--[ Original Fuzzing output ./build/qemu-fuzz-i386 --fuzz-target=generic-fuzz-virtio-vga ../fuzz/20201208/crash-da778083c63d2b24d8f7780383b2602a7a156352 qemu-fuzz-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed. ==37260== ERROR: libFuzzer: deadly signal #0 0x56336c2ebc81 in __sanitizer_print_stack_trace (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x305dc81) #1 0x56336c236dd8 in fuzzer::PrintStackTrace() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa8dd8) #2 0x56336c21bf23 in fuzzer::Fuzzer::CrashCallback() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8df23) #3 0x7f3122f7b3bf (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf) #4 0x7f3122d8c18a in __libc_signal_restore_set /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3 #5 0x7f3122d8c18a in raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3 #6 0x7f3122d6b858 in abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:79:7 #7 0x7f3122d6b728 in __assert_fail_base /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:92:3 #8 0x7f3122d7cf35 in __assert_fail /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:101:3 #9 0x56336ec7c8ab in address_space_stw_le_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88:5 #10 0x56336ec7b746 in stw_le_phys_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_phys.h.inc:121:5 #11 0x56336ec7acf8 in virtio_stw_phys_cached /home/qiuhao/hack/qemu/include/hw/virtio/virtio-access.h:196:9 #12 0x56336ec79f7b in vring_set_avail_event /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:429:5 #13 0x56336ec376f5 in virtqueue_split_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1452:9 #14 0x56336ec3131c in virtqueue_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1695:16 #15 0x56336c57fa43 in virtio_gpu_handle_ctrl /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:877:11 #16 0x56336c57f6d9 in virtio_gpu_ctrl_bh /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:898:5 #17 0x563370ad4952 in aio_bh_call /home/qiuhao/hack/qemu/build/../util/async.c:136:5 #18 0x563370ad6352 in aio_bh_poll /home/qiuhao/hack/qemu/build/../util/async.c:164:13 #19 0x563370a2773b in aio_dispatch /home/qiuhao/hack/qemu/build/../util/aio-posix.c:381:5 #20 0x563370adfd5e in aio_ctx_dispatch /home/qiuhao/hack/qemu/build/../util/async.c:306:5 #21 0x7f312319afbc in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51fbc) #22 0x563370942137 in glib_pollfds_poll /home/qiuhao/hack/qemu/build/../util/main-loop.c:221:9 #23 0x56337093fa37 in os_host_main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:244:5 #24 0x56337093f387 in main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:520:11 #25 0x56336c33ec22 in flush_events /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:49:9 #26 0x56336c33311b in generic_fuzz /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:683:17 #27 0x56336c340699 in LLVMFuzzerTestOneInput /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:151:5 #28 0x56336c21d5e1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8f5e1) #29 0x56336c208d52 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f7ad52) #30 0x56336c20e806 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f80806) #31 0x56336c2374c2 in main (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa94c2) #32 0x7f3122d6d0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16 #33 0x56336c1e341d in _start (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f5541d) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal