* [Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again
@ 2020-12-14 12:17 Qiuhao Li
2020-12-14 12:23 ` [Bug 1908062] " Qiuhao Li
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Qiuhao Li @ 2020-12-14 12:17 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
12, built with --enable-sanitizers --enable-fuzzing), an assertion
failed in include/exec/memory_ldst_cached.h.inc.
--[ Reproducer
cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
outl 0xcf8 0x8000081c
outb 0xcfc 0xc3
outl 0xcf8 0x80000804
outb 0xcfc 0x06
write 0xc300001024 0x2 0x0040
write 0xc300001028 0x1 0x5a
write 0xc30000101c 0x1 0x01
writel 0xc30000100c 0x20000000
write 0xc300001016 0x3 0x80a080
write 0xc300003002 0x1 0x80
write 0x5c 0x1 0x10
EOF
--[ Output
==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
[I 1607946348.442865] OPENED
[R +0.059305] outl 0xcf8 0x8000081c
OK
[S +0.059326] OK
[R +0.059338] outb 0xcfc 0xc3
OK
[S +0.059355] OK
[R +0.059363] outl 0xcf8 0x80000804
OK
[S +0.059369] OK
[R +0.059381] outb 0xcfc 0x06
OK
[S +0.061094] OK
[R +0.061107] write 0xc300001024 0x2 0x0040
OK
[S +0.061120] OK
[R +0.061127] write 0xc300001028 0x1 0x5a
OK
[S +0.061135] OK
[R +0.061142] write 0xc30000101c 0x1 0x01
OK
[S +0.061158] OK
[R +0.061167] writel 0xc30000100c 0x20000000
OK
[S +0.061212] OK
[R +0.061222] write 0xc300001016 0x3 0x80a080
OK
[S +0.061231] OK
[R +0.061238] write 0xc300003002 0x1 0x80
OK
[S +0.061247] OK
[R +0.061253] write 0x5c 0x1 0x10
OK
[S +0.061403] OK
qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
--[ Environment
Ubuntu 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
--[ Note
Alexander Bulekov found the same assertion failure on 2020-08-04,
https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.
Fam Zheng found the same assertion failure on 2018-09-29,
https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
commit db812c4073c77c8a64db8d6663b3416a587c7b4a.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908062
Title:
qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached
failed again
Status in QEMU:
New
Bug description:
When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
12, built with --enable-sanitizers --enable-fuzzing), an assertion
failed in include/exec/memory_ldst_cached.h.inc.
--[ Reproducer
cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
outl 0xcf8 0x8000081c
outb 0xcfc 0xc3
outl 0xcf8 0x80000804
outb 0xcfc 0x06
write 0xc300001024 0x2 0x0040
write 0xc300001028 0x1 0x5a
write 0xc30000101c 0x1 0x01
writel 0xc30000100c 0x20000000
write 0xc300001016 0x3 0x80a080
write 0xc300003002 0x1 0x80
write 0x5c 0x1 0x10
EOF
--[ Output
==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
[I 1607946348.442865] OPENED
[R +0.059305] outl 0xcf8 0x8000081c
OK
[S +0.059326] OK
[R +0.059338] outb 0xcfc 0xc3
OK
[S +0.059355] OK
[R +0.059363] outl 0xcf8 0x80000804
OK
[S +0.059369] OK
[R +0.059381] outb 0xcfc 0x06
OK
[S +0.061094] OK
[R +0.061107] write 0xc300001024 0x2 0x0040
OK
[S +0.061120] OK
[R +0.061127] write 0xc300001028 0x1 0x5a
OK
[S +0.061135] OK
[R +0.061142] write 0xc30000101c 0x1 0x01
OK
[S +0.061158] OK
[R +0.061167] writel 0xc30000100c 0x20000000
OK
[S +0.061212] OK
[R +0.061222] write 0xc300001016 0x3 0x80a080
OK
[S +0.061231] OK
[R +0.061238] write 0xc300003002 0x1 0x80
OK
[S +0.061247] OK
[R +0.061253] write 0x5c 0x1 0x10
OK
[S +0.061403] OK
qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
--[ Environment
Ubuntu 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
--[ Note
Alexander Bulekov found the same assertion failure on 2020-08-04,
https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.
Fam Zheng found the same assertion failure on 2018-09-29,
https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
commit db812c4073c77c8a64db8d6663b3416a587c7b4a.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908062/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1908062] Re: qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again
2020-12-14 12:17 [Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again Qiuhao Li
@ 2020-12-14 12:23 ` Qiuhao Li
2021-01-15 16:10 ` Peter Maydell
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Qiuhao Li @ 2020-12-14 12:23 UTC (permalink / raw)
To: qemu-devel
--[ Original Fuzzing output
./build/qemu-fuzz-i386 --fuzz-target=generic-fuzz-virtio-vga
../fuzz/20201208/crash-da778083c63d2b24d8f7780383b2602a7a156352
qemu-fuzz-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
==37260== ERROR: libFuzzer: deadly signal
#0 0x56336c2ebc81 in __sanitizer_print_stack_trace (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x305dc81)
#1 0x56336c236dd8 in fuzzer::PrintStackTrace() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa8dd8)
#2 0x56336c21bf23 in fuzzer::Fuzzer::CrashCallback() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8df23)
#3 0x7f3122f7b3bf (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
#4 0x7f3122d8c18a in __libc_signal_restore_set /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7f3122d8c18a in raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7f3122d6b858 in abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:79:7
#7 0x7f3122d6b728 in __assert_fail_base /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:92:3
#8 0x7f3122d7cf35 in __assert_fail /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:101:3
#9 0x56336ec7c8ab in address_space_stw_le_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88:5
#10 0x56336ec7b746 in stw_le_phys_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_phys.h.inc:121:5
#11 0x56336ec7acf8 in virtio_stw_phys_cached /home/qiuhao/hack/qemu/include/hw/virtio/virtio-access.h:196:9
#12 0x56336ec79f7b in vring_set_avail_event /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:429:5
#13 0x56336ec376f5 in virtqueue_split_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1452:9
#14 0x56336ec3131c in virtqueue_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1695:16
#15 0x56336c57fa43 in virtio_gpu_handle_ctrl /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:877:11
#16 0x56336c57f6d9 in virtio_gpu_ctrl_bh /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:898:5
#17 0x563370ad4952 in aio_bh_call /home/qiuhao/hack/qemu/build/../util/async.c:136:5
#18 0x563370ad6352 in aio_bh_poll /home/qiuhao/hack/qemu/build/../util/async.c:164:13
#19 0x563370a2773b in aio_dispatch /home/qiuhao/hack/qemu/build/../util/aio-posix.c:381:5
#20 0x563370adfd5e in aio_ctx_dispatch /home/qiuhao/hack/qemu/build/../util/async.c:306:5
#21 0x7f312319afbc in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51fbc)
#22 0x563370942137 in glib_pollfds_poll /home/qiuhao/hack/qemu/build/../util/main-loop.c:221:9
#23 0x56337093fa37 in os_host_main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:244:5
#24 0x56337093f387 in main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:520:11
#25 0x56336c33ec22 in flush_events /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:49:9
#26 0x56336c33311b in generic_fuzz /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:683:17
#27 0x56336c340699 in LLVMFuzzerTestOneInput /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:151:5
#28 0x56336c21d5e1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8f5e1)
#29 0x56336c208d52 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f7ad52)
#30 0x56336c20e806 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f80806)
#31 0x56336c2374c2 in main (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa94c2)
#32 0x7f3122d6d0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
#33 0x56336c1e341d in _start (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f5541d)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
** Attachment added: "crash-da778083c63d2b24d8f7780383b2602a7a156352"
https://bugs.launchpad.net/qemu/+bug/1908062/+attachment/5443422/+files/crash-da778083c63d2b24d8f7780383b2602a7a156352
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908062
Title:
qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached
failed again
Status in QEMU:
New
Bug description:
When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
12, built with --enable-sanitizers --enable-fuzzing), an assertion
failed in include/exec/memory_ldst_cached.h.inc.
--[ Reproducer
cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
outl 0xcf8 0x8000081c
outb 0xcfc 0xc3
outl 0xcf8 0x80000804
outb 0xcfc 0x06
write 0xc300001024 0x2 0x0040
write 0xc300001028 0x1 0x5a
write 0xc30000101c 0x1 0x01
writel 0xc30000100c 0x20000000
write 0xc300001016 0x3 0x80a080
write 0xc300003002 0x1 0x80
write 0x5c 0x1 0x10
EOF
--[ Output
==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
[I 1607946348.442865] OPENED
[R +0.059305] outl 0xcf8 0x8000081c
OK
[S +0.059326] OK
[R +0.059338] outb 0xcfc 0xc3
OK
[S +0.059355] OK
[R +0.059363] outl 0xcf8 0x80000804
OK
[S +0.059369] OK
[R +0.059381] outb 0xcfc 0x06
OK
[S +0.061094] OK
[R +0.061107] write 0xc300001024 0x2 0x0040
OK
[S +0.061120] OK
[R +0.061127] write 0xc300001028 0x1 0x5a
OK
[S +0.061135] OK
[R +0.061142] write 0xc30000101c 0x1 0x01
OK
[S +0.061158] OK
[R +0.061167] writel 0xc30000100c 0x20000000
OK
[S +0.061212] OK
[R +0.061222] write 0xc300001016 0x3 0x80a080
OK
[S +0.061231] OK
[R +0.061238] write 0xc300003002 0x1 0x80
OK
[S +0.061247] OK
[R +0.061253] write 0x5c 0x1 0x10
OK
[S +0.061403] OK
qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
--[ Environment
Ubuntu 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
--[ Note
Alexander Bulekov found the same assertion failure on 2020-08-04,
https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.
Fam Zheng found the same assertion failure on 2018-09-29,
https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
commit db812c4073c77c8a64db8d6663b3416a587c7b4a.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908062/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1908062] Re: qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again
2020-12-14 12:17 [Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again Qiuhao Li
2020-12-14 12:23 ` [Bug 1908062] " Qiuhao Li
@ 2021-01-15 16:10 ` Peter Maydell
2021-05-10 18:53 ` Thomas Huth
2021-05-14 18:46 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2021-01-15 16:10 UTC (permalink / raw)
To: qemu-devel
** Tags added: fuzzer
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908062
Title:
qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached
failed again
Status in QEMU:
New
Bug description:
When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
12, built with --enable-sanitizers --enable-fuzzing), an assertion
failed in include/exec/memory_ldst_cached.h.inc.
--[ Reproducer
cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
outl 0xcf8 0x8000081c
outb 0xcfc 0xc3
outl 0xcf8 0x80000804
outb 0xcfc 0x06
write 0xc300001024 0x2 0x0040
write 0xc300001028 0x1 0x5a
write 0xc30000101c 0x1 0x01
writel 0xc30000100c 0x20000000
write 0xc300001016 0x3 0x80a080
write 0xc300003002 0x1 0x80
write 0x5c 0x1 0x10
EOF
--[ Output
==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
[I 1607946348.442865] OPENED
[R +0.059305] outl 0xcf8 0x8000081c
OK
[S +0.059326] OK
[R +0.059338] outb 0xcfc 0xc3
OK
[S +0.059355] OK
[R +0.059363] outl 0xcf8 0x80000804
OK
[S +0.059369] OK
[R +0.059381] outb 0xcfc 0x06
OK
[S +0.061094] OK
[R +0.061107] write 0xc300001024 0x2 0x0040
OK
[S +0.061120] OK
[R +0.061127] write 0xc300001028 0x1 0x5a
OK
[S +0.061135] OK
[R +0.061142] write 0xc30000101c 0x1 0x01
OK
[S +0.061158] OK
[R +0.061167] writel 0xc30000100c 0x20000000
OK
[S +0.061212] OK
[R +0.061222] write 0xc300001016 0x3 0x80a080
OK
[S +0.061231] OK
[R +0.061238] write 0xc300003002 0x1 0x80
OK
[S +0.061247] OK
[R +0.061253] write 0x5c 0x1 0x10
OK
[S +0.061403] OK
qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
--[ Environment
Ubuntu 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
--[ Note
Alexander Bulekov found the same assertion failure on 2020-08-04,
https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.
Fam Zheng found the same assertion failure on 2018-09-29,
https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
commit db812c4073c77c8a64db8d6663b3416a587c7b4a.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908062/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1908062] Re: qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again
2020-12-14 12:17 [Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again Qiuhao Li
2020-12-14 12:23 ` [Bug 1908062] " Qiuhao Li
2021-01-15 16:10 ` Peter Maydell
@ 2021-05-10 18:53 ` Thomas Huth
2021-05-14 18:46 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2021-05-10 18:53 UTC (permalink / raw)
To: qemu-devel
The QEMU project is currently moving its bug tracking to another system.
For this we need to know which bugs are still valid and which could be
closed already. Thus we are setting the bug state to "Incomplete" now.
If the bug has already been fixed in the latest upstream version of QEMU,
then please close this ticket as "Fix released".
If it is not fixed yet and you think that this bug report here is still
valid, then you have two options:
1) If you already have an account on gitlab.com, please open a new ticket
for this problem in our new tracker here:
https://gitlab.com/qemu-project/qemu/-/issues
and then close this ticket here on Launchpad (or let it expire auto-
matically after 60 days). Please mention the URL of this bug ticket on
Launchpad in the new ticket on GitLab.
2) If you don't have an account on gitlab.com and don't intend to get
one, but still would like to keep this ticket opened, then please switch
the state back to "New" or "Confirmed" within the next 60 days (other-
wise it will get closed as "Expired"). We will then eventually migrate
the ticket automatically to the new system (but you won't be the reporter
of the bug in the new system and thus you won't get notified on changes
anymore).
Thank you and sorry for the inconvenience.
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908062
Title:
qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached
failed again
Status in QEMU:
Incomplete
Bug description:
When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
12, built with --enable-sanitizers --enable-fuzzing), an assertion
failed in include/exec/memory_ldst_cached.h.inc.
--[ Reproducer
cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
outl 0xcf8 0x8000081c
outb 0xcfc 0xc3
outl 0xcf8 0x80000804
outb 0xcfc 0x06
write 0xc300001024 0x2 0x0040
write 0xc300001028 0x1 0x5a
write 0xc30000101c 0x1 0x01
writel 0xc30000100c 0x20000000
write 0xc300001016 0x3 0x80a080
write 0xc300003002 0x1 0x80
write 0x5c 0x1 0x10
EOF
--[ Output
==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
[I 1607946348.442865] OPENED
[R +0.059305] outl 0xcf8 0x8000081c
OK
[S +0.059326] OK
[R +0.059338] outb 0xcfc 0xc3
OK
[S +0.059355] OK
[R +0.059363] outl 0xcf8 0x80000804
OK
[S +0.059369] OK
[R +0.059381] outb 0xcfc 0x06
OK
[S +0.061094] OK
[R +0.061107] write 0xc300001024 0x2 0x0040
OK
[S +0.061120] OK
[R +0.061127] write 0xc300001028 0x1 0x5a
OK
[S +0.061135] OK
[R +0.061142] write 0xc30000101c 0x1 0x01
OK
[S +0.061158] OK
[R +0.061167] writel 0xc30000100c 0x20000000
OK
[S +0.061212] OK
[R +0.061222] write 0xc300001016 0x3 0x80a080
OK
[S +0.061231] OK
[R +0.061238] write 0xc300003002 0x1 0x80
OK
[S +0.061247] OK
[R +0.061253] write 0x5c 0x1 0x10
OK
[S +0.061403] OK
qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
--[ Environment
Ubuntu 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
--[ Note
Alexander Bulekov found the same assertion failure on 2020-08-04,
https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.
Fam Zheng found the same assertion failure on 2018-09-29,
https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
commit db812c4073c77c8a64db8d6663b3416a587c7b4a.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908062/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1908062] Re: qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again
2020-12-14 12:17 [Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again Qiuhao Li
` (2 preceding siblings ...)
2021-05-10 18:53 ` Thomas Huth
@ 2021-05-14 18:46 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2021-05-14 18:46 UTC (permalink / raw)
To: qemu-devel
This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/300
** Changed in: qemu
Status: Incomplete => Expired
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #300
https://gitlab.com/qemu-project/qemu/-/issues/300
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908062
Title:
qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached
failed again
Status in QEMU:
Expired
Bug description:
When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec
12, built with --enable-sanitizers --enable-fuzzing), an assertion
failed in include/exec/memory_ldst_cached.h.inc.
--[ Reproducer
cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
outl 0xcf8 0x8000081c
outb 0xcfc 0xc3
outl 0xcf8 0x80000804
outb 0xcfc 0x06
write 0xc300001024 0x2 0x0040
write 0xc300001028 0x1 0x5a
write 0xc30000101c 0x1 0x01
writel 0xc30000100c 0x20000000
write 0xc300001016 0x3 0x80a080
write 0xc300003002 0x1 0x80
write 0x5c 0x1 0x10
EOF
--[ Output
==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
[I 1607946348.442865] OPENED
[R +0.059305] outl 0xcf8 0x8000081c
OK
[S +0.059326] OK
[R +0.059338] outb 0xcfc 0xc3
OK
[S +0.059355] OK
[R +0.059363] outl 0xcf8 0x80000804
OK
[S +0.059369] OK
[R +0.059381] outb 0xcfc 0x06
OK
[S +0.061094] OK
[R +0.061107] write 0xc300001024 0x2 0x0040
OK
[S +0.061120] OK
[R +0.061127] write 0xc300001028 0x1 0x5a
OK
[S +0.061135] OK
[R +0.061142] write 0xc30000101c 0x1 0x01
OK
[S +0.061158] OK
[R +0.061167] writel 0xc30000100c 0x20000000
OK
[S +0.061212] OK
[R +0.061222] write 0xc300001016 0x3 0x80a080
OK
[S +0.061231] OK
[R +0.061238] write 0xc300003002 0x1 0x80
OK
[S +0.061247] OK
[R +0.061253] write 0x5c 0x1 0x10
OK
[S +0.061403] OK
qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
--[ Environment
Ubuntu 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
--[ Note
Alexander Bulekov found the same assertion failure on 2020-08-04,
https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in
commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.
Fam Zheng found the same assertion failure on 2018-09-29,
https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in
commit db812c4073c77c8a64db8d6663b3416a587c7b4a.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908062/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-05-14 18:59 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-14 12:17 [Bug 1908062] [NEW] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again Qiuhao Li
2020-12-14 12:23 ` [Bug 1908062] " Qiuhao Li
2021-01-15 16:10 ` Peter Maydell
2021-05-10 18:53 ` Thomas Huth
2021-05-14 18:46 ` Thomas Huth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).