Public bug reported: When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec 12, built with --enable-sanitizers --enable-fuzzing), an assertion failed in include/exec/memory_ldst_cached.h.inc.
--[ Reproducer cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \ -machine q35 -display none -nodefaults -device virtio-vga -qtest stdio outl 0xcf8 0x8000081c outb 0xcfc 0xc3 outl 0xcf8 0x80000804 outb 0xcfc 0x06 write 0xc300001024 0x2 0x0040 write 0xc300001028 0x1 0x5a write 0xc30000101c 0x1 0x01 writel 0xc30000100c 0x20000000 write 0xc300001016 0x3 0x80a080 write 0xc300003002 0x1 0x80 write 0x5c 0x1 0x10 EOF --[ Output ==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! [I 1607946348.442865] OPENED [R +0.059305] outl 0xcf8 0x8000081c OK [S +0.059326] OK [R +0.059338] outb 0xcfc 0xc3 OK [S +0.059355] OK [R +0.059363] outl 0xcf8 0x80000804 OK [S +0.059369] OK [R +0.059381] outb 0xcfc 0x06 OK [S +0.061094] OK [R +0.061107] write 0xc300001024 0x2 0x0040 OK [S +0.061120] OK [R +0.061127] write 0xc300001028 0x1 0x5a OK [S +0.061135] OK [R +0.061142] write 0xc30000101c 0x1 0x01 OK [S +0.061158] OK [R +0.061167] writel 0xc30000100c 0x20000000 OK [S +0.061212] OK [R +0.061222] write 0xc300001016 0x3 0x80a080 OK [S +0.061231] OK [R +0.061238] write 0xc300003002 0x1 0x80 OK [S +0.061247] OK [R +0.061253] write 0x5c 0x1 0x10 OK [S +0.061403] OK qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed. --[ Environment Ubuntu 20.04.1 5.4.0-58-generic x86_64 clang: 10.0.0-4ubuntu1 glibc: 2.31-0ubuntu9.1 libglib2.0-dev: 2.64.3-1~ubuntu20.04.1 --[ Note Alexander Bulekov found the same assertion failure on 2020-08-04, https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1. Fam Zheng found the same assertion failure on 2018-09-29, https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in commit db812c4073c77c8a64db8d6663b3416a587c7b4a. ** Affects: qemu Importance: Undecided Status: New -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1908062 Title: qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again Status in QEMU: New Bug description: When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec 12, built with --enable-sanitizers --enable-fuzzing), an assertion failed in include/exec/memory_ldst_cached.h.inc. --[ Reproducer cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \ -machine q35 -display none -nodefaults -device virtio-vga -qtest stdio outl 0xcf8 0x8000081c outb 0xcfc 0xc3 outl 0xcf8 0x80000804 outb 0xcfc 0x06 write 0xc300001024 0x2 0x0040 write 0xc300001028 0x1 0x5a write 0xc30000101c 0x1 0x01 writel 0xc30000100c 0x20000000 write 0xc300001016 0x3 0x80a080 write 0xc300003002 0x1 0x80 write 0x5c 0x1 0x10 EOF --[ Output ==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! [I 1607946348.442865] OPENED [R +0.059305] outl 0xcf8 0x8000081c OK [S +0.059326] OK [R +0.059338] outb 0xcfc 0xc3 OK [S +0.059355] OK [R +0.059363] outl 0xcf8 0x80000804 OK [S +0.059369] OK [R +0.059381] outb 0xcfc 0x06 OK [S +0.061094] OK [R +0.061107] write 0xc300001024 0x2 0x0040 OK [S +0.061120] OK [R +0.061127] write 0xc300001028 0x1 0x5a OK [S +0.061135] OK [R +0.061142] write 0xc30000101c 0x1 0x01 OK [S +0.061158] OK [R +0.061167] writel 0xc30000100c 0x20000000 OK [S +0.061212] OK [R +0.061222] write 0xc300001016 0x3 0x80a080 OK [S +0.061231] OK [R +0.061238] write 0xc300003002 0x1 0x80 OK [S +0.061247] OK [R +0.061253] write 0x5c 0x1 0x10 OK [S +0.061403] OK qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed. --[ Environment Ubuntu 20.04.1 5.4.0-58-generic x86_64 clang: 10.0.0-4ubuntu1 glibc: 2.31-0ubuntu9.1 libglib2.0-dev: 2.64.3-1~ubuntu20.04.1 --[ Note Alexander Bulekov found the same assertion failure on 2020-08-04, https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1. Fam Zheng found the same assertion failure on 2018-09-29, https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in commit db812c4073c77c8a64db8d6663b3416a587c7b4a. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1908062/+subscriptions
