* [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
@ 2020-08-05 1:16 Alexander Bulekov
2020-08-05 2:00 ` Alexander Bulekov
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Alexander Bulekov @ 2020-08-05 1:16 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xc006 0x3aff9090
outl 0xcf8 0x8000100e
outl 0xcfc 0x41005e1e
write 0x3b00002 0x1 0x5e
write 0x3b00004 0x1 0x5e
write 0x3aff5e6 0x1 0x11
write 0x3aff5eb 0x1 0xc6
write 0x3aff5ec 0x1 0xc6
write 0x7 0x1 0xff
write 0x8 0x1 0xfb
write 0xc 0x1 0x11
write 0xe 0x1 0x5e
write 0x5e8 0x1 0x11
write 0x5ec 0x1 0xc6
outl 0x410e 0x10e
EOF
qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
==789== ERROR: libFuzzer: deadly signal
#8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 in address_space_unmap /exec.c:3623:9
#10 in dma_memory_unmap /include/sysemu/dma.h:145:5
#11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
#12 in virtqueue_fill /hw/virtio/virtio.c:843:5
#13 in virtqueue_push /hw/virtio/virtio.c:917:5
#14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
#15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
#16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
#17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
#18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
#19 in aio_dispatch_handler /util/aio-posix.c:328:9
#20 in aio_dispatch_handlers /util/aio-posix.c:371:20
#21 in aio_dispatch /util/aio-posix.c:381:5
#22 in aio_ctx_dispatch /util/async.c:306:5
#23 in g_main_context_dispatch
With -trace virtio\*
...
[S +0.099667] OK
[R +0.099681] write 0x5ec 0x1 0xc6
OK
[S +0.099690] OK
[R +0.099700] outl 0x410e 0x10e
29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
OK
[S +0.099833] OK
29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
-Alex
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890360
Title:
Assertion failure in address_space_unmap through virtio-blk
Status in QEMU:
New
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xc006 0x3aff9090
outl 0xcf8 0x8000100e
outl 0xcfc 0x41005e1e
write 0x3b00002 0x1 0x5e
write 0x3b00004 0x1 0x5e
write 0x3aff5e6 0x1 0x11
write 0x3aff5eb 0x1 0xc6
write 0x3aff5ec 0x1 0xc6
write 0x7 0x1 0xff
write 0x8 0x1 0xfb
write 0xc 0x1 0x11
write 0xe 0x1 0x5e
write 0x5e8 0x1 0x11
write 0x5ec 0x1 0xc6
outl 0x410e 0x10e
EOF
qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
==789== ERROR: libFuzzer: deadly signal
#8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 in address_space_unmap /exec.c:3623:9
#10 in dma_memory_unmap /include/sysemu/dma.h:145:5
#11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
#12 in virtqueue_fill /hw/virtio/virtio.c:843:5
#13 in virtqueue_push /hw/virtio/virtio.c:917:5
#14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
#15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
#16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
#17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
#18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
#19 in aio_dispatch_handler /util/aio-posix.c:328:9
#20 in aio_dispatch_handlers /util/aio-posix.c:371:20
#21 in aio_dispatch /util/aio-posix.c:381:5
#22 in aio_ctx_dispatch /util/async.c:306:5
#23 in g_main_context_dispatch
With -trace virtio\*
...
[S +0.099667] OK
[R +0.099681] write 0x5ec 0x1 0xc6
OK
[S +0.099690] OK
[R +0.099700] outl 0x410e 0x10e
29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
OK
[S +0.099833] OK
29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
@ 2020-08-05 2:00 ` Alexander Bulekov
0 siblings, 0 replies; 7+ messages in thread
From: Alexander Bulekov @ 2020-08-05 2:00 UTC (permalink / raw)
To: Bug 1890360; +Cc: qemu-devel, Stefan Hajnoczi
Hi Stefan,
This looks an awful lot like the one you looked at here:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg705719.html
though this one is for virtio-pci, while that one was for virtio-mmio:
They are probably the same issue, but the original reproducer no longer
causes an asserion failure for me, so maybe there was already a fix..
-Alex
On 200805 0116, Alexander Bulekov wrote:
> Public bug reported:
>
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -device virtio-blk,drive=mydrive \
> -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80001010
> outl 0xcfc 0xc001
> outl 0xcf8 0x80001014
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> outl 0xc006 0x3aff9090
> outl 0xcf8 0x8000100e
> outl 0xcfc 0x41005e1e
> write 0x3b00002 0x1 0x5e
> write 0x3b00004 0x1 0x5e
> write 0x3aff5e6 0x1 0x11
> write 0x3aff5eb 0x1 0xc6
> write 0x3aff5ec 0x1 0xc6
> write 0x7 0x1 0xff
> write 0x8 0x1 0xfb
> write 0xc 0x1 0x11
> write 0xe 0x1 0x5e
> write 0x5e8 0x1 0x11
> write 0x5ec 0x1 0xc6
> outl 0x410e 0x10e
> EOF
>
>
> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
> ==789== ERROR: libFuzzer: deadly signal
> #8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
> #9 in address_space_unmap /exec.c:3623:9
> #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
> #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
> #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
> #13 in virtqueue_push /hw/virtio/virtio.c:917:5
> #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
> #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
> #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
> #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
> #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
> #19 in aio_dispatch_handler /util/aio-posix.c:328:9
> #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
> #21 in aio_dispatch /util/aio-posix.c:381:5
> #22 in aio_ctx_dispatch /util/async.c:306:5
> #23 in g_main_context_dispatch
>
>
> With -trace virtio\*
>
> ...
> [S +0.099667] OK
> [R +0.099681] write 0x5ec 0x1 0xc6
> OK
> [S +0.099690] OK
> [R +0.099700] outl 0x410e 0x10e
> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
> OK
> [S +0.099833] OK
> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
>
>
> -Alex
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1890360
>
> Title:
> Assertion failure in address_space_unmap through virtio-blk
>
> Status in QEMU:
> New
>
> Bug description:
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -device virtio-blk,drive=mydrive \
> -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80001010
> outl 0xcfc 0xc001
> outl 0xcf8 0x80001014
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> outl 0xc006 0x3aff9090
> outl 0xcf8 0x8000100e
> outl 0xcfc 0x41005e1e
> write 0x3b00002 0x1 0x5e
> write 0x3b00004 0x1 0x5e
> write 0x3aff5e6 0x1 0x11
> write 0x3aff5eb 0x1 0xc6
> write 0x3aff5ec 0x1 0xc6
> write 0x7 0x1 0xff
> write 0x8 0x1 0xfb
> write 0xc 0x1 0x11
> write 0xe 0x1 0x5e
> write 0x5e8 0x1 0x11
> write 0x5ec 0x1 0xc6
> outl 0x410e 0x10e
> EOF
>
>
> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
> ==789== ERROR: libFuzzer: deadly signal
> #8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
> #9 in address_space_unmap /exec.c:3623:9
> #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
> #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
> #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
> #13 in virtqueue_push /hw/virtio/virtio.c:917:5
> #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
> #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
> #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
> #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
> #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
> #19 in aio_dispatch_handler /util/aio-posix.c:328:9
> #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
> #21 in aio_dispatch /util/aio-posix.c:381:5
> #22 in aio_ctx_dispatch /util/async.c:306:5
> #23 in g_main_context_dispatch
>
>
> With -trace virtio\*
>
> ...
> [S +0.099667] OK
> [R +0.099681] write 0x5ec 0x1 0xc6
> OK
> [S +0.099690] OK
> [R +0.099700] outl 0x410e 0x10e
> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
> OK
> [S +0.099833] OK
> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
>
>
> -Alex
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
@ 2020-08-05 2:00 ` Alexander Bulekov
0 siblings, 0 replies; 7+ messages in thread
From: Alexander Bulekov @ 2020-08-05 2:00 UTC (permalink / raw)
To: qemu-devel
Hi Stefan,
This looks an awful lot like the one you looked at here:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg705719.html
though this one is for virtio-pci, while that one was for virtio-mmio:
They are probably the same issue, but the original reproducer no longer
causes an asserion failure for me, so maybe there was already a fix..
-Alex
On 200805 0116, Alexander Bulekov wrote:
> Public bug reported:
>
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -device virtio-blk,drive=mydrive \
> -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80001010
> outl 0xcfc 0xc001
> outl 0xcf8 0x80001014
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> outl 0xc006 0x3aff9090
> outl 0xcf8 0x8000100e
> outl 0xcfc 0x41005e1e
> write 0x3b00002 0x1 0x5e
> write 0x3b00004 0x1 0x5e
> write 0x3aff5e6 0x1 0x11
> write 0x3aff5eb 0x1 0xc6
> write 0x3aff5ec 0x1 0xc6
> write 0x7 0x1 0xff
> write 0x8 0x1 0xfb
> write 0xc 0x1 0x11
> write 0xe 0x1 0x5e
> write 0x5e8 0x1 0x11
> write 0x5ec 0x1 0xc6
> outl 0x410e 0x10e
> EOF
>
>
> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
> ==789== ERROR: libFuzzer: deadly signal
> #8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
> #9 in address_space_unmap /exec.c:3623:9
> #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
> #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
> #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
> #13 in virtqueue_push /hw/virtio/virtio.c:917:5
> #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
> #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
> #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
> #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
> #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
> #19 in aio_dispatch_handler /util/aio-posix.c:328:9
> #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
> #21 in aio_dispatch /util/aio-posix.c:381:5
> #22 in aio_ctx_dispatch /util/async.c:306:5
> #23 in g_main_context_dispatch
>
>
> With -trace virtio\*
>
> ...
> [S +0.099667] OK
> [R +0.099681] write 0x5ec 0x1 0xc6
> OK
> [S +0.099690] OK
> [R +0.099700] outl 0x410e 0x10e
> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
> OK
> [S +0.099833] OK
> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
>
>
> -Alex
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1890360
>
> Title:
> Assertion failure in address_space_unmap through virtio-blk
>
> Status in QEMU:
> New
>
> Bug description:
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -device virtio-blk,drive=mydrive \
> -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80001010
> outl 0xcfc 0xc001
> outl 0xcf8 0x80001014
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> outl 0xc006 0x3aff9090
> outl 0xcf8 0x8000100e
> outl 0xcfc 0x41005e1e
> write 0x3b00002 0x1 0x5e
> write 0x3b00004 0x1 0x5e
> write 0x3aff5e6 0x1 0x11
> write 0x3aff5eb 0x1 0xc6
> write 0x3aff5ec 0x1 0xc6
> write 0x7 0x1 0xff
> write 0x8 0x1 0xfb
> write 0xc 0x1 0x11
> write 0xe 0x1 0x5e
> write 0x5e8 0x1 0x11
> write 0x5ec 0x1 0xc6
> outl 0x410e 0x10e
> EOF
>
>
> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
> ==789== ERROR: libFuzzer: deadly signal
> #8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
> #9 in address_space_unmap /exec.c:3623:9
> #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
> #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
> #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
> #13 in virtqueue_push /hw/virtio/virtio.c:917:5
> #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
> #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
> #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
> #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
> #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
> #19 in aio_dispatch_handler /util/aio-posix.c:328:9
> #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
> #21 in aio_dispatch /util/aio-posix.c:381:5
> #22 in aio_ctx_dispatch /util/async.c:306:5
> #23 in g_main_context_dispatch
>
>
> With -trace virtio\*
>
> ...
> [S +0.099667] OK
> [R +0.099681] write 0x5ec 0x1 0xc6
> OK
> [S +0.099690] OK
> [R +0.099700] outl 0x410e 0x10e
> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
> OK
> [S +0.099833] OK
> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
>
>
> -Alex
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
>
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890360
Title:
Assertion failure in address_space_unmap through virtio-blk
Status in QEMU:
New
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xc006 0x3aff9090
outl 0xcf8 0x8000100e
outl 0xcfc 0x41005e1e
write 0x3b00002 0x1 0x5e
write 0x3b00004 0x1 0x5e
write 0x3aff5e6 0x1 0x11
write 0x3aff5eb 0x1 0xc6
write 0x3aff5ec 0x1 0xc6
write 0x7 0x1 0xff
write 0x8 0x1 0xfb
write 0xc 0x1 0x11
write 0xe 0x1 0x5e
write 0x5e8 0x1 0x11
write 0x5ec 0x1 0xc6
outl 0x410e 0x10e
EOF
qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
==789== ERROR: libFuzzer: deadly signal
#8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 in address_space_unmap /exec.c:3623:9
#10 in dma_memory_unmap /include/sysemu/dma.h:145:5
#11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
#12 in virtqueue_fill /hw/virtio/virtio.c:843:5
#13 in virtqueue_push /hw/virtio/virtio.c:917:5
#14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
#15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
#16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
#17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
#18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
#19 in aio_dispatch_handler /util/aio-posix.c:328:9
#20 in aio_dispatch_handlers /util/aio-posix.c:371:20
#21 in aio_dispatch /util/aio-posix.c:381:5
#22 in aio_ctx_dispatch /util/async.c:306:5
#23 in g_main_context_dispatch
With -trace virtio\*
...
[S +0.099667] OK
[R +0.099681] write 0x5ec 0x1 0xc6
OK
[S +0.099690] OK
[R +0.099700] outl 0x410e 0x10e
29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
OK
[S +0.099833] OK
29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
2020-08-05 2:00 ` Alexander Bulekov
(?)
@ 2020-08-05 13:13 ` Stefan Hajnoczi
-1 siblings, 0 replies; 7+ messages in thread
From: Stefan Hajnoczi @ 2020-08-05 13:13 UTC (permalink / raw)
To: Alexander Bulekov; +Cc: Bug 1890360, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 594 bytes --]
On Tue, Aug 04, 2020 at 10:00:59PM -0400, Alexander Bulekov wrote:
> Hi Stefan,
> This looks an awful lot like the one you looked at here:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg705719.html
> though this one is for virtio-pci, while that one was for virtio-mmio:
>
> They are probably the same issue, but the original reproducer no longer
> causes an asserion failure for me, so maybe there was already a fix..
I root caused the original issue but didn't create a fix.
I'll send a fix next week and check if it also takes care of this
failure report.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 1890360] Re: Assertion failure in address_space_unmap through virtio-blk
2020-08-05 1:16 [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk Alexander Bulekov
2020-08-05 2:00 ` Alexander Bulekov
@ 2020-08-12 11:04 ` Stefan Hajnoczi
2020-11-09 10:44 ` Stefan Hajnoczi
2020-12-10 9:02 ` Thomas Huth
3 siblings, 0 replies; 7+ messages in thread
From: Stefan Hajnoczi @ 2020-08-12 11:04 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: New => In Progress
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890360
Title:
Assertion failure in address_space_unmap through virtio-blk
Status in QEMU:
In Progress
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xc006 0x3aff9090
outl 0xcf8 0x8000100e
outl 0xcfc 0x41005e1e
write 0x3b00002 0x1 0x5e
write 0x3b00004 0x1 0x5e
write 0x3aff5e6 0x1 0x11
write 0x3aff5eb 0x1 0xc6
write 0x3aff5ec 0x1 0xc6
write 0x7 0x1 0xff
write 0x8 0x1 0xfb
write 0xc 0x1 0x11
write 0xe 0x1 0x5e
write 0x5e8 0x1 0x11
write 0x5ec 0x1 0xc6
outl 0x410e 0x10e
EOF
qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
==789== ERROR: libFuzzer: deadly signal
#8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 in address_space_unmap /exec.c:3623:9
#10 in dma_memory_unmap /include/sysemu/dma.h:145:5
#11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
#12 in virtqueue_fill /hw/virtio/virtio.c:843:5
#13 in virtqueue_push /hw/virtio/virtio.c:917:5
#14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
#15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
#16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
#17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
#18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
#19 in aio_dispatch_handler /util/aio-posix.c:328:9
#20 in aio_dispatch_handlers /util/aio-posix.c:371:20
#21 in aio_dispatch /util/aio-posix.c:381:5
#22 in aio_ctx_dispatch /util/async.c:306:5
#23 in g_main_context_dispatch
With -trace virtio\*
...
[S +0.099667] OK
[R +0.099681] write 0x5ec 0x1 0xc6
OK
[S +0.099690] OK
[R +0.099700] outl 0x410e 0x10e
29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
OK
[S +0.099833] OK
29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 1890360] Re: Assertion failure in address_space_unmap through virtio-blk
2020-08-05 1:16 [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk Alexander Bulekov
2020-08-05 2:00 ` Alexander Bulekov
2020-08-12 11:04 ` [Bug 1890360] " Stefan Hajnoczi
@ 2020-11-09 10:44 ` Stefan Hajnoczi
2020-12-10 9:02 ` Thomas Huth
3 siblings, 0 replies; 7+ messages in thread
From: Stefan Hajnoczi @ 2020-11-09 10:44 UTC (permalink / raw)
To: qemu-devel
Fix:
commit 7bd04a041addcdef6a03e6498aafaea55ca6e88b
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: Thu Sep 17 10:44:54 2020 +0100
virtio-blk: undo destructive iov_discard_*() operations
** Changed in: qemu
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890360
Title:
Assertion failure in address_space_unmap through virtio-blk
Status in QEMU:
Fix Committed
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xc006 0x3aff9090
outl 0xcf8 0x8000100e
outl 0xcfc 0x41005e1e
write 0x3b00002 0x1 0x5e
write 0x3b00004 0x1 0x5e
write 0x3aff5e6 0x1 0x11
write 0x3aff5eb 0x1 0xc6
write 0x3aff5ec 0x1 0xc6
write 0x7 0x1 0xff
write 0x8 0x1 0xfb
write 0xc 0x1 0x11
write 0xe 0x1 0x5e
write 0x5e8 0x1 0x11
write 0x5ec 0x1 0xc6
outl 0x410e 0x10e
EOF
qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
==789== ERROR: libFuzzer: deadly signal
#8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 in address_space_unmap /exec.c:3623:9
#10 in dma_memory_unmap /include/sysemu/dma.h:145:5
#11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
#12 in virtqueue_fill /hw/virtio/virtio.c:843:5
#13 in virtqueue_push /hw/virtio/virtio.c:917:5
#14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
#15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
#16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
#17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
#18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
#19 in aio_dispatch_handler /util/aio-posix.c:328:9
#20 in aio_dispatch_handlers /util/aio-posix.c:371:20
#21 in aio_dispatch /util/aio-posix.c:381:5
#22 in aio_ctx_dispatch /util/async.c:306:5
#23 in g_main_context_dispatch
With -trace virtio\*
...
[S +0.099667] OK
[R +0.099681] write 0x5ec 0x1 0xc6
OK
[S +0.099690] OK
[R +0.099700] outl 0x410e 0x10e
29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
OK
[S +0.099833] OK
29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 1890360] Re: Assertion failure in address_space_unmap through virtio-blk
2020-08-05 1:16 [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk Alexander Bulekov
` (2 preceding siblings ...)
2020-11-09 10:44 ` Stefan Hajnoczi
@ 2020-12-10 9:02 ` Thomas Huth
3 siblings, 0 replies; 7+ messages in thread
From: Thomas Huth @ 2020-12-10 9:02 UTC (permalink / raw)
To: qemu-devel
Released with QEMU v5.2.0.
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890360
Title:
Assertion failure in address_space_unmap through virtio-blk
Status in QEMU:
Fix Released
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xc006 0x3aff9090
outl 0xcf8 0x8000100e
outl 0xcfc 0x41005e1e
write 0x3b00002 0x1 0x5e
write 0x3b00004 0x1 0x5e
write 0x3aff5e6 0x1 0x11
write 0x3aff5eb 0x1 0xc6
write 0x3aff5ec 0x1 0xc6
write 0x7 0x1 0xff
write 0x8 0x1 0xfb
write 0xc 0x1 0x11
write 0xe 0x1 0x5e
write 0x5e8 0x1 0x11
write 0x5ec 0x1 0xc6
outl 0x410e 0x10e
EOF
qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
==789== ERROR: libFuzzer: deadly signal
#8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 in address_space_unmap /exec.c:3623:9
#10 in dma_memory_unmap /include/sysemu/dma.h:145:5
#11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
#12 in virtqueue_fill /hw/virtio/virtio.c:843:5
#13 in virtqueue_push /hw/virtio/virtio.c:917:5
#14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
#15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
#16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
#17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
#18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
#19 in aio_dispatch_handler /util/aio-posix.c:328:9
#20 in aio_dispatch_handlers /util/aio-posix.c:371:20
#21 in aio_dispatch /util/aio-posix.c:381:5
#22 in aio_ctx_dispatch /util/async.c:306:5
#23 in g_main_context_dispatch
With -trace virtio\*
...
[S +0.099667] OK
[R +0.099681] write 0x5ec 0x1 0xc6
OK
[S +0.099690] OK
[R +0.099700] outl 0x410e 0x10e
29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
OK
[S +0.099833] OK
29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-12-10 9:25 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-05 1:16 [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk Alexander Bulekov
2020-08-05 2:00 ` Alexander Bulekov
2020-08-05 2:00 ` Alexander Bulekov
2020-08-05 13:13 ` Stefan Hajnoczi
2020-08-12 11:04 ` [Bug 1890360] " Stefan Hajnoczi
2020-11-09 10:44 ` Stefan Hajnoczi
2020-12-10 9:02 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.