[Bug 1917082] Re: [OSS-Fuzz] Issue 27574 e1000: Loopback-related stack-overflow

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Huth <1917082@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Bug 1917082] Re: [OSS-Fuzz] Issue 27574 e1000: Loopback-related stack-overflow
Date: Thu, 10 Jun 2021 15:25:24 -0000	[thread overview]
Message-ID: <162333872472.6921.12627289921720048736.malone@chaenomeles.canonical.com> (raw)
In-Reply-To: 161436793911.24762.6802305911122378058.malonedeb@gac.canonical.com

Still reproducible with the current qemu version from git (commit
7fe7fae8b48e3f9c647fd685)

** Tags added: net

** Changed in: qemu
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1917082

Title:
  [OSS-Fuzz] Issue 27574 e1000: Loopback-related stack-overflow

Status in QEMU:
  Confirmed

Bug description:
  === Reproducer ===
  cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
  512M -M q35 -nodefaults -device e1000,netdev=net0 -netdev user,id=net0 \
  -qtest /dev/null -qtest stdio
  outl 0xcf8 0x80000813
  outl 0xcfc 0xfe
  outl 0xcf8 0x80000803
  outw 0xcfc 0x0600
  write 0xfe000102 0x1 0x0a
  writel 0xfe000020 0x420ff00
  write 0xfe00280a 0x2 0x0828
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  clock_step
  write 0xfe00281b 0x1 0x08
  write 0xf9b 0x1 0x01
  write 0x2170 0x1 0x14
  write 0x2171 0x1 0x38
  write 0x2173 0x1 0xfe
  write 0xfe000402 0x1 0x02
  write 0xfe00380a 0x2 0x0210
  write 0xfe003818 0x1 0xfa
  EOF

  === Stack-trace ===
  ==288216==ERROR: AddressSanitizer: stack-overflow on address 0x7fff51c96f48 (pc 0x56247061af36 bp 0x7fff51c97790 sp 0x7fff51c96f50 T0)
  #0 0x56247061af36 in __asan_memcpy (/home/alxndr/Development/qemu/build/qemu-system-i386+0x2baff36)
  #1 0x5624718eb70d in flatview_read_continue /home/alxndr/Development/qemu/build/../softmmu/physmem.c:2846:13
  #2 0x5624718ecd1b in flatview_read /home/alxndr/Development/qemu/build/../softmmu/physmem.c:2879:12
  #3 0x5624718ecd1b in address_space_read_full /home/alxndr/Development/qemu/build/../softmmu/physmem.c:2892:18
  #4 0x562470bcb75b in dma_memory_rw_relaxed /home/alxndr/Development/qemu/include/sysemu/dma.h:88:12
  #5 0x562470bcb75b in dma_memory_rw /home/alxndr/Development/qemu/include/sysemu/dma.h:127:12
  #6 0x562470bcb75b in pci_dma_rw /home/alxndr/Development/qemu/include/hw/pci/pci.h:803:12
  #7 0x562470bcb75b in pci_dma_read /home/alxndr/Development/qemu/include/hw/pci/pci.h:821:12
  #8 0x562470bcb75b in e1000_receive_iov /home/alxndr/Development/qemu/build/../hw/net/e1000.c:954:9
  #9 0x562470bca465 in e1000_receive /home/alxndr/Development/qemu/build/../hw/net/e1000.c:1025:12
  #10 0x562470bc9671 in e1000_send_packet /home/alxndr/Development/qemu/build/../hw/net/e1000.c:549:9
  #11 0x562470bc7dd8 in xmit_seg /home/alxndr/Development/qemu/build/../hw/net/e1000.c
  #12 0x562470bc4dfe in process_tx_desc /home/alxndr/Development/qemu/build/../hw/net/e1000.c:701:9
  #13 0x562470bc4dfe in start_xmit /home/alxndr/Development/qemu/build/../hw/net/e1000.c:756:9
  #14 0x562470bc4dfe in set_tctl /home/alxndr/Development/qemu/build/../hw/net/e1000.c:1127:5
  #15 0x5624719ef2f6 in memory_region_write_accessor /home/alxndr/Development/qemu/build/../softmmu/memory.c:491:5
  #16 0x5624719eed63 in access_with_adjusted_size /home/alxndr/Development/qemu/build/../softmmu/memory.c:552:18
  #17 0x5624719ee5c0 in memory_region_dispatch_write /home/alxndr/Development/qemu/build/../softmmu/memory.c
  #18 0x5624718f7776 in flatview_write_continue /home/alxndr/Development/qemu/build/../softmmu/physmem.c:2776:23
  #19 0x5624718ed13b in flatview_write /home/alxndr/Development/qemu/build/../softmmu/physmem.c:2816:14
  #20 0x5624718ed13b in address_space_write /home/alxndr/Development/qemu/build/../softmmu/physmem.c:2908:18
  #21 0x562470bcba6b in dma_memory_rw_relaxed /home/alxndr/Development/qemu/include/sysemu/dma.h:88:12
  #22 0x562470bcba6b in dma_memory_rw /home/alxndr/Development/qemu/include/sysemu/dma.h:127:12
  #23 0x562470bcba6b in pci_dma_rw /home/alxndr/Development/qemu/include/hw/pci/pci.h:803:12
  #24 0x562470bcba6b in pci_dma_write /home/alxndr/Development/qemu/include/hw/pci/pci.h:839:12
  #25 0x562470bcba6b in e1000_receive_iov /home/alxndr/Development/qemu/build/../hw/net/e1000.c:967:21
  #26 0x562470bca465 in e1000_receive /home/alxndr/Development/qemu/build/../hw/net/e1000.c:1025:12
  #27 0x562470bc9671 in e1000_send_packet /home/alxndr/Development/qemu/build/../hw/net/e1000.c:549:9
  ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1917082/+subscriptions

next prev parent reply	other threads:[~2021-06-10 15:35 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-26 19:32 [Bug 1917082] [NEW] [OSS-Fuzz] Issue 27574 e1000: Loopback-related stack-overflow Alexander Bulekov
2021-03-11 18:46 ` [Bug 1917082] " Peter Maydell
2021-06-10 15:25 ` Thomas Huth [this message]
2021-08-21  4:14 ` Alexander Bulekov
2021-08-21  6:29 ` Thomas Huth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=162333872472.6921.12627289921720048736.malone@chaenomeles.canonical.com \
    --to=1917082@bugs.launchpad.net \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.