qemu-fuzz-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
==37260== ERROR: libFuzzer: deadly signal
#0 0x56336c2ebc81 in __sanitizer_print_stack_trace (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x305dc81)
#1 0x56336c236dd8 in fuzzer::PrintStackTrace() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa8dd8)
#2 0x56336c21bf23 in fuzzer::Fuzzer::CrashCallback() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8df23)
#3 0x7f3122f7b3bf (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
#4 0x7f3122d8c18a in __libc_signal_restore_set /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7f3122d8c18a in raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7f3122d6b858 in abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:79:7
#7 0x7f3122d6b728 in __assert_fail_base /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:92:3
#8 0x7f3122d7cf35 in __assert_fail /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:101:3
#9 0x56336ec7c8ab in address_space_stw_le_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88:5
#10 0x56336ec7b746 in stw_le_phys_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_phys.h.inc:121:5
#11 0x56336ec7acf8 in virtio_stw_phys_cached /home/qiuhao/hack/qemu/include/hw/virtio/virtio-access.h:196:9
#12 0x56336ec79f7b in vring_set_avail_event /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:429:5
#13 0x56336ec376f5 in virtqueue_split_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1452:9
#14 0x56336ec3131c in virtqueue_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1695:16
#15 0x56336c57fa43 in virtio_gpu_handle_ctrl /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:877:11
#16 0x56336c57f6d9 in virtio_gpu_ctrl_bh /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:898:5
#17 0x563370ad4952 in aio_bh_call /home/qiuhao/hack/qemu/build/../util/async.c:136:5
#18 0x563370ad6352 in aio_bh_poll /home/qiuhao/hack/qemu/build/../util/async.c:164:13
#19 0x563370a2773b in aio_dispatch /home/qiuhao/hack/qemu/build/../util/aio-posix.c:381:5
#20 0x563370adfd5e in aio_ctx_dispatch /home/qiuhao/hack/qemu/build/../util/async.c:306:5
#21 0x7f312319afbc in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51fbc)
#22 0x563370942137 in glib_pollfds_poll /home/qiuhao/hack/qemu/build/../util/main-loop.c:221:9
#23 0x56337093fa37 in os_host_main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:244:5
#24 0x56337093f387 in main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:520:11
#25 0x56336c33ec22 in flush_events /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:49:9
#26 0x56336c33311b in generic_fuzz /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:683:17
#27 0x56336c340699 in LLVMFuzzerTestOneInput /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:151:5
#28 0x56336c21d5e1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8f5e1)
#29 0x56336c208d52 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f7ad52)
#30 0x56336c20e806 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f80806)
#31 0x56336c2374c2 in main (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa94c2)
#32 0x7f3122d6d0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
#33 0x56336c1e341d in _start (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f5541d)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
--[ Original Fuzzing output
./build/ qemu-fuzz- i386 --fuzz- target= generic- fuzz-virtio- vga ../fuzz/ 20201208/ crash-da778083c 63d2b24d8f77803 83b2602a7a15635 2
qemu-fuzz-i386: /home/qiuhao/ hack/qemu/ include/ exec/memory_ ldst_cached. h.inc:88: void address_ space_stw_ le_cached( MemoryRegionCac he *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed. print_stack_ trace (/home/ qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x305dc81) :PrintStackTrac e() (/home/ qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x2fa8dd8) :Fuzzer: :CrashCallback( ) (/home/ qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x2f8df23) 64-linux- gnu/libpthread. so.0+0x153bf) signal_ restore_ set /build/ glibc-ZN95T4/ glibc-2. 31/signal/ ../sysdeps/ unix/sysv/ linux/internal- signals. h:86:3 glibc-ZN95T4/ glibc-2. 31/signal/ ../sysdeps/ unix/sysv/ linux/raise. c:48:3 glibc-ZN95T4/ glibc-2. 31/stdlib/ abort.c: 79:7 glibc-ZN95T4/ glibc-2. 31/assert/ assert. c:92:3 glibc-ZN95T4/ glibc-2. 31/assert/ assert. c:101:3 space_stw_ le_cached /home/qiuhao/ hack/qemu/ include/ exec/memory_ ldst_cached. h.inc:88: 5 hack/qemu/ include/ exec/memory_ ldst_phys. h.inc:121: 5 stw_phys_ cached /home/qiuhao/ hack/qemu/ include/ hw/virtio/ virtio- access. h:196:9 avail_event /home/qiuhao/ hack/qemu/ build/. ./hw/virtio/ virtio. c:429:5 hack/qemu/ build/. ./hw/virtio/ virtio. c:1452: 9 hack/qemu/ build/. ./hw/virtio/ virtio. c:1695: 16 gpu_handle_ ctrl /home/qiuhao/ hack/qemu/ build/. ./hw/display/ virtio- gpu.c:877: 11 hack/qemu/ build/. ./hw/display/ virtio- gpu.c:898: 5 hack/qemu/ build/. ./util/ async.c: 136:5 hack/qemu/ build/. ./util/ async.c: 164:13 hack/qemu/ build/. ./util/ aio-posix. c:381:5 hack/qemu/ build/. ./util/ async.c: 306:5 context_ dispatch (/lib/x86_ 64-linux- gnu/libglib- 2.0.so. 0+0x51fbc) hack/qemu/ build/. ./util/ main-loop. c:221:9 main_loop_ wait /home/qiuhao/ hack/qemu/ build/. ./util/ main-loop. c:244:5 hack/qemu/ build/. ./util/ main-loop. c:520:11 hack/qemu/ build/. ./tests/ qtest/fuzz/ fuzz.c: 49:9 hack/qemu/ build/. ./tests/ qtest/fuzz/ generic_ fuzz.c: 683:17 neInput /home/qiuhao/ hack/qemu/ build/. ./tests/ qtest/fuzz/ fuzz.c: 151:5 :Fuzzer: :ExecuteCallbac k(unsigned char const*, unsigned long) (/home/ qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x2f8f5e1) :RunOneTest( fuzzer: :Fuzzer* , char const*, unsigned long) (/home/ qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x2f7ad52) :FuzzerDriver( int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/ qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x2f80806) qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x2fa94c2) glibc-ZN95T4/ glibc-2. 31/csu/ ../csu/ libc-start. c:308:16 qiuhao/ hack/qemu/ build/qemu- fuzz-i386+ 0x2f5541d)
==37260== ERROR: libFuzzer: deadly signal
#0 0x56336c2ebc81 in __sanitizer_
#1 0x56336c236dd8 in fuzzer:
#2 0x56336c21bf23 in fuzzer:
#3 0x7f3122f7b3bf (/lib/x86_
#4 0x7f3122d8c18a in __libc_
#5 0x7f3122d8c18a in raise /build/
#6 0x7f3122d6b858 in abort /build/
#7 0x7f3122d6b728 in __assert_fail_base /build/
#8 0x7f3122d7cf35 in __assert_fail /build/
#9 0x56336ec7c8ab in address_
#10 0x56336ec7b746 in stw_le_phys_cached /home/qiuhao/
#11 0x56336ec7acf8 in virtio_
#12 0x56336ec79f7b in vring_set_
#13 0x56336ec376f5 in virtqueue_split_pop /home/qiuhao/
#14 0x56336ec3131c in virtqueue_pop /home/qiuhao/
#15 0x56336c57fa43 in virtio_
#16 0x56336c57f6d9 in virtio_gpu_ctrl_bh /home/qiuhao/
#17 0x563370ad4952 in aio_bh_call /home/qiuhao/
#18 0x563370ad6352 in aio_bh_poll /home/qiuhao/
#19 0x563370a2773b in aio_dispatch /home/qiuhao/
#20 0x563370adfd5e in aio_ctx_dispatch /home/qiuhao/
#21 0x7f312319afbc in g_main_
#22 0x563370942137 in glib_pollfds_poll /home/qiuhao/
#23 0x56337093fa37 in os_host_
#24 0x56337093f387 in main_loop_wait /home/qiuhao/
#25 0x56336c33ec22 in flush_events /home/qiuhao/
#26 0x56336c33311b in generic_fuzz /home/qiuhao/
#27 0x56336c340699 in LLVMFuzzerTestO
#28 0x56336c21d5e1 in fuzzer:
#29 0x56336c208d52 in fuzzer:
#30 0x56336c20e806 in fuzzer:
#31 0x56336c2374c2 in main (/home/
#32 0x7f3122d6d0b2 in __libc_start_main /build/
#33 0x56336c1e341d in _start (/home/
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal