On 2020/5/11 上午10:59, Alexander Bulekov wrote:
Hello, While fuzzing, I found an input that triggers an assertion failure in virtio-net.c: hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion `!virtio_net_get_subqueue(nc)->async_tx.elem' failed. #9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13 #10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9 #11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9 #12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5 #13 0x55a341db3e02 in virtio_pci_common_write hw/virtio/virtio-pci.c:1252:13 #14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5 #15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18 #16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16 I can reproduce it in a qemu 5.0 build using: cat << EOF | qemu-system-i386 -M pc-q35-5.0 -netdev user,id=qtest-bn0 -device virtio-net-pci,netdev=qtest-bn0 -display none -nodefaults -nographic -qtest stdio outl 0xcf8 0x80000820 outl 0xcfc 0xe0004000 outl 0xcf8 0x80000824 outl 0xcfc 0xc021 outl 0xcf8 0x80000804 outw 0xcfc 0x7 outl 0xcf8 0x8000089a write 0xc021e0004016 0x16 0x0100000000ff4f000100cd003d00000000000000f600 write 0x3d00d8 0xae 0x0100007a000a00000000000d00840100007a000a00000000000f00840100007a000a00000000001100840100007a000a00000000001300840100007a000a00000000001500840100007a000a00000000001700840100007a000a00000000001900840100007a000a00000000001b00840100007a000a00000000001d00840100007a000a00000000001f00840100007a000a00000000002100840100007a000a00000000002300840100007a000a write 0xf60002 0x7 0x0a00000000000b write 0xc021e0004014 0x9 0x95a4b3c2d1e0effe0d write 0xc021e0004014 0x2a3 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 EOF I also uploaded the above trace, in case the formatting is broken: curl https://paste.debian.net/plain/1146086 | qemu-system-i386 -M pc-q35-5.0 -netdev user,id=qtest-bn0 -device virtio-net-pci,netdev=qtest-bn0 -display none -nodefaults -nographic -qtest stdio Please let me know if I can provide any further info. -Alex
I post a patch which seems to fix this issue. Please have a look and try. Thanks
