QEMU

Assertion failure in net_tx_pkt_reset through vmxnet3

Bug #1890157 reported by Alexander Bulekov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

Hello,
Reproducer:

cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xcf8 0x80001083
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writeq 0xe0001020 0xefefff5ecafe0000
writeq 0xe0001020 0xffff5e5ccafe0002
EOF

==============================================================
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:450: void net_tx_pkt_reset(struct NetTxPkt *): Assertion `pkt->raw' failed.

    #9 0x564838761930 in net_tx_pkt_reset /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:450:5
    #10 0x564838881749 in vmxnet3_deactivate_device /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1159:9
    #11 0x56483888cf71 in vmxnet3_reset /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1170:5
    #12 0x564838882124 in vmxnet3_handle_command /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1610:9
    #13 0x56483887f10f in vmxnet3_io_bar1_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1772:9
    #14 0x56483738f193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
    #15 0x56483738e637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
    #16 0x56483738c256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
    #17 0x56483673d4a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23

-Alex

Revision history for this message
Thomas Huth (th-huth) wrote :

This can still be reproduced with the current version of QEMU. Marking as "Confirmed"

Changed in qemu:
status: New → Confirmed
Revision history for this message
Thomas Huth (th-huth) wrote :

Fixed here:
https://gitlab.com/qemu-project/qemu/-/commit/283f0a05e24a5e5fab783

Changed in qemu:
status: Confirmed → Fix Committed
Thomas Huth (th-huth)
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.