Assertion failure through virtio_lduw_phys

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Assertion failure through virtio_lduw_phys_cached

From:	Alexander Bulekov
Subject:	Assertion failure through virtio_lduw_phys_cached
Date:	Sun, 10 May 2020 23:30:01 -0400
User-agent:	NeoMutt/20180716

Hello,
While fuzzing, I found an input that triggers an assertion failure in
address_space_lduw_le_cached:

void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, 
MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - 
addr' failed.
#8 0x7f53dabda091 in __assert_fail 
/build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 0x55f01d844a59 in address_space_lduw_le_cached 
include/exec/memory_ldst_cached.inc.h:54:5
#10 0x55f01d8436c9 in lduw_le_phys_cached 
include/exec/memory_ldst_phys.inc.h:91:12
#11 0x55f01d842c92 in virtio_lduw_phys_cached 
include/hw/virtio/virtio-access.h:166:12
#12 0x55f01d84d754 in vring_avail_ring hw/virtio/virtio.c:311:12
#13 0x55f01d853c00 in vring_get_used_event hw/virtio/virtio.c:317:12
#14 0x55f01d853274 in virtio_split_should_notify hw/virtio/virtio.c:2391:35
#15 0x55f01d81fc6c in virtio_should_notify hw/virtio/virtio.c:2438:16
#16 0x55f01d820237 in virtio_notify hw/virtio/virtio.c:2480:14
#17 0x55f01d5cd6f0 in virtio_net_flush_tx hw/net/virtio-net.c:2212:9
#18 0x55f01d5c9633 in virtio_net_tx_bh hw/net/virtio-net.c:2319:11
#19 0x55f020ed0ca7 in aio_bh_call util/async.c:136:5

I can reproduce it in a qemu 5.0 build with:
cat << EOF | qemu-system-i386 -M pc-q35-5.0 -netdev user,id=qtest-bn0 -device 
virtio-net-pci,netdev=qtest-bn0 -display none -nodefaults -nographic -qtest 
stdio
outl 0xcf8 0x80000820
outl 0xcfc 0xe0004000
outl 0xcf8 0x80000824
outl 0xcfc 0xc021
outl 0xcf8 0x80000804
outw 0xcfc 0x7
outl 0xcf8 0x80000814
write 0xc021e0004016 0x1 0x01
write 0xc021e0004024 0x1 0x06
write 0xc021e000401c 0x1 0x37
write 0xc021e0004016 0x1 0x27
write 0xc021e000400c 0x9 0xffffffffffffffffff
EOF

I also uploaded the above trace, in case the formatting is broken:

curl https://paste.debian.net/plain/1146088 | qemu-system-i386 -M pc-q35-5.0 
-netdev user,id=qtest-bn0 -device virtio-net-pci,netdev=qtest-bn0 -display none 
-nodefaults -nographic -qtest stdio

Please let me know if I can provide any further info.
-Alex

[Prev in Thread]

Current Thread

[Next in Thread]

Assertion failure through virtio_lduw_phys_cached, Alexander Bulekov <=

Prev by Date: Re: [PATCH v2 5/5] vhost: add device started check in migration set log
Next by Date: Assertion failure through vring_split_desc_read
Previous by thread: Assertion Failure in virtio_net_reset
Next by thread: Assertion failure through vring_split_desc_read
Index(es):
- Date
- Thread