Abort in vmxnet3_validate_queues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Thomas Huth |
Bug Description
Hello,
Reproducer:
cat << EOF | ./i386-
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001004
outw 0xcfc 0x7
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
write 0x3e 0x1 0xe1
writeq 0xe0001020 0xef0bff5ecafe0000
EOF
=======
qemu: hardware error: Bad TX queues number: 225
#6 0x7f04b89d455a in abort /build/
#7 0x558f5be89b67 in hw_error /home/alxndr/
#8 0x558f5d3c3968 in vmxnet3_
#9 0x558f5d3bb716 in vmxnet3_
#10 0x558f5d3b6fba in vmxnet3_
#11 0x558f5d3b410f in vmxnet3_
#12 0x558f5bec4193 in memory_
#13 0x558f5bec3637 in access_
#14 0x558f5bec1256 in memory_
-Alex
Changed in qemu: | |
status: | Fix Committed → Fix Released |
Cc'ing Dmitry as he doesn't have lauchpad account :/
On 8/3/20 4:37 PM, Alexander Bulekov wrote: softmmu/ qemu-system- i386 \
> Public bug reported:
>
> Hello,
> Reproducer:
>
> cat << EOF | ./i386-
> -device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
> outl 0xcf8 0x80001014
> outl 0xcfc 0xe0001000
> outl 0xcf8 0x80001018
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> write 0x0 0x1 0xe1
> write 0x1 0x1 0xfe
> write 0x2 0x1 0xbe
> write 0x3 0x1 0xba
> write 0x3e 0x1 0xe1
struct Vmxnet3_MiscConf {
struct Vmxnet3_DriverInfo driverInfo;
__le64 uptFeatures;
__le64 ddPA; /* driver data PA */
__le64 queueDescPA; /* queue descriptor table PA */
__le32 ddLen; /* driver data len */
__le32 queueDescLen; /* queue desc. table len in bytes */
__le32 mtu;
__le16 maxNumRxSG;
u8 numTxQueues;
^^^
\_________ @0x3e = 0xe1 = 225 queues (max is 8).
u8 numRxQueues;
__le32 reserved[4];
> writeq 0xe0001020 0xef0bff5ecafe0000 ======= ======= ======= ======= ======= ======= ======= ====== glibc-GwnBeO/ glibc-2. 30/stdlib/ abort.c: 79:7 Development/ qemu/general- fuzz/softmmu/ cpus.c: 927:5 validate_ queues /home/alxndr/ Development/ qemu/general- fuzz/hw/ net/vmxnet3. c:1388: 9 activate_ device /home/alxndr/ Development/ qemu/general- fuzz/hw/ net/vmxnet3. c:1449: 5 handle_ command /home/alxndr/ Development/ qemu/general- fuzz/hw/ net/vmxnet3. c:1576: 9 io_bar1_ write /home/alxndr/ Development/ qemu/general- fuzz/hw/ net/vmxnet3. c:1772: 9 region_ write_accessor /home/alxndr/ Development/ qemu/general- fuzz/softmmu/ memory. c:483:5 with_adjusted_ size /home/alxndr/ Development/ qemu/general- fuzz/softmmu/ memory. c:544:18 region_ dispatch_ write /home/alxndr/ Development/ qemu/general- fuzz/softmmu/ memory. c:1466: 16
> EOF
>
> =======
> qemu: hardware error: Bad TX queues number: 225
>
> #6 0x7f04b89d455a in abort /build/
> #7 0x558f5be89b67 in hw_error /home/alxndr/
> #8 0x558f5d3c3968 in vmxnet3_
> #9 0x558f5d3bb716 in vmxnet3_
> #10 0x558f5d3b6fba in vmxnet3_
> #11 0x558f5d3b410f in vmxnet3_
> #12 0x558f5bec4193 in memory_
> #13 0x558f5bec3637 in access_
> #14 0x558f5bec1256 in memory_
>
> -Alex
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
>