Assertion Failure in virtio_net

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* Assertion Failure in virtio_net_reset
@ 2020-05-11  2:59 Alexander Bulekov
  2020-05-11  4:05 ` Jason Wang
  0 siblings, 1 reply; 2+ messages in thread
From: Alexander Bulekov @ 2020-05-11  2:59 UTC (permalink / raw)
  To: qemu-devel; +Cc: jasowang, Stefan Hajnoczi, mst

Hello,
While fuzzing, I found an input that triggers an assertion failure in
virtio-net.c:

hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion `!virtio_net_get_subqueue(nc)->async_tx.elem' failed.

#9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13
#10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9
#11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9
#12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5
#13 0x55a341db3e02 in virtio_pci_common_write hw/virtio/virtio-pci.c:1252:13
#14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5
#15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18
#16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16

I can reproduce it in a qemu 5.0 build using:
cat << EOF | qemu-system-i386 -M pc-q35-5.0 -netdev user,id=qtest-bn0 -device virtio-net-pci,netdev=qtest-bn0 -display none -nodefaults -nographic -qtest stdio
outl 0xcf8 0x80000820
outl 0xcfc 0xe0004000
outl 0xcf8 0x80000824
outl 0xcfc 0xc021
outl 0xcf8 0x80000804
outw 0xcfc 0x7
outl 0xcf8 0x8000089a
write 0xc021e0004016 0x16 0x0100000000ff4f000100cd003d00000000000000f600
write 0x3d00d8 0xae 0x0100007a000a00000000000d00840100007a000a00000000000f00840100007a000a00000000001100840100007a000a00000000001300840100007a000a00000000001500840100007a000a00000000001700840100007a000a00000000001900840100007a000a00000000001b00840100007a000a00000000001d00840100007a000a00000000001f00840100007a000a00000000002100840100007a000a00000000002300840100007a000a
write 0xf60002 0x7 0x0a00000000000b
write 0xc021e0004014 0x9 0x95a4b3c2d1e0effe0d
write 0xc021e0004014 0x2a3 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EOF

I also uploaded the above trace, in case the formatting is broken:

curl https://paste.debian.net/plain/1146086 | qemu-system-i386 -M pc-q35-5.0 -netdev user,id=qtest-bn0 -device virtio-net-pci,netdev=qtest-bn0 -display none -nodefaults -nographic -qtest stdio

Please let me know if I can provide any further info.
-Alex


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Assertion Failure in virtio_net_reset
  2020-05-11  2:59 Assertion Failure in virtio_net_reset Alexander Bulekov
@ 2020-05-11  4:05 ` Jason Wang
  0 siblings, 0 replies; 2+ messages in thread
From: Jason Wang @ 2020-05-11  4:05 UTC (permalink / raw)
  To: Alexander Bulekov, qemu-devel; +Cc: Stefan Hajnoczi, mst


On 2020/5/11 上午10:59, Alexander Bulekov wrote:
> Hello,
> While fuzzing, I found an input that triggers an assertion failure in
> virtio-net.c:
>
> hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion `!virtio_net_get_subqueue(nc)->async_tx.elem' failed.
>
> #9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13
> #10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9
> #11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9
> #12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5
> #13 0x55a341db3e02 in virtio_pci_common_write hw/virtio/virtio-pci.c:1252:13
> #14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5
> #15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18
> #16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16
>
> I can reproduce it in a qemu 5.0 build using:
> cat << EOF | qemu-system-i386 -M pc-q35-5.0 -netdev user,id=qtest-bn0 -device virtio-net-pci,netdev=qtest-bn0 -display none -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80000820
> outl 0xcfc 0xe0004000
> outl 0xcf8 0x80000824
> outl 0xcfc 0xc021
> outl 0xcf8 0x80000804
> outw 0xcfc 0x7
> outl 0xcf8 0x8000089a
> write 0xc021e0004016 0x16 0x0100000000ff4f000100cd003d00000000000000f600
> write 0x3d00d8 0xae 0x0100007a000a00000000000d00840100007a000a00000000000f00840100007a000a00000000001100840100007a000a00000000001300840100007a000a00000000001500840100007a000a00000000001700840100007a000a00000000001900840100007a000a00000000001b00840100007a000a00000000001d00840100007a000a00000000001f00840100007a000a00000000002100840100007a000a00000000002300840100007a000a
> write 0xf60002 0x7 0x0a00000000000b
> write 0xc021e0004014 0x9 0x95a4b3c2d1e0effe0d
> write 0xc021e0004014 0x2a3 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> EOF
>
> I also uploaded the above trace, in case the formatting is broken:
>
> curl https://paste.debian.net/plain/1146086 | qemu-system-i386 -M pc-q35-5.0 -netdev user,id=qtest-bn0 -device virtio-net-pci,netdev=qtest-bn0 -display none -nodefaults -nographic -qtest stdio
>
> Please let me know if I can provide any further info.
> -Alex


I post a patch which seems to fix this issue.

Please have a look and try.

Thanks


>



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-05-11  4:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-11  2:59 Assertion Failure in virtio_net_reset Alexander Bulekov
2020-05-11  4:05 ` Jason Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).