Assert mr != NULL through megaraid
Hello,
Reproducer
cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
512M -machine q35 -nodefaults -device megasas -device \
scsi-cd,drive=null0 -blockdev \
driver=null-co,read-zeroes=on,node-name=null0 -qtest stdio
outl 0xcf8 0x80000818
outl 0xcfc 0xc000
outl 0xcf8 0x80000804
outw 0xcfc 0x05
write 0x0 0x1 0x01
write 0x7 0x1 0x01
write 0x10 0x1 0x02
write 0x16 0x1 0x01
write 0x28 0x1 0x01
write 0x33 0x1 0x01
outb 0xc040 0x0
outb 0xc040 0x20
outl 0xc040 0x20000000
outb 0xc040 0x20
EOF
Stack-Trace
qemu-fuzz-i386-target-generic-fuzz-megaraid: ../softmmu/physmem.c:3225: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
#0 0x7f69f80a6438 in raise
#1 0x7f69f80a8039 in abort
#2 0x7f69f809ebe6 in libc.so.6
#3 0x7f69f809ec91 in __assert_fail
#4 0x556e2577acb2 in address_space_unmap /src/qemu/softmmu/physmem.c:3225:9
#5 0x556e254861d5 in dma_memory_unmap /src/qemu/include/sysemu/dma.h:226:5
#6 0x556e25486167 in pci_dma_unmap /src/qemu/include/hw/pci/pci.h:879:5
#7 0x556e2548607a in megasas_unmap_frame /src/qemu/hw/scsi/megasas.c:474:9
#8 0x556e25485c85 in megasas_reset_frames /src/qemu/hw/scsi/megasas.c:615:13
#9 0x556e2548843b in megasas_init_firmware /src/qemu/hw/scsi/megasas.c:683:5
#10 0x556e254855ed in megasas_handle_frame /src/qemu/hw/scsi/megasas.c:1962:24
#11 0x556e2548427b in megasas_mmio_write /src/qemu/hw/scsi/megasas.c:2129:9
#12 0x556e2549ed74 in megasas_port_write /src/qemu/hw/scsi/megasas.c:2180:5
#13 0x556e25790747 in memory_region_write_accessor /src/qemu/softmmu/memory.c:492:5
#14 0x556e257905d2 in access_with_adjusted_size /src/qemu/softmmu/memory.c:554:18
#15 0x556e2578fe31 in memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
#16 0x556e2577e607 in flatview_write_continue /src/qemu/softmmu/physmem.c:2778:23
#17 0x556e257792fc in flatview_write /src/qemu/softmmu/physmem.c:2818:14
#18 0x556e25779117 in address_space_write /src/qemu/softmmu/physmem.c:2910:18
#19 0x556e2578636f in cpu_outb /src/qemu/softmmu/ioport.c:60:5
OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36977
libqtest Reproducer: reproducer.c
Thank you