arm_gic: Abort in gic_clear_pending_sgi
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
New
|
Undecided
|
Unassigned |
Bug Description
Reproducer:
cat << EOF | ./qemu-
-machine virt,accel=qtest -qtest stdio
write 0x8000000 0x1 0x02
write 0x8010000 0x1 0x03
write 0x8010004 0x1 0x10
write 0x8000f2f 0x1 0x0
writel 0x8000f00 0x2065559
write 0x8000d56 0x1 0x0
readl 0x801000b
EOF
Stacktrace:
SUMMARY: UndefinedBehavi
../qemu/
0x6290000215c1: note: pointer points here
00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 1c 00 00 80 60 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehavi
[R +0.117623] readl 0x8010015
[R +0.117718] readl 0x801000b
qemu-fuzz-aarch64: ../qemu/
==762== ERROR: libFuzzer: deadly signal
#0 0x563d4e2371f1 in __sanitizer_
#1 0x563d4e182348 in fuzzer:
#2 0x563d4e167493 in fuzzer:
#3 0x7feabe05350f (/lib/x86_
#4 0x7feabde8e080 in __libc_
#5 0x7feabde8e080 in raise /build/
#6 0x7feabde79534 in abort /build/
#7 0x7feabde7940e in __assert_fail_base /build/
#8 0x7feabde86b91 in __assert_fail /build/
#9 0x563d4eba2a3c in gic_clear_
#10 0x563d4eba2a3c in gic_acknowledge_irq /home/alxndr/
#11 0x563d4ebb4ca4 in gic_cpu_read /home/alxndr/
#12 0x563d4ebab538 in gic_thiscpu_read /home/alxndr/
#13 0x563d5029ec2d in memory_
#14 0x563d502705f3 in access_
#15 0x563d5026eb44 in memory_
#16 0x563d5026eb44 in memory_
#17 0x563d5048c5bf in flatview_
#18 0x563d504a9a9b in address_space_read /home/alxndr/
#19 0x563d504a9a9b in qtest_process_
#20 0x563d504a497f in qtest_process_inbuf /home/alxndr/
#21 0x563d504a46d5 in qtest_server_
#22 0x563d50ce5cc8 in qtest_sendf /home/alxndr/
#23 0x563d50ce73a3 in qtest_read /home/alxndr/
#24 0x563d4e264499 in __wrap_qtest_readl /home/alxndr/
#25 0x563d4e26ee5b in op_read /home/alxndr/
#26 0x563d4e26dc46 in generic_fuzz /home/alxndr/
#27 0x563d4e261283 in LLVMFuzzerTestO
#28 0x563d4e168b51 in fuzzer:
#29 0x563d4e1542c2 in fuzzer:
#30 0x563d4e159d76 in fuzzer:
#31 0x563d4e182a32 in main (/home/
#32 0x7feabde7abba in __libc_start_main /build/
#33 0x563d4e12e989 in _start (/home/