1 files changed, 281 insertions, 0 deletions

diff --git a/results/classifier/111/review/1890360 b/results/classifier/111/review/1890360
new file mode 100644
index 00000000..0474d711
--- /dev/null
+++ b/results/classifier/111/review/1890360
@@ -0,0 +1,281 @@
+other: 0.104
+device: 0.099
+permissions: 0.088
+socket: 0.074
+performance: 0.073
+semantic: 0.072
+files: 0.070
+graphic: 0.068
+PID: 0.067
+debug: 0.064
+network: 0.060
+boot: 0.057
+KVM: 0.055
+vnc: 0.050
+debug: 0.268
+files: 0.159
+performance: 0.129
+device: 0.083
+PID: 0.063
+semantic: 0.055
+other: 0.053
+socket: 0.037
+KVM: 0.035
+boot: 0.033
+graphic: 0.025
+network: 0.024
+vnc: 0.019
+permissions: 0.016
+
+Assertion failure in address_space_unmap through virtio-blk
+
+Hello,
+Reproducer:
+cat << EOF | ./i386-softmmu/qemu-system-i386 \
+-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
+-device virtio-blk,drive=mydrive \
+-nodefaults -nographic -qtest stdio
+outl 0xcf8 0x80001010
+outl 0xcfc 0xc001
+outl 0xcf8 0x80001014
+outl 0xcf8 0x80001004
+outw 0xcfc 0x7
+outl 0xc006 0x3aff9090
+outl 0xcf8 0x8000100e
+outl 0xcfc 0x41005e1e
+write 0x3b00002 0x1 0x5e
+write 0x3b00004 0x1 0x5e
+write 0x3aff5e6 0x1 0x11
+write 0x3aff5eb 0x1 0xc6
+write 0x3aff5ec 0x1 0xc6
+write 0x7 0x1 0xff
+write 0x8 0x1 0xfb
+write 0xc 0x1 0x11
+write 0xe 0x1 0x5e
+write 0x5e8 0x1 0x11
+write 0x5ec 0x1 0xc6
+outl 0x410e 0x10e
+EOF
+
+
+qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
+==789== ERROR: libFuzzer: deadly signal
+    #8  in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
+    #9  in address_space_unmap /exec.c:3623:9
+    #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
+    #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
+    #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
+    #13 in virtqueue_push /hw/virtio/virtio.c:917:5
+    #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
+    #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
+    #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
+    #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
+    #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
+    #19 in aio_dispatch_handler /util/aio-posix.c:328:9
+    #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
+    #21 in aio_dispatch /util/aio-posix.c:381:5
+    #22 in aio_ctx_dispatch /util/async.c:306:5
+    #23 in g_main_context_dispatch
+
+
+With -trace virtio\*
+
+...
+[S +0.099667] OK
+[R +0.099681] write 0x5ec 0x1 0xc6
+OK
+[S +0.099690] OK
+[R +0.099700] outl 0x410e 0x10e
+29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
+29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
+OK
+[S +0.099833] OK
+29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
+29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
+29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
+qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
+
+
+-Alex
+
+Hi Stefan,
+This looks an awful lot like the one you looked at here:
+https://<email address hidden>/msg705719.html
+though this one is for virtio-pci, while that one was for virtio-mmio:
+
+They are probably the same issue, but the original reproducer no longer
+causes an asserion failure for me, so maybe there was already a fix..
+-Alex
+
+On 200805 0116, Alexander Bulekov wrote:
+> Public bug reported:
+> 
+> Hello,
+> Reproducer:
+> cat << EOF | ./i386-softmmu/qemu-system-i386 \
+> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
+> -device virtio-blk,drive=mydrive \
+> -nodefaults -nographic -qtest stdio
+> outl 0xcf8 0x80001010
+> outl 0xcfc 0xc001
+> outl 0xcf8 0x80001014
+> outl 0xcf8 0x80001004
+> outw 0xcfc 0x7
+> outl 0xc006 0x3aff9090
+> outl 0xcf8 0x8000100e
+> outl 0xcfc 0x41005e1e
+> write 0x3b00002 0x1 0x5e
+> write 0x3b00004 0x1 0x5e
+> write 0x3aff5e6 0x1 0x11
+> write 0x3aff5eb 0x1 0xc6
+> write 0x3aff5ec 0x1 0xc6
+> write 0x7 0x1 0xff
+> write 0x8 0x1 0xfb
+> write 0xc 0x1 0x11
+> write 0xe 0x1 0x5e
+> write 0x5e8 0x1 0x11
+> write 0x5ec 0x1 0xc6
+> outl 0x410e 0x10e
+> EOF
+> 
+> 
+> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
+> ==789== ERROR: libFuzzer: deadly signal
+>     #8  in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
+>     #9  in address_space_unmap /exec.c:3623:9
+>     #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
+>     #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
+>     #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
+>     #13 in virtqueue_push /hw/virtio/virtio.c:917:5
+>     #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
+>     #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
+>     #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
+>     #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
+>     #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
+>     #19 in aio_dispatch_handler /util/aio-posix.c:328:9
+>     #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
+>     #21 in aio_dispatch /util/aio-posix.c:381:5
+>     #22 in aio_ctx_dispatch /util/async.c:306:5
+>     #23 in g_main_context_dispatch
+> 
+> 
+> With -trace virtio\*
+> 
+> ...
+> [S +0.099667] OK
+> [R +0.099681] write 0x5ec 0x1 0xc6
+> OK
+> [S +0.099690] OK
+> [R +0.099700] outl 0x410e 0x10e
+> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
+> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
+> OK
+> [S +0.099833] OK
+> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
+> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
+> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
+> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
+> 
+> 
+> -Alex
+> 
+> ** Affects: qemu
+>      Importance: Undecided
+>          Status: New
+> 
+> -- 
+> You received this bug notification because you are a member of qemu-
+> devel-ml, which is subscribed to QEMU.
+> https://bugs.launchpad.net/bugs/1890360
+> 
+> Title:
+>   Assertion failure in address_space_unmap through virtio-blk
+> 
+> Status in QEMU:
+>   New
+> 
+> Bug description:
+>   Hello,
+>   Reproducer:
+>   cat << EOF | ./i386-softmmu/qemu-system-i386 \
+>   -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
+>   -device virtio-blk,drive=mydrive \
+>   -nodefaults -nographic -qtest stdio
+>   outl 0xcf8 0x80001010
+>   outl 0xcfc 0xc001
+>   outl 0xcf8 0x80001014
+>   outl 0xcf8 0x80001004
+>   outw 0xcfc 0x7
+>   outl 0xc006 0x3aff9090
+>   outl 0xcf8 0x8000100e
+>   outl 0xcfc 0x41005e1e
+>   write 0x3b00002 0x1 0x5e
+>   write 0x3b00004 0x1 0x5e
+>   write 0x3aff5e6 0x1 0x11
+>   write 0x3aff5eb 0x1 0xc6
+>   write 0x3aff5ec 0x1 0xc6
+>   write 0x7 0x1 0xff
+>   write 0x8 0x1 0xfb
+>   write 0xc 0x1 0x11
+>   write 0xe 0x1 0x5e
+>   write 0x5e8 0x1 0x11
+>   write 0x5ec 0x1 0xc6
+>   outl 0x410e 0x10e
+>   EOF
+> 
+>   
+>   qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
+>   ==789== ERROR: libFuzzer: deadly signal
+>       #8  in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
+>       #9  in address_space_unmap /exec.c:3623:9
+>       #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
+>       #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
+>       #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
+>       #13 in virtqueue_push /hw/virtio/virtio.c:917:5
+>       #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
+>       #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
+>       #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
+>       #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
+>       #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
+>       #19 in aio_dispatch_handler /util/aio-posix.c:328:9
+>       #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
+>       #21 in aio_dispatch /util/aio-posix.c:381:5
+>       #22 in aio_ctx_dispatch /util/async.c:306:5
+>       #23 in g_main_context_dispatch
+> 
+>   
+>   With -trace virtio\*
+> 
+>   ...
+>   [S +0.099667] OK
+>   [R +0.099681] write 0x5ec 0x1 0xc6
+>   OK
+>   [S +0.099690] OK
+>   [R +0.099700] outl 0x410e 0x10e
+>   29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
+>   29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
+>   OK
+>   [S +0.099833] OK
+>   29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
+>   29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
+>   29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
+>   qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
+> 
+>   
+>   -Alex
+> 
+> To manage notifications about this bug go to:
+> https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
+> 
+
+
+Fix:
+
+commit 7bd04a041addcdef6a03e6498aafaea55ca6e88b
+Author: Stefan Hajnoczi <email address hidden>
+Date:   Thu Sep 17 10:44:54 2020 +0100
+
+    virtio-blk: undo destructive iov_discard_*() operations
+
+Released with QEMU v5.2.0.
+