284920, attrs=..., ptr=, len=0xb7, addr1=0x582798e0, l=, mr=0x582798e0 ) at /home/alxndr/Development/qemu/exec.c:3137 #3 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #4 address_space_write (as=, addr=, attrs=..., buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #5 address_space_rw (as=0x572509ac , addr=0x582798e0, attrs=..., attrs@entry=..., buf=0xb04f325, len=0x4, is_write=0xb8, is_write@entry=0x1) at /home/alxndr/Development/qemu/exec.c:3278 #6 dma_memory_rw_relaxed (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:87 #7 dma_memory_rw (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:110 #8 dma_memory_write (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/include/sysemu/dma.h:122 #9 sdhci_sdma_transfer_multi_blocks (s=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:618 #10 sdhci_data_transfer (opaque=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:891 #11 sdhci_send_command (s=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:364 #12 sdhci_write (opaque=, offset=0xc, val=, size=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158 #13 memory_region_write_accessor (mr=, addr=, value=, size=, shift=, mask=, attrs=...) at /home/alxndr/Development/qemu/memory.c:483 #14 access_with_adjusted_size (addr=, value=, size=, access_size_min=, access_size_max=, access_fn=, mr=0x61e219f0, attrs=...) at /home/alxndr/Development/qemu/memory.c:544 #15 memory_region_dispatch_write (mr=, addr=, data=0x1ffe0ff, op=, attrs=...) at /home/alxndr/Development/qemu/memory.c:1476 #16 flatview_write_continue (fv=, addr=0xe106800c, attrs=..., ptr=, len=0xff3, addr1=0x582798e0, l=, mr=0x61e219f0) at /home/alxndr/Development/qemu/exec.c:3137 #17 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #18 address_space_write (as=, addr=, attrs=..., attrs@entry=..., buf=0xb04f325, buf@entry=0x6218ad00, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #19 qtest_process_command (chr=, chr@entry=0x5827c040 , words=) at /home/alxndr/Development/qemu/qtest.c:567 #20 qtest_process_inbuf (chr=0x5827c040 , inbuf=0x6190f640) at /home/alxndr/Development/qemu/qtest.c:710 I am attaching the qtest commands for reproducing it. I can reproduce it in a qemu 5.0 build using: qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec- version=3 -device sd-card,drive=mydrive -drive if=sd,index=0,file =null-co://,format=raw,id=mydrive -nographic -nographic -serial none -monitor none < attachment Please let me know if I can provide any further info. -Alex To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1878054/+subscriptions
[Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer
Forgot the attachment.. ** Attachment added: "attachment" https://bugs.launchpad.net/qemu/+bug/1878054/+attachment/5369967/+files/attachment -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1878054 Title: Hang with high CPU usage in sdhci_data_transfer Status in QEMU: New Bug description: Hello, While fuzzing, I found an input that causes QEMU to hang with 100% CPU usage. I have waited several minutes, and QEMU is still unresponsive. Using gdb, It appears that it is stuck in an sdhci_data_transfer: #0 memory_region_access_valid (mr=, addr=0x10284920, size=, is_write=0xff, attrs=...) at /home/alxndr/Development/qemu/memory.c:1378 #1 memory_region_dispatch_write (mr=, addr=, data=, op=MO_32, attrs=...) at /home/alxndr/Development/qemu/memory.c:1463 #2 flatview_write_continue (fv=, addr=0x10284920, attrs=..., ptr=, len=0xb7, addr1=0x582798e0, l=, mr=0x582798e0 ) at /home/alxndr/Development/qemu/exec.c:3137 #3 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #4 address_space_write (as=, addr=, attrs=..., buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #5 address_space_rw (as=0x572509ac , addr=0x582798e0, attrs=..., attrs@entry=..., buf=0xb04f325, len=0x4, is_write=0xb8, is_write@entry=0x1) at /home/alxndr/Development/qemu/exec.c:3278 #6 dma_memory_rw_relaxed (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:87 #7 dma_memory_rw (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) at /home/alxndr/Development/qemu/include/sysemu/dma.h:110 #8 dma_memory_write (as=0x572509ac , addr=0x582798e0, buf=0xb04f325, len=0x4) at /home/alxndr/Development/qemu/include/sysemu/dma.h:122 #9 sdhci_sdma_transfer_multi_blocks (s=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:618 #10 sdhci_data_transfer (opaque=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:891 #11 sdhci_send_command (s=0x61e21080) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:364 #12 sdhci_write (opaque=, offset=0xc, val=, size=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158 #13 memory_region_write_accessor (mr=, addr=, value=, size=, shift=, mask=, attrs=...) at /home/alxndr/Development/qemu/memory.c:483 #14 access_with_adjusted_size (addr=, value=, size=, access_size_min=, access_size_max=, access_fn=, mr=0x61e219f0, attrs=...) at /home/alxndr/Development/qemu/memory.c:544 #15 memory_region_dispatch_write (mr=, addr=, data=0x1ffe0ff, op=, attrs=...) at /home/alxndr/Development/qemu/memory.c:1476 #16 flatview_write_continue (fv=, addr=0xe106800c, attrs=..., ptr=, len=0xff3, addr1=0x582798e0, l=, mr=0x61e219f0) at /home/alxndr/Development/qemu/exec.c:3137 #17 flatview_write (fv=0x60645da0, addr=, attrs=..., buf=, len=) at /home/alxndr/Development/qemu/exec.c:3177 #18 address_space_write (as=, addr=, attrs=..., attrs@entry=..., buf=0xb04f325, buf@entry=0x6218ad00, len=0x4) at /home/alxndr/Development/qemu/exec.c:3268 #19 qtest_process_command (chr=, chr@entry=0x5827c040 , words=) at /home/alxndr/Development/qemu/qtest.c:567 #20 qtest_process_inbuf (chr=0x5827c040 , inbuf=0x6190f640) at /home/alxndr/Development/qemu/qtest.c:710 I am attaching the qtest commands for reproducing it. I can reproduce it in a qemu 5.0 build using: qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec- version=3 -device sd-card,drive=mydrive -drive if=sd,index=0,file =null-co://,format=raw,id=mydrive -nographic -nographic -serial none -monitor none < attachment Please let me know if I can provide any further info. -Alex To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1878054/+subscriptions
