* [Bug 1907938] [NEW] [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
@ 2020-12-13 4:28 Alexander Bulekov
2021-01-15 16:10 ` [Bug 1907938] " Peter Maydell
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Alexander Bulekov @ 2020-12-13 4:28 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
affects qemu
=== Reproducer ===
cat << EOF |./qemu-system-i386 -display none -m 512M -machine q35 \
-device virtio-blk,drive=disk0 \
-drive file=null-co://,id=disk0,if=none,format=raw -qtest stdio
outl 0xcf8 0x8000181f
outl 0xcfc 0xa044d79
outl 0xcf8 0x80001802
outl 0xcf8 0x80001804
outl 0xcfc 0xb9045dff
outl 0xcf8 0x8000180e
outl 0xcfc 0xfb9465a
outl 0xf85 0x9e1ea5c2
write 0x9f002 0x1 0x04
write 0x9f004 0x1 0x04
write 0x9e040 0x1 0x04
write 0x9e043 0x1 0x01
write 0x9e048 0x1 0x10
write 0x9e04c 0x1 0x01
write 0x9e04e 0x1 0x6e
write 0x1000004 0x1 0x01
write 0x9e6e3 0x1 0x01
write 0x9e6eb 0x1 0x04
write 0x9e6ec 0x1 0x6e
write 0x9f006 0x1 0x04
write 0x9f008 0x1 0x04
write 0x9f00a 0x1 0x04
outl 0xf8f 0xc
EOF
=== Stack Trace ===
qemu-fuzz-i386: ../hw/block/virtio-blk.c:917: void virtio_blk_reset(VirtIODevice *): Assertion `!s->dataplane_started' failed.
==702068== ERROR: libFuzzer: deadly signal
#0 0x55bd6fc9f311 in __sanitizer_print_stack_trace (fuzz-i386+0x2b16311)
#1 0x55bd6fbe83d8 in fuzzer::PrintStackTrace() (fuzz-i386+0x2a5f3d8)
#2 0x55bd6fbce413 in fuzzer::Fuzzer::CrashCallback() (fuzz-i386+0x2a45413)
#3 0x7ff5241b813f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1413f)
#4 0x7ff523feddb0 in __libc_signal_restore_set signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7ff523feddb0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7ff523fd7536 in abort stdlib/abort.c:79:7
#7 0x7ff523fd740e in __assert_fail_base assert/assert.c:92:3
#8 0x7ff523fe65b1 in __assert_fail assert/assert.c:101:3
#9 0x55bd7116c435 in virtio_blk_reset hw/block/virtio-blk.c:917:5
#10 0x55bd710c94a2 in virtio_reset hw/virtio/virtio.c:2001:9
#11 0x55bd6ff0e0a5 in virtio_pci_reset hw/virtio/virtio-pci.c:1886:5
#12 0x55bd6ff10686 in virtio_ioport_write hw/virtio/virtio-pci.c:339:13
#13 0x55bd6ff10686 in virtio_pci_config_write hw/virtio/virtio-pci.c:456:9
#14 0x55bd713fd025 in memory_region_write_accessor softmmu/memory.c:491:5
#15 0x55bd713fca93 in access_with_adjusted_size softmmu/memory.c:552:18
#16 0x55bd713fc2f0 in memory_region_dispatch_write softmmu/memory.c
#17 0x55bd70e4bf36 in flatview_write_continue softmmu/physmem.c:2759:23
#18 0x55bd70e41bbb in flatview_write softmmu/physmem.c:2799:14
#19 0x55bd70e41bbb in address_space_write softmmu/physmem.c:2891:18
#20 0x55bd71153462 in cpu_outl softmmu/ioport.c:80:5
#21 0x55bd712d586e in qtest_process_command softmmu/qtest.c:483:13
#22 0x55bd712d35bf in qtest_process_inbuf softmmu/qtest.c:797:9
#23 0x55bd712d3315 in qtest_server_inproc_recv softmmu/qtest.c:904:9
#24 0x55bd71910df8 in qtest_sendf tests/qtest/libqtest.c:438:5
#25 0x55bd71911fae in qtest_out tests/qtest/libqtest.c:952:5
#26 0x55bd71911fae in qtest_outl tests/qtest/libqtest.c:968:5
#27 0x55bd6fcd1aa2 in op_out tests/qtest/fuzz/generic_fuzz.c:395:13
#28 0x55bd6fcd04e9 in generic_fuzz tests/qtest/fuzz/generic_fuzz.c:680:17
#29 0x55bd6fcc9723 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:151:5
OSS-Fuzz Report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28524
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907938
Title:
[OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
Status in QEMU:
New
Bug description:
affects qemu
=== Reproducer ===
cat << EOF |./qemu-system-i386 -display none -m 512M -machine q35 \
-device virtio-blk,drive=disk0 \
-drive file=null-co://,id=disk0,if=none,format=raw -qtest stdio
outl 0xcf8 0x8000181f
outl 0xcfc 0xa044d79
outl 0xcf8 0x80001802
outl 0xcf8 0x80001804
outl 0xcfc 0xb9045dff
outl 0xcf8 0x8000180e
outl 0xcfc 0xfb9465a
outl 0xf85 0x9e1ea5c2
write 0x9f002 0x1 0x04
write 0x9f004 0x1 0x04
write 0x9e040 0x1 0x04
write 0x9e043 0x1 0x01
write 0x9e048 0x1 0x10
write 0x9e04c 0x1 0x01
write 0x9e04e 0x1 0x6e
write 0x1000004 0x1 0x01
write 0x9e6e3 0x1 0x01
write 0x9e6eb 0x1 0x04
write 0x9e6ec 0x1 0x6e
write 0x9f006 0x1 0x04
write 0x9f008 0x1 0x04
write 0x9f00a 0x1 0x04
outl 0xf8f 0xc
EOF
=== Stack Trace ===
qemu-fuzz-i386: ../hw/block/virtio-blk.c:917: void virtio_blk_reset(VirtIODevice *): Assertion `!s->dataplane_started' failed.
==702068== ERROR: libFuzzer: deadly signal
#0 0x55bd6fc9f311 in __sanitizer_print_stack_trace (fuzz-i386+0x2b16311)
#1 0x55bd6fbe83d8 in fuzzer::PrintStackTrace() (fuzz-i386+0x2a5f3d8)
#2 0x55bd6fbce413 in fuzzer::Fuzzer::CrashCallback() (fuzz-i386+0x2a45413)
#3 0x7ff5241b813f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1413f)
#4 0x7ff523feddb0 in __libc_signal_restore_set signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7ff523feddb0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7ff523fd7536 in abort stdlib/abort.c:79:7
#7 0x7ff523fd740e in __assert_fail_base assert/assert.c:92:3
#8 0x7ff523fe65b1 in __assert_fail assert/assert.c:101:3
#9 0x55bd7116c435 in virtio_blk_reset hw/block/virtio-blk.c:917:5
#10 0x55bd710c94a2 in virtio_reset hw/virtio/virtio.c:2001:9
#11 0x55bd6ff0e0a5 in virtio_pci_reset hw/virtio/virtio-pci.c:1886:5
#12 0x55bd6ff10686 in virtio_ioport_write hw/virtio/virtio-pci.c:339:13
#13 0x55bd6ff10686 in virtio_pci_config_write hw/virtio/virtio-pci.c:456:9
#14 0x55bd713fd025 in memory_region_write_accessor softmmu/memory.c:491:5
#15 0x55bd713fca93 in access_with_adjusted_size softmmu/memory.c:552:18
#16 0x55bd713fc2f0 in memory_region_dispatch_write softmmu/memory.c
#17 0x55bd70e4bf36 in flatview_write_continue softmmu/physmem.c:2759:23
#18 0x55bd70e41bbb in flatview_write softmmu/physmem.c:2799:14
#19 0x55bd70e41bbb in address_space_write softmmu/physmem.c:2891:18
#20 0x55bd71153462 in cpu_outl softmmu/ioport.c:80:5
#21 0x55bd712d586e in qtest_process_command softmmu/qtest.c:483:13
#22 0x55bd712d35bf in qtest_process_inbuf softmmu/qtest.c:797:9
#23 0x55bd712d3315 in qtest_server_inproc_recv softmmu/qtest.c:904:9
#24 0x55bd71910df8 in qtest_sendf tests/qtest/libqtest.c:438:5
#25 0x55bd71911fae in qtest_out tests/qtest/libqtest.c:952:5
#26 0x55bd71911fae in qtest_outl tests/qtest/libqtest.c:968:5
#27 0x55bd6fcd1aa2 in op_out tests/qtest/fuzz/generic_fuzz.c:395:13
#28 0x55bd6fcd04e9 in generic_fuzz tests/qtest/fuzz/generic_fuzz.c:680:17
#29 0x55bd6fcc9723 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:151:5
OSS-Fuzz Report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28524
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907938/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1907938] Re: [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
2020-12-13 4:28 [Bug 1907938] [NEW] [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started Alexander Bulekov
@ 2021-01-15 16:10 ` Peter Maydell
2021-06-10 8:15 ` Thomas Huth
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2021-01-15 16:10 UTC (permalink / raw)
To: qemu-devel
** Tags added: fuzzer
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907938
Title:
[OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
Status in QEMU:
New
Bug description:
affects qemu
=== Reproducer ===
cat << EOF |./qemu-system-i386 -display none -m 512M -machine q35 \
-device virtio-blk,drive=disk0 \
-drive file=null-co://,id=disk0,if=none,format=raw -qtest stdio
outl 0xcf8 0x8000181f
outl 0xcfc 0xa044d79
outl 0xcf8 0x80001802
outl 0xcf8 0x80001804
outl 0xcfc 0xb9045dff
outl 0xcf8 0x8000180e
outl 0xcfc 0xfb9465a
outl 0xf85 0x9e1ea5c2
write 0x9f002 0x1 0x04
write 0x9f004 0x1 0x04
write 0x9e040 0x1 0x04
write 0x9e043 0x1 0x01
write 0x9e048 0x1 0x10
write 0x9e04c 0x1 0x01
write 0x9e04e 0x1 0x6e
write 0x1000004 0x1 0x01
write 0x9e6e3 0x1 0x01
write 0x9e6eb 0x1 0x04
write 0x9e6ec 0x1 0x6e
write 0x9f006 0x1 0x04
write 0x9f008 0x1 0x04
write 0x9f00a 0x1 0x04
outl 0xf8f 0xc
EOF
=== Stack Trace ===
qemu-fuzz-i386: ../hw/block/virtio-blk.c:917: void virtio_blk_reset(VirtIODevice *): Assertion `!s->dataplane_started' failed.
==702068== ERROR: libFuzzer: deadly signal
#0 0x55bd6fc9f311 in __sanitizer_print_stack_trace (fuzz-i386+0x2b16311)
#1 0x55bd6fbe83d8 in fuzzer::PrintStackTrace() (fuzz-i386+0x2a5f3d8)
#2 0x55bd6fbce413 in fuzzer::Fuzzer::CrashCallback() (fuzz-i386+0x2a45413)
#3 0x7ff5241b813f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1413f)
#4 0x7ff523feddb0 in __libc_signal_restore_set signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7ff523feddb0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7ff523fd7536 in abort stdlib/abort.c:79:7
#7 0x7ff523fd740e in __assert_fail_base assert/assert.c:92:3
#8 0x7ff523fe65b1 in __assert_fail assert/assert.c:101:3
#9 0x55bd7116c435 in virtio_blk_reset hw/block/virtio-blk.c:917:5
#10 0x55bd710c94a2 in virtio_reset hw/virtio/virtio.c:2001:9
#11 0x55bd6ff0e0a5 in virtio_pci_reset hw/virtio/virtio-pci.c:1886:5
#12 0x55bd6ff10686 in virtio_ioport_write hw/virtio/virtio-pci.c:339:13
#13 0x55bd6ff10686 in virtio_pci_config_write hw/virtio/virtio-pci.c:456:9
#14 0x55bd713fd025 in memory_region_write_accessor softmmu/memory.c:491:5
#15 0x55bd713fca93 in access_with_adjusted_size softmmu/memory.c:552:18
#16 0x55bd713fc2f0 in memory_region_dispatch_write softmmu/memory.c
#17 0x55bd70e4bf36 in flatview_write_continue softmmu/physmem.c:2759:23
#18 0x55bd70e41bbb in flatview_write softmmu/physmem.c:2799:14
#19 0x55bd70e41bbb in address_space_write softmmu/physmem.c:2891:18
#20 0x55bd71153462 in cpu_outl softmmu/ioport.c:80:5
#21 0x55bd712d586e in qtest_process_command softmmu/qtest.c:483:13
#22 0x55bd712d35bf in qtest_process_inbuf softmmu/qtest.c:797:9
#23 0x55bd712d3315 in qtest_server_inproc_recv softmmu/qtest.c:904:9
#24 0x55bd71910df8 in qtest_sendf tests/qtest/libqtest.c:438:5
#25 0x55bd71911fae in qtest_out tests/qtest/libqtest.c:952:5
#26 0x55bd71911fae in qtest_outl tests/qtest/libqtest.c:968:5
#27 0x55bd6fcd1aa2 in op_out tests/qtest/fuzz/generic_fuzz.c:395:13
#28 0x55bd6fcd04e9 in generic_fuzz tests/qtest/fuzz/generic_fuzz.c:680:17
#29 0x55bd6fcc9723 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:151:5
OSS-Fuzz Report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28524
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907938/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1907938] Re: [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
2020-12-13 4:28 [Bug 1907938] [NEW] [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started Alexander Bulekov
2021-01-15 16:10 ` [Bug 1907938] " Peter Maydell
@ 2021-06-10 8:15 ` Thomas Huth
2021-08-21 4:12 ` Alexander Bulekov
2021-08-21 6:19 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2021-06-10 8:15 UTC (permalink / raw)
To: qemu-devel
This still reproduces with the current git version of QEMU.
** Changed in: qemu
Status: New => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907938
Title:
[OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
Status in QEMU:
Confirmed
Bug description:
affects qemu
=== Reproducer ===
cat << EOF |./qemu-system-i386 -display none -m 512M -machine q35 \
-device virtio-blk,drive=disk0 \
-drive file=null-co://,id=disk0,if=none,format=raw -qtest stdio
outl 0xcf8 0x8000181f
outl 0xcfc 0xa044d79
outl 0xcf8 0x80001802
outl 0xcf8 0x80001804
outl 0xcfc 0xb9045dff
outl 0xcf8 0x8000180e
outl 0xcfc 0xfb9465a
outl 0xf85 0x9e1ea5c2
write 0x9f002 0x1 0x04
write 0x9f004 0x1 0x04
write 0x9e040 0x1 0x04
write 0x9e043 0x1 0x01
write 0x9e048 0x1 0x10
write 0x9e04c 0x1 0x01
write 0x9e04e 0x1 0x6e
write 0x1000004 0x1 0x01
write 0x9e6e3 0x1 0x01
write 0x9e6eb 0x1 0x04
write 0x9e6ec 0x1 0x6e
write 0x9f006 0x1 0x04
write 0x9f008 0x1 0x04
write 0x9f00a 0x1 0x04
outl 0xf8f 0xc
EOF
=== Stack Trace ===
qemu-fuzz-i386: ../hw/block/virtio-blk.c:917: void virtio_blk_reset(VirtIODevice *): Assertion `!s->dataplane_started' failed.
==702068== ERROR: libFuzzer: deadly signal
#0 0x55bd6fc9f311 in __sanitizer_print_stack_trace (fuzz-i386+0x2b16311)
#1 0x55bd6fbe83d8 in fuzzer::PrintStackTrace() (fuzz-i386+0x2a5f3d8)
#2 0x55bd6fbce413 in fuzzer::Fuzzer::CrashCallback() (fuzz-i386+0x2a45413)
#3 0x7ff5241b813f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1413f)
#4 0x7ff523feddb0 in __libc_signal_restore_set signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7ff523feddb0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7ff523fd7536 in abort stdlib/abort.c:79:7
#7 0x7ff523fd740e in __assert_fail_base assert/assert.c:92:3
#8 0x7ff523fe65b1 in __assert_fail assert/assert.c:101:3
#9 0x55bd7116c435 in virtio_blk_reset hw/block/virtio-blk.c:917:5
#10 0x55bd710c94a2 in virtio_reset hw/virtio/virtio.c:2001:9
#11 0x55bd6ff0e0a5 in virtio_pci_reset hw/virtio/virtio-pci.c:1886:5
#12 0x55bd6ff10686 in virtio_ioport_write hw/virtio/virtio-pci.c:339:13
#13 0x55bd6ff10686 in virtio_pci_config_write hw/virtio/virtio-pci.c:456:9
#14 0x55bd713fd025 in memory_region_write_accessor softmmu/memory.c:491:5
#15 0x55bd713fca93 in access_with_adjusted_size softmmu/memory.c:552:18
#16 0x55bd713fc2f0 in memory_region_dispatch_write softmmu/memory.c
#17 0x55bd70e4bf36 in flatview_write_continue softmmu/physmem.c:2759:23
#18 0x55bd70e41bbb in flatview_write softmmu/physmem.c:2799:14
#19 0x55bd70e41bbb in address_space_write softmmu/physmem.c:2891:18
#20 0x55bd71153462 in cpu_outl softmmu/ioport.c:80:5
#21 0x55bd712d586e in qtest_process_command softmmu/qtest.c:483:13
#22 0x55bd712d35bf in qtest_process_inbuf softmmu/qtest.c:797:9
#23 0x55bd712d3315 in qtest_server_inproc_recv softmmu/qtest.c:904:9
#24 0x55bd71910df8 in qtest_sendf tests/qtest/libqtest.c:438:5
#25 0x55bd71911fae in qtest_out tests/qtest/libqtest.c:952:5
#26 0x55bd71911fae in qtest_outl tests/qtest/libqtest.c:968:5
#27 0x55bd6fcd1aa2 in op_out tests/qtest/fuzz/generic_fuzz.c:395:13
#28 0x55bd6fcd04e9 in generic_fuzz tests/qtest/fuzz/generic_fuzz.c:680:17
#29 0x55bd6fcc9723 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:151:5
OSS-Fuzz Report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28524
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907938/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1907938] Re: [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
2020-12-13 4:28 [Bug 1907938] [NEW] [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started Alexander Bulekov
2021-01-15 16:10 ` [Bug 1907938] " Peter Maydell
2021-06-10 8:15 ` Thomas Huth
@ 2021-08-21 4:12 ` Alexander Bulekov
2021-08-21 6:19 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Alexander Bulekov @ 2021-08-21 4:12 UTC (permalink / raw)
To: qemu-devel
I moved this report over to QEMU's new bug tracker on gitlab.com.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/543
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #543
https://gitlab.com/qemu-project/qemu/-/issues/543
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907938
Title:
[OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
Status in QEMU:
Confirmed
Bug description:
affects qemu
=== Reproducer ===
cat << EOF |./qemu-system-i386 -display none -m 512M -machine q35 \
-device virtio-blk,drive=disk0 \
-drive file=null-co://,id=disk0,if=none,format=raw -qtest stdio
outl 0xcf8 0x8000181f
outl 0xcfc 0xa044d79
outl 0xcf8 0x80001802
outl 0xcf8 0x80001804
outl 0xcfc 0xb9045dff
outl 0xcf8 0x8000180e
outl 0xcfc 0xfb9465a
outl 0xf85 0x9e1ea5c2
write 0x9f002 0x1 0x04
write 0x9f004 0x1 0x04
write 0x9e040 0x1 0x04
write 0x9e043 0x1 0x01
write 0x9e048 0x1 0x10
write 0x9e04c 0x1 0x01
write 0x9e04e 0x1 0x6e
write 0x1000004 0x1 0x01
write 0x9e6e3 0x1 0x01
write 0x9e6eb 0x1 0x04
write 0x9e6ec 0x1 0x6e
write 0x9f006 0x1 0x04
write 0x9f008 0x1 0x04
write 0x9f00a 0x1 0x04
outl 0xf8f 0xc
EOF
=== Stack Trace ===
qemu-fuzz-i386: ../hw/block/virtio-blk.c:917: void virtio_blk_reset(VirtIODevice *): Assertion `!s->dataplane_started' failed.
==702068== ERROR: libFuzzer: deadly signal
#0 0x55bd6fc9f311 in __sanitizer_print_stack_trace (fuzz-i386+0x2b16311)
#1 0x55bd6fbe83d8 in fuzzer::PrintStackTrace() (fuzz-i386+0x2a5f3d8)
#2 0x55bd6fbce413 in fuzzer::Fuzzer::CrashCallback() (fuzz-i386+0x2a45413)
#3 0x7ff5241b813f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1413f)
#4 0x7ff523feddb0 in __libc_signal_restore_set signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7ff523feddb0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7ff523fd7536 in abort stdlib/abort.c:79:7
#7 0x7ff523fd740e in __assert_fail_base assert/assert.c:92:3
#8 0x7ff523fe65b1 in __assert_fail assert/assert.c:101:3
#9 0x55bd7116c435 in virtio_blk_reset hw/block/virtio-blk.c:917:5
#10 0x55bd710c94a2 in virtio_reset hw/virtio/virtio.c:2001:9
#11 0x55bd6ff0e0a5 in virtio_pci_reset hw/virtio/virtio-pci.c:1886:5
#12 0x55bd6ff10686 in virtio_ioport_write hw/virtio/virtio-pci.c:339:13
#13 0x55bd6ff10686 in virtio_pci_config_write hw/virtio/virtio-pci.c:456:9
#14 0x55bd713fd025 in memory_region_write_accessor softmmu/memory.c:491:5
#15 0x55bd713fca93 in access_with_adjusted_size softmmu/memory.c:552:18
#16 0x55bd713fc2f0 in memory_region_dispatch_write softmmu/memory.c
#17 0x55bd70e4bf36 in flatview_write_continue softmmu/physmem.c:2759:23
#18 0x55bd70e41bbb in flatview_write softmmu/physmem.c:2799:14
#19 0x55bd70e41bbb in address_space_write softmmu/physmem.c:2891:18
#20 0x55bd71153462 in cpu_outl softmmu/ioport.c:80:5
#21 0x55bd712d586e in qtest_process_command softmmu/qtest.c:483:13
#22 0x55bd712d35bf in qtest_process_inbuf softmmu/qtest.c:797:9
#23 0x55bd712d3315 in qtest_server_inproc_recv softmmu/qtest.c:904:9
#24 0x55bd71910df8 in qtest_sendf tests/qtest/libqtest.c:438:5
#25 0x55bd71911fae in qtest_out tests/qtest/libqtest.c:952:5
#26 0x55bd71911fae in qtest_outl tests/qtest/libqtest.c:968:5
#27 0x55bd6fcd1aa2 in op_out tests/qtest/fuzz/generic_fuzz.c:395:13
#28 0x55bd6fcd04e9 in generic_fuzz tests/qtest/fuzz/generic_fuzz.c:680:17
#29 0x55bd6fcc9723 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:151:5
OSS-Fuzz Report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28524
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907938/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1907938] Re: [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
2020-12-13 4:28 [Bug 1907938] [NEW] [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started Alexander Bulekov
` (2 preceding siblings ...)
2021-08-21 4:12 ` Alexander Bulekov
@ 2021-08-21 6:19 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2021-08-21 6:19 UTC (permalink / raw)
To: qemu-devel
Thanks for moving it over! ... let's close this one here on Launchpad
now.
** Changed in: qemu
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907938
Title:
[OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started
Status in QEMU:
Invalid
Bug description:
affects qemu
=== Reproducer ===
cat << EOF |./qemu-system-i386 -display none -m 512M -machine q35 \
-device virtio-blk,drive=disk0 \
-drive file=null-co://,id=disk0,if=none,format=raw -qtest stdio
outl 0xcf8 0x8000181f
outl 0xcfc 0xa044d79
outl 0xcf8 0x80001802
outl 0xcf8 0x80001804
outl 0xcfc 0xb9045dff
outl 0xcf8 0x8000180e
outl 0xcfc 0xfb9465a
outl 0xf85 0x9e1ea5c2
write 0x9f002 0x1 0x04
write 0x9f004 0x1 0x04
write 0x9e040 0x1 0x04
write 0x9e043 0x1 0x01
write 0x9e048 0x1 0x10
write 0x9e04c 0x1 0x01
write 0x9e04e 0x1 0x6e
write 0x1000004 0x1 0x01
write 0x9e6e3 0x1 0x01
write 0x9e6eb 0x1 0x04
write 0x9e6ec 0x1 0x6e
write 0x9f006 0x1 0x04
write 0x9f008 0x1 0x04
write 0x9f00a 0x1 0x04
outl 0xf8f 0xc
EOF
=== Stack Trace ===
qemu-fuzz-i386: ../hw/block/virtio-blk.c:917: void virtio_blk_reset(VirtIODevice *): Assertion `!s->dataplane_started' failed.
==702068== ERROR: libFuzzer: deadly signal
#0 0x55bd6fc9f311 in __sanitizer_print_stack_trace (fuzz-i386+0x2b16311)
#1 0x55bd6fbe83d8 in fuzzer::PrintStackTrace() (fuzz-i386+0x2a5f3d8)
#2 0x55bd6fbce413 in fuzzer::Fuzzer::CrashCallback() (fuzz-i386+0x2a45413)
#3 0x7ff5241b813f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1413f)
#4 0x7ff523feddb0 in __libc_signal_restore_set signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7ff523feddb0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7ff523fd7536 in abort stdlib/abort.c:79:7
#7 0x7ff523fd740e in __assert_fail_base assert/assert.c:92:3
#8 0x7ff523fe65b1 in __assert_fail assert/assert.c:101:3
#9 0x55bd7116c435 in virtio_blk_reset hw/block/virtio-blk.c:917:5
#10 0x55bd710c94a2 in virtio_reset hw/virtio/virtio.c:2001:9
#11 0x55bd6ff0e0a5 in virtio_pci_reset hw/virtio/virtio-pci.c:1886:5
#12 0x55bd6ff10686 in virtio_ioport_write hw/virtio/virtio-pci.c:339:13
#13 0x55bd6ff10686 in virtio_pci_config_write hw/virtio/virtio-pci.c:456:9
#14 0x55bd713fd025 in memory_region_write_accessor softmmu/memory.c:491:5
#15 0x55bd713fca93 in access_with_adjusted_size softmmu/memory.c:552:18
#16 0x55bd713fc2f0 in memory_region_dispatch_write softmmu/memory.c
#17 0x55bd70e4bf36 in flatview_write_continue softmmu/physmem.c:2759:23
#18 0x55bd70e41bbb in flatview_write softmmu/physmem.c:2799:14
#19 0x55bd70e41bbb in address_space_write softmmu/physmem.c:2891:18
#20 0x55bd71153462 in cpu_outl softmmu/ioport.c:80:5
#21 0x55bd712d586e in qtest_process_command softmmu/qtest.c:483:13
#22 0x55bd712d35bf in qtest_process_inbuf softmmu/qtest.c:797:9
#23 0x55bd712d3315 in qtest_server_inproc_recv softmmu/qtest.c:904:9
#24 0x55bd71910df8 in qtest_sendf tests/qtest/libqtest.c:438:5
#25 0x55bd71911fae in qtest_out tests/qtest/libqtest.c:952:5
#26 0x55bd71911fae in qtest_outl tests/qtest/libqtest.c:968:5
#27 0x55bd6fcd1aa2 in op_out tests/qtest/fuzz/generic_fuzz.c:395:13
#28 0x55bd6fcd04e9 in generic_fuzz tests/qtest/fuzz/generic_fuzz.c:680:17
#29 0x55bd6fcc9723 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:151:5
OSS-Fuzz Report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28524
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907938/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-08-21 6:26 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-13 4:28 [Bug 1907938] [NEW] [OSS-Fuzz] Issue 28524 virtio-blk: ASSERT: !s->dataplane_started Alexander Bulekov
2021-01-15 16:10 ` [Bug 1907938] " Peter Maydell
2021-06-10 8:15 ` Thomas Huth
2021-08-21 4:12 ` Alexander Bulekov
2021-08-21 6:19 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.