* [Bug 1890159] [NEW] Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
@ 2020-08-03 14:33 Alexander Bulekov
2021-05-26 15:01 ` [Bug 1890159] " Thomas Huth
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Alexander Bulekov @ 2020-08-03 14:33 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001001
outl 0xcfc 0x3fff3fff
outl 0xcf8 0x80001016
outl 0xcfc 0x5c84ff00
outl 0xcf8 0x800010ff
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writeq 0xff001020 0xef0bff5ecafe0000
writel 0xe0000605 0xa7ff845e
EOF
==============================================================
qemu-system-i386: hw/net/net_tx_pkt.c:382: _Bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *, hwaddr, size_t): Assertion `pkt->max_raw_frags > pkt->raw_frags' failed.
Aborted
#9 0x5607db7efdc0 in net_tx_pkt_add_raw_fragment /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:382:5
#10 0x5607db902ef0 in vmxnet3_process_tx_queue /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:653:18
#11 0x5607db9021db in vmxnet3_io_bar0_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1097:9
#12 0x5607da41f193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
#13 0x5607da41e637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
#14 0x5607da41c256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
#15 0x5607d97cd4a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23
-Alex
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890159
Title:
Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
Status in QEMU:
New
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001001
outl 0xcfc 0x3fff3fff
outl 0xcf8 0x80001016
outl 0xcfc 0x5c84ff00
outl 0xcf8 0x800010ff
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writeq 0xff001020 0xef0bff5ecafe0000
writel 0xe0000605 0xa7ff845e
EOF
==============================================================
qemu-system-i386: hw/net/net_tx_pkt.c:382: _Bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *, hwaddr, size_t): Assertion `pkt->max_raw_frags > pkt->raw_frags' failed.
Aborted
#9 0x5607db7efdc0 in net_tx_pkt_add_raw_fragment /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:382:5
#10 0x5607db902ef0 in vmxnet3_process_tx_queue /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:653:18
#11 0x5607db9021db in vmxnet3_io_bar0_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1097:9
#12 0x5607da41f193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
#13 0x5607da41e637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
#14 0x5607da41c256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
#15 0x5607d97cd4a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890159/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1890159] Re: Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
2020-08-03 14:33 [Bug 1890159] [NEW] Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3 Alexander Bulekov
@ 2021-05-26 15:01 ` Thomas Huth
2021-08-21 2:10 ` Alexander Bulekov
2021-08-25 7:16 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Huth @ 2021-05-26 15:01 UTC (permalink / raw)
To: qemu-devel
This still triggers with the current version of QEMU. Marking as
"Confirmed"
** Changed in: qemu
Status: New => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890159
Title:
Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
Status in QEMU:
Confirmed
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001001
outl 0xcfc 0x3fff3fff
outl 0xcf8 0x80001016
outl 0xcfc 0x5c84ff00
outl 0xcf8 0x800010ff
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writeq 0xff001020 0xef0bff5ecafe0000
writel 0xe0000605 0xa7ff845e
EOF
==============================================================
qemu-system-i386: hw/net/net_tx_pkt.c:382: _Bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *, hwaddr, size_t): Assertion `pkt->max_raw_frags > pkt->raw_frags' failed.
Aborted
#9 0x5607db7efdc0 in net_tx_pkt_add_raw_fragment /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:382:5
#10 0x5607db902ef0 in vmxnet3_process_tx_queue /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:653:18
#11 0x5607db9021db in vmxnet3_io_bar0_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1097:9
#12 0x5607da41f193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
#13 0x5607da41e637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
#14 0x5607da41c256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
#15 0x5607d97cd4a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890159/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1890159] Re: Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
2020-08-03 14:33 [Bug 1890159] [NEW] Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3 Alexander Bulekov
2021-05-26 15:01 ` [Bug 1890159] " Thomas Huth
@ 2021-08-21 2:10 ` Alexander Bulekov
2021-08-25 7:16 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Alexander Bulekov @ 2021-08-21 2:10 UTC (permalink / raw)
To: qemu-devel
Looks like this was fixed by 283f0a05e2 ("hw/net/net_tx_pkt: Fix crash
detected by fuzzer")
** Changed in: qemu
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890159
Title:
Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
Status in QEMU:
Fix Committed
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001001
outl 0xcfc 0x3fff3fff
outl 0xcf8 0x80001016
outl 0xcfc 0x5c84ff00
outl 0xcf8 0x800010ff
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writeq 0xff001020 0xef0bff5ecafe0000
writel 0xe0000605 0xa7ff845e
EOF
==============================================================
qemu-system-i386: hw/net/net_tx_pkt.c:382: _Bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *, hwaddr, size_t): Assertion `pkt->max_raw_frags > pkt->raw_frags' failed.
Aborted
#9 0x5607db7efdc0 in net_tx_pkt_add_raw_fragment /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:382:5
#10 0x5607db902ef0 in vmxnet3_process_tx_queue /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:653:18
#11 0x5607db9021db in vmxnet3_io_bar0_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1097:9
#12 0x5607da41f193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
#13 0x5607da41e637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
#14 0x5607da41c256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
#15 0x5607d97cd4a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890159/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1890159] Re: Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
2020-08-03 14:33 [Bug 1890159] [NEW] Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3 Alexander Bulekov
2021-05-26 15:01 ` [Bug 1890159] " Thomas Huth
2021-08-21 2:10 ` Alexander Bulekov
@ 2021-08-25 7:16 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Huth @ 2021-08-25 7:16 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890159
Title:
Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3
Status in QEMU:
Fix Released
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001001
outl 0xcfc 0x3fff3fff
outl 0xcf8 0x80001016
outl 0xcfc 0x5c84ff00
outl 0xcf8 0x800010ff
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writeq 0xff001020 0xef0bff5ecafe0000
writel 0xe0000605 0xa7ff845e
EOF
==============================================================
qemu-system-i386: hw/net/net_tx_pkt.c:382: _Bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *, hwaddr, size_t): Assertion `pkt->max_raw_frags > pkt->raw_frags' failed.
Aborted
#9 0x5607db7efdc0 in net_tx_pkt_add_raw_fragment /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:382:5
#10 0x5607db902ef0 in vmxnet3_process_tx_queue /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:653:18
#11 0x5607db9021db in vmxnet3_io_bar0_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1097:9
#12 0x5607da41f193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
#13 0x5607da41e637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
#14 0x5607da41c256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
#15 0x5607d97cd4a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890159/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-08-25 7:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-03 14:33 [Bug 1890159] [NEW] Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3 Alexander Bulekov
2021-05-26 15:01 ` [Bug 1890159] " Thomas Huth
2021-08-21 2:10 ` Alexander Bulekov
2021-08-25 7:16 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.