qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_sp

From: Qiuhao Li
Subject: [Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again
Date: Mon, 14 Dec 2020 12:17:27 -0000 
Public bug reported:

When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
12, built with --enable-sanitizers --enable-fuzzing), an assertion
failed in include/exec/memory_ldst_cached.h.inc.

--[ Reproducer

cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
outl 0xcf8 0x8000081c
outb 0xcfc 0xc3
outl 0xcf8 0x80000804
outb 0xcfc 0x06
write 0xc300001024 0x2 0x0040
write 0xc300001028 0x1 0x5a
write 0xc30000101c 0x1 0x01
writel 0xc30000100c 0x20000000
write 0xc300001016 0x3 0x80a080
write 0xc300003002 0x1 0x80
write 0x5c 0x1 0x10
EOF

--[ Output

==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
[I 1607946348.442865] OPENED
[R +0.059305] outl 0xcf8 0x8000081c
OK
[S +0.059326] OK
[R +0.059338] outb 0xcfc 0xc3
OK
[S +0.059355] OK
[R +0.059363] outl 0xcf8 0x80000804
OK
[S +0.059369] OK
[R +0.059381] outb 0xcfc 0x06
OK
[S +0.061094] OK
[R +0.061107] write 0xc300001024 0x2 0x0040
OK
[S +0.061120] OK
[R +0.061127] write 0xc300001028 0x1 0x5a
OK
[S +0.061135] OK
[R +0.061142] write 0xc30000101c 0x1 0x01
OK
[S +0.061158] OK
[R +0.061167] writel 0xc30000100c 0x20000000
OK
[S +0.061212] OK
[R +0.061222] write 0xc300001016 0x3 0x80a080
OK
[S +0.061231] OK
[R +0.061238] write 0xc300003002 0x1 0x80
OK
[S +0.061247] OK
[R +0.061253] write 0x5c 0x1 0x10
OK
[S +0.061403] OK
qemu-system-i386: 
/home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void 
address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, 
MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.

--[ Environment

Ubuntu 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1

--[ Note

Alexander Bulekov found the same assertion failure on 2020-08-04,
https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.

Fam Zheng found the same assertion failure on 2018-09-29,
https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
commit db812c4073c77c8a64db8d6663b3416a587c7b4a.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908062

Title:
  qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached
  failed again

Status in QEMU:
  New

Bug description:
  When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
  12, built with --enable-sanitizers --enable-fuzzing), an assertion
  failed in include/exec/memory_ldst_cached.h.inc.

  --[ Reproducer

  cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
  -machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
  outl 0xcf8 0x8000081c
  outb 0xcfc 0xc3
  outl 0xcf8 0x80000804
  outb 0xcfc 0x06
  write 0xc300001024 0x2 0x0040
  write 0xc300001028 0x1 0x5a
  write 0xc30000101c 0x1 0x01
  writel 0xc30000100c 0x20000000
  write 0xc300001016 0x3 0x80a080
  write 0xc300003002 0x1 0x80
  write 0x5c 0x1 0x10
  EOF

  --[ Output

  ==35337==WARNING: ASan doesn't fully support makecontext/swapcontext 
functions and may produce false positives in some cases!
  [I 1607946348.442865] OPENED
  [R +0.059305] outl 0xcf8 0x8000081c
  OK
  [S +0.059326] OK
  [R +0.059338] outb 0xcfc 0xc3
  OK
  [S +0.059355] OK
  [R +0.059363] outl 0xcf8 0x80000804
  OK
  [S +0.059369] OK
  [R +0.059381] outb 0xcfc 0x06
  OK
  [S +0.061094] OK
  [R +0.061107] write 0xc300001024 0x2 0x0040
  OK
  [S +0.061120] OK
  [R +0.061127] write 0xc300001028 0x1 0x5a
  OK
  [S +0.061135] OK
  [R +0.061142] write 0xc30000101c 0x1 0x01
  OK
  [S +0.061158] OK
  [R +0.061167] writel 0xc30000100c 0x20000000
  OK
  [S +0.061212] OK
  [R +0.061222] write 0xc300001016 0x3 0x80a080
  OK
  [S +0.061231] OK
  [R +0.061238] write 0xc300003002 0x1 0x80
  OK
  [S +0.061247] OK
  [R +0.061253] write 0x5c 0x1 0x10
  OK
  [S +0.061403] OK
  qemu-system-i386: 
/home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void 
address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, 
MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.

  --[ Environment

  Ubuntu 20.04.1 5.4.0-58-generic x86_64
  clang: 10.0.0-4ubuntu1
  glibc: 2.31-0ubuntu9.1
  libglib2.0-dev: 2.64.3-1~ubuntu20.04.1

  --[ Note

  Alexander Bulekov found the same assertion failure on 2020-08-04,
  https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
  commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.

  Fam Zheng found the same assertion failure on 2018-09-29,
  https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
  commit db812c4073c77c8a64db8d6663b3416a587c7b4a.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908062/+subscriptions
reply via email to
[Prev in Thread] Current Thread [Next in Thread]