Comment 1 for bug 1890360

Hi Stefan,
This looks an awful lot like the one you looked at here:
https://<email address hidden>/msg705719.html
though this one is for virtio-pci, while that one was for virtio-mmio:

They are probably the same issue, but the original reproducer no longer
causes an asserion failure for me, so maybe there was already a fix..
-Alex

On 200805 0116, Alexander Bulekov wrote:
> Public bug reported:
>
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -device virtio-blk,drive=mydrive \
> -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80001010
> outl 0xcfc 0xc001
> outl 0xcf8 0x80001014
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> outl 0xc006 0x3aff9090
> outl 0xcf8 0x8000100e
> outl 0xcfc 0x41005e1e
> write 0x3b00002 0x1 0x5e
> write 0x3b00004 0x1 0x5e
> write 0x3aff5e6 0x1 0x11
> write 0x3aff5eb 0x1 0xc6
> write 0x3aff5ec 0x1 0xc6
> write 0x7 0x1 0xff
> write 0x8 0x1 0xfb
> write 0xc 0x1 0x11
> write 0xe 0x1 0x5e
> write 0x5e8 0x1 0x11
> write 0x5ec 0x1 0xc6
> outl 0x410e 0x10e
> EOF
>
>
> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
> ==789== ERROR: libFuzzer: deadly signal
> #8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
> #9 in address_space_unmap /exec.c:3623:9
> #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
> #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
> #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
> #13 in virtqueue_push /hw/virtio/virtio.c:917:5
> #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
> #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
> #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
> #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
> #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
> #19 in aio_dispatch_handler /util/aio-posix.c:328:9
> #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
> #21 in aio_dispatch /util/aio-posix.c:381:5
> #22 in aio_ctx_dispatch /util/async.c:306:5
> #23 in g_main_context_dispatch
>
>
> With -trace virtio\*
>
> ...
> [S +0.099667] OK
> [R +0.099681] write 0x5ec 0x1 0xc6
> OK
> [S +0.099690] OK
> [R +0.099700] outl 0x410e 0x10e
> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
> OK
> [S +0.099833] OK
> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
>
>
> -Alex
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1890360
>
> Title:
> Assertion failure in address_space_unmap through virtio-blk
>
> Status in QEMU:
> New
>
> Bug description:
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -device virtio-blk,drive=mydrive \
> -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80001010
> outl 0xcfc 0xc001
> outl 0xcf8 0x80001014
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> outl 0xc006 0x3aff9090
> outl 0xcf8 0x8000100e
> outl 0xcfc 0x41005e1e
> write 0x3b00002 0x1 0x5e
> write 0x3b00004 0x1 0x5e
> write 0x3aff5e6 0x1 0x11
> write 0x3aff5eb 0x1 0xc6
> write 0x3aff5ec 0x1 0xc6
> write 0x7 0x1 0xff
> write 0x8 0x1 0xfb
> write 0xc 0x1 0x11
> write 0xe 0x1 0x5e
> write 0x5e8 0x1 0x11
> write 0x5ec 0x1 0xc6
> outl 0x410e 0x10e
> EOF
>
>
> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
> ==789== ERROR: libFuzzer: deadly signal
> #8 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
> #9 in address_space_unmap /exec.c:3623:9
> #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
> #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
> #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
> #13 in virtqueue_push /hw/virtio/virtio.c:917:5
> #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
> #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
> #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
> #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
> #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
> #19 in aio_dispatch_handler /util/aio-posix.c:328:9
> #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
> #21 in aio_dispatch /util/aio-posix.c:381:5
> #22 in aio_ctx_dispatch /util/async.c:306:5
> #23 in g_main_context_dispatch
>
>
> With -trace virtio\*
>
> ...
> [S +0.099667] OK
> [R +0.099681] write 0x5ec 0x1 0xc6
> OK
> [S +0.099690] OK
> [R +0.099700] outl 0x410e 0x10e
> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
> OK
> [S +0.099833] OK
> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 0x7f9b93fc9800
> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 0x611000043e80 sector 0 nsectors 0
> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 0x611000043e80 status 1
> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
>
>
> -Alex
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
>