[Bug 1913510] Re: [Fuzz] qemu-system-i386 virtio-mouse: Assertion in add

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1913510] Re: [Fuzz] qemu-system-i386 virtio-mouse: Assertion in add

From:	Thomas Huth
Subject:	[Bug 1913510] Re: [Fuzz] qemu-system-i386 virtio-mouse: Assertion in address_space_lduw_le_cached failed
Date:	Fri, 14 May 2021 19:18:30 -0000

This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:

 https://gitlab.com/qemu-project/qemu/-/issues/302


** Changed in: qemu
       Status: New => Expired

** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #302
   https://gitlab.com/qemu-project/qemu/-/issues/302

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1913510

Title:
  [Fuzz] qemu-system-i386 virtio-mouse: Assertion in
  address_space_lduw_le_cached failed

Status in QEMU:
  Expired

Bug description:
  --[ Reproducer

  cat << EOF | ./build/qemu-system-i386 -machine q35,accel=qtest -nodefaults \
  -device virtio-mouse -display none -qtest stdio
  outl 0xcf8 0x80000820
  outl 0xcfc 0xe0004000
  outl 0xcf8 0x80000804
  outb 0xcfc 0x02
  write 0xe000400c 0x4 0x003fe62e
  write 0xe0004016 0x1 0x01
  write 0xe0004024 0x1 0x01
  write 0xe000401c 0x1 0x01
  write 0xe0007007 0x1 0x00
  write 0xe0004018 0x1 0x41
  write 0xe0007007 0x1 0x00
  EOF

  
  --[ Output

  [I 1611805425.711054] OPENED
  [R +0.040080] outl 0xcf8 0x80000820
  OK
  [S +0.040117] OK
  [R +0.040136] outl 0xcfc 0xe0004000
  OK
  [S +0.040155] OK
  [R +0.040165] outl 0xcf8 0x80000804
  OK
  [S +0.040172] OK
  [R +0.040184] outb 0xcfc 0x02
  OK
  [S +0.040683] OK
  [R +0.040702] write 0xe000400c 0x4 0x003fe62e
  OK
  [S +0.040735] OK
  [R +0.040743] write 0xe0004016 0x1 0x01
  OK
  [S +0.040748] OK
  [R +0.040755] write 0xe0004024 0x1 0x01
  OK
  [S +0.040760] OK
  [R +0.040767] write 0xe000401c 0x1 0x01
  OK
  [S +0.040785] OK
  [R +0.040792] write 0xe0007007 0x1 0x00
  OK
  [S +0.040810] OK
  [R +0.040817] write 0xe0004018 0x1 0x41
  OK
  [S +0.040822] OK
  [R +0.040839] write 0xe0007007 0x1 0x00
  qemu-system-i386: /home/ubuntu/qemu/include/exec/memory_ldst_cached.h.inc:54: 
uint32_t address_space_lduw_le_cached(MemoryRegionCache *, hwaddr, MemTxAttrs, 
MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.

  
  -- [ Original ASAN report

  qemu-fuzz-i386: /home/ubuntu/qemu/include/exec/memory_ldst_cached.h.inc:54: 
uint32_t address_space_lduw_le_cached(MemoryRegionCache *, hwaddr, MemTxAttrs, 
MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
  ==3406167== ERROR: libFuzzer: deadly signal
      #0 0x5644e4ae0f21 in __sanitizer_print_stack_trace 
(/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2a47f21)
      #1 0x5644e4a29fe8 in fuzzer::PrintStackTrace() 
(/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2990fe8)
      #2 0x5644e4a10023 in fuzzer::Fuzzer::CrashCallback() 
(/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2977023)
      #3 0x7f77e2a4b3bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
      #4 0x7f77e285c18a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
      #5 0x7f77e283b858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
      #6 0x7f77e283b728  (/lib/x86_64-linux-gnu/libc.so.6+0x25728)
      #7 0x7f77e284cf35 in __assert_fail 
(/lib/x86_64-linux-gnu/libc.so.6+0x36f35)
      #8 0x5644e60051b2 in address_space_lduw_le_cached 
/home/ubuntu/qemu/include/exec/memory_ldst_cached.h.inc:54:5
      #9 0x5644e60051b2 in lduw_le_phys_cached 
/home/ubuntu/qemu/include/exec/memory_ldst_phys.h.inc:91:12
      #10 0x5644e60051b2 in virtio_lduw_phys_cached 
/home/ubuntu/qemu/include/hw/virtio/virtio-access.h:166:12
      #11 0x5644e5ff476d in vring_avail_ring 
/home/ubuntu/qemu/build/../hw/virtio/virtio.c:327:12
      #12 0x5644e5ff476d in vring_get_used_event 
/home/ubuntu/qemu/build/../hw/virtio/virtio.c:333:12
      #13 0x5644e5ff476d in virtio_split_should_notify 
/home/ubuntu/qemu/build/../hw/virtio/virtio.c:2473:35
      #14 0x5644e5ff476d in virtio_should_notify 
/home/ubuntu/qemu/build/../hw/virtio/virtio.c:2524:16
      #15 0x5644e5ff5556 in virtio_notify 
/home/ubuntu/qemu/build/../hw/virtio/virtio.c:2566:14
      #16 0x5644e5571d2a in virtio_input_handle_sts 
/home/ubuntu/qemu/build/../hw/input/virtio-input.c:100:5
      #17 0x5644e5ff20ec in virtio_queue_notify 
/home/ubuntu/qemu/build/../hw/virtio/virtio.c:2366:9
      #18 0x5644e60908fb in memory_region_write_accessor 
/home/ubuntu/qemu/build/../softmmu/memory.c:491:5
      #19 0x5644e6090363 in access_with_adjusted_size 
/home/ubuntu/qemu/build/../softmmu/memory.c:552:18
      #20 0x5644e608fbc0 in memory_region_dispatch_write 
/home/ubuntu/qemu/build/../softmmu/memory.c
      #21 0x5644e5b97bc6 in flatview_write_continue 
/home/ubuntu/qemu/build/../softmmu/physmem.c:2759:23
      #22 0x5644e5b8d328 in flatview_write 
/home/ubuntu/qemu/build/../softmmu/physmem.c:2799:14
      #23 0x5644e5b8d328 in address_space_write 
/home/ubuntu/qemu/build/../softmmu/physmem.c:2891:18
      #24 0x5644e6018906 in qtest_process_command 
/home/ubuntu/qemu/build/../softmmu/qtest.c:539:13
      #25 0x5644e60159df in qtest_process_inbuf 
/home/ubuntu/qemu/build/../softmmu/qtest.c:797:9
      #26 0x5644e6015735 in qtest_server_inproc_recv 
/home/ubuntu/qemu/build/../softmmu/qtest.c:904:9
      #27 0x5644e667cf68 in qtest_sendf 
/home/ubuntu/qemu/build/../tests/qtest/libqtest.c:438:5
      #28 0x5644e667e54e in qtest_write 
/home/ubuntu/qemu/build/../tests/qtest/libqtest.c:1002:5
      #29 0x5644e667e54e in qtest_writeq 
/home/ubuntu/qemu/build/../tests/qtest/libqtest.c:1023:5
      #30 0x5644e4b1037e in __wrap_qtest_writeq 
/home/ubuntu/qemu/build/../tests/qtest/fuzz/qtest_wrappers.c:190:9
      #31 0x5644e4b1c33d in op_write 
/home/ubuntu/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:479:13
      #32 0x5644e4b1a259 in generic_fuzz 
/home/ubuntu/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:681:17
      #33 0x5644e4b0b333 in LLVMFuzzerTestOneInput 
/home/ubuntu/qemu/build/../tests/qtest/fuzz/fuzz.c:151:5
      #34 0x5644e4a11581 in fuzzer::Fuzzer::ExecuteCallback(unsigned char 
const*, unsigned long) (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2978581)
      #35 0x5644e49fcc92 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, 
unsigned long) (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2963c92)
      #36 0x5644e4a02cfe in fuzzer::FuzzerDriver(int*, char***, int 
(*)(unsigned char const*, unsigned long)) 
(/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2969cfe)
      #37 0x5644e4a2a7c2 in main 
(/home/ubuntu/qemu/build/qemu-fuzz-i386+0x29917c2)
      #38 0x7f77e283d0b2 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
      #39 0x5644e49d739d in _start 
(/home/ubuntu/qemu/build/qemu-fuzz-i386+0x293e39d)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1913510/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1913510] Re: [Fuzz] qemu-system-i386 virtio-mouse: Assertion in address_space_lduw_le_cached failed, Thomas Huth <=

Prev by Date: Re: [PATCH] fdc: check drive block device before usage (CVE-2021-20196)
Next by Date: Re: [PATCH] fdc: check drive block device before usage (CVE-2021-20196)
Previous by thread: Re: [PATCH] fdc: check drive block device before usage (CVE-2021-20196)
Next by thread: [Bug 1912780] Re: QEMU: Null Pointer Failure in fdctrl_read() in hw/block/fdc.c
Index(es):
- Date
- Thread