Hi, It seems while the minimized producer doesn't fail the assertion now, the original reproducer provided by OSS-Fuzz[1] can still crash the latest QEMU (1758428, Dec 12, built with --enable-sanitizers --enable- fuzzing). Could anyone check if they trigger different bugs?
Tested on: Ubuntu: 20.04.1 5.4.0-58-generic x86_64 clang: 10.0.0-4ubuntu1 glibc: 2.31-0ubuntu9.1 libglib2.0-dev: 2.64.3-1~ubuntu20.04.1 [1] https://bugs.launchpad.net/qemu/+bug/1890333/comments/1 -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1890333 Title: [OSS-Fuzz] Issue 26797: qemu:qemu-fuzz-i386-target-generic-fuzz- virtio-blk: ASSERT: addr < cache->len && 2 <= cache->len - addr Status in QEMU: Fix Released Bug description: Hello, Reproducer: cat << EOF | ./i386-softmmu/qemu-system-i386 \ -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \ -device virtio-blk,drive=mydrive \ -nodefaults -qtest stdio -nographic outl 0xcf8 0x80001001 outl 0xcfc 0x6574c1ff outl 0xcf8 0x8000100e outl 0xcfc 0xefe5e1e outl 0xe86 0x3aff9090 outl 0xe84 0x3aff9090 outl 0xe8e 0xe EOF qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/include/exec/memory_ldst_cached.inc.h:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed. Aborted I can trigger similar assertions with other VIRTIO devices, as-well. I reported this at some point in Message-ID: <20200511033001.dzvtbdhl3oz5p...@mozz.bu.edu> but never created a Launchpad issue... -Alex To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1890333/+subscriptions
