Skip to content

Abort in vmxnet3_setup_tx_offloads

Hello,

Reproducer

cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
512M -machine q35 -nodefaults -device vmxnet3,netdev=net0 -netdev \
user,id=net0  -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000814
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
outl 0xcf8 0x80000814
outw 0xcfc 0x4000
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
write 0x3e 0x1 0x01
write 0x28 0x1 0x05
write 0xe0004020 0x4 0x0000feca
write 0x3 0x1 0x00
write 0x9 0x1 0x40
write 0xd 0x1 0x14
write 0xe0000600 0x1 0x00
EOF

Stack-Trace

ERROR:../hw/net/vmxnet3.c:459:vmxnet3_setup_tx_offloads: code should not be reached
Bail out! ERROR:../hw/net/vmxnet3.c:459:vmxnet3_setup_tx_offloads: code should not be reached
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2873602==ERROR: AddressSanitizer: ABRT on unknown address 0x0539002bd902 (pc 0x7f8cb9129438 bp 0x7ffe08e67f50 sp 0x7ffe08e67d28 T0)
#0 0x7f8cb9129438 in raise
#1 0x7f8cb912b039 in abort
#2 0x55a381b50b1f in g_assertion_message /src/glib-2.67.6/glib/gtestutils.c:3052:5
#3 0x55a381b50ba3 in g_assertion_message_expr /src/glib-2.67.6/glib/gtestutils.c:3078:3
#4 0x55a380c7d316 in vmxnet3_setup_tx_offloads /src/qemu/hw/net/vmxnet3.c:459:9
#5 0x55a380c7c630 in vmxnet3_send_packet /src/qemu/hw/net/vmxnet3.c:617:10
#6 0x55a380c7c070 in vmxnet3_process_tx_queue /src/qemu/hw/net/vmxnet3.c:672:17
#7 0x55a380c7ba10 in vmxnet3_io_bar0_write /src/qemu/hw/net/vmxnet3.c:1098:13
#8 0x55a38109b747 in memory_region_write_accessor /src/qemu/softmmu/memory.c:492:5
#9 0x55a38109b5d2 in access_with_adjusted_size /src/qemu/softmmu/memory.c:554:18
#10 0x55a38109ae31 in memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
#11 0x55a381089607 in flatview_write_continue /src/qemu/softmmu/physmem.c:2778:23
#12 0x55a3810842fc in flatview_write /src/qemu/softmmu/physmem.c:2818:14
#13 0x55a381084117 in address_space_write /src/qemu/softmmu/physmem.c:2910:18
#14 0x55a380876767 in __wrap_qtest_writeq /src/qemu/tests/qtest/fuzz/qtest_wrappers.c:187:9
#15 0x55a38087ec76 in op_write /src/qemu/tests/qtest/fuzz/generic_fuzz.c:479:13
#16 0x55a38087d40d in generic_fuzz /src/qemu/tests/qtest/fuzz/generic_fuzz.c:696:17

OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36921

libqtest Reproducer: reproducer.c

Thank you

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information