Assertion failure in e1000e_write_to_rx_buffers
This was originally reported at: https://bugs.launchpad.net/qemu/+bug/1878651
Hello,
Reproducer
cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest -m \
512M -machine q35 -nodefaults -device e1000e,netdev=net0 -netdev \
user,id=net0 -qtest stdio
outl 0xcf8 0x80000811
outl 0xcfc 0xc600
outl 0xcf8 0x80000813
outl 0xcfc 0x9d
outl 0xcf8 0x80000801
outl 0xcfc 0x16000000
write 0x9dc6500a 0x2 0x2080
write 0x9dc6011a 0x2 0x1040
write 0x9dc60120 0x1 0xa0
write 0x9dc60102 0x2 0x4e04
outl 0xcf8 0x80000811
outl 0xcfc 0x5ac600
write 0x5ac6042a 0x2 0x00ff
write 0x5ac60402 0x2 0x0020
write 0x10 0x1 0xff
write 0x11 0x1 0x01
write 0x19 0x1 0xe7
write 0x1b 0x1 0x11
write 0x20b 0x1 0x08
write 0x20d 0x1 0x15
write 0xac7 0x1 0x10
write 0x5ac6043a 0x1 0x10
EOF
Stack-Trace
#0 __GI_raise at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff620f537 in __GI_abort at abort.c:79
#2 0x00007ffff620f40f in __assert_fail_base at assert.c:92
#3 0x00007ffff621e662 in __GI___assert_fail at assert.c:101
#4 0x0000555556e38a51 in e1000e_write_to_rx_buffers at ../hw/net/e1000e_core.c:1416
#5 0x0000555556e2f1c1 in e1000e_write_packet_to_guest at ../hw/net/e1000e_core.c:1574
#6 e1000e_receive_iov at ../hw/net/e1000e_core.c:1701
#7 0x00005555567d5c8e in qemu_deliver_packet_iov at ../net/net.c:762
#8 0x0000555556801286 in qemu_net_queue_deliver_iov at ../net/queue.c:179
#9 0x00005555568011f1 in qemu_net_queue_receive_iov at ../net/queue.c:204
#10 0x00005555567d0cee in qemu_receive_packet_iov at ../net/net.c:703
#11 0x0000555556aed386 in net_tx_pkt_sendv at ../hw/net/net_tx_pkt.c:558
#12 net_tx_pkt_send at ../hw/net/net_tx_pkt.c:635
#13 0x0000555556aedc71 in net_tx_pkt_send_loopback at ../hw/net/net_tx_pkt.c:648
#14 0x0000555556e43c35 in e1000e_tx_pkt_send at ../hw/net/e1000e_core.c:657
#15 e1000e_process_tx_desc at ../hw/net/e1000e_core.c:736
#16 e1000e_start_xmit at ../hw/net/e1000e_core.c:927
#17 0x0000555556e40f3d in e1000e_set_tdt at ../hw/net/e1000e_core.c:2442
#18 0x0000555556e3244e in e1000e_core_write at ../hw/net/e1000e_core.c:3254
#19 0x00005555571f867c in memory_region_write_accessor at ../softmmu/memory.c:492
#20 0x00005555571f83ab in access_with_adjusted_size at ../softmmu/memory.c:554
#21 0x00005555571f804d in memory_region_dispatch_write at ../softmmu/memory.c:1511
#22 0x0000555557243d52 in flatview_write_continue at ../softmmu/physmem.c:2777
#23 0x00005555572400e1 in flatview_write at ../softmmu/physmem.c:2817
#24 address_space_write at ../softmmu/physmem.c:2909
#25 0x000055555739bff3 in qtest_process_command at ../softmmu/qtest.c:670
#26 0x000055555739a83a in qtest_process_inbuf at ../softmmu/qtest.c:813
#27 0x000055555768d9f9 in fd_chr_read at ../chardev/char-fd.c:73
#28 0x00007ffff7884d6f in g_main_context_dispatch at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#29 0x00005555579b1cf5 in glib_pollfds_poll at ../util/main-loop.c:232
#30 os_host_main_loop_wait at ../util/main-loop.c:255
#31 main_loop_wait at ../util/main-loop.c:531
#32 0x0000555557279fb7 in qemu_main_loop at ../softmmu/runstate.c:726
#33 0x00005555567997cb in main at ../softmmu/main.c:50
OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29590
libqtest Reproducer:
Thank you
Edited by Alexander Bulekov