On 200518 1231, Philippe Mathieu-Daudé wrote: > Trying libFuzzer on the vmport device, we get: > > AddressSanitizer:DEADLYSIGNAL > ================================================================= > ==29476==ERROR: AddressSanitizer: SEGV on unknown address 0x000000008840 > (pc 0x56448bec4d79 bp 0x7ffeec9741b0 sp 0x7ffeec9740e0 T0) > ==29476==The signal is caused by a READ memory access. > #0 0x56448bec4d78 in vmport_ioport_read (qemu-fuzz-i386+0x1260d78) > #1 0x56448bb5f175 in memory_region_read_accessor (qemu-fuzz-i386+0xefb175) > #2 0x56448bb30c13 in access_with_adjusted_size (qemu-fuzz-i386+0xeccc13) > #3 0x56448bb2ea27 in memory_region_dispatch_read1 > (qemu-fuzz-i386+0xecaa27) > #4 0x56448bb2e443 in memory_region_dispatch_read (qemu-fuzz-i386+0xeca443) > #5 0x56448b961ab1 in flatview_read_continue (qemu-fuzz-i386+0xcfdab1) > #6 0x56448b96336d in flatview_read (qemu-fuzz-i386+0xcff36d) > #7 0x56448b962ec4 in address_space_read_full (qemu-fuzz-i386+0xcfeec4) > > X86CPU is NULL because QTest accelerator does not use CPU. > Fix by returning default values when QTest accelerator is used. >
Ah - it was QTest. Thank you for this - I would always run into this crash within a second of fuzzing. -Alex
