1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
Assertion failure in address_space_unmap through virtio-blk
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xc006 0x3aff9090
outl 0xcf8 0x8000100e
outl 0xcfc 0x41005e1e
write 0x3b00002 0x1 0x5e
write 0x3b00004 0x1 0x5e
write 0x3aff5e6 0x1 0x11
write 0x3aff5eb 0x1 0xc6
write 0x3aff5ec 0x1 0xc6
write 0x7 0x1 0xff
write 0x8 0x1 0xfb
write 0xc 0x1 0x11
write 0xe 0x1 0x5e
write 0x5e8 0x1 0x11
write 0x5ec 0x1 0xc6
outl 0x410e 0x10e
EOF
qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
==789== ERROR: libFuzzer: deadly signal
#8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
#9 in address_space_unmap /exec.c:3623:9
#10 in dma_memory_unmap /include/sysemu/dma.h:145:5
#11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
#12 in virtqueue_fill /hw/virtio/virtio.c:843:5
#13 in virtqueue_push /hw/virtio/virtio.c:917:5
#14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
#15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
#16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
#17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
#18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
#19 in aio_dispatch_handler /util/aio-posix.c:328:9
#20 in aio_dispatch_handlers /util/aio-posix.c:371:20
#21 in aio_dispatch /util/aio-posix.c:381:5
#22 in aio_ctx_dispatch /util/async.c:306:5
#23 in g_main_context_dispatch
With -trace virtio\*
...
[S +0.099667] OK
[R +0.099681] write 0x5ec 0x1 0xc6
OK
[S +0.099690] OK
[R +0.099700] outl 0x410e 0x10e
29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
OK
[S +0.099833] OK
29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
-Alex
|