summary refs log tree commit diff stats
path: root/results/classifier/118/KVM/1883732
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-06-16 16:59:00 +0000
committerChristian Krinitsin <mail@krinitsin.com>2025-06-16 16:59:33 +0000
commit9aba81d8eb048db908c94a3c40c25a5fde0caee6 (patch)
treeb765e7fb5e9a3c2143c68b0414e0055adb70e785 /results/classifier/118/KVM/1883732
parentb89a938452613061c0f1f23e710281cf5c83cb29 (diff)
downloademulator-bug-study-9aba81d8eb048db908c94a3c40c25a5fde0caee6.tar.gz
emulator-bug-study-9aba81d8eb048db908c94a3c40c25a5fde0caee6.zip
add 18th iteration of classifier
Diffstat (limited to 'results/classifier/118/KVM/1883732')
-rw-r--r--results/classifier/118/KVM/1883732151


1 files changed, 151 insertions, 0 deletions
diff --git a/results/classifier/118/KVM/1883732 b/results/classifier/118/KVM/1883732
new file mode 100644
index 00000000..90a16a76
--- /dev/null
+++ b/results/classifier/118/KVM/1883732
@@ -0,0 +1,151 @@
+KVM: 0.941
+hypervisor: 0.939
+TCG: 0.926
+ppc: 0.902
+register: 0.899
+peripherals: 0.883
+risc-v: 0.876
+x86: 0.871
+performance: 0.857
+vnc: 0.845
+i386: 0.843
+permissions: 0.841
+user-level: 0.828
+VMM: 0.816
+device: 0.812
+virtual: 0.800
+debug: 0.772
+PID: 0.763
+files: 0.762
+graphic: 0.751
+boot: 0.739
+mistranslation: 0.730
+network: 0.726
+arm: 0.719
+architecture: 0.714
+socket: 0.712
+semantic: 0.667
+kernel: 0.662
+assembly: 0.609
+
+xhci_kick_epctx: Assertion `ring->dequeue != 0' failed.
+
+To reproduce run the QEMU with the following command line:
+```
+qemu-system-x86_64 -cdrom hypertrash_os_bios_crash.iso -nographic -m 100 -enable-kvm -device virtio-gpu-pci -device nec-usb-xhci -device usb-audio
+```
+
+QEMU Version:
+```
+# qemu-5.0.0
+$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
+$ x86_64-softmmu/qemu-system-x86_64 --version
+QEMU emulator version 5.0.0
+Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
+```
+
+
+
+Here's a QTest reproducer:
+
+cat << EOF | ./i386-softmmu/qemu-system-i386 \
+-device nec-usb-xhci -trace usb\* \
+-device usb-audio -device usb-storage,drive=mydrive \
+-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
+-nodefaults -nographic -qtest stdio
+outl 0xcf8 0x80001014
+outl 0xcfc 0xff000a8e
+outl 0xcf8 0x80001004
+outl 0xcfc 0x1c77695e
+writel 0xff000a8e00000040 0x1d00d815
+write 0x1d 0x1 0x5c
+write 0x2d 0x1 0x27
+write 0x3d 0x1 0x2e
+write 0xd 0x1 0x60
+write 0x17232 0x1 0x03
+write 0x17254 0x1 0x05
+write 0x4d 0x1 0x5c
+write 0x5d 0x1 0x27
+write 0x60 0x1 0x2e
+write 0x61 0x1 0x72
+write 0x62 0x1 0x01
+write 0x6d 0x1 0x2e
+write 0x6f 0x1 0x01
+writel 0xff000a8e00002000 0x0
+writeq 0xff000a8e00002000 0x514ef0100000009
+EOF
+
+The trace:
+[R +0.031152] writel 0xff000a8e00000040 0x1d00d815
+26994@1597124755.565242:usb_xhci_oper_write off 0x0000, val 0x1d00d815
+26994@1597124755.565247:usb_xhci_run
+26994@1597124755.565252:usb_xhci_irq_intx level 0
+OK
+[S +0.031173] OK
+[R +0.031179] write 0x1d 0x1 0x5c
+OK
+[S +0.031190] OK
+[R +0.031195] write 0x2d 0x1 0x27
+OK
+[S +0.031198] OK
+[R +0.031203] write 0x3d 0x1 0x2e
+OK
+[S +0.031207] OK
+[R +0.031211] write 0xd 0x1 0x60
+OK
+[S +0.031214] OK
+[R +0.031219] write 0x17232 0x1 0x03
+OK
+[S +0.031224] OK
+[R +0.031228] write 0x17254 0x1 0x05
+OK
+[S +0.031231] OK
+[R +0.031236] write 0x4d 0x1 0x5c
+OK
+[S +0.031239] OK
+[R +0.031244] write 0x5d 0x1 0x27
+OK
+[S +0.031247] OK
+[R +0.031251] write 0x60 0x1 0x2e
+OK
+[S +0.031254] OK
+[R +0.031259] write 0x61 0x1 0x72
+OK
+[S +0.031262] OK
+[R +0.031267] write 0x62 0x1 0x01
+OK
+[S +0.031270] OK
+[R +0.031275] write 0x6d 0x1 0x2e
+OK
+[S +0.031278] OK
+[R +0.031282] write 0x6f 0x1 0x01
+OK
+[S +0.031286] OK
+[R +0.031290] writel 0xff000a8e00002000 0x0
+26994@1597124755.565377:usb_xhci_doorbell_write off 0x0000, val 0x00000000
+26994@1597124755.565384:usb_xhci_fetch_trb addr 0x0000000000000000, ???, p 0x0000000000000000, s 0x00000000, c 0x00006000
+26994@1597124755.565390:usb_xhci_unimplemented command (0x18)
+26994@1597124755.565395:usb_xhci_fetch_trb addr 0x0000000000000010, CR_NOOP, p 0x0000000000000000, s 0x00000000, c 0x00005c00
+26994@1597124755.565399:usb_xhci_fetch_trb addr 0x0000000000000020, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
+26994@1597124755.565403:usb_xhci_slot_enable slotid 1
+26994@1597124755.565406:usb_xhci_fetch_trb addr 0x0000000000000030, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002e00
+26994@1597124755.565411:usb_xhci_fetch_trb addr 0x0000000000000040, CR_NOOP, p 0x0000000000000000, s 0x00000000, c 0x00005c00
+26994@1597124755.565416:usb_xhci_fetch_trb addr 0x0000000000000050, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
+26994@1597124755.565421:usb_xhci_slot_enable slotid 2
+26994@1597124755.565423:usb_xhci_fetch_trb addr 0x0000000000000060, CR_ADDRESS_DEVICE, p 0x000000000001722e, s 0x00000000, c 0x01002e00
+26994@1597124755.565431:usb_xhci_slot_address slotid 1, port 1
+26994@1597124755.565436:usb_xhci_ep_enable slotid 1, epid 1
+26994@1597124755.565444:usb_xhci_fetch_trb addr 0x0000000000000070, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000
+OK
+[S +0.031365] OK
+[R +0.031370] writeq 0xff000a8e00002000 0x514ef0100000009
+26994@1597124755.565456:usb_xhci_doorbell_write off 0x0000, val 0x00000009
+26994@1597124755.565459:usb_xhci_doorbell_write off 0x0004, val 0x0514ef01
+26994@1597124755.565462:usb_xhci_ep_kick slotid 1, epid 1, streamid 1300
+qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/hw/usb/hcd-xhci.c:1955: void xhci_kick_epctx(XHCIEPContext *, unsigned int): Assertion `ring->dequeue != 0' failed.
+Aborted
+
+-Alex
+
+ClusterFuzz testcase 5662083651469312 is verified as fixed in https://oss-fuzz.com/revisions?job=libfuzzer_asan_qemu&range=202011160601:202011170627
+