summary refs log tree commit diff stats
path: root/results/classifier/zero-shot-user-mode/output/runtime
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-07-07 17:23:11 +0000
committerChristian Krinitsin <mail@krinitsin.com>2025-07-07 17:23:11 +0000
commitc50b0c4da17b6e83640e4ed2380fffb5f507c846 (patch)
treeb4f203fce1380e2ea3578a784bb8ee060fe42cbd /results/classifier/zero-shot-user-mode/output/runtime
parent61361f925d4914a6608a0076e64cc2399311ed5f (diff)
downloademulator-bug-study-c50b0c4da17b6e83640e4ed2380fffb5f507c846.tar.gz
emulator-bug-study-c50b0c4da17b6e83640e4ed2380fffb5f507c846.zip
add zero-shot results
Diffstat (limited to 'results/classifier/zero-shot-user-mode/output/runtime')
-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/101247


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/108675


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/110244


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/114384


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/124699044


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/126799


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/131910075


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/134676942


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/134678473


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/159439447


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/160544317


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/161792956


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/162302061


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/165020


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/165990115


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/16711363


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/1701821220


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/170197151


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/171516278


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/172773731


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/173538426


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/173673


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/173744499


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/173854537


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/175692724


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/176153542


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/176597067


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/177414982


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/177963441


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/180856323


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/181339847


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/1814128161


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/183235326


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/183655854


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/184092227


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/185758


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/186061013


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/1880225143


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/1884719138


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/189530554


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/190781749


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/191068


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/191553160


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/193052


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/193697713


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/1952102


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/1953152


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/208250


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/2083117


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/216838


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/217050


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/224842


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/233351


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/237158


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/239069


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/244666


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/246014


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/248774


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/2560111


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/263289


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/3247


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/618101


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/64566246


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/698364


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/85667


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/86659


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/904308104


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/93981


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/967230


-rw-r--r--results/classifier/zero-shot-user-mode/output/runtime/97913


70 files changed, 6174 insertions, 0 deletions
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1012 b/results/classifier/zero-shot-user-mode/output/runtime/1012
new file mode 100644
index 00000000..bda84b7c
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1012
@@ -0,0 +1,47 @@
+runtime: 0.351
+instruction: 0.351
+syscall: 0.297
+
+
+
+9p: newfstatat behaves differently than fstat causing ENOENT for here-documents
+Description of problem:
+After recent gnulib and coreutils update bash here-documents stopped to work producing `cat: -: No such file or directory` error.
+Steps to reproduce:
+1. I have file `a` with:
+```
+cat <<EOF
+x
+EOF
+```
+2. User visible error inside VM:
+```
+root@x86_64:~# grep 9p /proc/mounts
+/dev/root / 9p rw,dirsync,relatime,loose,access=any,msize=262144,trans=virtio 0 0
+root@x86_64:~# bash a
+cat: -: No such file or directory
+```
+3. `strace -fyv bash a` shows:
+```
+  [pid   291] newfstatat(1</dev/ttyS0>, "", {st_dev=makedev(0, 0x5), st_ino=85, st_mode=S_IFCHR|0600, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_rdev=makedev(0x4, 0x40), st_atime=1651577553 /* 2022-05-03T11:32:33.969984203+0000 */,
+st_atime_nsec=969984203, st_mtime=1651577553 /* 2022-05-03T11:32:33.969984203+0000 */, st_mtime_nsec=969984203, st_ctime=1651577069 /* 2022-05-03T11:24:29.969984203+0000 */, st_ctime_nsec=969984203}, AT_EMPTY_PATH) = 0
+  [pid   291] newfstatat(0</usr/src/tmp/sh-thd.420UUL (deleted)>, "", 0x7ffd1b96a3a0, AT_EMPTY_PATH) = -1 ENOENT (No such file or directory)
+  [pid   291] write(2</dev/ttyS0>, "cat: ", 5cat: ) = 5
+  [pid   291] write(2</dev/ttyS0>, "-", 1-) = 1
+  [pid   291] write(2</dev/ttyS0>, ": No such file or directory", 27: No such file or directory) = 27
+  [pid   291] write(2</dev/ttyS0>, "\n", 1
+```
+Additional information:
+In comparison, `strace -fyv bash a` in the old system w/o gnulib/coreutils update shows:
+```
+  [pid   283] fstat(1</dev/ttyS0>, {st_dev=makedev(0, 0x5), st_ino=85, st_mode=S_IFCHR|0600, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_rdev=makedev(0x4, 0x40), st_atime=1651577784 /* 2022-05-03T11:36:24.238343204+0000 */, st_atime_nsec=238343204,
+st_mtime=1651577784 /* 2022-05-03T11:36:24.238343204+0000 */, st_mtime_nsec=238343204, st_ctime=1651577774 /* 2022-05-03T11:36:14.238343204+0000 */, st_ctime_nsec=238343204}) = 0
+  [pid   283] fstat(0</usr/src/tmp/sh-thd.3xuISC (deleted)>, {st_dev=makedev(0, 0x14), st_ino=17926519, st_mode=S_IFREG|0600, st_nlink=0, st_uid=502, st_gid=502, st_blksize=262144, st_blocks=0, st_size=2, st_atime=1651577786 /* 2022-05-03T11:36:26.295302472+0000 */,
+st_atime_nsec=295302472, st_mtime=1651577785 /* 2022-05-03T11:36:25+0000 */, st_mtime_nsec=0, st_ctime=1651577785 /* 2022-05-03T11:36:25+0000 */, st_ctime_nsec=0}) = 0
+  [pid   283] fadvise64(0</usr/src/tmp/sh-thd.3xuISC (deleted)>, 0, 0, POSIX_FADV_SEQUENTIAL) = 0
+  [pid   283] mmap(NULL, 270336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f715f13e000
+  [pid   283] read(0</usr/src/tmp/sh-thd.3xuISC (deleted)>, "x\n", 262144) = 2
+  [pid   283] write(1</dev/ttyS0>, "x\n", 2x
+```
+
+So it seems that they started to use `newfstatat` instead of `fstat`, which behaves differently.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1086 b/results/classifier/zero-shot-user-mode/output/runtime/1086
new file mode 100644
index 00000000..51ab6212
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1086
@@ -0,0 +1,75 @@
+runtime: 0.432
+instruction: 0.308
+syscall: 0.261
+
+
+
+Numpy/scipy test suites fails in QEMU on ppc64le (but not on aarch64)
+Description of problem:
+I'm not really qualified to report this problem, but after being affected by it for ~2 years (and QEMU 7 not fixing things), I decided to give it a shot. Please excuse reporting deficiencies, I'll endeavour to fix them as best I can once pointed out.
+
+In my spare time, I help out for the packaging effort in the [conda-forge](https://conda-forge.org/) ecosystem, which is mostly associated/attached to the python world, but - in contrast to the vanilla python tools - also deals with non-python dependencies, and in particular has strong enough abstractions to deal with ABI-issues and generally provides much better integration than the packages on PyPI.
+
+This strength of abstraction has also allowed conda-forge to publish artefacts for many more architectures than most projects are commonly able to provide precompiled binaries for. Due to the lack of (reliable) public CI for aarch64 & ppc64le, these packages are mostly cross-compiled from linux-x86. Where cross compilation is not possible, the packages are compiled in emulation through QEMU, coming through https://github.com/multiarch/qemu-user-static (this is the part of the infrastructure I don't fully understand myself...). The full infrastructure is somewhat involved, but should not be relevant (hopefully) to the issue at hand (see instructions below) - and even if that turns out to be the case, that would be a great information gain as well.
+
+In either case, the tests for the package (ideally comprising the entire upstream test suite) are then run in emulation.
+
+Two of the so-called "feedstocks" I co-maintain are for [numpy](https://github.com/conda-forge/numpy-feedstock) and [scipy](https://github.com/conda-forge/scipy-feedstock), and there have been persistent issues with running the test suite in emulation on PPC (interestingly, the same setup on a different architecture - aarch64 - has no problems). However, the compiled artefacts on PPC run fine on native hardware.
+
+Said otherwise, it appears numpy/scipy are exercising QEMU enough to uncover some bugs. I've seen similar problems also in other packages (e.g. the cvxpy-stack), reinforcing the impression that this is a QEMU issue, and not one on the level of the individual packages.
+
+Depending on the exact combination of python version, the result of the numpy test suite might be as follows:
+```
+320 failed, 18900 passed, 361 skipped, 36 xfailed, 9 xpassed, 144 warnings in 2516.49s (0:41:56)
+```
+
+Looking at the test failures, sometimes the results are garbage
+```
+>       assert_array_max_ulp(x, x+eps, maxulp=20)
+E       AssertionError: Arrays are not almost equal up to 20 ULP (max difference is 8.55554e+08 ULP)
+
+eps        = 1.1920929e-07
+self       = <numpy.testing.tests.test_utils.TestULP object at 0x401ec8beb0>
+x          = array([ 2.3744986e-38,            nan,  2.2482052e-15,  7.5780330e+28,
+                  nan,            nan,  5.8310814e+29, -5.6511531e+24,
+        1.0010809e+00,  1.0101526e+00], dtype=float32)
+```
+sometimes the values are permuted
+```
+>           assert_array_equal(actual, desired)
+E           AssertionError: 
+E           Arrays are not equal
+E           
+E           x and y nan location mismatch:
+E            x: array([0.000000e+00, 6.704092e-39, 9.000000e+00, 2.350989e-38,
+E                  0.000000e+00, 0.000000e+00, 0.000000e+00, 0.000000e+00,
+E                  6.772341e-39,          nan], dtype=float32)
+E            y: array([6.704092e-39, 6.772341e-39, 0.000000e+00, 0.000000e+00,
+E                  0.000000e+00, 0.000000e+00,          nan, 2.350989e-38,
+E                  2.000000e+00, 7.000000e+00], dtype=float32)
+```
+sometimes the results are fundamentally different (zero vs. non-zero)
+```
+>               raise AssertionError(msg)
+E               AssertionError: 
+E               Arrays are not almost equal to 6 decimals
+E               
+E               Mismatched elements: 72 / 216 (33.3%)
+E               Max absolute difference: 1.
+E               Max relative difference: 1.
+E                x: array([[[[[0., 0., 0.],
+E                         [0., 0., 0.],
+E                         [0., 0., 0.]],...
+E                y: array([[[[[1., 0., 0.],
+E                         [0., 1., 0.],
+E                         [0., 0., 1.]],...
+```
+
+I don't know where it goes wrong, but it's not just a little tolerance violation. One PR that illustrates this is [here](https://github.com/conda-forge/numpy-feedstock/pull/274) and the respective CI run is [here](https://dev.azure.com/conda-forge/feedstock-builds/_build/results?buildId=526218&view=results) (ignore the errors for osx-arm64, those are unrelated).
+Steps to reproduce:
+1. In an emulated ppc64 machine, install miniforge from [here](https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-ppc64le.sh)
+2. Run `conda create -n test_env numpy pytest cython hypothesis typing_extensions` and then `conda activate test_env`
+3. Run `python -c "import numpy; numpy.test()"`
+4. Pick any test that fails and run it as `python -c "import numpy; numpy.test(tests='x.y.z')"`
+Additional information:
+
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1102 b/results/classifier/zero-shot-user-mode/output/runtime/1102
new file mode 100644
index 00000000..94bb7c3c
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1102
@@ -0,0 +1,44 @@
+runtime: 0.403
+instruction: 0.345
+syscall: 0.252
+
+
+
+qemu-user: zero_bss might raise segfault when segment is not writable
+Description of problem:
+When a PT_LOAD segment with the following attributes presented in the user program,
+* MemSiz > FileSiz
+* NOT Writable
+
+qemu-aarch64 will crash with segment fault running it.
+
+
+
+
+in [linux-user/elfload.c: bss_zero](https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/elfload.c#L2097), the exceeded part is zero'ed without checking if it is writable
+```
+    if (host_start < host_map_start) {
+        memset((void *)host_start, 0, host_map_start - host_start);
+    }
+```
+Steps to reproduce:
+1. ./qemu-aarch64 ./X.so
+Additional information:
+readelf output of X.so
+```
+Program Headers:
+  Type           Offset             VirtAddr           PhysAddr                 FileSiz            MemSiz              Flags  Align
+  PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040       0x0000000000000230 0x0000000000000230  R E    0x8
+  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000       0x0000000000110270 0x00000000001c94e0  R E    0x10000
+  LOAD           0x0000000000129bd0 0x00000000001d9bd0 0x00000000001d9bd0       0x0000000000000438 0x00000000000004c0  RW     0x10000
+  LOAD           0x000000000013a008 0x00000000001ea008 0x00000000001ea008       0x0000000000017bd0 0x0000000000017bd0  RW     0x10000
+  LOAD           0x0000000000161bd8 0x0000000000211bd8 0x0000000000211bd8       0x000000000000f740 0x000000000000f740  RW     0x10000
+  DYNAMIC        0x0000000000161e60 0x0000000000211e60 0x0000000000211e60       0x00000000000001e0 0x00000000000001e0  RW     0x8
+  INTERP         0x0000000000089410 0x0000000000089410 0x0000000000089410       0x0000000000000015 0x0000000000000015  R      0x1
+      [Requesting program interpreter: /system/bin/linker64]
+  NOTE           0x000000000013dbc8 0x00000000001edbc8 0x00000000001edbc8       0x0000000000000011 0x0000000000000011  R      0x1
+  GNU_EH_FRAME   0x00000000001c86a4 0x00000000001c86a4 0x00000000001c86a4       0x00000000000002dc 0x00000000000002dc  R      0x4
+  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000       0x0000000000000000 0x0000000000000000  RW     0x10
+```
+
+X.so: https://drive.google.com/file/d/1A7mkWRcK2BKkpeevt8T6FVLg-t6mWdgi/view?usp=sharing
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1143 b/results/classifier/zero-shot-user-mode/output/runtime/1143
new file mode 100644
index 00000000..55cc2f76
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1143
@@ -0,0 +1,84 @@
+runtime: 0.456
+instruction: 0.372
+syscall: 0.172
+
+
+
+Breakpoints missed when a function is split into two memory pages.
+Description of problem:
+Qemu seems to ignore some breakpoints when the start of a function is 
+in another page than where the breakpoint is set. 
+
+In my case, I've a function `__gnat_debug_raise_exception` which starts at `0x10bff2` and I've set with gdb a breakpoint at `0x10c00e` (in another page). 
+While running with `qemu -d in_asm,exec`, I can see that the whole function is executed at once and that no breakpoint is fired.
+
+```
+(gdb) b *0x00108fbc
+(gdb) b *0x0010c00e
+(gdb) target remote :1234 
+(gdb) c
+
+Trace 0: 0x7f277c0174c0 [0000000000000000/0000000000108fb9/0040c0b0/ff000201] ada__exceptions__complete_occurrence
+----------------
+
+// gdb hits first breakpoint here. 
+Breakpoint 3, 0x0000000000108fbc ....
+(gdb) ni
+
+IN: ada__exceptions__complete_occurrence
+0x00108fbc:  e8 31 30 00 00           callq    0x10bff2
+
+Trace 0: 0x7f277c000100 [0000000000000000/0000000000108fbc/0040c0b0/ff000e01] ada__exceptions__complete_occurrence
+----------------
+IN: __gnat_debug_raise_exception
+0x0010bff2:  55                       pushq    %rbp
+0x0010bff3:  48 89 e5                 movq     %rsp, %rbp
+0x0010bff6:  48 89 7d f8              movq     %rdi, -8(%rbp)
+0x0010bffa:  48 89 d1                 movq     %rdx, %rcx
+0x0010bffd:  48 89 f0                 movq     %rsi, %rax
+0x0010c000:  48 89 fa                 movq     %rdi, %rdx
+0x0010c003:  48 89 ca                 movq     %rcx, %rdx
+0x0010c006:  48 89 45 e0              movq     %rax, -0x20(%rbp)
+0x0010c00a:  48 89 55 e8              movq     %rdx, -0x18(%rbp)
+0x0010c00e:  48 8b 45 e0              movq     -0x20(%rbp), %rax
+0x0010c012:  90                       nop      
+0x0010c013:  5d                       popq     %rbp
+0x0010c014:  c3                       retq     
+
+Trace 0: 0x7f277c000100 [0000000000000000/000000000010bff2/0040c0b0/ff000000] __gnat_debug_raise_exception
+Digging a bit more, it seems that it seems related to 
+
+// gdb ni stop here. Breakpoints at 0x10c00e have been ignored. 
+```
+
+Note that if I'm setting another breakpoint at `0x0010bffd` (thus not at the start of the function but still in the same page), the execution 
+will be executed step by step and the breakpoint at 0x10c00e will be triggered normally. 
+
+
+```
+IN: ada__exceptions__complete_occurrence
+0x00108fbc:  e8 31 30 00 00           callq    0x10bff2
+
+Trace 0: 0x7f6af4000100 [0000000000000000/0000000000108fbc/0040c0b0/ff000e01] ada__exceptions__complete_occurrence
+----------------
+IN: __gnat_debug_raise_exception
+0x0010bff2:  55                       pushq    %rbp
+
+Trace 0: 0x7f6af4000100 [0000000000000000/000000000010bff2/0040c0b0/ff000201] __gnat_debug_raise_exception
+----------------
+IN: __gnat_debug_raise_exception
+0x0010bff3:  48 89 e5                 movq     %rsp, %rbp
+
+Trace 0: 0x7f6af4000280 [0000000000000000/000000000010bff3/0040c0b0/ff000201] __gnat_debug_raise_exception
+----------------
+IN: __gnat_debug_raise_exception
+0x0010bff6:  48 89 7d f8              movq     %rdi, -8(%rbp)
+...
+```
+
+I've dug a bit into qemu translator code and I guess `check_for_breakpoint` should check that the whole function is in the same page before skipping step by step. But I'm not sure if it's possible because the TB is created after `check_for_breakpoint` IIUC. 
+
+Sadly as of now, I don't have a C reproducer. I can try to provide you my "foo" program which is an Ada program. But maybe if you've a better idea how to reproduce that or an idea of to fix that, I'll be glad to help you.  
+
+Thanks, 
+Clément
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1246990 b/results/classifier/zero-shot-user-mode/output/runtime/1246990
new file mode 100644
index 00000000..16178768
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1246990
@@ -0,0 +1,44 @@
+runtime: 0.404
+instruction: 0.402
+syscall: 0.194
+
+
+
+[qemu-x86-64-linux-user 1.6.1] qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+
+Rjsupplicant is an authentication client of Campus Network in most universities in China. Its Linux version has only x86 and amd64 version.
+
+On linux:
+
+./qemu-x86_64 is compiled from latest qemu 1.6.1, with ./configure options: --enable-debug --target-list=x86_64-linux-user . Compiler is gcc version 4.7.3 (Debian 4.7.3-4) 
+
+$ sudo ./qemu-x86_64  ./rjsupplicant -n eth0 -u USER -p PASS -d 1 -s internet 
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+
+$ sudo gdb ./qemu-x86_64
+(gdb) r ./rjsupplicant -n eth0 -u USER -p PASS -d 1 -s internet
+(gdb) where
+#0  0x00005555559c21bd in static_code_gen_buffer ()
+#1  0x00005555555b74d5 in cpu_tb_exec (cpu=0x555557972580, tb_ptr=0x5555559c2190 <static_code_gen_buffer+819792> "A\213n\250\205\355\017\205\257")
+    at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/cpu-exec.c:56
+#2  0x00005555555b817d in cpu_x86_exec (env=0x5555579726b0) at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/cpu-exec.c:631
+#3  0x00005555555d997a in cpu_loop (env=0x5555579726b0) at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/linux-user/main.c:283
+#4  0x00005555555eca6b in clone_func (arg=0x7fffffffc1d0) at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/linux-user/syscall.c:4266
+#5  0x00007ffff71bfe0e in start_thread (arg=0x7ffff7f04700) at pthread_create.c:311
+#6  0x00007ffff6ef493d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
+
+$ file rjsupplicant 
+rjsupplicant: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
+
+$ uname -r
+3.10-2-amd64
+
+
+And it can be run on Linux amd64 successfully.
+
+Though I don't have the source code of rjsupplicant, so I don't have further information.
+
+`qemu-x86_64 -strace ./rjsupplicant -n eth0 -u USER -p PASS -d 1 -s internet` is attached as strace_qemu.log
+
+
+The binary is available to download at http://ge.tt/6pgG1tw/v/0
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1267 b/results/classifier/zero-shot-user-mode/output/runtime/1267
new file mode 100644
index 00000000..ec0fa7d3
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1267
@@ -0,0 +1,99 @@
+runtime: 0.423
+instruction: 0.334
+syscall: 0.243
+
+
+
+qemu-i386 missing VDSO
+Description of problem:
+Qemu crashes with a segmentation fault when running any binary using qemu-i386. Steps to reproduce are trivial, simply run `qemu-user ./test`. The file is here: [test](/uploads/fe0d498713e79d7e39f417e69ad64c2f/test). Basically any binary compiled with `GOARCH=386` using [TinyGo](https://tinygo.org/) should reproduce this issue.
+I also tried some trivial Go compiled binary and they also crash, but this time with an internal Go error that suggests something is terribly broken over there too: `fatal error: mallocgc called without a P or outside bootstrapping`
+
+Interestingly, qemu-x86_64 and qemu-arm appear to work just fine.
+
+Unfortunately I couldn't get a good backtrace on newer versions. It looks like this in the git version, which I doubt is correct:
+
+```
+~/src/qemu/build$ /bin/lldb ./qemu-i386
+(lldb) target create "./qemu-i386"
+Current executable set to '/home/ayke/src/qemu/build/qemu-i386' (aarch64).
+(lldb) run /home/ayke/src/tinygo/tinygo/test
+Process 97986 launched: '/home/ayke/src/qemu/build/qemu-i386' (aarch64)
+Process 97986 stopped
+* thread #1, name = 'qemu-i386', stop reason = unknown crash reason
+    frame #0: 0x0000fffff78fb9fc libc.so.6`__sigsuspend + 92
+libc.so.6`__sigsuspend:
+->  0xfffff78fb9fc <+92>:  svc    #0
+    0xfffff78fba00 <+96>:  cmn    x0, #0x1, lsl #12         ; =0x1000 
+    0xfffff78fba04 <+100>: b.hi   0xfffff78fba3c            ; <+156>
+    0xfffff78fba08 <+104>: mov    w19, w0
+(lldb) bt
+* thread #1, name = 'qemu-i386', stop reason = unknown crash reason
+  * frame #0: 0x0000fffff78fb9fc libc.so.6`__sigsuspend + 92
+    frame #1: 0x0000aaaaaabfcedc qemu-i386`dump_core_and_abort(target_sig=11) at signal.c:745:5
+    frame #2: 0x0000aaaaaabfc128 qemu-i386`handle_pending_signal(cpu_env=0x0000aaaaaae5d2e0, sig=11, k=0x0000aaaaaae68af8) at signal.c:1061:13
+    frame #3: 0x0000aaaaaabfbe48 qemu-i386`process_pending_signals(cpu_env=0x0000aaaaaae5d2e0) at signal.c:1141:13
+    frame #4: 0x0000aaaaaaae5a04 qemu-i386`cpu_loop(env=0x0000aaaaaae5d2e0) at cpu_loop.c:315:9
+    frame #5: 0x0000aaaaaabf5e7c qemu-i386`main(argc=2, argv=0x0000ffffffffecd8, envp=0x0000ffffffffecf0) at main.c:925:5
+    frame #6: 0x0000fffff78e7b80 libc.so.6`___lldb_unnamed_symbol2945 + 112
+    frame #7: 0x0000fffff78e7c60 libc.so.6`__libc_start_main + 160
+    frame #8: 0x0000aaaaaaae0430 qemu-i386`_start at start.S:81
+(lldb) ^D
+```
+
+I got a better (but still not great) backtrace in Qemu 7.0.0:
+
+```
+~/src/tinygo/tinygo$ /bin/lldb qemu-i386
+(lldb) target create "qemu-i386"
+Current executable set to 'qemu-i386' (aarch64).
+(lldb) run test
+Process 98106 launched: '/usr/bin/qemu-i386' (aarch64)
+Process 98106 stopped
+* thread #1, name = 'qemu-i386', stop reason = signal SIGSEGV: address access protected (fault address: 0x8000)
+    frame #0: 0x0000aaaaaac4b564 qemu-i386`cpu_ldub_code + 32
+qemu-i386`cpu_ldub_code:
+->  0xaaaaaac4b564 <+32>: ldrb   w0, [x0, w1, uxtw]
+    0xaaaaaac4b568 <+36>: str    xzr, [x2]
+    0xaaaaaac4b56c <+40>: ret    
+
+qemu-i386`cpu_lduw_code:
+    0xaaaaaac4b570 <+0>:  mrs    x2, TPIDR_EL0
+(lldb) bt
+* thread #1, name = 'qemu-i386', stop reason = signal SIGSEGV: address access protected (fault address: 0x8000)
+  * frame #0: 0x0000aaaaaac4b564 qemu-i386`cpu_ldub_code + 32
+    frame #1: 0x0000aaaaaac4a4a8 qemu-i386`translator_ldub_swap + 72
+    frame #2: 0x0000aaaaaabe6714 qemu-i386`___lldb_unnamed_symbol6310 + 144
+    frame #3: 0x0000aaaaaabed2e8 qemu-i386`___lldb_unnamed_symbol6311 + 24
+    frame #4: 0x0000aaaaaac4a040 qemu-i386`translator_loop + 400
+    frame #5: 0x0000aaaaaabed5a8 qemu-i386`gen_intermediate_code + 72
+    frame #6: 0x0000aaaaaac486ec qemu-i386`tb_gen_code + 364
+    frame #7: 0x0000aaaaaac43068 qemu-i386`cpu_exec + 1480
+    frame #8: 0x0000aaaaaabaa4b0 qemu-i386`cpu_loop + 208
+    frame #9: 0x0000aaaaaab8cb54 qemu-i386`main + 2020
+    frame #10: 0x0000fffff7687b80 libc.so.6`___lldb_unnamed_symbol2945 + 112
+    frame #11: 0x0000fffff7687c60 libc.so.6`__libc_start_main + 160
+    frame #12: 0x0000aaaaaab8d3b0 qemu-i386`_start + 48
+(lldb) ^D
+```
+
+And an even better backtrace for an even older version (5.2.0). Though I should note that this GDB also had an assertion failue, but the backtrace looks reasonable:
+
+```
+#0  0x0000aaaaaaba7804 in cpu_ldub_code (env=env@entry=0x0, ptr=0) at ../../accel/tcg/user-exec.c:1170
+#1  0x0000aaaaaab40d04 in translator_ldub_swap (do_swap=false, pc=<optimized out>, env=<optimized out>) at ./include/exec/translator.h:176
+#2  translator_ldub (pc=<optimized out>, env=<optimized out>) at ./include/exec/translator.h:176
+#3  x86_ldub_code (env=env@entry=0xaaaaaad809f0, s=s@entry=0xffffffffe990) at ../../target/i386/translate.c:1916
+#4  0x0000aaaaaab51670 in disas_insn (s=s@entry=0xffffffffe990, cpu=<optimized out>, cpu=<optimized out>) at ../../target/i386/translate.c:4506
+#5  0x0000aaaaaab5e1c8 in i386_tr_translate_insn (dcbase=0xffffffffe990, cpu=<optimized out>) at ../../target/i386/translate.c:8569
+#6  0x0000aaaaaabbc9f4 in translator_loop (ops=0xaaaaaacd62b0 <i386_tr_ops>, db=0xffffffffe990, cpu=0xaaaaaad786a0, tb=<optimized out>, max_insns=<optimized out>)
+    at ../../accel/tcg/translator.c:103
+#7  0x0000aaaaaab5e470 in gen_intermediate_code (cpu=cpu@entry=0xaaaaaad786a0, tb=tb@entry=0xffffe8007f00, max_insns=max_insns@entry=512)
+    at ../../target/i386/translate.c:8631
+#8  0x0000aaaaaabcd54c in tb_gen_code (cpu=cpu@entry=0xaaaaaad786a0, pc=pc@entry=0, cs_base=cs_base@entry=0, flags=flags@entry=4194483, cflags=-16777216, 
+    cflags@entry=0) at ../../accel/tcg/translate-all.c:1744
+#9  0x0000aaaaaabbe2a8 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0xaaaaaad786a0) at ../../accel/tcg/cpu-exec.c:414
+#10 cpu_exec (cpu=cpu@entry=0xaaaaaad786a0) at ../../accel/tcg/cpu-exec.c:770
+#11 0x0000aaaaaab3a438 in cpu_loop (env=env@entry=0xaaaaaad809f0) at ../../linux-user/i386/cpu_loop.c:207
+#12 0x0000aaaaaab1df00 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../../linux-user/main.c:882
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1319100 b/results/classifier/zero-shot-user-mode/output/runtime/1319100
new file mode 100644
index 00000000..c537a7c5
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1319100
@@ -0,0 +1,75 @@
+runtime: 0.436
+instruction: 0.308
+syscall: 0.256
+
+
+
+qemu-arm-static bug in signal handling causes mono and java to hang
+
+Note, this bug is already reported to debian, but it seems to also affect the upstream code.
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748043
+
+running mono in a chroot environment with qemu-user-static is not posible
+because at least one signal used during termination of mono is routed to the
+host.
+
+This can be reproduced by:
+debootstrap --include=mono-runtime --foreign --arch=armel "wheezy" "mono-test" "http://ftp.de.debian.org//debian"
+cp /usr/bin/qemu-arm-static mono-test/usr/bin
+mount -t proc none mono-test/proc
+mount -o bind /dev mono-test/dev
+mount -o bind /sys mono-test/sys
+chroot mono-test
+../debootstrap/debootstrap --second-stage
+exit
+mount -t proc none mono-test/proc
+mount -o bind /sys mono-test/sys
+chroot mono-test
+QEMU_STRACE=1 /usr/bin/mono /usr/lib/mono/4.0/gacutil.exe
+
+This will block on a futex:
+
+--8<--
+18663 sched_yield(0,0,2582980,0,0,2582928) = 0
+18663 clock_gettime(1,-150996384,2,1,2585016,2585600) = 0
+18663 tgkill(18663,18664,30,18664,30,-161951744) = 0
+18663 futex(0x00293774,FUTEX_PRIVATE_FLAG|FUTEX_WAIT,0,NULL,NULL,0)
+--8<--
+
+If you use mono within strace on a native x86 box you can see, that signals
+between threads are used during termination:
+
+strace -f -o log.txt /usr/bin/mono /usr/lib/mono/4.0/gacutil.exe
+
+--8<--
+14075 sched_yield()                     = 0                                     
+14075 tgkill(14075, 14083, SIGPWR)      = 0                                     
+14075 futex(0x983f00, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>              
+14083 <... futex resumed> )             = ? ERESTARTSYS (To be restarted)       
+14083 --- SIGPWR (Power failure) @ 0 (0) ---                                    
+14083 futex(0x983f00, FUTEX_WAKE_PRIVATE, 1) = 1                                
+14075 <... futex resumed> )             = 0                                     
+14083 rt_sigsuspend(~[INT QUIT ABRT TERM XCPU RTMIN RT_1] <unfinished ...>      
+14075 futex(0x94d9a4, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, 0x94da20, 24) = 3
+14078 <... futex resumed> )             = 0                                     
+14078 futex(0x94da20, FUTEX_WAKE_PRIVATE, 1) = 1                                
+14077 <... futex resumed> )             = 0                                     
+14075 futex(0x94d9a4, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, 0x94da20, 26 <unfinished ...>
+--8<--
+
+This also blocks the installation of libnunit2.6-cil within a armel chroot,
+because it uses mono in its postinst script.
+E.g. (/usr/bin/mono /usr/share/mono/MonoGetAssemblyName.exe /usr/lib/cli/nunit.core-2.6/nunit.core.dll)
+
+Obviously the same as described in:
+http://lists.opensuse.org/opensuse-arm/2011-12/msg00000.html
+is happening here.
+
+There is an openSuSE patch against qemu:
+https://build.opensuse.org/package/view_file/Virtualization:Qemu/qemu/0002-XXX-work-around-SA_RESTART-race-wit.patch?expand=1
+
+This patch also applies against qemu from backports-wheezy and resolves this
+issue.
+
+As it seems, that this issue is not Debian specific i will also report it to
+the qemu project and reference this bug report.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1346769 b/results/classifier/zero-shot-user-mode/output/runtime/1346769
new file mode 100644
index 00000000..b63f7623
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1346769
@@ -0,0 +1,42 @@
+runtime: 0.407
+syscall: 0.306
+instruction: 0.287
+
+
+
+/proc/self/maps content returned to 32-bits guest under 64-bits qemu
+
+Reading /proc/self/maps a user doesn't get a stack record. Not all programs relies on the maps file but some do.
+
+The bug found by running 32-bits binaries with address sanitizer (Asan) instrumentations under 64-bit qemu.
+
+$ echo "int main() { return 0; }" > /tmp/test.c
+$ gcc -m32 -fsanitize=address -fno-common -Wall -g -fPIC -o /tmp/test /tmp/test.c
+$ qemu-i386-static /tmp/test
+==4092==AddressSanitizer CHECK failed: /home/michail/Downloads/gcc-4.9.0/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc:63 "(((uptr)&rl >= start && (uptr)&rl < end)) != (0)" (0x0, 0x0)
+    #0 0xf632ff01 (/home/michail/build/lib32/libasan.so.1+0x53f01)
+    #1 0xf6333f49 (/home/michail/build/lib32/libasan.so.1+0x57f49)
+    #2 0xf6338785 (/home/michail/build/lib32/libasan.so.1+0x5c785)
+    #3 0xf6338bd1 (/home/michail/build/lib32/libasan.so.1+0x5cbd1)
+    #4 0xf6331baf (/home/michail/build/lib32/libasan.so.1+0x55baf)
+    #5 0xf6331dca (/home/michail/build/lib32/libasan.so.1+0x55dca)
+    #6 0xf6331f5a (/home/michail/build/lib32/libasan.so.1+0x55f5a)
+    #7 0xf6330bd4 (/home/michail/build/lib32/libasan.so.1+0x54bd4)
+    #8 0xf67ebeec (/lib/ld-linux.so.2+0xeeec)
+    #9 0xf67de10e (/lib/ld-linux.so.2+0x110e)
+
+This happened because during initialization Asan can't find stack boundaries.
+
+For some reasons Qemu wants to report stack boundaries just for several arch targets skipping other ones. This is from linux-user/syscall.c open_self_maps()
+
+#if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
+    dprintf(fd, "%08llx-%08llx rw-p %08llx 00:00 0          [stack]\n",
+                (unsigned long long)ts->info->stack_limit,
+                (unsigned long long)(ts->info->start_stack +
+                                     (TARGET_PAGE_SIZE - 1)) & TARGET_PAGE_MASK,
+                (unsigned long long)0);
+#endif
+
+Not very clear why the case covers just specific targets.
+
+This bug continues the previously reported issue with not hiden system map http://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg02793.html.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1346784 b/results/classifier/zero-shot-user-mode/output/runtime/1346784
new file mode 100644
index 00000000..efbe6400
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1346784
@@ -0,0 +1,73 @@
+runtime: 0.478
+instruction: 0.297
+syscall: 0.224
+
+
+
+qemu internal memory areas visible to a guest via /proc/self/maps
+
+
+Qemu internal memory areas are not suppressed in the output and are  visible to a guest via /proc/self/maps.
+
+$ echo "int main() { return 0; }" > /tmp/test.c
+$ gcc -m32 -fsanitize=address -fno-common -Wall -g -fPIC -o /tmp/test /tmp/test.c
+$ qemu-i386-static -R 0 /tmp/test
+
+We use -R option because the binary can't be executed under stock version of Qemu with address sanitizer instrumentations (Asan).
+
+Qemu memory map looks the following way where GUEST valid addresses are marked with ***** and invalid with @@@:
+
+***** 08048000-08049000 r-xp 00000000 08:01 28835889          /tmp/test
+***** 08049000-0804a000 rw-p 00000000 08:01 28835889          /tmp/test
+***** 1ffff000-24000000 rw-p 00000000 00:00 0 
+***** 24000000-28000000 ---p 00000000 00:00 0 
+***** 28000000-40000000 rw-p 00000000 00:00 0 
+***** 40000000-40001000 ---p 00000000 00:00 0 
+***** 40001000-40801000 rw-p 00000000 00:00 0                         [stack]
+***** 40801000-40821000 r-xp 00000000 08:01 26738694          /lib32/ld-2.19.so
+***** 40821000-40822000 r--p 0001f000 08:01 26738694          /lib32/ld-2.19.so
+***** 40822000-40823000 rw-p 00020000 08:01 26738694          /lib32/ld-2.19.so
+***** 40823000-40827000 rw-p 00000000 00:00 0 
+***** 40827000-408ca000 r-xp 00000000 08:01 49424994          /home/michail/build/lib32/libasan.so.1.0.0
+***** 408ca000-408cc000 rw-p 000a3000 08:01 49424994          /home/michail/build/lib32/libasan.so.1.0.0
+***** 408cc000-40d24000 rw-p 00000000 00:00 0 
+***** 40d3c000-40ee2000 r-xp 00000000 08:01 26738695          /lib32/libc-2.19.so
+***** 40ee2000-40ee4000 r--p 001a6000 08:01 26738695          /lib32/libc-2.19.so
+***** 40ee4000-40ee5000 rw-p 001a8000 08:01 26738695          /lib32/libc-2.19.so
+***** 40ee5000-40ee8000 rw-p 00000000 00:00 0 
+***** 40ee8000-40f00000 r-xp 00000000 08:01 26738711          /lib32/libpthread-2.19.so
+***** 40f00000-40f01000 r--p 00017000 08:01 26738711          /lib32/libpthread-2.19.so
+***** 40f01000-40f02000 rw-p 00018000 08:01 26738711          /lib32/libpthread-2.19.so
+***** 40f02000-40f04000 rw-p 00000000 00:00 0 
+***** 40f04000-40f07000 r-xp 00000000 08:01 26738708          /lib32/libdl-2.19.so
+***** 40f07000-40f08000 r--p 00002000 08:01 26738708          /lib32/libdl-2.19.so
+***** 40f08000-40f09000 rw-p 00003000 08:01 26738708          /lib32/libdl-2.19.so
+***** 40f09000-40fee000 r-xp 00000000 08:01 49424965          /home/michail/build/lib32/libstdc++.so.6.0.20
+***** 40fee000-40ff2000 r--p 000e5000 08:01 49424965          /home/michail/build/lib32/libstdc++.so.6.0.20
+***** 40ff2000-40ff3000 rw-p 000e9000 08:01 49424965          /home/michail/build/lib32/libstdc++.so.6.0.20
+***** 40ff3000-40ffa000 rw-p 00000000 00:00 0 
+***** 40ffa000-4103e000 r-xp 00000000 08:01 26738698          /lib32/libm-2.19.so
+***** 4103e000-4103f000 r--p 00043000 08:01 26738698          /lib32/libm-2.19.so
+***** 4103f000-41040000 rw-p 00044000 08:01 26738698          /lib32/libm-2.19.so
+***** 41040000-41041000 rw-p 00000000 00:00 0 
+***** 41041000-4105b000 r-xp 00000000 08:01 49424637          /home/michail/build/lib32/libgcc_s.so.1
+***** 4105b000-4105c000 rw-p 00019000 08:01 49424637          /home/michail/build/lib32/libgcc_s.so.1
+***** 4105c000-4105e000 rw-p 00000000 00:00 0 
+***** 4105f000-41061000 rw-p 00000000 00:00 0 
+***** 41065000-421ed000 rw-p 00000000 00:00 0 
+***** 421ee000-421f1000 rw-p 00000000 00:00 0 
+***** 60000000-6033b000 r-xp 00000000 08:01 48760980          /home/michail/build/bin/qemu-i386-static
+***** 6053b000-60546000 rw-p 0033b000 08:01 48760980          /home/michail/build/bin/qemu-i386-static
+***** 60546000-6059a000 rw-p 00000000 00:00 0 
+***** 6059a000-6259b000 rwxp 00000000 00:00 0 
+***** 6259b000-625ae000 rw-p 00000000 00:00 0 
+***** 62dce000-62e12000 rw-p 00000000 00:00 0                          [heap]
+@@@ 7f3f5e6a9000 - 7f3f61f28000 rw-p 00000000 00:00 0 
+@@@ 7fffad130000 - 7fffad132000 r-xp 00000000 00:00 0          [vdso]
+@@@ ffffffffff600000 - ffffffffff601000 r-xp 00000000 00:00 0          [vsyscall]
+
+qemu-i386-static and its heap are in ranges which are valid and be reported to guest in case of maps file reading.
+
+The issue is related to early reported bugs:
+http://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg02793.html
+http://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg03085.html
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1594394 b/results/classifier/zero-shot-user-mode/output/runtime/1594394
new file mode 100644
index 00000000..83c218a7
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1594394
@@ -0,0 +1,47 @@
+runtime: 0.453
+instruction: 0.293
+syscall: 0.253
+
+
+
+Using setreuid / setegid crashes x86_64 user-mode target
+
+When setreuid() or setegid() are called from x86_64 target code in user mode, qemu crashes inside the NPTL signal handlers.  x86 targets do not directly use a syscall to handle setreuid() / setegid(); instead the x86 NPTL implementation sets up a temporary data region in memory (__xidcmd) and issues a signal (SIGRT1) to all threads, allowing the handler for that signal to issue the syscall.  Under qemu, __xidcmd remains null (see variable display below backtrace).
+
+Backtrace:
+Program received signal SIGSEGV, Segmentation fault.
+[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
+0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
+263     nptl-init.c: No such file or directory.
+(gdb) thread apply all bt
+
+Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
+#0  0x00000000601cc430 in syscall ()
+#1  0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
+#2  qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
+#3  0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
+#4  0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
+#5  0x00000000601cebf4 in clone ()
+
+Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
+#0  0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
+#1  <signal handler called>
+#2  0x00000000601cc42c in syscall ()
+#3  0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
+#4  do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
+#5  do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
+    at /build/qemu/linux-user/syscall.c:10651
+#6  0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
+#7  0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
+#8  0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
+#9  0x00000000601cebf4 in clone ()
+
+Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
+#0  0x00000000601cc430 in syscall ()
+#1  0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
+#2  do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
+#3  do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
+#4  0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
+#5  0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
+(gdb) p __xidcmd
+$1 = (struct xid_command *) 0x0
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1605443 b/results/classifier/zero-shot-user-mode/output/runtime/1605443
new file mode 100644
index 00000000..52fc8378
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1605443
@@ -0,0 +1,17 @@
+runtime: 0.399
+instruction: 0.327
+syscall: 0.274
+
+
+
+QEMU epoll for i386-linux-user on arm host is broken in 2.6
+
+I'm trying to get wine running on qemu-i386 on arm.
+
+I found that 2.5.1 is OK, but 2.6 is not.
+
+By bisecting, I found commit 928bed6a057cedd6110e634865e021a24029785a is the problem.
+
+I reverted this commit, and then epoll is OK now.
+
+It seems that the commit broke epoll of qemu-i386 on arm.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1617929 b/results/classifier/zero-shot-user-mode/output/runtime/1617929
new file mode 100644
index 00000000..779e8f03
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1617929
@@ -0,0 +1,56 @@
+runtime: 0.382
+syscall: 0.363
+instruction: 0.255
+
+
+
+qemu hangs in pselect syscall
+
+I'm using git commit d75aa4372f0414c9960534026a562b0302fcff29 (v2.7.0-rc4) configured with;
+    --enable-linux-user \
+    --disable-system \
+    --disable-tools \
+    --disable-guest-agent \
+    --static --disable-linux-aio \
+    --disable-fdt \
+    --without-pixman \
+    --disable-blobs \
+Stable version (v2.6.0) also have the same problem.
+
+In a chroot environment I ran below command-line to compile some things, different sources each time.
+    /usr/bin/qemu-arm -0 /usr/bin/edje_cc /usr/bin/edje_cc -id /home/abuild/rpmbuild/BUILD/org.tizen.browser-1.6.2/services/SimpleUI/images_mob/ -DBROWSER_RESOLUTION_720x1280=1 -DPROFILE_MOBILE=1 /home/abuild/rpmbuild/BUILD/org.tizen.browser-1.6.2/services/SimpleUI/edc/TextPopup_mob.edc /home/abuild/rpmbuild/BUILD/org.tizen.browser-1.6.2/build-tizen/services/SimpleUI/720x1280_TextPopup.edj
+
+Here is back trace with gdb;
+#0  safe_syscall_end () at /usr/src/debug/qemu-2.6.94/linux-user/host/i386/safe-syscall.inc.S:78
+#1  0x60049370 in safe_pselect6 (nfds=10, readfds=0xffa31b5c, writefds=0xffa31bdc, exceptfds=0xffa31c5c, timeout=0x0, sig=0x0)
+    at /usr/src/debug/qemu-2.6.94/linux-user/syscall.c:855
+#2  0x6004b2fe in do_select (n=10, rfd_addr=1082122232, wfd_addr=1082122360, efd_addr=1082122488, target_tv_addr=0)
+    at /usr/src/debug/qemu-2.6.94/linux-user/syscall.c:1386
+#3  0x6005e5ba in do_syscall (cpu_env=0x640d0454, num=142, arg1=10, arg2=1082122232, arg3=1082122360, arg4=1082122488, arg5=0, arg6=1087473216, arg7=0, 
+    arg8=0) at /usr/src/debug/qemu-2.6.94/linux-user/syscall.c:9690
+#4  0x60045def in cpu_loop (env=0x640d0454) at /usr/src/debug/qemu-2.6.94/linux-user/main.c:876
+#5  0x60047640 in main (argc=10, argv=0xffa33c84, envp=0xffa33cb0) at /usr/src/debug/qemu-2.6.94/linux-user/main.c:4817
+
+Attached core file taken from gdb. To see the stack frame, you could try; 
+$ tar -xf reproduced_118_04.tar.bz2; gdb --core core.1823 qemu-arm
+
+And recent strace log for PID 1823(stucked one);
+79965 [  313s] 1823 :0x8e _newselect(10,[9,3,],[],[],NULL)
+79966 [  313s]  ==>[pselect6(0xa)=]
+79967 [  313s]  [pselect6=0x1]<==
+79968 [  313s] 1823 :0x8e _newselect(10,[9,],[],[],NULL)
+79969 [  313s] 1823 :0x8e =>  = 0x00000001 ([9,],[],[],NULL)
+79970 [  313s] 1823 :0xfc epoll_wait(3,1082121456,32,0,1082121456,3)
+79971 [  313s] 1823 :0xfc epoll_wait(3,1082121456,32,0,1082121456,3)
+79972 [  313s] 1823 :0xfc =>  = 0
+79973 [  313s] 1823 :0x3 read(9,0x407fdeec,16)
+79974 [  313s] 1823 :0x3 read(9,0x407fdeec,16)
+79975 [  313s] 1823 :0x3 =>  = 8
+79976 [  313s] 1823 :0x107 clock_gettime(1,1082122120,0,1082829144,1082827588,0)
+79977 [  313s] 1823 :0x107 clock_gettime(1,1082122120,0,1082829144,1082827588,0)
+79978 [  313s] 1823 :0x107 =>  = 0
+79979 [  313s] 1823 :0x8e _newselect(10,[9,3,],[],[],NULL)
+79980 [  313s]  ==>[pselect6(0xa)=]
+
+I'm using 64-bit Ubuntu with kernel release Linux 3.19.0-25-generic #26~14.04.1-Ubuntu.
+Reproducibility is low. One occurrence out of 50+ trials.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1623020 b/results/classifier/zero-shot-user-mode/output/runtime/1623020
new file mode 100644
index 00000000..d56510d3
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1623020
@@ -0,0 +1,61 @@
+runtime: 0.445
+instruction: 0.393
+syscall: 0.162
+
+
+
+emulate amd64 binary on arm7 host
+
+I'm trying to run a Go program compiled for amd64 on a Raspberry Pi. Here is an example :
+
+===
+// main.go
+package main
+
+func main() {
+	println("hello world")
+}
+===
+
+Then here is the output I'm getting :
+
+===
+> GOARCH=amd64 go build main.go
+> ../qemu/build/x86_64-linux-user/qemu-x86_64 -strace ./main
+29213 arch_prctl(4098,4823880,0,0,0,0) = 0
+29213 write(2,0,4622922)fatal error:  = 13
+29213 write(2,0,4622132)bad timediv = 11
+29213 write(2,0,4620094)
+ = 1
+29213 write(2,0,4635135)runtime: panic before malloc heap initialized
+ = 46
+29213 select(0,0,0,0,1082131776,0) = -1 errno=14 (Bad address)
+29213 select(0,0,0,0,1082131776,0) = -1 errno=14 (Bad address)
+29213 write(2,0,4623731)
+runtime stack:
+ = 16
+29213 write(2,0,4622922)fatal error:  = 13
+29213 write(2,0,4634607)gentraceback before goexitPC initialization = 43
+29213 write(2,0,4620094)
+ = 1
+29213 write(2,0,4635135)runtime: panic before malloc heap initialized
+ = 46
+29213 write(2,0,4624923)panic during panic
+ = 19
+29213 write(2,0,4623731)
+runtime stack:
+ = 16
+29213 write(2,0,4622922)fatal error:  = 13
+29213 write(2,0,4634607)gentraceback before goexitPC initialization = 43
+29213 write(2,0,4620094)
+ = 1
+29213 write(2,0,4635135)runtime: panic before malloc heap initialized
+ = 46
+29213 write(2,0,4627441)stack trace unavailable
+ = 24
+29213 exit_group(4)
+===
+
+I'm running the latest qemu (commit 7263da78045dc91cc207f350911efe4259e99b3c), which was compiled with "../configure --target-list=x86_64-linux-user --static".
+
+The go version is 1.7.1, and the system "Linux raspberrypi 4.4.11-v7+ #888 SMP Mon May 23 20:10:33 BST 2016 armv7l GNU/Linux".
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1650 b/results/classifier/zero-shot-user-mode/output/runtime/1650
new file mode 100644
index 00000000..c7ae56cf
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1650
@@ -0,0 +1,20 @@
+runtime: 0.759
+instruction: 0.212
+syscall: 0.029
+
+
+
+Consider doing runtime detection of MAP_FIXED_NOREPLACE
+Description of problem:
+```
+qemu-i386-static: Unable to reserve 0xfffff000 bytes of virtual address space at 0x1000 (Operation not supported) for use as guest address space (check your virtual memory ulimit setting, min_mmap_addr or reserve less using -R option)
+```
+strace says
+```
+ mmap(0x1000, 4294963200, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_FIXED_NOREPLACE, -1, 0) = -1 EOPNOTSUPP (Operation not supported)
+```
+Steps to reproduce:
+1. `apt install qemu-i386-static 32subsystem`
+2. `strace qemu-i386-static /opt/32/bin/as`
+Additional information:
+Repeating the strace call in a minimal C program gives the same errno as expected -- the kernel is only 4.4. The problem here is that qemu only does `MAP_FIXED_NOREPLACE` feature detection at build-time via a `#ifndef` and even that behavior is poorly documented. Maybe do something at runtime?
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1659901 b/results/classifier/zero-shot-user-mode/output/runtime/1659901
new file mode 100644
index 00000000..66dd4d62
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1659901
@@ -0,0 +1,15 @@
+runtime: 0.539
+instruction: 0.375
+syscall: 0.086
+
+
+
+Regression: SIGSEGV running Java
+
+I have a build script that bootstraps a Debian armhf image. Part of the process involves running a Java program while inside a chroot. I am using Debian's qemu-user-static package to run the armhf Java binary on an amd64 system.
+
+qemu-user-static version 1:2.7+dfsg-3~bpo8+2 works fine. Version 1:2.8+dfsg-1~bpo8+1 always causes Java to crash with a SIGSEGV. The location of the crash appears to be random and hasn't been the same twice.
+
+I am using the Azul Systems Zulu Embedded Java runtime, rather than the regular OpenJDK runtime, because the Zulu runtime has an arm32 JIT whereas OpenJDK is interpreter-only on arm32.
+
+I can reproduce the problem easily by mounting the image created by my build script and executing "java -XshowSettings -version" in a chroot. I can give you the image if that would help debug the problem.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1671 b/results/classifier/zero-shot-user-mode/output/runtime/1671
new file mode 100644
index 00000000..8baffbc6
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1671
@@ -0,0 +1,1363 @@
+runtime: 0.446
+instruction: 0.330
+syscall: 0.223
+
+
+
+segfault/errors in gdbstub with linux userspace emulator (qemu-riscv64), from racy behavior with singal handler?
+Description of problem:
+Often, qemu segfaults, sometimes GDB just spits out a wall of "Ignoring packet error, continuing..." and ~hangs: I don't get a GDB command prompt quickly, if at all, and when I ctrl-c I see "The target is not responding to GDB commands. Stop debugging it? (y or n)".
+Steps to reproduce:
+1. Run the `testb3` binary from below as described
+2. Connect via GDB and `continue`
+3. Multiple threads (independently) SIGABRT themselves when they fail their test(s), which happens quickly on my machine (which has 16 physical cores)
+Additional information:
+From the coredump, it looks like there's a lot of cooks in the gdbstub kitchen:
+
+```
+  Id   Target Id                           Frame 
+* 1    Thread 0x7febc02ef6c0 (LWP 3922802) gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282
+  2    Thread 0x7febc06db6c0 (LWP 3922792) safe_syscall_base ()
+    at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+  3    Thread 0x7febc03b26c0 (LWP 3922799) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+  4    Thread 0x7febc0f5d6c0 (LWP 3922751) 0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6
+  5    Thread 0x7febc0f5ebc0 (LWP 3922750) safe_syscall_base ()
+    at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+  6    Thread 0x7febc01696c0 (LWP 3922808) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  7    Thread 0x7febc04f76c0 (LWP 3922794) 0x00007febc16f1d4c in send () from /usr/lib/libc.so.6
+  8    Thread 0x7febc026d6c0 (LWP 3922804) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  9    Thread 0x7febc01aa6c0 (LWP 3922807) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  10   Thread 0x7febc075c6c0 (LWP 3922793) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  11   Thread 0x7febc04756c0 (LWP 3922796) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+  12   Thread 0x7febc01eb6c0 (LWP 3922806) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  13   Thread 0x7febc022c6c0 (LWP 3922805) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+  14   Thread 0x7febc03f36c0 (LWP 3922798) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  15   Thread 0x7febc04346c0 (LWP 3922797) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  16   Thread 0x7febc03716c0 (LWP 3922800) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+  17   Thread 0x7febc04b66c0 (LWP 3922795) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  18   Thread 0x7febc02ae6c0 (LWP 3922803) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+  19   Thread 0x7febc03306c0 (LWP 3922801) 0x00007febc16de96c in read () from /usr/lib/libc.so.6
+```
+
+Each of those `read` and `send` threads look something similar to this one:
+
+```
+Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+```
+
+Which, at a guess, seems like there's maybe 20 different concurrent processes fighting over the singular [gdbstub state](https://gitlab.com/qemu-project/qemu/-/blob/master/gdbstub/gdbstub.c#L57)? Specifically, they're all stomping on each other by writing to the same [buffer](https://gitlab.com/qemu-project/qemu/-/blob/master/gdbstub/user.c#L136) and advancing the [current CPU list pointer](https://gitlab.com/qemu-project/qemu/-/blob/master/gdbstub/gdbstub.c#L1422), which causes the "bad packet" cross-talk and the segfault respectively.
+
+<details><summary>full backtrace</summary>
+
+```
+(gdb) thread apply all bt full
+
+Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 18 (Thread 0x7febc02ae6c0 (LWP 3922803)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 17 (Thread 0x7febc04b66c0 (LWP 3922795)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 16 (Thread 0x7febc03716c0 (LWP 3922800)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 15 (Thread 0x7febc04346c0 (LWP 3922797)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 14 (Thread 0x7febc03f36c0 (LWP 3922798)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 13 (Thread 0x7febc022c6c0 (LWP 3922805)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 12 (Thread 0x7febc01eb6c0 (LWP 3922806)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 11 (Thread 0x7febc04756c0 (LWP 3922796)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 10 (Thread 0x7febc075c6c0 (LWP 3922793)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 9 (Thread 0x7febc01aa6c0 (LWP 3922807)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 8 (Thread 0x7febc026d6c0 (LWP 3922804)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 7 (Thread 0x7febc04f76c0 (LWP 3922794)):
+#0  0x00007febc16f1d4c in send () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a994a in gdb_put_buffer () at ../qemu-8.0.0/gdbstub/user.c:82
+No locals.
+#2  0x00005582273aad23 in gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:161
+No locals.
+#3  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#4  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#5  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#6  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#7  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#8  0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#9  0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#10 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#11 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#12 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#13 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#14 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#15 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#16 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#17 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#18 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 6 (Thread 0x7febc01696c0 (LWP 3922808)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 5 (Thread 0x7febc0f5ebc0 (LWP 3922750)):
+#0  safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+No locals.
+#1  0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678
+No locals.
+#2  do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804
+No locals.
+#3  do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891
+No locals.
+#4  0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476
+No locals.
+#5  0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375
+No locals.
+#6  0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55
+No locals.
+#7  0x000055822728bfa1 in main () at ../qemu-8.0.0/linux-user/main.c:962
+No locals.
+
+Thread 4 (Thread 0x7febc0f5d6c0 (LWP 3922751)):
+#0  0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273cdcb3 in qemu_futex_wait () at /usr/src/debug/qemu/qemu-8.0.0/include/qemu/futex.h:29
+No locals.
+#2  qemu_event_wait () at ../qemu-8.0.0/util/qemu-thread-posix.c:464
+No locals.
+#3  0x00005582273d83ad in call_rcu_thread () at ../qemu-8.0.0/util/rcu.c:261
+No locals.
+#4  0x00005582273cde58 in qemu_thread_start () at ../qemu-8.0.0/util/qemu-thread-posix.c:541
+No locals.
+#5  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#6  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 3 (Thread 0x7febc03b26c0 (LWP 3922799)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 2 (Thread 0x7febc06db6c0 (LWP 3922792)):
+#0  safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+No locals.
+#1  0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678
+No locals.
+#2  do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804
+No locals.
+#3  do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891
+No locals.
+#4  0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476
+No locals.
+#5  0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375
+No locals.
+#6  0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55
+No locals.
+#7  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#8  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#9  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 1 (Thread 0x7febc02ef6c0 (LWP 3922802)):
+#0  gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282
+No locals.
+#1  0x00005582273ab774 in handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1411
+No locals.
+#2  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#3  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#4  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#5  0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#6  0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#7  gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#8  gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#9  0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#10 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#11 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#12 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#13 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#14 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#15 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+(gdb) thread apply all bt 
+
+Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 18 (Thread 0x7febc02ae6c0 (LWP 3922803)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 17 (Thread 0x7febc04b66c0 (LWP 3922795)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 16 (Thread 0x7febc03716c0 (LWP 3922800)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 15 (Thread 0x7febc04346c0 (LWP 3922797)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 14 (Thread 0x7febc03f36c0 (LWP 3922798)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 13 (Thread 0x7febc022c6c0 (LWP 3922805)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 12 (Thread 0x7febc01eb6c0 (LWP 3922806)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 11 (Thread 0x7febc04756c0 (LWP 3922796)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 10 (Thread 0x7febc075c6c0 (LWP 3922793)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 9 (Thread 0x7febc01aa6c0 (LWP 3922807)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 8 (Thread 0x7febc026d6c0 (LWP 3922804)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 7 (Thread 0x7febc04f76c0 (LWP 3922794)):
+#0  0x00007febc16f1d4c in send () from /usr/lib/libc.so.6
+#1  0x00005582273a994a in gdb_put_buffer () at ../qemu-8.0.0/gdbstub/user.c:82
+#2  0x00005582273aad23 in gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:161
+#3  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+#4  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+#5  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#6  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+#7  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+#8  0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#9  0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+#10 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+#11 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+#12 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+#13 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#14 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#15 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#16 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#17 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#18 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 6 (Thread 0x7febc01696c0 (LWP 3922808)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 5 (Thread 0x7febc0f5ebc0 (LWP 3922750)):
+#0  safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+#1  0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678
+#2  do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804
+#3  do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891
+#4  0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476
+#5  0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375
+#6  0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55
+#7  0x000055822728bfa1 in main () at ../qemu-8.0.0/linux-user/main.c:962
+
+Thread 4 (Thread 0x7febc0f5d6c0 (LWP 3922751)):
+#0  0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6
+#1  0x00005582273cdcb3 in qemu_futex_wait () at /usr/src/debug/qemu/qemu-8.0.0/include/qemu/futex.h:29
+#2  qemu_event_wait () at ../qemu-8.0.0/util/qemu-thread-posix.c:464
+#3  0x00005582273d83ad in call_rcu_thread () at ../qemu-8.0.0/util/rcu.c:261
+#4  0x00005582273cde58 in qemu_thread_start () at ../qemu-8.0.0/util/qemu-thread-posix.c:541
+#5  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#6  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 3 (Thread 0x7febc03b26c0 (LWP 3922799)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 2 (Thread 0x7febc06db6c0 (LWP 3922792)):
+#0  safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+#1  0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678
+#2  do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804
+#3  do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891
+#4  0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476
+#5  0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375
+#6  0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55
+#7  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#8  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#9  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+
+Thread 1 (Thread 0x7febc02ef6c0 (LWP 3922802)):
+#0  gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282
+#1  0x00005582273ab774 in handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1411
+#2  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#3  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+#4  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+#5  0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+#6  0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+#7  gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+#8  gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+#9  0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+#10 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+#11 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+#12 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+#13 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+#14 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+#15 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+(gdb) thread apply all bt full
+
+Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 18 (Thread 0x7febc02ae6c0 (LWP 3922803)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 17 (Thread 0x7febc04b66c0 (LWP 3922795)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 16 (Thread 0x7febc03716c0 (LWP 3922800)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 15 (Thread 0x7febc04346c0 (LWP 3922797)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 14 (Thread 0x7febc03f36c0 (LWP 3922798)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 13 (Thread 0x7febc022c6c0 (LWP 3922805)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 12 (Thread 0x7febc01eb6c0 (LWP 3922806)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 11 (Thread 0x7febc04756c0 (LWP 3922796)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 10 (Thread 0x7febc075c6c0 (LWP 3922793)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 9 (Thread 0x7febc01aa6c0 (LWP 3922807)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 8 (Thread 0x7febc026d6c0 (LWP 3922804)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 7 (Thread 0x7febc04f76c0 (LWP 3922794)):
+#0  0x00007febc16f1d4c in send () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a994a in gdb_put_buffer () at ../qemu-8.0.0/gdbstub/user.c:82
+No locals.
+#2  0x00005582273aad23 in gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:161
+No locals.
+#3  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#4  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#5  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#6  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#7  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#8  0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#9  0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#10 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#11 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#12 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#13 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#14 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#15 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#16 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#17 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#18 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 6 (Thread 0x7febc01696c0 (LWP 3922808)):
+#0  0x00007febc16de96c in read () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38
+No locals.
+#2  gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148
+No locals.
+#3  0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#4  0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#5  0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#6  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#7  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#8  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 5 (Thread 0x7febc0f5ebc0 (LWP 3922750)):
+#0  safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+No locals.
+#1  0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678
+No locals.
+#2  do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804
+No locals.
+#3  do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891
+No locals.
+#4  0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476
+No locals.
+#5  0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375
+No locals.
+#6  0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55
+No locals.
+#7  0x000055822728bfa1 in main () at ../qemu-8.0.0/linux-user/main.c:962
+No locals.
+
+Thread 4 (Thread 0x7febc0f5d6c0 (LWP 3922751)):
+#0  0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273cdcb3 in qemu_futex_wait () at /usr/src/debug/qemu/qemu-8.0.0/include/qemu/futex.h:29
+No locals.
+#2  qemu_event_wait () at ../qemu-8.0.0/util/qemu-thread-posix.c:464
+No locals.
+#3  0x00005582273d83ad in call_rcu_thread () at ../qemu-8.0.0/util/rcu.c:261
+No locals.
+#4  0x00005582273cde58 in qemu_thread_start () at ../qemu-8.0.0/util/qemu-thread-posix.c:541
+No locals.
+#5  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#6  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 3 (Thread 0x7febc03b26c0 (LWP 3922799)):
+#0  0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6
+No symbol table info available.
+#1  0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38
+No locals.
+#2  gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39
+No locals.
+#3  0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62
+No locals.
+#4  gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164
+No locals.
+#5  0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181
+No locals.
+#6  handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410
+No locals.
+#7  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#8  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#9  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 2 (Thread 0x7febc06db6c0 (LWP 3922792)):
+#0  safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75
+No locals.
+#1  0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678
+No locals.
+#2  do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804
+No locals.
+#3  do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891
+No locals.
+#4  0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476
+No locals.
+#5  0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375
+No locals.
+#6  0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55
+No locals.
+#7  0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#8  0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#9  0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+Thread 1 (Thread 0x7febc02ef6c0 (LWP 3922802)):
+#0  gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282
+No locals.
+#1  0x00005582273ab774 in handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1411
+No locals.
+#2  0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#3  0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673
+No locals.
+#4  handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661
+No locals.
+#5  0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838
+No locals.
+#6  0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856
+No locals.
+#7  gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953
+No locals.
+#8  gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113
+No locals.
+#9  0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153
+No locals.
+#10 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042
+No locals.
+#11 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153
+No locals.
+#12 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93
+No locals.
+#13 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621
+No locals.
+#14 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+#15 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6
+No symbol table info available.
+
+```
+
+</details>
+
+
+
+- coredump
+    - [core.qemu-riscv64.1000.efb558e6104b4cc5bfa37605fc9af294.3922750.1685497956000000.zst](/uploads/071fc96520ca4008941044802c176d6a/core.qemu-riscv64.1000.efb558e6104b4cc5bfa37605fc9af294.3922750.1685497956000000.zst)
+    - [qemu-riscv64](/uploads/f203d5aed8559d80c2d66e439bb4dddf/qemu-riscv64) (the binary the coredump was generated from)
+    - download both, extract corefile, use `DEBUGINFOD_URLS=https://debuginfod.archlinux.org gdb /path/to/qemu-riscv64 -c /tmp/coredump` to debug
+- reproducer
+    - [testb3.tar.xz](/uploads/84bdbb547e01527c3d804e0d88c6c9fe/testb3.tar.xz) (includes testb3 + sysroot to work with command line above)
+    - This binary is a cross-compiled `testb3` from [WebKit](https://github.com/WebKit/WebKit/blob/9755847ab1d40841374b2467b3036d943b723183/Source/JavaScriptCore/b3/testb3_1.cpp#L927) ; sorry, that's about all I know about it so far
+    - A GDB you might use to connect is [SiFive's](https://static.dev.sifive.com/dev-tools/riscv64-unknown-elf-gcc-8.1.0-2019.01.0-x86_64-linux-ubuntu14.tar.gz). I got more consistent segfaults with a more recent gdb (12.1), but I'm not sure how to tell you how to get that `gdb` besides "creating a riscv64 poky distribution" (what I did), which is likely not helpful.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1701821 b/results/classifier/zero-shot-user-mode/output/runtime/1701821
new file mode 100644
index 00000000..a4f6adbb
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1701821
@@ -0,0 +1,220 @@
+runtime: 0.368
+instruction: 0.354
+syscall: 0.278
+
+
+
+floating-point operation bugs in qemu-sh4
+
+When running the gnulib testsuite, I'm seeing test failures in the tests for libm functions
+  asinf
+  cbrtf
+  copysignf
+  coshf
+  expm1f
+  fabsf
+  floor
+  fmaf
+  ldexpf
+  logbf
+  round
+  roundf
+  sinhf
+  tanhf
+
+How to reproduce:
+- Using gnulib, run ./gnulib-tool --create-testdir --dir=../testdir-math --single-configure asinf cbrtf copysignf coshf expm1f fabsf floor fma fmaf fmal ldexpf logbf round roundf sinhf tanhf
+- Set environment variables for using qemu-sh4.
+- cd testdir-math; mkdir build-sh4; cd build-sh4; ./configure --host=sh4-linux; make; make check
+
+Here are the failures (from the file testdir-math/build-sh4/gltests/test-suite.log):
+
+
+FAIL: test-asinf
+================
+
+pc=0xf6751cdc sr=0x00000101 pr=0xf6758e86 fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6751cd6 fpul=0x3f19999a
+r0=0xf6751d88 r1=0x00000000 r2=0x00080000 r3=0x00000000
+r4=0xf6ffe21c r5=0xf6ffe230 r6=0xf6ffe2fc r7=0x00000000
+r8=0x3f19999a r9=0x3f19999a r10=0x00000000 r11=0x00000000
+r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe230
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-asinf (exit status: 1)
+
+FAIL: test-cbrtf
+================
+
+pc=0x00400980 sr=0x00000001 pr=0x00400684 fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0x00400960 fpul=0x00000000
+r0=0x00400ae8 r1=0x00412070 r2=0x3f19999a r3=0xf6ffe2c0
+r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000
+r8=0x00412064 r9=0x00400960 r10=0x00000000 r11=0x00000000
+r12=0xf671dc58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe21c
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-cbrtf (exit status: 1)
+
+FAIL: test-copysignf
+====================
+
+pc=0x004004ce sr=0x00000001 pr=0xf668d28c fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf6674678 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0x004004d2 fpul=0x00000000
+r0=0x80000000 r1=0x3f4ccccd r2=0xf6674284 r3=0xf6ffe2b0
+r4=0x00000001 r5=0xf6ffe2e4 r6=0xf6ffe2ec r7=0x00000000
+r8=0x00411088 r9=0x00411084 r10=0x00000000 r11=0x00000000
+r12=0xf67a8c58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe240
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+in conditional delay slot (delayed_pc=0x004004d2)
+Unhandled trap: 0x1a0
+FAIL test-copysignf (exit status: 1)
+
+FAIL: test-coshf
+================
+
+pc=0xf675223a sr=0x00000101 pr=0xf675223c fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf675231c fpul=0x3f19999a
+r0=0x3f19999a r1=0x3f19999a r2=0x000000e0 r3=0xf6ffe2c0
+r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000
+r8=0x00400734 r9=0x00000000 r10=0x00000000 r11=0x00000000
+r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe240
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+in delay slot (delayed_pc=0xf675231c)
+Unhandled trap: 0x1a0
+FAIL test-coshf (exit status: 1)
+
+FAIL: test-expm1f
+=================
+
+pc=0xf6757e08 sr=0x00000000 pr=0x004005ce fpscr=0x00081000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6757dfe fpul=0x00000000
+r0=0xf6757fb0 r1=0x00001000 r2=0x00080000 r3=0x3eb17218
+r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000
+r8=0x00400514 r9=0x00000064 r10=0x00400514 r11=0x00000000
+r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe234
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-expm1f (exit status: 1)
+
+FAIL: test-fabsf
+================
+
+pc=0x00400504 sr=0x00000001 pr=0xf660228c fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0x004004ec fpul=0x00000000
+r0=0x00400640 r1=0x00412074 r2=0x00000000 r3=0x00412078
+r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00080000
+r8=0x004007ac r9=0x00000000 r10=0x00000000 r11=0x00000000
+r12=0xf671dc58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe260
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-fabsf (exit status: 1)
+
+FAIL: test-floor2
+=================
+
+../../gltests/test-floor2.c:130: assertion 'correct_result_p (x, reference)' failed
+qemu: uncaught target signal 6 (Aborted) - core dumped
+FAIL test-floor2 (exit status: 134)
+
+FAIL: test-fmaf2
+================
+
+pc=0xf675f5ac sr=0x00000101 pr=0xf675f5a6 fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf675f5a6 fpul=0x01800000
+r0=0xf675f4a4 r1=0x000065b0 r2=0x00080000 r3=0x3f800000
+r4=0x01800000 r5=0x00000000 r6=0xffffffe9 r7=0x7f800000
+r8=0xffffff6b r9=0xf6ffe1e4 r10=0xf6ffe1e8 r11=0xffffff6b
+r12=0xf67ab008 r13=0xf6ffe1d8 r14=0x004004dc r15=0xf6ffe18c
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-fmaf2 (exit status: 1)
+
+FAIL: test-ldexpf
+=================
+
+pc=0xf669efa0 sr=0x00000001 pr=0xf669ef9a fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf6674678 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf669ef9a fpul=0x3f99999a
+r0=0xfffffdc6 r1=0x000c9d70 r2=0x00080000 r3=0x3f19999a
+r4=0x0019999a r5=0x3f19999a r6=0xffffffe9 r7=0x7f800000
+r8=0x00000001 r9=0x0040041c r10=0xf6ffe23c r11=0x00000000
+r12=0xf67a8c58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe218
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-ldexpf (exit status: 1)
+
+FAIL: test-logbf
+================
+
+pc=0xf675842c sr=0x00000001 pr=0x00400664 fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6758422 fpul=0x00000000
+r0=0xf6758480 r1=0x00000000 r2=0x00080000 r3=0x00080000
+r4=0x00000000 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000
+r8=0xf6ffe24c r9=0x0040054c r10=0x00000000 r11=0x00000000
+r12=0xf671dc58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe244
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-logbf (exit status: 1)
+
+FAIL: test-round2
+=================
+
+FAIL test-round2 (exit status: 1)
+
+FAIL: test-roundf2
+==================
+
+FAIL test-roundf2 (exit status: 1)
+
+FAIL: test-sinhf
+================
+
+pc=0xf675581c sr=0x00000101 pr=0xf675a784 fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6755858 fpul=0x3f19999a
+r0=0xf6755930 r1=0x317fffff r2=0x3f19999a r3=0xf6ffe2c0
+r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000
+r8=0x3f19999a r9=0x00000000 r10=0x00000000 r11=0x00000000
+r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe238
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+in conditional delay slot (delayed_pc=0xf6755858)
+Unhandled trap: 0x1a0
+FAIL test-sinhf (exit status: 1)
+
+FAIL: test-tanhf
+================
+
+pc=0xf6758ca4 sr=0x00000100 pr=0x0040057c fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6758c9a fpul=0x3f19999a
+r0=0xf6758d00 r1=0x00000000 r2=0x00080000 r3=0xf6ffe2c0
+r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000
+r8=0x3f19999a r9=0x00000000 r10=0x00000000 r11=0x00000000
+r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe254
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+Unhandled trap: 0x180
+FAIL test-tanhf (exit status: 1)
+
+
+I don't have access to sh4 hardware, so I cannot provide this as a comparison point.
+But most of the test failures don't look like "merely" a wrong computation by glibc.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1701971 b/results/classifier/zero-shot-user-mode/output/runtime/1701971
new file mode 100644
index 00000000..a15d1335
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1701971
@@ -0,0 +1,51 @@
+runtime: 0.428
+instruction: 0.336
+syscall: 0.236
+
+
+
+multithreading not working right under qemu user mode for sh4
+
+In a multithreaded program running under qemu-sh4 (version 2.9.0), thread termination and/or pthread_join is not working right.
+
+The attached program works natively on all kinds of platforms, and under qemu user mode emulation for at least alpha, armelhf, aarch64, powerpc64le.
+
+How to reproduce:
+- Compile the program: sh4-linux-gnu-gcc-5 -O -Wall -lpthread -o test-tls test-tls.c
+- Set environment variables for running qemu-sh4.
+- ~/inst-qemu/2.9.0/bin/qemu-sh4 test-tls
+
+Expected behaviour: After the "Worker xxxxx dying" line, the main() function prints "OK", and the program terminates.
+
+Actual behaviour (only on sh4): After the "Worker xxxxx dying" line, it hangs. Attaching gdb to qemu shows 15 threads with a stack trace like
+#0  safe_syscall_base () at /build/qemu-2.9.0/linux-user/host/x86_64/safe-syscall.inc.S:75
+#1  0x00005584f86f4c48 in safe_futex (uaddr=<optimized out>, op=op@entry=128, val=val@entry=2, timeout=<optimized out>, uaddr2=uaddr2@entry=0x0, 
+    val3=val3@entry=-161181992) at /build/qemu-2.9.0/linux-user/syscall.c:921
+#2  0x00005584f870353b in do_futex (val3=-161181992, uaddr2=4134624624, timeout=0, val=<optimized out>, op=<optimized out>, uaddr=<optimized out>)
+    at /build/qemu-2.9.0/linux-user/syscall.c:7147
+#3  do_syscall (cpu_env=<optimized out>, num=240, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=0, arg5=-160342672, 
+    arg6=-161181992, arg7=0, arg8=0) at /build/qemu-2.9.0/linux-user/syscall.c:11692
+#4  0x00005584f86f454a in cpu_loop (env=env@entry=0x5584fb3d04f8) at /build/qemu-2.9.0/linux-user/main.c:2676
+#5  0x00005584f86f5dd5 in clone_func (arg=0x7fff4d485c20) at /build/qemu-2.9.0/linux-user/syscall.c:6234
+#6  0x00007f08f05a46ba in start_thread (arg=0x7f08f1368700) at pthread_create.c:333
+#7  0x00007f08f02da3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
+
+and 1 thread with a stack trace like
+#0  safe_syscall_base () at /build/qemu-2.9.0/linux-user/host/x86_64/safe-syscall.inc.S:75
+#1  0x00005584f86f4c48 in safe_futex (uaddr=<optimized out>, op=op@entry=0, val=val@entry=18875, timeout=<optimized out>, uaddr2=uaddr2@entry=0x0, 
+    val3=val3@entry=-161180376) at /build/qemu-2.9.0/linux-user/syscall.c:921
+#2  0x00005584f870353b in do_futex (val3=-161180376, uaddr2=4135101768, timeout=0, val=<optimized out>, op=<optimized out>, uaddr=<optimized out>)
+    at /build/qemu-2.9.0/linux-user/syscall.c:7147
+#3  do_syscall (cpu_env=<optimized out>, num=240, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=0, arg5=-159865528, 
+    arg6=-161180376, arg7=0, arg8=0) at /build/qemu-2.9.0/linux-user/syscall.c:11692
+#4  0x00005584f86f454a in cpu_loop (env=0x5584fb3b99a8) at /build/qemu-2.9.0/linux-user/main.c:2676
+#5  0x00005584f86c12d3 in main (argc=<optimized out>, argv=0x7fff4d4878b8, envp=<optimized out>)
+    at /build/qemu-2.9.0/linux-user/main.c:4860
+
+and 1 thread with a stack trace like
+#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
+#1  0x00005584f876eab5 in qemu_futex_wait (val=<optimized out>, f=<optimized out>) at /build/qemu-2.9.0/include/qemu/futex.h:26
+#2  qemu_event_wait (ev=ev@entry=0x5584faa43d84 <rcu_call_ready_event>) at /build/qemu-2.9.0/util/qemu-thread-posix.c:399
+#3  0x00005584f87748ce in call_rcu_thread (opaque=<optimized out>) at /build/qemu-2.9.0/util/rcu.c:249
+#4  0x00007f08f05a46ba in start_thread (arg=0x7f08eff62700) at pthread_create.c:333
+#5  0x00007f08f02da3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1715162 b/results/classifier/zero-shot-user-mode/output/runtime/1715162
new file mode 100644
index 00000000..bef66ed1
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1715162
@@ -0,0 +1,78 @@
+runtime: 0.562
+instruction: 0.254
+syscall: 0.184
+
+
+
+qemu-user crashing when writing core dump
+
+I've a binary I'm running in qemux86-64 but it is segfaulting.  Whilst qemu writes the core dump for that, qemu itself is segfaulting.
+
+(gdb) bt full
+#0  0x00007efdd962e32e in sigsuspend () from /data/poky-tmp/master/build/sysroots-uninative/x86_64-linux/lib/libc.so.6
+No symbol table info available.
+#1  0x0000559176d74da4 in dump_core_and_abort (target_sig=target_sig@entry=11)
+    at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/signal.c:598
+        cpu = <optimized out>
+        env = <optimized out>
+        ts = 0x55917a42d160
+        core_dumped = <optimized out>
+        act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {18446744067267099647,
+              18446744073709551615 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x559100004010}
+#2  0x0000559176d75a38 in handle_pending_signal (cpu_env=cpu_env@entry=0x55917a41c2a0, sig=sig@entry=11,
+    k=k@entry=0x55917a42d190)
+    at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/signal.c:6596
+        handler = <optimized out>
+        set = {__val = {4294967297, 4294967297, 94083256460867, 14, 128, 0, 8, 3, 0, 1, 0, 4243635, 139628765215104,
+            94083255852784, 94083309703424, 3351315493}}
+        target_old_set = {sig = {0}}
+        sa = <optimized out>
+        ts = 0x55917a42d160
+#3  0x0000559176d765ac in process_pending_signals (cpu_env=<optimized out>)
+    at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/signal.c:6674
+        sig = 11
+        ts = 0x55917a42d160
+        set = {__val = {18446744067267100671, 18446744073709551615 <repeats 15 times>}}
+        blocked_set = <optimized out>
+#4  0x0000559176d5e0d8 in cpu_loop (env=0x55917a41c2a0)
+    at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/main.c:369
+        trapnr = 14
+        pc = <optimized out>
+        ret = <optimized out>
+        info = {si_signo = 11, si_errno = 0, si_code = 196609, _sifields = {_pad = {101897450, 192, -647518572, 32509,
+              842, 0, 1993519912, 21905, 2051194736, 21905, 1997320506, 21905, 2051195440, 21905, 1993546713, 0,
+              12767276, 64, 1997233696, 21905, 42, 0, 1997233824, 21905, 1997320464, 21905, 350755584, -1438022877},
+            _kill = {_pid = 101897450, _uid = 192}, _timer = {_timer1 = 101897450, _timer2 = 192}, _rt = {
+              _pid = 101897450, _uid = 192, _sigval = {sival_int = -647518572, sival_ptr = 139628739274388}},
+            _sigchld = {_pid = 101897450, _uid = 192, _status = -647518572, _utime = 842, _stime = 94083252138792},
+            _sigfault = {_addr = 824735618282}, _sigpoll = {_band = 101897450, _fd = 192}}}
+#5  0x0000559176d2a4b8 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
+    at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/main.c:4862
+        regs1 = {r15 = 0, r14 = 0, r13 = 0, r12 = 0, rbp = 0, rbx = 0, r11 = 0, r10 = 0, r9 = 0, r8 = 0, rax = 0,
+          rcx = 0, rdx = 0, rsi = 0, rdi = 0, orig_rax = 0, rip = 274888416832, cs = 0, eflags = 0,
+          rsp = 274888401360, ss = 0}
+        regs = 0x7ffda5b29fc0
+        info1 = {load_bias = 274888413184, load_addr = 274877906944, start_code = 274877906944,
+          end_code = 274877917360, start_data = 274880015120, end_data = 274880016400, start_brk = 0,
+          brk = 274880016472, start_mmap = 183251939328, start_stack = 274888401360, stack_limit = 274880024576,
+          entry = 274888416832, code_offset = 0, data_offset = 0, saved_auxv = 274888402256,
+          auxv_len = 18446744073709550728, arg_start = 274888401368, arg_end = 274888401408,
+          arg_strings = 274888402550, env_strings = 274888402788, file_string = 274888413067, elf_flags = 0,
+          personality = 0}
+        info = 0x7ffda5b2a070
+        bprm = {
+          buf = "\177ELF\002\001\001\000\000\000\000\000\000\000\000\000\003\000>\000\001\000\000\000@\016\000\000\000\000\000\000@\000\000\000\000\000\000\000\230`\002\000\000\000\000\000\000\000\000\000@\000\070\000\006\000@\000\027\000\026\000\001\000\000\000\005", '\000' <repeats 27 times>, "\264C\002\000\000\000\000\000\264C\002\000\000\000\000\000\000\000 \000\000\000\000\000\001\000\000\000\006\000\000\000\240G\002\000\000\000\000\000\240G\"\000\000\000\000\000\240G\"\000\000\000\000\000\330\027\000\000\000\000\000\000p\031\000\000\000\000\000\000\000\000 \000\000\000\000\000\002\000\000\000\006\000\000\000\030N\002\000\000\000\000\000\030N\"\000\000\000\000\000"..., p = 274888401360, fd = 3,
+          e_uid = 1000, e_gid = 1000, argc = 5, envc = 104, argv = 0x55917a42d120, envp = 0x55917a42a8f0,
+          filename = 0x7ffda5b2c683 "/data/poky-tmp/master/build/work/intel_corei7_64-poky-linux/core-image-weston/1.0-r0/rootfs/usr/bin/fc-cache", core_dump = 0x559176d76ed0 <elf_core_dump>}
+        ts = <optimized out>
+        env = 0x55917a41c2a0
+        cpu = 0x55917a414010
+        target_environ = 0x55917a42a8f0
+        wrk = 0x55917a42ac30
+        target_argv = 0x55917a42d120
+        target_argc = 5
+        i = <optimized out>
+        ret = <optimized out>
+        execfd = <optimized out>
+
+(I'll reproduce this with glibc debug symbols shortly)
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1727737 b/results/classifier/zero-shot-user-mode/output/runtime/1727737
new file mode 100644
index 00000000..515ca372
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1727737
@@ -0,0 +1,31 @@
+runtime: 0.466
+instruction: 0.361
+syscall: 0.173
+
+
+
+qemu-arm stalls on a GCC sanitizer test since qemu-2.7
+
+Hi,
+
+I have noticed that several GCC/sanitizer tests fail with timeout when executed under QEMU.
+
+After a bit of investigation, I have noticed that this worked with qemu-2.7, and started failing with qemu-2.8, and still fails with qemu-2.10.1
+
+I'm attaching a tarball containing:
+alloca_instruments_all_paddings.exe : the testcase, and the needed libs:
+lib/librt.so.1
+lib/libdl.so.2
+lib/ld-linux-armhf.so.3
+lib/libasan.so.5
+lib/libc.so.6
+lib/libgcc_s.so.1
+lib/libpthread.so.0
+lib/libm.so.6
+
+To reproduce the problem:
+$ qemu-arm -cpu any -R 0 -L $PWD $PWD/alloca_instruments_all_paddings.exe
+returns in less than a second with qemu-2.7, and never with qemu-2.8
+
+Using -d in_asm suggests that the program "almost" completes and qemu seems to stall on:
+0x40b6eb44: e08f4004 add r4, pc, r4
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1735384 b/results/classifier/zero-shot-user-mode/output/runtime/1735384
new file mode 100644
index 00000000..8d86321f
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1735384
@@ -0,0 +1,26 @@
+runtime: 0.605
+instruction: 0.296
+syscall: 0.098
+
+
+
+OpenJDK JVM segfaults on qemu-sh4 (regression)
+
+Some of the recent changes introduced a regression which makes the OpenJDK JVM crash on qemu-sh4:
+
+(sid-sh4-sbuild)root@nofan:/# java -version
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+Segmentation fault
+(sid-sh4-sbuild)root@nofan:/#
+
+An older version works fine:
+
+(sid-sh4-sbuild)root@nofan:/# java -version
+openjdk version "9.0.1"
+OpenJDK Runtime Environment (build 9.0.1+11-Debian-1)
+OpenJDK Zero VM (build 9.0.1+11-Debian-1, interpreted mode)
+(sid-sh4-sbuild)root@nofan:/#
+
+Haven't had time for bisecting this yet.
+
+Adrian
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1736 b/results/classifier/zero-shot-user-mode/output/runtime/1736
new file mode 100644
index 00000000..2cb604c6
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1736
@@ -0,0 +1,73 @@
+runtime: 0.431
+instruction: 0.330
+syscall: 0.239
+
+
+
+Invalid guest addr in debug output
+Description of problem:
+When using QEMU 7.1.0 the log file for the first translation block (not starting at 0) looks like this:
+(Note the `guest addr 0x00010000`)
+```
+IN: 
+0x00010000:  e1a00000  mov      r0, r0
+0x00010004:  e1a00000  mov      r0, r0
+0x00010008:  e1a00000  mov      r0, r0
+0x0001000c:  e1a00000  mov      r0, r0
+0x00010010:  e1a00000  mov      r0, r0
+0x00010014:  e1a00000  mov      r0, r0
+0x00010018:  e1a00000  mov      r0, r0
+0x0001001c:  e1a00000  mov      r0, r0
+0x00010020:  ea000005  b        #0x1003c
+
+OUT: [size=47]
+  -- guest addr 0x00010000 + tb prologue
+0x7f95a8000300:  8b 5d f0                 movl     -0x10(%rbp), %ebx
+0x7f95a8000303:  85 db                    testl    %ebx, %ebx
+0x7f95a8000305:  0f 8c 18 00 00 00        jl       0x7f95a8000323
+  -- guest addr 0x00010020
+0x7f95a800030b:  e9 00 00 00 00           jmp      0x7f95a8000310
+0x7f95a8000310:  c7 45 3c 3c 00 01 00     movl     $0x1003c, 0x3c(%rbp)
+0x7f95a8000317:  48 8d 05 22 ff ff ff     leaq     -0xde(%rip), %rax
+0x7f95a800031e:  e9 f5 fc ff ff           jmp      0x7f95a8000018
+0x7f95a8000323:  48 8d 05 19 ff ff ff     leaq     -0xe7(%rip), %rax
+0x7f95a800032a:  e9 e9 fc ff ff           jmp      0x7f95a8000018
+```
+
+For QEMU 7.2.0 and higher:
+(Note the `guest addr` is only the page offset.)
+```
+Trace 0: 0x7fe434000100 [00000400/00000000/00000020/ff200000] 
+----------------
+IN: 
+0x00010000:  e1a00000  mov      r0, r0
+0x00010004:  e1a00000  mov      r0, r0
+0x00010008:  e1a00000  mov      r0, r0
+0x0001000c:  e1a00000  mov      r0, r0
+0x00010010:  e1a00000  mov      r0, r0
+0x00010014:  e1a00000  mov      r0, r0
+0x00010018:  e1a00000  mov      r0, r0
+0x0001001c:  e1a00000  mov      r0, r0
+0x00010020:  ea000005  b        #0x1003c
+
+OUT: [size=52]
+  -- guest addr 0x00000000 + tb prologue
+0x7fe434000340:  8b 5d f0                 movl     -0x10(%rbp), %ebx
+0x7fe434000343:  85 db                    testl    %ebx, %ebx
+0x7fe434000345:  0f 8c 1d 00 00 00        jl       0x7fe434000368
+  -- guest addr 0x00000020
+0x7fe43400034b:  8b 5d 3c                 movl     0x3c(%rbp), %ebx
+0x7fe43400034e:  83 c3 3c                 addl     $0x3c, %ebx
+0x7fe434000351:  89 5d 3c                 movl     %ebx, 0x3c(%rbp)
+0x7fe434000354:  66 66 90                 nop      
+0x7fe434000357:  e9 00 00 00 00           jmp      0x7fe43400035c
+0x7fe43400035c:  48 8d 05 1d ff ff ff     leaq     -0xe3(%rip), %rax
+0x7fe434000363:  e9 b0 fc ff ff           jmp      0x7fe434000018
+0x7fe434000368:  48 8d 05 14 ff ff ff     leaq     -0xec(%rip), %rax
+0x7fe43400036f:  e9 a4 fc ff ff           jmp      0x7fe434000018
+```
+Steps to reproduce:
+1. Run the provided command line for any kernel / system image. (likely other architectures are affected as well)
+2. Look into the debug log.
+Additional information:
+While looking if this was already reported I found #1528 and #1697 which could potentially caused by this. It might as well be just an oversight in the debug output.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1737444 b/results/classifier/zero-shot-user-mode/output/runtime/1737444
new file mode 100644
index 00000000..1bdc7b16
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1737444
@@ -0,0 +1,99 @@
+runtime: 0.404
+instruction: 0.321
+syscall: 0.274
+
+
+
+gccgo setcontext conftest crashes qemu-sh4
+
+While testing gccgo on sh4 to add SH platform definitions to libgo, I discovered that the following conftest program which is part of the libgo configure script crashes on qemu-sh4:
+
+(sid-sh4-sbuild)root@z6:/# cat setcontext.c
+#include <pthread.h>                                                                                                                                                                                                                                                           
+#include <stdlib.h>                                                                                                                                                                                                                                                            
+#include <ucontext.h>                                                                                                                                                                                                                                                          
+#include <unistd.h>                                                                                                                                                                                                                                                            
+
+__thread int tls;
+
+static char stack[10 * 1024 * 1024];
+static ucontext_t c;
+
+/* Called via makecontext/setcontext.  */
+
+static void
+cfn (void)
+{
+  exit (tls);
+}
+
+/* Called via pthread_create.  */
+
+static void *
+tfn (void *dummy)
+{
+  /* The thread should still see this value after calling
+     setcontext.  */
+  tls = 0;
+
+  setcontext (&c);
+
+  /* The call to setcontext should not return.  */
+  abort ();
+}
+
+int
+main ()
+{
+  pthread_t tid;
+
+  /* The thread should not see this value.  */
+  tls = 1;
+
+  if (getcontext (&c) < 0)
+    abort ();
+
+  c.uc_stack.ss_sp = stack;
+#ifdef MAKECONTEXT_STACK_TOP                                                                                                                                                                                                                                                   
+  c.uc_stack.ss_sp += sizeof stack;
+#endif                                                                                                                                                                                                                                                                         
+  c.uc_stack.ss_flags = 0;
+  c.uc_stack.ss_size = sizeof stack;
+  c.uc_link = NULL;
+  makecontext (&c, cfn, 0);
+
+  if (pthread_create (&tid, NULL, tfn, NULL) != 0)
+    abort ();
+
+  if (pthread_join (tid, NULL) != 0)
+    abort ();
+
+  /* The thread should have called exit.  */
+  abort ();
+}
+
+(sid-sh4-sbuild)root@z6:/# gcc -o setcontext -lpthread setcontext.c
+(sid-sh4-sbuild)root@z6:/# ./setcontext 
+Unhandled trap: 0x180
+pc=0x7f69235e sr=0x00000000 pr=0x00400710 fpscr=0x00080000
+spc=0x00000000 ssr=0x00000000 gbr=0x7f658478 vbr=0x00000000
+sgr=0x00000000 dbr=0x00000000 delayed_pc=0x7f692320 fpul=0x00000000
+r0=0x00e11158 r1=0x00000000 r2=0x00000001 r3=0x7ffff2e0
+r4=0x00e11068 r5=0x7ffff314 r6=0x7ffff31c r7=0x00000000
+r8=0x004007b0 r9=0x00000000 r10=0x00000000 r11=0x00000000
+r12=0x7f79ac54 r13=0x00000000 r14=0x7ffff288 r15=0x7ffff288
+r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000
+r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000
+(sid-sh4-sbuild)root@z6:/#
+
+The same code works fine on my Renesas SH7785LCR evaluation board:
+
+root@tirpitz:~> uname -a
+Linux tirpitz 3.16.7-ckt7 #8 PREEMPT Fri Oct 21 18:47:41 CEST 2016 sh4a GNU/Linux
+root@tirpitz:~> gcc -o setcontext setcontext.c  -lpthread
+root@tirpitz:~> ./setcontext 
+root@tirpitz:~> echo $?
+0
+root@tirpitz:~>
+
+Due to this bug, it is not possible to compile gcc-7 with the Go frontend enabled on qemu-sh4.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1738545 b/results/classifier/zero-shot-user-mode/output/runtime/1738545
new file mode 100644
index 00000000..ed515377
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1738545
@@ -0,0 +1,37 @@
+runtime: 0.505
+instruction: 0.311
+syscall: 0.183
+
+
+
+Go binaries panic with "mmap errno 9" on qemu-user
+
+Go binaries panic with "mmap errno 9" on qemu-user.
+
+root@nofan:/# cat hello.go 
+package main
+
+import "fmt"
+
+func main() {
+    fmt.Println("hello world")
+}
+root@nofan:/# gccgo-7 hello.go -o hello
+root@nofan:/# ./hello 
+mmap errno 9
+fatal error: mmap
+
+runtime stack:
+mmap errno 9
+fatal error: mmap
+panic during panic
+
+runtime stack:
+mmap errno 9
+fatal error: mmap
+stack trace unavailable
+root@nofan:/#
+
+Tested with qemu from git master with Debian unstable for armel.
+
+Same binaries work fine on real hardware.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1756927 b/results/classifier/zero-shot-user-mode/output/runtime/1756927
new file mode 100644
index 00000000..4eb97bfb
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1756927
@@ -0,0 +1,24 @@
+runtime: 0.434
+instruction: 0.418
+syscall: 0.148
+
+
+
+ARMv7 LPAE: IFSR doesn't have the LPAE bit in case of BKPT
+
+When a user application triggers a 'bkpt' instruction while LPAE is used, the bit [9] of IFSR is not correctly set during the prefetch abort exception.
+
+You'll find attached a minimal example to reproduce the issue (just run 'make all').
+The output I get is:
+
+supervisor
+user
+prefetch
+short-descriptor
+
+The last entry should read 'long-descriptor'.
+
+
+Qemu revision: 48ae1f60d8c9a770e6da64407984d84e25253c69
+Ubuntu verison: 16.04 LTS
+Cross Compiler: gcc linaro 6.3.1-2017.02-x86_64_arm-eabi
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1761535 b/results/classifier/zero-shot-user-mode/output/runtime/1761535
new file mode 100644
index 00000000..7765e439
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1761535
@@ -0,0 +1,42 @@
+runtime: 0.414
+instruction: 0.342
+syscall: 0.244
+
+
+
+qemu-aarch64-static docker arm64v8/openjdk coredump
+
+I am using qemu-aarch64-static to run the arm64v8/openjdk official image on my x86 machine. Using QEMU master, I immediately hit a bug which hangs the container. With Ubuntu default version qemu-aarch64 version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.24) and qemu-aarch64 version 2.11.1 (v2.11.1-dirty) the hang does not take place.
+
+To reproduce (and get to the core dump):
+
+$ /tmp/tmptgyg3nvh/qemu-aarch64-static/qemu-aarch64-static -version
+qemu-aarch64 version 2.11.91 (v2.12.0-rc1-5-g47d3b60-dirty)
+Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
+
+$ docker run -it -v /tmp/tmptgyg3nvh/qemu-aarch64-static:/usr/bin/qemu-aarch64-static arm64v8/openjdk /bin/bash
+root@bf75cf45d311:/# javac
+Usage: javac <options> <source files>
+where possible options include:
+  -g                         Generate all debugging info
+<...snip...>
+  @<filename>                Read options and filenames from file
+
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+...TERMINAL HANGS...
+
+
+To get the core dump, In a separate terminal:
+
+# snapshot the file system of the hung image
+$ docker commit $(docker ps -aqf "name=latest_qemu") qemu_coredump
+
+# connect with known working qemu
+$ docker run -t -v /usr/bin/qemu-aarch64-static:/usr/bin/qemu-aarch64-static  -i qemu_coredump /bin/bash
+
+$$ ls -lat
+total 10608
+<snip>
+-rw-r--r--   1 root root 10792960 Mar 29 18:02 qemu_bash_20180329-180251_1.core
+drwxrwxrwt   5 root root     4096 Mar 29 18:02 tmp
+<snip>
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1765970 b/results/classifier/zero-shot-user-mode/output/runtime/1765970
new file mode 100644
index 00000000..aa965a51
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1765970
@@ -0,0 +1,67 @@
+runtime: 0.381
+instruction: 0.310
+syscall: 0.309
+
+
+
+qemu-arm (user mode) segfaults in uclibc-ng chroot after upgrade to 2.11.x
+
+I use a qemu-user chroot + binfmt to build software targetting a raspberry pi.  After upgrading from qemu-2.10.1 to 2.11.1 (Gentoo host), I noticed that on my uclibc-ng chroot qemu-arm will segfault when running python and importing the portage module.
+
+I have bisected qemu down to this commit:
+
+https://github.com/qemu/qemu/commit/18e80c55bb6ec17c05ec0ba717ec83933c2bfc07
+
+If I recompile and change MAX_RESERVED_VA (from the above commit) back to 0x77000000 the problem goes away.  NB I have no idea what that does, I just thought I'd see.
+
+
+Other arm chroots (glibc, musl) do not segfault with qemu-2.11, only the uclibc-ng one.  Not sure why.
+
+
+The following backtrace was generated from running qemu-arm in gdb and recreating the segfault:
+
+(gdb) where
+#0  0x0000000060726046 in static_code_gen_buffer ()
+#1  0x0000000060048789 in cpu_tb_exec (cpu=0x6278e310, 
+    itb=0x60725f80 <static_code_gen_buffer+314624>)
+    at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/accel/tcg/cpu-exec.c:167
+#2  0x000000006004937f in cpu_loop_exec_tb (cpu=0x6278e310, 
+    tb=0x60725f80 <static_code_gen_buffer+314624>, last_tb=0x7fffffffd138, 
+    tb_exit=0x7fffffffd130)
+    at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/accel/tcg/cpu-exec.c:627
+#3  0x0000000060049600 in cpu_exec (cpu=0x6278e310)
+    at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/accel/tcg/cpu-exec.c:736
+#4  0x00000000600511c3 in cpu_loop (env=0x627965b0)
+    at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/linux-user/main.c:585
+#5  0x00000000600534eb in main (argc=4, argv=0x7fffffffd9b8, 
+    envp=0x7fffffffd9e0)
+    at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/linux-user/main.c:4882
+
+
+
+(gdb) info reg
+rax            0x627965b0       1652123056
+rbx            0x62717870       1651603568
+rcx            0x606da000       1617797120
+rdx            0x60726000       1618108416
+rsi            0x60726000       1618108416
+rdi            0x627965b0       1652123056
+rbp            0x7fffffffd0c0   0x7fffffffd0c0
+rsp            0x7fffffffd080   0x7fffffffd080
+r8             0x0      0
+r9             0x2      2
+r10            0x0      0
+r11            0x629280a0       1653768352
+r12            0x60260e40       1613106752
+r13            0x0      0
+r14            0x606a5018       1617580056
+r15            0x0      0
+rip            0x60048789       0x60048789 <cpu_tb_exec+266>
+eflags         0x10282  [ SF IF RF ]
+cs             0x33     51
+ss             0x2b     43
+ds             0x0      0
+es             0x0      0
+fs             0x0      0
+gs             0x0      0
+(gdb)
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1774149 b/results/classifier/zero-shot-user-mode/output/runtime/1774149
new file mode 100644
index 00000000..d6ef1c07
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1774149
@@ -0,0 +1,82 @@
+runtime: 0.426
+syscall: 0.288
+instruction: 0.286
+
+
+
+qemu-user x86_64 x86 gdb call function from gdb doesn't work
+
+While running qemu user x86_64 x86 with gdb server, calling functions are not working.
+
+Here is how to reproduce it:
+
+run in a terminal:
+$ qemu-x86_64 -g 12345 -L / /bin/ls
+
+In another terminal run gdb:
+(gdb) file /bin/ls
+(gdb) target remote :12345
+(gdb) b _init
+(gdb) c
+(gdb) call malloc(1)
+Could not fetch register "fs_base"; remote failure reply 'E14'
+
+In other cases we also got the error:
+Could not fetch register "orig_rax"; remote failure reply 'E14'
+
+Here is how I patched it (it is only a workaround):
+
+diff --git a/gdbstub.c b/gdbstub.c
+index 2a94030..5749efe 100644
+--- a/gdbstub.c
++++ b/gdbstub.c
+@@ -668,6 +668,11 @@ static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
+             return r->get_reg(env, mem_buf, reg - r->base_reg);
+         }
+     }
++#ifdef TARGET_X86_64
++    return 8;
++#elif TARGET_I386
++    return 4;
++#endif
+     return 0;
+ }
+
+(Our guess for this issue was, gdb is requesting for 'fake' registers to know register size)
+
+Once we patched that, we got another problem while calling functions from gdb: We could call functions, but only once.
+
+Here is how to reproduce it:
+run in a terminal:
+$ qemu-x86_64 -g 12345 -L / /bin/ls
+
+In another terminal run gdb:
+(gdb) file /bin/ls
+(gdb) target remote :12345
+(gdb) b _init
+(gdb) c
+(gdb) call malloc(1)
+$1 = (void *) 0x620010
+(gdb) call malloc(1)
+Cannot access memory at address 0x40007ffb8f
+
+Here is how we patched it to make it work:
+
+diff --git a/exec.c b/exec.c
+index 03238a3..d303922 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2833,7 +2833,7 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
+         if (!(flags & PAGE_VALID))
+             return -1;
+         if (is_write) {
+-            if (!(flags & PAGE_WRITE))
++            if (!(flags & (PAGE_WRITE | PAGE_WRITE_ORG)))
+                 return -1;
+             /* XXX: this code should not depend on lock_user */
+             if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
+
+From what we saw, there is a page which is passed to read-only after first execution, and gdb need to write on that page to put a breakpoint. (on the stack)
+
+We suspect this is linked to this:
+https://qemu.weilnetz.de/w64/2012/2012-06-28/qemu-tech.html#Self_002dmodifying-code-and-translated-code-invalidation
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1779634 b/results/classifier/zero-shot-user-mode/output/runtime/1779634
new file mode 100644
index 00000000..5170c94d
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1779634
@@ -0,0 +1,41 @@
+runtime: 0.446
+instruction: 0.359
+syscall: 0.195
+
+
+
+qemu-x86_64 on aarch64 reports "Synchronous External Abort"
+
+Purpose: to run x86_64 utilities on aarch64 platform (Intel/Dell network adapters' firmware upgrade tools)
+System: aarch64 server platform, with ubuntu 16.04 (xenial) Linux 4.13.0-45-generic #50~16.04.1-Ubuntu SMP Wed May 30 11:14:25 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux
+
+Reproduce:
+1) build linux-user qemu-x86_64 static from source (tried both version 1.12.0 & 1.11.02)
+   ./configure --target-list=x86_64-linux-user --disable-system --static --enable-linux-user
+
+2) install the interpreter into binfmt_misc filesystem
+   $ cat /proc/sys/fs/binfmt_misc/qemu-x86_64
+     enabled
+     interpreter /usr/local/bin/qemu-x86_64
+     flags:
+     offset 0
+     magic 7f454c4602010100000000000000000002003e00
+     mask fffffffffffefefcfffffffffffffffffeffffff
+
+3) packaging Intel/Dell upgrade utilities into docker images, I've published two on docker hub:
+   REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+   heyi/dellupdate     latest              8e013f5511cd        6 hours ago         210MB
+   heyi/nvmupdate64e   latest              9d2de9d0edaa        3 days ago          451MB
+
+4) run the docker container on aarch64 server platform:
+   docker run -it --privileged --network host --volume /usr/local/bin/qemu-x86_64:/usr/local/bin/qemu-x86_64 heyi/dellupdate:latest
+
+5) finally, within docker container run the upgrade tool:
+   # ./Network_Firmware_T6VN9_LN_18.5.17_A00.BIN
+
+Errors: in dmesg it reports excessive 'Synchronous External Abort':
+
+kernel: [242850.159893] Synchronous External Abort: synchronous external abort (0x92000610) at 0x0000000000429958
+kernel: [242850.169199] Unhandled fault: synchronous external abort (0x92000610) at 0x0000000000429958
+
+thanks and best regards, Yi
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1808563 b/results/classifier/zero-shot-user-mode/output/runtime/1808563
new file mode 100644
index 00000000..097b7a43
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1808563
@@ -0,0 +1,23 @@
+runtime: 0.451
+instruction: 0.316
+syscall: 0.234
+
+
+
+Listing the contents of / lists QEMU_LD_PREFIX instead
+
+Seeing this in qemu-user version 3.1.0
+
+Demo:
+$ QEMU_LD_PREFIX=$(pwd)/usr/armv7a-cros-linux-gnueabi ../run/qemu-arm /tmp/coreutils --coreutils-prog=ls / 
+etc  lib  usr
+$ ls /
+boot  etc   lib     lib64   lost+found  mnt    root  sbin  sys  usr
+bin   dev   export  home    lib32       net    proc  run   tmp  var
+$ ls usr/armv7a-cros-linux-gnueabi
+etc  lib  usr
+
+In strace, the openat for "/" is remapped to the directory specified in QEMU_LD_PREFIX:
+[pid  5302] openat(AT_FDCWD, "/tmp/qemu/usr/armv7a-cros-linux-gnueabi", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
+
+As an aside, if I change the code to do chdir("/"); opendir("."); it works fine.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1813398 b/results/classifier/zero-shot-user-mode/output/runtime/1813398
new file mode 100644
index 00000000..20bfe63b
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1813398
@@ -0,0 +1,47 @@
+runtime: 0.375
+instruction: 0.351
+syscall: 0.274
+
+
+
+qemu user calls malloc after fork in multi-threaded process
+
+qemu user may hang in malloc on a musl based system because
+it calls malloc after fork (in a pthread_atfork handler)
+in the child process.
+
+this is undefined behaviour since the parent process is
+multi-threaded and only as-safe functions may be called
+in the child then. (if malloc/free is called concurrently
+with fork the malloc state will be corrupted in the child,
+it works on glibc because glibc takes the malloc locks
+before the fork syscall, but that breaks the as-safety of
+fork and thus non-conforming to posix)
+
+discussed at
+https://www.openwall.com/lists/musl/2019/01/26/1
+
+the bug is hard to reproduce (requires the call_rcu thread
+to call free concurrently with do_fork in the main thread),
+this one is observed with qemu-arm 3.1.0 running on x86_64
+executing an arm busybox sh:
+
+(gdb) bt
+#0  malloc (n=<optimized out>, n@entry=9) at src/malloc/malloc.c:306
+#1  0x0000000060184ad3 in g_malloc (n_bytes=n_bytes@entry=9) at gmem.c:99
+#2  0x000000006018bcab in g_strdup (str=<optimized out>, str@entry=0x60200abf "call_rcu") at gstrfuncs.c:363
+#3  0x000000006016e31d in qemu_thread_create (thread=thread@entry=0x7ffe367d1870, name=name@entry=0x60200abf "call_rcu", 
+    start_routine=start_routine@entry=0x60174c00 <call_rcu_thread>, arg=arg@entry=0x0, mode=mode@entry=1)
+    at /home/pmos/build/src/qemu-3.1.0/util/qemu-thread-posix.c:526
+#4  0x0000000060174b99 in rcu_init_complete () at /home/pmos/build/src/qemu-3.1.0/util/rcu.c:327
+#5  0x00000000601c4fac in __fork_handler (who=1) at src/thread/pthread_atfork.c:26
+#6  0x00000000601be8db in fork () at src/process/fork.c:33
+#7  0x000000006009d191 in do_fork (env=0x627aaed0, flags=flags@entry=17, newsp=newsp@entry=0, parent_tidptr=parent_tidptr@entry=0, 
+    newtls=newtls@entry=0, child_tidptr=child_tidptr@entry=0) at /home/pmos/build/src/qemu-3.1.0/linux-user/syscall.c:5528
+#8  0x00000000600af894 in do_syscall1 (cpu_env=cpu_env@entry=0x627aaed0, num=num@entry=2, arg1=arg1@entry=0, arg2=arg2@entry=-8700192, 
+    arg3=<optimized out>, arg4=8, arg5=1015744, arg6=-74144, arg7=0, arg8=0) at /home/pmos/build/src/qemu-3.1.0/linux-user/syscall.c:7042
+#9  0x00000000600a835c in do_syscall (cpu_env=cpu_env@entry=0x627aaed0, num=2, arg1=0, arg2=-8700192, arg3=<optimized out>, 
+    arg4=<optimized out>, arg5=1015744, arg6=-74144, arg7=0, arg8=0) at /home/pmos/build/src/qemu-3.1.0/linux-user/syscall.c:11533
+#10 0x00000000600c265f in cpu_loop (env=env@entry=0x627aaed0) at /home/pmos/build/src/qemu-3.1.0/linux-user/arm/cpu_loop.c:360
+#11 0x00000000600417a2 in main (argc=<optimized out>, argv=0x7ffe367d57b8, envp=<optimized out>)
+    at /home/pmos/build/src/qemu-3.1.0/linux-user/main.c:819
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1814128 b/results/classifier/zero-shot-user-mode/output/runtime/1814128
new file mode 100644
index 00000000..7529d07c
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1814128
@@ -0,0 +1,161 @@
+runtime: 0.398
+instruction: 0.326
+syscall: 0.275
+
+
+
+qemu-user fails to set up a reasonable brk for static-pie
+
+static pie binaries may not get a reasonable brk,
+with glibc this means they crash in early tls setup code:
+https://sourceware.org/bugzilla/show_bug.cgi?id=24152
+
+qemu seems to put brk at the end of the data segment,
+but if the stack starts (ends) right next to it then
+allocation with brk fails.
+
+in such situation i think qemu should arrange the
+stack or brk to be elsewhere so there is plenty
+space to grow (in case of glibc it's enough if tls
+setup works: later allocations can fall back to mmap).
+
+(ubuntu bionic x86_64 ldconfig.real from libc-bin package)
+$ qemu-x86_64 -strace -d page /sbin/ldconfig.real
+host mmap_min_addr=0x8000
+guest_base  0x0
+start            end              size             prot
+0000004000000000-00000040000f2000 00000000000f2000 r-x
+00000040000f2000-00000040002f2000 0000000000200000 ---
+00000040002f2000-00000040002fa000 0000000000008000 rw-
+00000040002fa000-00000040002fb000 0000000000001000 ---
+00000040002fb000-0000004000afb000 0000000000800000 rw-
+start_brk   0x0000000000000000
+end_code    0x00000040000f1ee8
+start_code  0x0000004000000000
+start_data  0x00000040002f2838
+end_data    0x00000040002f8518
+start_stack 0x0000004000afa130
+brk         0x00000040002f9dd8
+entry       0x0000004000009bc0
+argv_start  0x0000004000afa138
+env_start   0x0000004000afa148
+auxv_start  0x0000004000afa280
+28561 brk(NULL) = 0x00000040002fa000
+28561 brk(0x00000040002fb1c0) = 0x00000040002fa000
+--- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=0xffffffffffffffc0} ---
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+
+$ readelf -hldSW /tmp/ldconfig.real
+ELF Header:
+  Magic:   7f 45 4c 46 02 01 01 03 00 00 00 00 00 00 00 00 
+  Class:                             ELF64
+  Data:                              2's complement, little endian
+  Version:                           1 (current)
+  OS/ABI:                            UNIX - GNU
+  ABI Version:                       0
+  Type:                              DYN (Shared object file)
+  Machine:                           Advanced Micro Devices X86-64
+  Version:                           0x1
+  Entry point address:               0x9bc0
+  Start of program headers:          64 (bytes into file)
+  Start of section headers:          1022920 (bytes into file)
+  Flags:                             0x0
+  Size of this header:               64 (bytes)
+  Size of program headers:           56 (bytes)
+  Number of program headers:         8
+  Size of section headers:           64 (bytes)
+  Number of section headers:         38
+  Section header string table index: 37
+
+Section Headers:
+  [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
+  [ 0]                   NULL            0000000000000000 000000 000000 00      0   0  0
+  [ 1] .note.ABI-tag     NOTE            0000000000000200 000200 000020 00   A  0   0  4
+  [ 2] .note.gnu.build-id NOTE            0000000000000220 000220 000024 00   A  0   0  4
+  [ 3] .gnu.hash         GNU_HASH        0000000000000248 000248 00001c 00   A  4   0  8
+  [ 4] .dynsym           DYNSYM          0000000000000268 000268 000018 18   A  5   1  8
+  [ 5] .dynstr           STRTAB          0000000000000280 000280 000001 00   A  0   0  1
+  [ 6] .rela.dyn         RELA            0000000000000288 000288 008748 18   A  4   0  8
+  [ 7] .rela.plt         RELA            00000000000089d0 0089d0 000318 18  AI  4  27  8
+  [ 8] .init             PROGBITS        0000000000008ce8 008ce8 000017 00  AX  0   0  4
+  [ 9] .plt              PROGBITS        0000000000008d00 008d00 000270 10  AX  0   0 16
+  [10] .plt.got          PROGBITS        0000000000008f70 008f70 000060 08  AX  0   0  8
+  [11] .text             PROGBITS        0000000000008fd0 008fd0 0bd29c 00  AX  0   0 16
+  [12] __libc_freeres_fn PROGBITS        00000000000c6270 0c6270 0016b3 00  AX  0   0 16
+  [13] __libc_thread_freeres_fn PROGBITS        00000000000c7930 0c7930 00108f 00  AX  0   0 16
+  [14] .fini             PROGBITS        00000000000c89c0 0c89c0 000009 00  AX  0   0  4
+  [15] .rodata           PROGBITS        00000000000c89e0 0c89e0 01af08 00   A  0   0 32
+  [16] .stapsdt.base     PROGBITS        00000000000e38e8 0e38e8 000001 00   A  0   0  1
+  [17] .eh_frame_hdr     PROGBITS        00000000000e38ec 0e38ec 001f94 00   A  0   0  4
+  [18] .eh_frame         PROGBITS        00000000000e5880 0e5880 00c5b8 00   A  0   0  8
+  [19] .gcc_except_table PROGBITS        00000000000f1e38 0f1e38 0000b0 00   A  0   0  1
+  [20] .tdata            PROGBITS        00000000002f2838 0f2838 000028 00 WAT  0   0  8
+  [21] .tbss             NOBITS          00000000002f2860 0f2860 000040 00 WAT  0   0  8
+  [22] .init_array       INIT_ARRAY      00000000002f2860 0f2860 000010 08  WA  0   0  8
+  [23] .fini_array       FINI_ARRAY      00000000002f2870 0f2870 000010 08  WA  0   0  8
+  [24] .data.rel.ro      PROGBITS        00000000002f2880 0f2880 0034c4 00  WA  0   0 32
+  [25] .dynamic          DYNAMIC         00000000002f5d48 0f5d48 0001a0 10  WA  5   0  8
+  [26] .got              PROGBITS        00000000002f5ee8 0f5ee8 000110 08  WA  0   0  8
+  [27] .got.plt          PROGBITS        00000000002f6000 0f6000 000148 08  WA  0   0  8
+  [28] .data             PROGBITS        00000000002f6160 0f6160 001bd4 00  WA  0   0 32
+  [29] __libc_subfreeres PROGBITS        00000000002f7d38 0f7d38 000060 00  WA  0   0  8
+  [30] __libc_IO_vtables PROGBITS        00000000002f7da0 0f7da0 000768 00  WA  0   0 32
+  [31] __libc_atexit     PROGBITS        00000000002f8508 0f8508 000008 00  WA  0   0  8
+  [32] __libc_thread_subfreeres PROGBITS        00000000002f8510 0f8510 000008 00  WA  0   0  8
+  [33] .bss              NOBITS          00000000002f8520 0f8518 001890 00  WA  0   0 32
+  [34] __libc_freeres_ptrs NOBITS          00000000002f9db0 0f8518 000028 00  WA  0   0  8
+  [35] .note.stapsdt     NOTE            0000000000000000 0f8518 0014cc 00      0   0  4
+  [36] .gnu_debuglink    PROGBITS        0000000000000000 0f99e4 000034 00      0   0  4
+  [37] .shstrtab         STRTAB          0000000000000000 0f9a18 0001ab 00      0   0  1
+Key to Flags:
+  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
+  L (link order), O (extra OS processing required), G (group), T (TLS),
+  C (compressed), x (unknown), o (OS specific), E (exclude),
+  l (large), p (processor specific)
+
+Program Headers:
+  Type           Offset   VirtAddr           PhysAddr           FileSiz  MemSiz   Flg Align
+  LOAD           0x000000 0x0000000000000000 0x0000000000000000 0x0f1ee8 0x0f1ee8 R E 0x200000
+  LOAD           0x0f2838 0x00000000002f2838 0x00000000002f2838 0x005ce0 0x0075a0 RW  0x200000
+  DYNAMIC        0x0f5d48 0x00000000002f5d48 0x00000000002f5d48 0x0001a0 0x0001a0 RW  0x8
+  NOTE           0x000200 0x0000000000000200 0x0000000000000200 0x000044 0x000044 R   0x4
+  TLS            0x0f2838 0x00000000002f2838 0x00000000002f2838 0x000028 0x000068 R   0x8
+  GNU_EH_FRAME   0x0e38ec 0x00000000000e38ec 0x00000000000e38ec 0x001f94 0x001f94 R   0x4
+  GNU_STACK      0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0x10
+  GNU_RELRO      0x0f2838 0x00000000002f2838 0x00000000002f2838 0x0037c8 0x0037c8 R   0x1
+
+ Section to Segment mapping:
+  Segment Sections...
+   00     .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .rela.dyn .rela.plt .init .plt .plt.got .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata .stapsdt.base .eh_frame_hdr .eh_frame .gcc_except_table 
+   01     .tdata .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data __libc_subfreeres __libc_IO_vtables __libc_atexit __libc_thread_subfreeres .bss __libc_freeres_ptrs 
+   02     .dynamic 
+   03     .note.ABI-tag .note.gnu.build-id 
+   04     .tdata .tbss 
+   05     .eh_frame_hdr 
+   06     
+   07     .tdata .init_array .fini_array .data.rel.ro .dynamic .got 
+
+Dynamic section at offset 0xf5d48 contains 22 entries:
+  Tag        Type                         Name/Value
+ 0x000000000000000c (INIT)               0x8ce8
+ 0x000000000000000d (FINI)               0xc89c0
+ 0x0000000000000019 (INIT_ARRAY)         0x2f2860
+ 0x000000000000001b (INIT_ARRAYSZ)       16 (bytes)
+ 0x000000000000001a (FINI_ARRAY)         0x2f2870
+ 0x000000000000001c (FINI_ARRAYSZ)       16 (bytes)
+ 0x000000006ffffef5 (GNU_HASH)           0x248
+ 0x0000000000000005 (STRTAB)             0x280
+ 0x0000000000000006 (SYMTAB)             0x268
+ 0x000000000000000a (STRSZ)              1 (bytes)
+ 0x000000000000000b (SYMENT)             24 (bytes)
+ 0x0000000000000015 (DEBUG)              0x0
+ 0x0000000000000003 (PLTGOT)             0x2f6000
+ 0x0000000000000002 (PLTRELSZ)           792 (bytes)
+ 0x0000000000000014 (PLTREL)             RELA
+ 0x0000000000000017 (JMPREL)             0x89d0
+ 0x0000000000000007 (RELA)               0x288
+ 0x0000000000000008 (RELASZ)             34632 (bytes)
+ 0x0000000000000009 (RELAENT)            24 (bytes)
+ 0x000000006ffffffb (FLAGS_1)            Flags: PIE
+ 0x000000006ffffff9 (RELACOUNT)          1443
+ 0x0000000000000000 (NULL)               0x0
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1832353 b/results/classifier/zero-shot-user-mode/output/runtime/1832353
new file mode 100644
index 00000000..59863c3d
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1832353
@@ -0,0 +1,26 @@
+runtime: 0.445
+instruction: 0.371
+syscall: 0.184
+
+
+
+cpu_exec: Assertion !have_mmap_lock() failed
+
+Hi,
+
+I have isolated a testcase from the GCC testsuite (actually gfortran, test proc_ptr_51.f90) which produces tons of:
+
+qemu-arm: /home/christophe.lyon/src/qemu/accel/tcg/cpu-exec.c:701: cpu_exec: Assertion `!have_mmap_lock()' failed.
+
+including with master qemu as of today.
+
+I'm attaching a tarball containing:
+qemu-assert:
+cmd  lib  proc_ptr_51.exe
+
+qemu-assert/lib:
+ld-linux-armhf.so.3  libc.so.6  libgcc_s.so.1  libgfortran.so.5  libm.so.6
+
+where cmd is the basic command used to launch the test & reproduce the failure.
+
+Note that the test or the generated may actually be buggy: I have reported failures on native aarch64 and arm machines. Yet, qemu should not fail with a loop of asserts.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1836558 b/results/classifier/zero-shot-user-mode/output/runtime/1836558
new file mode 100644
index 00000000..f3c82047
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1836558
@@ -0,0 +1,54 @@
+runtime: 0.510
+instruction: 0.355
+syscall: 0.135
+
+
+
+Qemu-ppc Memory leak creating threads
+
+When creating c++ threads (with c++ std::thread), the resulting binary has memory leaks when running with qemu-ppc.
+
+Eg the following c++ program, when compiled with gcc, consumes more and more memory while running at qemu-ppc. (does not have memory leaks when compiling for Intel, when running same binary on real powerpc CPU hardware also no memory leaks).
+
+(Note I used function getCurrentRSS to show available memory, see https://stackoverflow.com/questions/669438/how-to-get-memory-usage-at-runtime-using-c; calls commented out here)
+
+Compiler: powerpc-linux-gnu-g++ (Debian 8.3.0-2) 8.3.0 (but same problem with older g++ compilers even 4.9)
+Os: Debian 10.0 ( Buster) (but same problem seen on Debian 9/stetch)
+qemu: qemu-ppc version 3.1.50
+
+
+
+---
+
+#include <iostream>
+#include <thread>
+#include <chrono>
+
+
+using namespace std::chrono_literals;
+
+// Create/run and join a 100 threads.
+void Fun100()
+{
+//    auto b4 = getCurrentRSS();
+//    std::cout << getCurrentRSS() << std::endl;
+    for(int n = 0; n < 100; n++)
+    {
+        std::thread t([]
+        {
+            std::this_thread::sleep_for( 10ms );
+        });
+//        std::cout << n << ' ' << getCurrentRSS() << std::endl;
+        t.join();
+    }
+    std::this_thread::sleep_for( 500ms ); // to give OS some time to wipe memory...
+//    auto after = getCurrentRSS();
+    std::cout << b4 << ' ' << after << std::endl;
+}
+
+
+int main(int, char **)
+{
+    Fun100();
+    Fun100();  // memory used keeps increasing
+}
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1840922 b/results/classifier/zero-shot-user-mode/output/runtime/1840922
new file mode 100644
index 00000000..fa1cf417
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1840922
@@ -0,0 +1,27 @@
+runtime: 0.440
+instruction: 0.413
+syscall: 0.147
+
+
+
+qemu-arm for cortex-m33 aborts with unhandled CPU exception 0x8
+
+Hi,
+
+While experimenting with running the GCC testsuite with cortex-m33 as target (to exercise v8-m code), I came across this failure:
+qemu: unhandled CPU exception 0x8 - aborting
+R00=fffeaf58 R01=fffeaf58 R02=00000000 R03=fffeaf5d
+R04=fffeaf5c R05=fffeaf9c R06=00000000 R07=fffeaf80
+R08=00000000 R09=00000000 R10=00019dbc R11=00000000
+R12=000000f0 R13=fffeaf58 R14=000081f3 R15=fffeaf5c
+XPSR=61000000 -ZC- T NS priv-thread
+qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x6033c908
+
+I'm using arm-eabi-gcc, so it targets bare-metal, not linux.
+
+The testcase is GCC's gcc/testsuite/gcc.c-torture/execute/20000822-1.c; it works when compiled at -O2, but crashes when compiled at -Os. The test uses nested functions, so it creates a trampoline on the stack, whose address may be a problem. But since the stack address seems to be in the same range in the O2 and Os cases, it's not that clear.
+
+I'm attaching the C source, asm, binary executables and qemu traces with in_asm,cpu.
+
+I execute the binaries with:
+qemu-arm --cpu cortex-m33  ./20000822-1.exe.Os
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1857 b/results/classifier/zero-shot-user-mode/output/runtime/1857
new file mode 100644
index 00000000..94c75b18
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1857
@@ -0,0 +1,58 @@
+runtime: 0.445
+instruction: 0.400
+syscall: 0.155
+
+
+
+Major qemu-aarch64 performance slowdown since commit 59b6b42cd3
+Description of problem:
+I have observed a major performance slowdown between qemu 8.0.0 and 8.1.0:
+
+
+qemu 8.0.0: 0.8s
+
+qemu 8.1.0: 6.8s
+
+
+After bisecting the commits between 8.0.0 and 8.1.0, the offending commit is 59b6b42cd3:
+
+
+commit 59b6b42cd3446862567637f3a7ab31d69c9bef51
+Author: Richard Henderson <richard.henderson@linaro.org>
+Date:   Tue Jun 6 10:19:39 2023 +0100
+
+    target/arm: Enable FEAT_LSE2 for -cpu max
+
+    Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+    Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+    Message-id: 20230530191438.411344-21-richard.henderson@linaro.org
+    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+
+
+Reverting the commit in latest master fixes the problem:
+
+qemu 8.0.0: 0.8s
+
+qemu 8.1.0: 6.8s
+
+qemu master + revert 59b6b42cd3: 0.8s
+
+Alternatively, specify `-cpu cortex-a35` to disable LSE2:
+
+`time ./qemu-aarch64 -cpu cortex-a35`: 0.8s
+
+`time ./qemu-aarch64`: 6.77s
+
+The slowdown is also observed when running qemu-aarch64 on aarch64 machine:
+
+`time ./qemu-aarch64 /usr/bin/node -e 1`: 2.91s
+
+`time ./qemu-aarch64 -cpu cortex-a35 /usr/bin/node -e 1`: 1.77s
+
+The slowdown on x86_64 machine is small: 362ms -> 378ms.
+Steps to reproduce:
+1. Run `time ./qemu-aarch64 node-aarch64 -e 1` (node-aarch64 is NodeJS v16 built for AArch64)
+2. Using qemu master, the output says `0.8s`
+3. Using qemu master with commit 59b6b42cd3 reverted, the output says `6.77s`
+Additional information:
+
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1860610 b/results/classifier/zero-shot-user-mode/output/runtime/1860610
new file mode 100644
index 00000000..5175015b
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1860610
@@ -0,0 +1,13 @@
+runtime: 0.462
+instruction: 0.327
+syscall: 0.211
+
+
+
+cap_disas_plugin leaks memory
+
+Looking at origin/master head, the function cap_disas_plugin leaks memory.
+
+per capstone's examples using their ABI, cs_free(insn, count); needs to called just before cs_close.
+
+I discovered this running qemu under valgrind.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1880225 b/results/classifier/zero-shot-user-mode/output/runtime/1880225
new file mode 100644
index 00000000..287a1c10
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1880225
@@ -0,0 +1,143 @@
+runtime: 0.409
+instruction: 0.389
+syscall: 0.202
+
+
+
+Emulation of some arm programs fail with "Assertion `have_guest_base' failed."
+
+This issue is observer with QEMU ToT, checked out around May 15th (but I believe it is present in current master too), and wasn't present in QEMU v5.0.0.
+
+I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host.
+
+Arm cross-compiler is a standard cross-compiler that comes with Debian-based distributions, and gcc version is:
+
+$ arm-linux-gnueabi-gcc --version
+arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0
+
+Compile this program with cross compiler:
+
+$ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o toupper_string-arm
+
+Emulation with QEMU v5.0.0 is correct, and gives expected output:
+
+$ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
+CONTROL RESULT: (toupper_string)
+ nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx xpklorellnmpapq
+ NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX XPKLORELLNMPAPQ
+
+While, in case of QEMU master it fails:
+
+$ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
+qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294: probe_guest_base: Assertion `have_guest_base' failed.
+Aborted
+
+There are many other programs that exibit the same behavior. The failure is arm-sprecific.
+
+
+-----------------------------------------------------
+
+source code: (let's call this file toupper_string.c) (similar file is also in attachment)
+
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <unistd.h>
+
+
+#define MAX_STRING_LENGHT              15
+#define NUMBER_OF_RANDOM_STRINGS       100
+#define DEFAULT_NUMBER_OF_REPETITIONS  30000
+#define MAX_NUMBER_OF_REPETITIONS      1000000000
+#define NUMBER_OF_CONTROL_PRINT_ITEMS  5
+
+/* Structure for keeping an array of strings */
+struct StringStruct {
+    char chars[MAX_STRING_LENGHT + 1];
+};
+
+/**
+ * Sets characters of the given string to random small letters a-z.
+ * @param s String to get random characters.
+ * @len Length of the input string.
+ */
+static void gen_random_string(char *chars, const int len)
+{
+    static const char letters[] = "abcdefghijklmnopqrstuvwxyz";
+
+    for (size_t i = 0; i < len; i++) {
+        chars[i] = letters[rand() % (sizeof(letters) - 1)];
+    }
+    chars[len] = 0;
+}
+
+void main (int argc, char* argv[])
+{
+    struct StringStruct random_strings[NUMBER_OF_RANDOM_STRINGS];
+    struct StringStruct strings_to_be_uppercased[NUMBER_OF_RANDOM_STRINGS];
+    int32_t number_of_repetitions = DEFAULT_NUMBER_OF_REPETITIONS;
+    int32_t option;
+
+    /* Parse command line options */
+    while ((option = getopt(argc, argv, "n:")) != -1) {
+        if (option == 'n') {
+            int32_t user_number_of_repetitions = atoi(optarg);
+            /* Check if the value is a negative number */
+            if (user_number_of_repetitions < 1) {
+                fprintf(stderr, "Error ... Value for option '-n' cannot be a "
+                                "negative number.\n");
+                exit(EXIT_FAILURE);
+            }
+            /* Check if the value is a string or zero */
+            if (user_number_of_repetitions == 0) {
+                fprintf(stderr, "Error ... Invalid value for option '-n'.\n");
+                exit(EXIT_FAILURE);
+            }
+            /* Check if the value is too large */
+            if (user_number_of_repetitions > MAX_NUMBER_OF_REPETITIONS) {
+                fprintf(stderr, "Error ... Value for option '-n' cannot be "
+                                "more than %d.\n", MAX_NUMBER_OF_REPETITIONS);
+                exit(EXIT_FAILURE);
+            }
+            number_of_repetitions = user_number_of_repetitions;
+        } else {
+            exit(EXIT_FAILURE);
+        }
+    }
+
+    /* Create an array of strings with random content */
+    srand(1);
+    for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
+        gen_random_string(random_strings[i].chars, MAX_STRING_LENGHT);
+    }
+
+    /* Perform uppercasing of a set of random strings multiple times */
+    for (size_t j = 0; j < number_of_repetitions; j++) {
+        /* Copy initial set of random strings to the set to be uppercased */
+        memcpy(strings_to_be_uppercased, random_strings,
+               NUMBER_OF_RANDOM_STRINGS * (MAX_STRING_LENGHT + 1));
+        /* Do actual changing case to uppercase */
+        for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
+            int k = 0;
+  
+            while (strings_to_be_uppercased[i].chars[k]) { 
+                char ch = strings_to_be_uppercased[i].chars[k] - 32; 
+                memcpy((void *)strings_to_be_uppercased[i].chars + k,
+                       &ch, 1);
+                k++; 
+            } 
+        }
+    }
+
+    /* Control printing */
+    printf("CONTROL RESULT: (toupper_string)\n");
+    for (size_t i = 0; i < NUMBER_OF_CONTROL_PRINT_ITEMS; i++) {
+        printf(" %s", random_strings[i].chars);
+    }
+    printf("\n");
+    for (size_t i = 0; i < NUMBER_OF_CONTROL_PRINT_ITEMS; i++) {
+        printf(" %s", strings_to_be_uppercased[i].chars);
+    }
+    printf("\n");
+}
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1884719 b/results/classifier/zero-shot-user-mode/output/runtime/1884719
new file mode 100644
index 00000000..e6bf1d15
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1884719
@@ -0,0 +1,138 @@
+runtime: 0.494
+instruction: 0.352
+syscall: 0.155
+
+
+
+Function not implemented when using libaio
+
+Hello
+
+I experience "Function not implemented" errors when trying to use Linux libaio library in foreign architecture, e.g. aarch64.
+
+I've faced this problem while using https://github.com/multiarch/qemu-user-static, i.e. Docker+QEMU. 
+I understand that I do not use plain QEMU and you may count this report as a "distribution of QEMU"! Just let me know what are the steps to test it with plain QEMU and I will test and update this ticket!
+
+
+Here are the steps to reproduce the issue:
+
+1) On x86_64 machine register QEMU: 
+
+    `docker run -it --rm --privileged multiarch/qemu-user-static --reset --credential yes --persistent yes`
+
+2) Start a Docker image with foreign CPU architecture, e.g. aarch64
+
+    `docker run -it arm64v8/centos:8 bash`
+
+3) Inside the Docker container install GCC and libaio
+
+    `yum install gcc libaio libaio-devel`
+
+4) Compile the following C program
+
+```
+#include <stdio.h>
+#include <errno.h>
+#include <libaio.h>
+#include <stdlib.h>
+
+struct io_control {
+    io_context_t ioContext;
+};
+
+int main() {
+    int queueSize = 10;
+
+    struct io_control * theControl = (struct io_control *) malloc(sizeof(struct io_control));
+    if (theControl == NULL) {
+        printf("theControl is NULL");
+        return 123;
+    }
+
+    int res = io_queue_init(queueSize, &theControl->ioContext);
+    io_queue_release(theControl->ioContext);
+    free(theControl);
+    printf("res is: %d", res);
+}
+```
+
+    ```
+    cat > test.c
+        [PASTE THE CODE ABOVE HERE]
+    ^D
+    ```
+
+    `gcc test.c -o out -laio && ./out`
+
+
+When executed directly on aarch64 machine (i.e. without emulation) or on x86_64 Docker image (e.g. centos:8) it prints `res is: 0`, i.e. it successfully initialized a LibAIO queue.
+
+But when executed on Docker image with foreign/emulated CPU architecture it prints `res is: -38` (ENOSYS). `man io_queue_init` says that error ENOSYS is returned when "Not implemented."
+
+Environment:
+
+QEMU version: 5.0.0.2  (https://github.com/multiarch/qemu-user-static/blob/master/.travis.yml#L24-L28)
+Container application: Docker
+Output of `docker --version`:
+
+```
+Client:
+ Version:           19.03.8
+ API version:       1.40
+ Go version:        go1.13.8
+ Git commit:        afacb8b7f0
+ Built:             Wed Mar 11 23:42:35 2020
+ OS/Arch:           linux/amd64
+ Experimental:      false
+
+Server:
+ Engine:
+  Version:          19.03.8
+  API version:      1.40 (minimum version 1.12)
+  Go version:       go1.13.8
+  Git commit:       afacb8b7f0
+  Built:            Wed Mar 11 22:48:33 2020
+  OS/Arch:          linux/amd64
+  Experimental:     false
+ containerd:
+  Version:          1.3.3-0ubuntu2
+  GitCommit:        
+ runc:
+  Version:          spec: 1.0.1-dev
+  GitCommit:        
+ docker-init:
+  Version:          0.18.0
+  GitCommit:        
+```
+
+Same happens with Ubuntu (arm64v8/ubuntu:focal).
+
+I've tried to `strace` it but :
+
+```
+/usr/bin/strace: ptrace(PTRACE_TRACEME, ...): Function not implemented
+/usr/bin/strace: PTRACE_SETOPTIONS: Function not implemented
+/usr/bin/strace: detach: waitpid(112): No child processes
+/usr/bin/strace: Process 112 detached
+```
+
+Here are the steps to reproduce the problem with strace:
+
+     ```
+     docker run --rm -it --security-opt seccomp:unconfined --security-opt apparmor:unconfined --privileged --cap-add ALL arm64v8/centos:8 bash
+
+     yum install -y strace`
+
+     strace echo Test
+     ```
+
+Note: I used --privileged, disabled seccomp and apparmor, and added all capabilities
+
+Disabling security solves the "Permission denied" problem but then comes the "Not implemented" one.
+
+
+Any idea what could be the problem and how to work it around ?
+I've googled a lot but I wasn't able to find any problems related to libaio on QEMU.
+
+Thank you!
+Martin
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1895305 b/results/classifier/zero-shot-user-mode/output/runtime/1895305
new file mode 100644
index 00000000..f6a6fa98
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1895305
@@ -0,0 +1,54 @@
+runtime: 0.442
+instruction: 0.398
+syscall: 0.160
+
+
+
+pthread_cancel fails with "RT33" with musl libc
+
+From my testing it seems that QEMU built against musl libc crashes on pthread_cancel cancel calls - if the binary is also built with musl libc.
+
+Minimal sample:
+
+#include <pthread.h>
+#include <stdio.h>
+#include <unistd.h>
+void* threadfunc(void* ignored) {
+	while (1) {
+		pause();
+	}
+	return NULL;
+}
+int main() {
+	pthread_t thread;
+	pthread_create(&thread, NULL, &threadfunc, NULL);
+	sleep(1);
+	pthread_cancel(thread);
+	printf("OK, alive\n");
+}
+
+In an Alpine Linux aarch64 chroot (on an x86_64 host) the binary will just output RT33 and has exit code 161.
+
+Using qemu-aarch64 on an x86_64 host results in the output (fish shell)
+  fish: “qemu-aarch64-static ./musl-stat…” terminated by signal Unknown (Unknown)
+or (bash)
+  Real-time signal 2
+
+and exit code 164.
+
+It doesn't matter whether the binary is linked dynamically or static. You can see my test results in the following table:
+
+|                      | QEMU glibc | QEMU musl |
+|----------------------|------------|-----------|
+| binary glibc dynamic | ✓          | ✓         |
+| binary glibc static  | ✓          | ✓         |
+| binary musl dynamic  | ✓          | ✗         |
+| binary musl static   | ✓          | ✗         |
+
+Both QEMU builds are v5.1.0 (glibc v2.32 / musl v1.2.1)
+
+I've uploaded all my compile and test commands (plus a script to conveniently run them all) to https://github.com/z3ntu/qemu-pthread_cancel . It also includes the built binaries if needed. The test script output can be found at https://github.com/z3ntu/qemu-pthread_cancel/blob/master/results.txt
+
+Further links:
+- https://gitlab.com/postmarketOS/pmaports/-/issues/190#note_141902075
+- https://gitlab.com/postmarketOS/pmbootstrap/-/issues/1970
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1907817 b/results/classifier/zero-shot-user-mode/output/runtime/1907817
new file mode 100644
index 00000000..1e41eee0
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1907817
@@ -0,0 +1,49 @@
+runtime: 0.346
+syscall: 0.328
+instruction: 0.326
+
+
+
+qemu-aarch64 tcg assertion v5.2.0
+
+After updating to 5.2 I am getting following assertion error:
+qemu-aarch64: ../tcg/tcg-op-gvec.c:54: check_size_align: Assertion `(maxsz & max_align) == 0' failed.
+
+I think it was introduced by commit: e2e7168a214b0ed98dc357bba96816486a289762
+
+Becasue before this change, in function simd_desc only maxsz % 8 == 0 was checked, but after this change qemu check for following:
+ 
+max_align = maxsz >= 16 ? 15 : 7;
+tcg_debug_assert((maxsz & max_align) == 0);  <--- here assertion happens
+
+in my case maxsz=56.
+
+
+Whole backtrace:
+#4  0x0000004000314770 in check_size_align (oprsz=56, maxsz=56, ofs=0) at ../tcg/tcg-op-gvec.c:54
+#5  0x0000004000314950 in simd_desc (oprsz=56, maxsz=56, data=0) at ../tcg/tcg-op-gvec.c:89
+#6  0x0000004000316270 in do_dup (vece=0, dofs=3144, oprsz=56, maxsz=56, in_32=0x0, in_64=0x0, in_c=0) at ../tcg/tcg-op-gvec.c:630
+#7  0x00000040003164d0 in expand_clr (dofs=3144, maxsz=56) at ../tcg/tcg-op-gvec.c:679
+#8  0x0000004000319bb0 in tcg_gen_gvec_mov (vece=3, dofs=3136, aofs=3136, oprsz=8, maxsz=64) at ../tcg/tcg-op-gvec.c:1538
+#9  0x0000004000200dc0 in clear_vec_high (s=0x40021a8180, is_q=false, rd=0) at ../target/arm/translate-a64.c:592
+#10 0x0000004000200e40 in write_fp_dreg (s=0x40021a8180, reg=0, v=0x1108) at ../target/arm/translate-a64.c:600
+--Type <RET> for more, q to quit, c to continue without paging--
+#11 0x0000004000200e90 in write_fp_sreg (s=0x40021a8180, reg=0, v=0x1060) at ../target/arm/translate-a64.c:608
+#12 0x0000004000214210 in handle_fpfpcvt (s=0x40021a8180, rd=0, rn=0, opcode=2, itof=true, rmode=0, scale=64, sf=0, type=0)
+    at ../target/arm/translate-a64.c:6988
+#13 0x0000004000214f90 in disas_fp_int_conv (s=0x40021a8180, insn=505544704) at ../target/arm/translate-a64.c:7299
+#14 0x0000004000215350 in disas_data_proc_fp (s=0x40021a8180, insn=505544704) at ../target/arm/translate-a64.c:7389
+#15 0x000000400022aa70 in disas_data_proc_simd_fp (s=0x40021a8180, insn=505544704) at ../target/arm/translate-a64.c:14494
+#16 0x000000400022af90 in disas_a64_insn (env=0x7fac59b6b490, s=0x40021a8180) at ../target/arm/translate-a64.c:14663
+#17 0x000000400022b750 in aarch64_tr_translate_insn (dcbase=0x40021a8180, cpu=0x7fac59b63150) at ../target/arm/translate-a64.c:14823
+#18 0x00000040002e8630 in translator_loop (ops=0x4000902e00 <aarch64_translator_ops>, db=0x40021a8180, cpu=0x7fac59b63150, 
+    tb=0x7fac3419c5c0, max_insns=512) at ../accel/tcg/translator.c:103
+#19 0x00000040002e3a60 in gen_intermediate_code (cpu=0x7fac59b63150, tb=0x7fac3419c5c0, max_insns=512)
+    at ../target/arm/translate.c:9283
+#20 0x00000040002fed30 in tb_gen_code (cpu=0x7fac59b63150, pc=4458820, cs_base=0, flags=2148544819, cflags=-16777216)
+    at ../accel/tcg/translate-all.c:1744
+#21 0x000000400036a6e0 in tb_find (cpu=0x7fac59b63150, last_tb=0x7fac3419c400, tb_exit=0, cf_mask=0) at ../accel/tcg/cpu-exec.c:414
+--Type <RET> for more, q to quit, c to continue without paging--
+#22 0x000000400036b040 in cpu_exec (cpu=0x7fac59b63150) at ../accel/tcg/cpu-exec.c:770
+#23 0x0000004000113a90 in cpu_loop (env=0x7fac59b6b490) at ../linux-user/aarch64/cpu_loop.c:84
+#24 0x00000040002fb8c0 in main (argc=2, argv=0x40021a8e68, envp=0x40021a8e80) at ../linux-user/main.c:864
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1910 b/results/classifier/zero-shot-user-mode/output/runtime/1910
new file mode 100644
index 00000000..3518e738
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1910
@@ -0,0 +1,68 @@
+runtime: 0.342
+instruction: 0.339
+syscall: 0.319
+
+
+
+Signal handlers in x86_64 userspace have wrongly aligned stack
+Description of problem:
+Various applications crash in signal handlers due to `movaps` getting a misaligned stack address. For some reason this is reported as a NULL deref, but `gdb` clearly shows the true cause.
+
+```plaintext
+> qemu-x86_64 /usr/bin/ruby -e '`true`'
+-e:1: [BUG] Segmentation fault at 0x0000000000000000
+ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux-gnu]
+
+-- Control frame information -----------------------------------------------
+c:0003 p:---- s:0011 e:000010 CFUNC  :`
+c:0002 p:0005 s:0006 e:000005 EVAL   -e:1 [FINISH]
+c:0001 p:0000 s:0003 E:0015b0 DUMMY  [FINISH]
+
+-- Ruby level backtrace information ----------------------------------------
+-e:1:in `<main>'
+-e:1:in ``'
+
+-- Machine register context ------------------------------------------------
+ RIP: 0x00002aaaab50f98a RBP: 0x00002aaaabb136b8 RSP: 0x00002aaaab2a9c98
+ RAX: 0x0000000000000000 RBX: 0x0000000000004946 RCX: 0x0000000000000000
+ RDX: 0x00002aaaab2a9c98 RDI: 0x000000000caf0000 RSI: 0x0000000000000000
+  R8: 0x00002aaaab2aaa50  R9: 0x0000000000000050 R10: 0x0000000000000008
+ R11: 0x0000000000000000 R12: 0x0000000000000002 R13: 0x0000000000007310
+ R14: 0x0000000000005e10 R15: 0x00002aaab0537f20 EFL: 0x0000000000000246
+
+-- C level backtrace information -------------------------------------------
+```
+
+```plaintext
+(gdb) x/i $pc
+=> 0x2aaaab50f98a:      movaps %xmm0,(%rsp)
+(gdb) p/x $rsp
+$3 = 0x2aaaab2a9998
+```
+Steps to reproduce:
+1. ```qemu-x86_64 /usr/bin/ruby -e '`true`'```
+Additional information:
+The x86_64 psABI says:
+
+> the value (%rsp − 8) is always a multiple of 16 when control is transferred to the function entry point.
+
+However, when QEMU jumps to the signal handler, $rsp is aligned to 16B, i.e. ends in `0x..0`.
+
+The relevant kernel code:
+
+https://elixir.bootlin.com/linux/v6.5.5/source/arch/x86/kernel/signal.c#L123
+
+```plaintext
+	sp -= frame_size;
+
+	if (ia32_frame)
+		/*
+		 * Align the stack pointer according to the i386 ABI,
+		 * i.e. so that on function entry ((sp + 4) & 15) == 0.
+		 */
+		sp = ((sp + 4) & -FRAME_ALIGNMENT) - 4;
+	else
+		sp = round_down(sp, FRAME_ALIGNMENT) - 8;
+```
+
+CC @lvivier @bonzini @rth7680
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1915531 b/results/classifier/zero-shot-user-mode/output/runtime/1915531
new file mode 100644
index 00000000..758b1386
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1915531
@@ -0,0 +1,60 @@
+runtime: 0.371
+instruction: 0.329
+syscall: 0.299
+
+
+
+qemu-user child process hangs when forking due to glib allocation
+
+I and others have recently been using qemu-user for RISCV64 extensively. We have had many hangs. We have found that hangs happen in process with multiple threads and forking. For example
+`cargo` (a tool for the Rust compiler).
+
+It does not matter if there are a lot of calls to fork. What seems to matter most is that there are many threads running. So this happens more often on a CPU with a massive number of cores, and if nothing else is really running. The hang happens in the child process of the fork.
+
+To reproduce the problem, I have attached an example of C++ program to run through qemu-user.
+
+Here are the stacks of the child processes that hanged. This is for qemu c973f06521b07af0f82893b75a1d55562fffb4b5 with glib 2.66.4
+
+-------
+Thread 1:
+#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
+#1  0x00007f54e190c77c in g_mutex_lock_slowpath (mutex=mutex@entry=0x7f54e1dc7600 <allocator+96>) at ../glib/gthread-posix.c:1462
+#2  0x00007f54e190d222 in g_mutex_lock (mutex=mutex@entry=0x7f54e1dc7600 <allocator+96>) at ../glib/gthread-posix.c:1486
+#3  0x00007f54e18e39f2 in magazine_cache_pop_magazine (countp=0x7f54280e6638, ix=2) at ../glib/gslice.c:769
+#4  thread_memory_magazine1_reload (ix=2, tmem=0x7f54280e6600) at ../glib/gslice.c:845
+#5  g_slice_alloc (mem_size=mem_size@entry=40) at ../glib/gslice.c:1058
+#6  0x00007f54e18f06fa in g_tree_node_new (value=0x7f54d4066540 <code_gen_buffer+419091>, key=0x7f54d4066560 <code_gen_buffer+419123>) at ../glib/gtree.c:517
+#7  g_tree_insert_internal (tree=0x555556aed800, key=0x7f54d4066560 <code_gen_buffer+419123>, value=0x7f54d4066540 <code_gen_buffer+419091>, replace=0) at ../glib/gtree.c:517
+#8  0x00007f54e186b755 in tcg_tb_insert (tb=0x7f54d4066540 <code_gen_buffer+419091>) at ../tcg/tcg.c:534
+#9  0x00007f54e1820545 in tb_gen_code (cpu=0x7f54980b4b60, pc=274906407438, cs_base=0, flags=24832, cflags=-16252928) at ../accel/tcg/translate-all.c:2118
+#10 0x00007f54e18034a5 in tb_find (cpu=0x7f54980b4b60, last_tb=0x7f54d4066440 <code_gen_buffer+418835>, tb_exit=0, cf_mask=524288) at ../accel/tcg/cpu-exec.c:462
+#11 0x00007f54e1803bd9 in cpu_exec (cpu=0x7f54980b4b60) at ../accel/tcg/cpu-exec.c:818
+#12 0x00007f54e1735a4c in cpu_loop (env=0x7f54980bce40) at ../linux-user/riscv/cpu_loop.c:37
+#13 0x00007f54e1844b22 in clone_func (arg=0x7f5402f3b080) at ../linux-user/syscall.c:6422
+#14 0x00007f54e191950a in start_thread (arg=<optimized out>) at pthread_create.c:477
+#15 0x00007f54e19a52a3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
+
+Thread 2:
+#1  0x00007f54e18a8d6e in qemu_futex_wait (f=0x7f54e1dc7038 <rcu_call_ready_event>, val=4294967295) at /var/home/valentin/repos/qemu/include/qemu/futex.h:29
+#2  0x00007f54e18a8f32 in qemu_event_wait (ev=0x7f54e1dc7038 <rcu_call_ready_event>) at ../util/qemu-thread-posix.c:460
+#3  0x00007f54e18c0196 in call_rcu_thread (opaque=0x0) at ../util/rcu.c:258
+#4  0x00007f54e18a90eb in qemu_thread_start (args=0x7f5428244930) at ../util/qemu-thread-posix.c:521
+#5  0x00007f54e191950a in start_thread (arg=<optimized out>) at pthread_create.c:477
+#6  0x00007f54e19a52a3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
+-------
+
+Thread 1 seems to be the really hanged process.
+
+The problem is that glib is used in many places. Allocations are done through g_slice. g_slice has a global state that is not fork safe.
+
+So even though the cpu thread is set to exclusive before forking, it is not enough. Because there are other uses of glib data structures that are not part of the cpu loop (I think). So it seems not to be synchronized by `start_exclusive`, `end_exclusive`.
+
+So if one of the use of glib data structure is used during the fork, an allocation might lock a mutex in g_slice.
+
+When the cpu loop resumes in forked process, then the use of any glib data structure might just hang on a locked mutex in g_slice.
+
+So as a work-around we have starting using is setting environment `G_SLICE=always-malloc`. This resolves the hangs.
+
+I have opened an issue upstream: https://gitlab.gnome.org/GNOME/glib/-/issues/2326
+
+As fork documentation says, the child should be async-signal-safe. However, glibc's malloc is safe in fork child even though it is not async-signal-safe. So it is not that obvious where the responsability is. Should glib handle this case like malloc does? Or should qemu not use glib in the fork child?
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1930 b/results/classifier/zero-shot-user-mode/output/runtime/1930
new file mode 100644
index 00000000..536dcb84
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1930
@@ -0,0 +1,52 @@
+runtime: 0.446
+instruction: 0.389
+syscall: 0.165
+
+
+
+qemu-aarch64 results in segmentation fault while running a test binary compiled for QNX
+Description of problem:
+We have cross compiled a simple hello world program for QNX SDP 7.1.0 on Ubuntu Focal x86_64. Running the binary using qemu-aarch64 results in segmentation fault error.
+
+```
+   $ qemu-aarch64 -L /home/vsts/qnx710/target/qnx7/aarch64le ./hello-world
+   qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+   Segmentation fault (core dumped)
+```
+
+We also tried Ubuntu Jammy which has qemu-aarch64 v6.2.0 but got the same error.
+Can you tell us how we can emulate the binary using QEMU emulator that is built for QNX on x86_64 platform? Any help would be much appreciated.
+Steps to reproduce:
+1. Download QNX SDP from QNX software center https://www.qnx.com/download/group.html?programid=29178.
+2. Write a simple hello world program.
+
+```
+     #include <stdio.h>
+     
+     int main(void) {
+         return printf("Hello World!");
+     }
+```
+
+3. Source QNX SDP to set some environment variables.
+
+   `$ source ./qnx710/qnxsdp-env.sh`
+
+4. Compile using the QNX compiler.
+
+   `$ qcc -Vgcc_ntoaarch64le -o hello-world hello-world.c`
+
+5. Running the binary as it is results to:
+
+```
+   $ ./hello-world
+   aarch64-binfmt-P: Could not open '/usr/lib/ldqnx-64.so.2': No such file or directory
+```
+
+5. Running using QEMU emulator results to segmentation fault.
+
+```
+   $ qemu-aarch64 -L /home/vsts/qnx710/target/qnx7/aarch64le ./hello-world
+   qemu: uncaught target signal 11 (Segmentation fault) - core dumped  
+   Segmentation fault (core dumped)
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1936977 b/results/classifier/zero-shot-user-mode/output/runtime/1936977
new file mode 100644
index 00000000..333ad02b
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1936977
@@ -0,0 +1,13 @@
+runtime: 0.357
+syscall: 0.322
+instruction: 0.320
+
+
+
+ qemu-arm-static crashes "segmentation fault" when running "git clone" 
+
+This is a reopen of #1869073 for `qemu-user-static/focal-updates,focal-security,now 1:4.2-3ubuntu6.17 amd64`. 
+
+`git clone` reproducably segfaults in `qemu-arm-static` chroot.
+
+#1869073 mentions this should have been fixed for newer versions of QEMU, but for `focal` there's no newer version available, even in `focal-backports`.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1952 b/results/classifier/zero-shot-user-mode/output/runtime/1952
new file mode 100644
index 00000000..673aa5bf
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1952
@@ -0,0 +1,102 @@
+runtime: 0.422
+instruction: 0.385
+syscall: 0.192
+
+
+
+elf-linux-user: segfault caused by invalid loaddr extracted by the ELF loader
+Description of problem:
+Emulating ELF binaries as emitted by Zig may lead to segfault in QEMU, which typically looks like this
+
+```
+$ qemu-x86_64 simple
+fish: Job 1, 'qemu-x86_64 simple' terminated by signal SIGSEGV (Address boundary error)
+```
+Steps to reproduce:
+1. Obtain latest Zig nightly
+2. Compile simple static C program using Zig's ELF linker:
+
+```
+$ echo "int main() { return 0 };" > simple.c
+$ zig build-exe simple.c -lc -target x86_64-linux-musl -fno-lld --image-base 0x1000000
+$ qemu-x86_64 simple
+fish: Job 1, 'qemu-x86_64 simple' terminated by signal SIGSEGV (Address boundary error)
+```
+Additional information:
+Note that running `simple` directly it's correctly mmaped and executed by the kernel:
+
+```
+$ ./simple
+$ echo $status
+0
+``` 
+
+The reason this happens is because of an assumption QEMU's ELF loader makes on the virtual addresses and offsets of `PT_LOAD` segments, namely:
+
+```
+vaddr2 - vaddr1 >= off2 - off1
+```
+
+Typically, to the best of my knowledge, this is conformed to by the linkers in the large, but it is not required at all. Here's a one-line tweak to QEMU's loader that fixes the segfault:
+
+```diff
+diff --git a/linux-user/elfload.c b/linux-user/elfload.c
+index f21e2e0c3d..eabb4fed03 100644
+--- a/linux-user/elfload.c
++++ b/linux-user/elfload.c
+@@ -3211,7 +3211,7 @@ static void load_elf_image(const char *image_name, int image_fd,
+     for (i = 0; i < ehdr->e_phnum; ++i) {
+         struct elf_phdr *eppnt = phdr + i;
+         if (eppnt->p_type == PT_LOAD) {
+-            abi_ulong a = eppnt->p_vaddr - eppnt->p_offset;
++            abi_ulong a = eppnt->p_vaddr & ~(eppnt->p_align - 1);
+             if (a < loaddr) {
+                 loaddr = a;
+             }
+```
+
+The reason why this breaks for ELF binaries emitted by Zig is that while virtual addresses are allocated sequentially or pre-allocated, file offsets are allocated on a best-effort basis wherever there is enough space in the file to fit a given section/segment so that we can move the contents in file while preserving the allocated virtual addresses on a whim. To provide a more concrete example, here's the load segment layout for `simple` as emitted by Zig:
+
+```
+$ readelf -l simple
+
+Elf file type is EXEC (Executable file)
+Entry point 0x1002000
+There are 7 program headers, starting at offset 64
+
+Program Headers:
+  Type           Offset             VirtAddr           PhysAddr
+                 FileSiz            MemSiz              Flags  Align
+  PHDR           0x0000000000000040 0x0000000001000040 0x0000000001000040
+                 0x0000000000000188 0x0000000000000188  R      0x8
+  LOAD           0x0000000000000000 0x0000000001000000 0x0000000001000000
+                 0x00000000000001c8 0x00000000000001c8  R      0x1000
+  LOAD           0x0000000000021000 0x0000000001001000 0x0000000001001000
+                 0x0000000000000078 0x0000000000000078  R      0x1000
+  LOAD           0x0000000000022000 0x0000000001002000 0x0000000001002000
+                 0x000000000000065a 0x000000000000065a  R E    0x1000
+  LOAD           0x0000000000023000 0x0000000001003000 0x0000000001003000
+                 0x0000000000000060 0x0000000000000278  RW     0x1000
+  GNU_EH_FRAME   0x0000000000021064 0x0000000001001064 0x0000000001001064
+                 0x0000000000000014 0x0000000000000014  R      0x4
+  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
+                 0x0000000000000000 0x0000000000000000  RW     0x1
+
+ Section to Segment mapping:
+  Segment Sections...
+   00
+   01
+   02     .rodata.str1.1 .rodata .eh_frame .eh_frame_hdr
+   03     .text .init .fini
+   04     .data .got .bss
+   05     .eh_frame_hdr
+   06
+```
+
+As you can see, initially `loaddr := 0x1000000 - 0x0 = 0x1000000`. However, upon iterating over the second load segment, we already get
+
+```
+a := 0x1001000 - 0x21000 = 0xfe000
+```
+
+and since `a < loaddr`, we incorrectly set `loaddr := 0xfe000`.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/1953 b/results/classifier/zero-shot-user-mode/output/runtime/1953
new file mode 100644
index 00000000..cbe1085a
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/1953
@@ -0,0 +1,152 @@
+runtime: 0.454
+instruction: 0.321
+syscall: 0.225
+
+
+
+Segmentation fault when compiling elixir app on qemu aarch64 on x86_64 host
+Description of problem:
+When I try to install an elixir escript using
+
+```
+mix escript.install github upmaru/pakman --force 
+```
+
+I run into a segfault with the following output
+
+```
+
+
+Build and Deploy
+failed Oct 22, 2023 in 1m 27s
+2s
+2s
+22s
+56s
+remote: Compressing objects:  86% (144/167)        
+remote: Compressing objects:  87% (146/167)        
+remote: Compressing objects:  88% (147/167)        
+remote: Compressing objects:  89% (149/167)        
+remote: Compressing objects:  90% (151/167)        
+remote: Compressing objects:  91% (152/167)        
+remote: Compressing objects:  92% (154/167)        
+remote: Compressing objects:  93% (156/167)        
+remote: Compressing objects:  94% (157/167)        
+remote: Compressing objects:  95% (159/167)        
+remote: Compressing objects:  96% (161/167)        
+remote: Compressing objects:  97% (162/167)        
+remote: Compressing objects:  98% (164/167)        
+remote: Compressing objects:  99% (166/167)        
+remote: Compressing objects: 100% (167/167)        
+remote: Compressing objects: 100% (167/167), done.        
+remote: Total 2568 (delta 86), reused 188 (delta 58), pack-reused 2341        
+origin/HEAD set to develop
+Resolving Hex dependencies...
+Resolution completed in 0.872s
+New:
+  castore 1.0.4
+  finch 0.16.0
+  hpax 0.1.2
+  jason 1.4.1
+  mime 2.0.5
+  mint 1.5.1
+  nimble_options 1.0.2
+  nimble_pool 1.0.0
+  slugger 0.3.0
+  telemetry 1.2.1
+  tesla 1.7.0
+  yamerl 0.10.0
+  yaml_elixir 2.8.0
+* Getting tesla (Hex package)
+* Getting jason (Hex package)
+* Getting yaml_elixir (Hex package)
+* Getting slugger (Hex package)
+* Getting finch (Hex package)
+* Getting mint (Hex package)
+* Getting castore (Hex package)
+* Getting hpax (Hex package)
+* Getting mime (Hex package)
+* Getting nimble_options (Hex package)
+* Getting nimble_pool (Hex package)
+* Getting telemetry (Hex package)
+* Getting yamerl (Hex package)
+Resolving Hex dependencies...
+Resolution completed in 0.413s
+Unchanged:
+  castore 1.0.4
+  finch 0.16.0
+  hpax 0.1.2
+  jason 1.4.1
+  mime 2.0.5
+  mint 1.5.1
+  nimble_options 1.0.2
+  nimble_pool 1.0.0
+  slugger 0.3.0
+  telemetry 1.2.1
+  tesla 1.7.0
+  yamerl 0.10.0
+  yaml_elixir 2.8.0
+All dependencies are up to date
+==> mime
+Compiling 1 file (.ex)
+Generated mime app
+==> nimble_options
+Compiling 3 files (.ex)
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+Segmentation fault (core dumped)
+```
+Steps to reproduce:
+1. Create a repo using the github action zacksiri/setup-alpine
+2. Install elixir
+3. run `mix escript.install github upmaru/pakman --force`
+Additional information:
+You can use the following github action config as an example / starting point.
+
+
+```yml
+name: 'Deployment'
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+
+jobs:
+  build_and_deploy:
+    name: Build and Deploy
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+
+      - name: 'Setup Alpine'
+        uses: zacksiri/setup-alpine@master
+        with:
+          branch: v3.18
+          arch: aarch64
+          qemu-repo: edge
+          packages: |
+            zip 
+            tar 
+            sudo 
+            alpine-sdk 
+            coreutils 
+            cmake
+            elixir
+
+      - name: 'Setup PAKman'
+        run: |
+          export MIX_ENV=prod
+
+          mix local.rebar --force
+          mix local.hex --force
+          mix escript.install github upmaru/pakman --force
+        shell: alpine.sh {0}
+```
+
+I'm using alpine 3.18 which has otp25 with jit enabled so I suspect this is something to do with https://gitlab.com/qemu-project/qemu/-/issues/1034
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2082 b/results/classifier/zero-shot-user-mode/output/runtime/2082
new file mode 100644
index 00000000..afe955ba
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2082
@@ -0,0 +1,50 @@
+runtime: 0.368
+instruction: 0.354
+syscall: 0.278
+
+
+
+"Unable to find a guest_base to satisfy all guest address mapping requirements" running certain x86_64 binaries on aarch64 host
+Description of problem:
+Copying from:
+
+  https://bugzilla.redhat.com/show_bug.cgi?id=2256916
+
+With ``qemu-x86_64-static`` from ``qemu-8.1.3-1.fc39``, I can no longer run on the m1 the ``x86_64`` binary created by https://github.com/containers/PodmanHello
+
+If I try with ``qemu-x86_64-static`` from ``qemu-7.2.7-1.fc38`` then this works.
+
+If I build the binary manually on a fc39 x86 system with ``gcc -O2 -static -o podman_hello_world podman_hello_world.c``, then I can also run it successfully with ``qemu-8.1.3-1.fc39``.
+It's only the static binary built inside the alpine container which cannot be run on the M1.
+
+
+Misc tests I ran:
+
+```
+$ ./qemu-x86_64-static-8.1.3 podman_hello_world.alpine 
+qemu-x86_64-static-8.1.3: /var/roothome/podman_hello_world.alpine: Unable to find a guest_base to satisfy all guest address mapping requirements
+  0000000000000000-0000000000000fff
+  0000000000400000-00000000004047ef
+
+$ ./qemu-x86_64-static-7.2.7 podman_hello_world.alpine 
+!... Hello Podman World ...!
+[...]
+
+$ ./qemu-x86_64-static-8.1.3 podman_hello_world.fc39 
+!... Hello Podman World ...!
+[...]
+```
+
+The issue is still present with ``qemu-8.2.0-0.3.rc2.fc40``
+
+I also could not reproduce on ``x86_64`` machines. I just tried it on fc39 installed on non-Apple ``aarch64`` hardware, and I'm seeing the same issue:
+
+```
+# rpm -qf /usr/bin/qemu-x86_64-static 
+qemu-user-static-x86-8.1.3-1.fc39.aarch64
+
+# qemu-x86_64-static ./podman_hello_world.alpine 
+qemu-x86_64-static: /root/podman_hello_world.alpine: Unable to find a guest_base to satisfy all guest address mapping requirements
+  0000000000000000-0000000000000fff
+  0000000000400000-00000000004047ef
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2083 b/results/classifier/zero-shot-user-mode/output/runtime/2083
new file mode 100644
index 00000000..68088b0b
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2083
@@ -0,0 +1,117 @@
+runtime: 0.389
+instruction: 0.382
+syscall: 0.229
+
+
+
+AArch64 SME SMOPA (4-way) outer product instruction gives incorrect result
+Description of problem:
+The SME SMOPA (4-way) instruction ([spec](https://developer.arm.com/documentation/ddi0602/2023-09/SME-Instructions/SMOPA--4-way---Signed-integer-sum-of-outer-products-and-accumulate-?lang=en)) is giving incorrect result. Example below for 8-bit variant, which is equivalent to following Python example (128-bit VL) to make it clearer:
+
+```
+import numpy as np
+vl = 128
+esize = 32
+dim = vl // esize
+
+A = range(16)
+B = range(16, 32)
+C = np.zeros((4, 4,), dtype=np.int32)
+
+for row in range(dim):
+    for col in range(dim):
+        for k in range(4):
+            C[row, col] += A[4*row + k] * B[4*col + k]
+
+print(C)
+
+[[ 110  134  158  182]
+ [ 390  478  566  654]
+ [ 670  822  974 1126]
+ [ 950 1166 1382 1598]]
+```
+
+main.c
+```
+#include <stdio.h>
+#include <stdint.h>
+
+void foo(int *dst);
+
+int main() {
+  int32_t dst[16];
+  foo(dst);
+
+  // This should print:
+  // >>> 110  134  158  182
+  // >>> 390  478  566  654
+  // >>> 670  822  974  1126
+  // >>> 950  1166  1382  1598
+  for (int i=0; i<4; ++i) {
+    printf(">>> ");
+    for (int j=0; j<4; ++j) {
+      printf("%d  ", dst[i * 4 + j]);
+    }
+    printf("\n");
+  }
+}
+```
+
+foo.S
+
+```
+.global foo
+foo:
+  stp x29, x30, [sp, -80]!
+  mov x29, sp
+  stp d8, d9, [sp, 16]
+  stp d10, d11, [sp, 32]
+  stp d12, d13, [sp, 48]
+  stp d14, d15, [sp, 64]
+
+  smstart
+
+  ptrue p0.b
+  index z0.b, #0, #1
+  mov   z1.d, z0.d
+  add   z1.b, z1.b, #16
+
+  zero  {za}
+  smopa za0.s, p0/m, p0/m, z0.b, z1.b
+
+  // Read the first 4x4 sub-matrix of elements from tile 0:
+  mov w12, #0
+  mova z0.s, p0/m, za0h.s[w12, #0]
+  mova z1.s, p0/m, za0h.s[w12, #1]
+  mova z2.s, p0/m, za0h.s[w12, #2]
+  mova z3.s, p0/m, za0h.s[w12, #3]
+
+  // And store them to the input pointer (dst in the C code):
+  st1w {z0.s}, p0, [x0]
+  add x0, x0, #16
+  st1w {z1.s}, p0, [x0]
+  add x0, x0, #16
+  st1w {z2.s}, p0, [x0]
+  add x0, x0, #16
+  st1w {z3.s}, p0, [x0]
+
+  smstop
+
+  ldp d8, d9, [sp, 16]
+  ldp d10, d11, [sp, 32]
+  ldp d12, d13, [sp, 48]
+  ldp d14, d15, [sp, 64]
+  ldp x29, x30, [sp], 80
+  ret
+```
+Steps to reproduce:
+```
+$ clang -target aarch64-linux-gnu -march=armv9-a+sme main.c foo.S
+$ ~/qemu/build/qemu-aarch64 -cpu max,sme128=on a.out
+>>> 110  478  158  654
+>>> 0  0  0  0
+>>> 670  1166  974  1598
+>>> 0  0  0  0
+```
+Additional information:
+
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2168 b/results/classifier/zero-shot-user-mode/output/runtime/2168
new file mode 100644
index 00000000..5931c490
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2168
@@ -0,0 +1,38 @@
+runtime: 0.486
+syscall: 0.260
+instruction: 0.253
+
+
+
+qemu-x86_64: segfault when running grep on arm64 host
+Description of problem:
+An internal segmentation fault occurs when attempting to run `grep` in a Gentoo stage3 chroot
+Steps to reproduce:
+1. Unpack an x86_64 chroot environment (easiest way is using one of Gentoo's stage3s from https://get.gentoo.org)
+2. Run `qemu-x86_64 -L /path/to/x86_64/chroot /path/to/x86_64/chroot/bin/grep`
+Additional information:
+It seems this only occurs in 8.x.x, 7.x.x does not have this segfault.
+
+Output:
+```
+# qemu-x86_64 -L /bugs/grep-sandbox /bugs/grep-sandbox/bin/grep
+qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x20}
+Segmentation fault
+```
+
+GDB bt:
+```
+(gdb) bt
+#0  open_self_maps_2 (opaque=0xffffffffd0b0, guest_start=18446744073699065856, guest_end=<optimized out>, flags=12) at ../linux-user/syscall.c:8089
+#1  0x000000000048539c in walk_memory_regions (priv=priv@entry=0xffffffffd0b0, fn=fn@entry=0x4a13e4 <open_self_maps_2>) at ../accel/tcg/user-exec.c:176
+#2  0x00000000004a20bc in open_self_maps_1 (smaps=false, fd=3, env=<optimized out>) at ../linux-user/syscall.c:8112
+#3  open_self_maps (cpu_env=<optimized out>, fd=3) at ../linux-user/syscall.c:8122
+#4  0x00000000004aaa00 in do_guest_openat (cpu_env=cpu_env@entry=0x862050, dirfd=dirfd@entry=-100, fname=fname@entry=0x5555555776f1 "/proc/self/maps", flags=0, mode=mode@entry=0, safe=safe@entry=true)
+    at ../linux-user/syscall.c:8381
+#5  0x00000000004b0cc4 in do_syscall1 (cpu_env=cpu_env@entry=0x862050, num=num@entry=257, arg1=arg1@entry=4294967196, arg2=arg2@entry=93824992376561, arg3=arg3@entry=0, arg4=arg4@entry=0,
+    arg5=arg5@entry=93824992373306, arg6=arg6@entry=0, arg8=0, arg7=0) at ../linux-user/syscall.c:9075
+#6  0x00000000004b2770 in do_syscall (cpu_env=cpu_env@entry=0x862050, num=257, arg1=4294967196, arg2=93824992376561, arg3=0, arg4=0, arg5=93824992373306, arg6=0, arg7=arg7@entry=0, arg8=arg8@entry=0)
+    at ../linux-user/syscall.c:13658
+#7  0x0000000000404fdc in cpu_loop (env=env@entry=0x862050) at ../linux-user/x86_64/../i386/cpu_loop.c:242
+#8  0x0000000000400d7c in main (argc=4, argv=0xffffffffed48, envp=<optimized out>) at ../linux-user/main.c:1014
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2170 b/results/classifier/zero-shot-user-mode/output/runtime/2170
new file mode 100644
index 00000000..d1cfb53c
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2170
@@ -0,0 +1,50 @@
+runtime: 0.376
+instruction: 0.326
+syscall: 0.299
+
+
+
+qemu-x86_64 crashes when the application calls pthread_getattr_np()
+Description of problem:
+QEMU user emulation crashes with this program:
+```
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <pthread.h>
+
+int main()
+{
+        pthread_attr_t attr;
+        int error = pthread_getattr_np(pthread_self(), &attr);
+
+        printf("%d\n", error);
+        return 0;
+}
+```
+Steps to reproduce:
+1. Compile the program above
+2. Run QEMU
+Additional information:
+QEMU crashes with:
+```
+qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x20}
+Segmentation fault (core dumped)
+
+```
+
+In gdb I get this backtrace:
+```
+#0  0x0000555555627d6d in open_self_maps_2 (opaque=0x7fffffffc020, guest_start=18446744073699065856, guest_end=<optimized out>, flags=12) at ../linux-user/syscall.c:8089
+#1  0x000055555560ce67 in walk_memory_regions (priv=priv@entry=0x7fffffffc020, fn=fn@entry=0x555555627d30 <open_self_maps_2>) at ../accel/tcg/user-exec.c:176
+#2  0x0000555555628b3a in open_self_maps_1 (smaps=<optimized out>, fd=<optimized out>, env=<optimized out>) at ../linux-user/syscall.c:8112
+#3  open_self_maps (cpu_env=<optimized out>, fd=3) at ../linux-user/syscall.c:8122
+#4  0x0000555555631e24 in do_guest_openat (cpu_env=cpu_env@entry=0x55555583ae20, dirfd=dirfd@entry=-100, fname=fname@entry=0x2aaaab496eb4 "/proc/self/maps", flags=524288, mode=mode@entry=0, safe=safe@entry=true) at ../linux-user/syscall.c:8381
+#5  0x0000555555638f71 in do_syscall1 (cpu_env=cpu_env@entry=0x55555583ae20, num=num@entry=257, arg1=arg1@entry=4294967196, arg2=arg2@entry=46912506523316, arg3=arg3@entry=524288, arg4=arg4@entry=0, arg5=<optimized out>, arg6=<optimized out>, arg8=0, arg7=0) at ../linux-user/syscall.c:9075
+#6  0x000055555563b659 in do_syscall (cpu_env=cpu_env@entry=0x55555583ae20, num=257, arg1=4294967196, arg2=46912506523316, arg3=524288, arg4=0, arg5=8, arg6=1, arg7=0, arg8=0) at ../linux-user/syscall.c:13658
+#7  0x000055555558db19 in cpu_loop (env=env@entry=0x55555583ae20) at ../linux-user/x86_64/../i386/cpu_loop.c:242
+#8  0x00005555555898d8 in main (argc=<optimized out>, argv=0x7fffffffdd38, envp=<optimized out>) at ../linux-user/main.c:1012
+
+```
+
+This bug was introduced in the rewrite of `open_self_maps` in 7b7a3366e142d3baeb3fd1d3660a50e7956c19eb.
+The current master (5767815218efd3cbfd409505ed824d5f356044ae) is still affected.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2248 b/results/classifier/zero-shot-user-mode/output/runtime/2248
new file mode 100644
index 00000000..ade7fb68
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2248
@@ -0,0 +1,42 @@
+runtime: 0.407
+instruction: 0.346
+syscall: 0.247
+
+
+
+qemu-aarch64: wrong execution result when executing the code
+Description of problem:
+The following aarch64 code results in the wrong execution result `4611686018427387903`, which is `0x3fffffffffffffff`. (The correct result is `-1`) The bug seems to be introduced in between v8.1.5 and v8.2.1 since the results are correct in v8.1.5.
+
+```c
+// foo.c
+#include <stdio.h>
+#include <stdint.h>
+
+int64_t callme(size_t _1, size_t _2, int64_t a, int64_t b, int64_t c);
+
+int main() {
+    int64_t ret = callme(0, 0, 0, 1, 2);
+    printf("%ld\n", ret);
+    return 0;
+}
+```
+
+```s
+// foo.S
+.global callme
+callme:
+  cmp   x2, x3
+  cset  x12, lt
+  and   w11, w12, #0xff
+  cmp   w11, #0x0
+  csetm x14, ne
+  lsr   x13, x14, x4
+  sxtb  x0, w13
+  ret
+```
+Steps to reproduce:
+1. Build the code with `aarch64-linux-gnu-gcc foo.c foo.S -o foo` (`aarch64-linux-gnu-gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0`)
+2. Run the code with `qemu-aarch64 -L /usr/aarch64-linux-gnu -E LD_LIBRARY_PATH=/usr/aarch64-linux-gnu/lib foo` and see the result
+Additional information:
+- Original discussion is held in [this wasmtime issue](https://github.com/bytecodealliance/wasmtime/issues/8233). Thanks to Alex Crichton for clarifying this bug.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2333 b/results/classifier/zero-shot-user-mode/output/runtime/2333
new file mode 100644
index 00000000..76c08764
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2333
@@ -0,0 +1,51 @@
+runtime: 0.390
+instruction: 0.343
+syscall: 0.266
+
+
+
+VDSO on armeb seems broken
+Description of problem:
+I'm seeing the VDSO method for `__clock_gettime64()` crashing under `qemu-armeb` (stack trace under Additional information, below).
+
+I rebuilt glibc with VDSO globally kludged off, and all was well.
+Steps to reproduce:
+```
+#include <time.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+int main(int argc, char **argv) {
+  time_t ts;
+  printf("%ld\n", time(&ts));
+  exit(0);
+}
+```
+
+Results, first with VDSO active via a system snapshot, second with the patched glibc:
+```
+$ armeb-linux-gnueabihf-gcc -o /tmp/time /tmp/time.c
+$ qemu-armeb -L /.mirrorsnaps/.rootsnap.prev/usr/armeb-linux-gnueabihf /tmp/time
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+Segmentation fault
+$ qemu-armeb -L /usr/armeb-linux-gnueabihf /tmp/time
+1715123280
+```
+Additional information:
+```
+Program received signal SIGSEGV, Segmentation fault.
+0x4082b462 in ?? ()
+(gdb) bt
+#0  0x4082b462 in ?? ()
+#1  0x40bf64a4 in __GI___clock_gettime64 (clock_id=clock_id@entry=5, tp=tp@entry=0x407fe9c0)
+    at ../sysdeps/unix/sysv/linux/clock_gettime.c:42
+#2  0x40be9f58 in __GI___time64 (timer=0x0) at ../sysdeps/unix/sysv/linux/time.c:60
+#3  __time (timer=0x407fea04) at ../sysdeps/unix/sysv/linux/time.c:73
+```
+
+`clock_gettime.c:42` is
+```
+      r = INTERNAL_VSYSCALL_CALL (vdso_time64, 2, clock_id, tp);
+```
+
+Interestingly, the problem doesn't occur on qemu-arm (little endian), all else equal.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2371 b/results/classifier/zero-shot-user-mode/output/runtime/2371
new file mode 100644
index 00000000..5c32f25e
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2371
@@ -0,0 +1,58 @@
+runtime: 0.389
+instruction: 0.314
+syscall: 0.297
+
+
+
+A bug in RISC-V froundnx.h instruction
+Description of problem:
+According to the RISCV ISA manual, the froundnx.h instruction rounds a half-precision floating-point number in the source register to an integer and writes the integer, represented as a half-precision floating-point number, to the destination register. Because the values are stored in 64-bit width registers, they must be NaN-unboxed/boxed before/after the operation. When an input value lacks the proper form of NaN-boxing, it should be treated as a canonical NaN.
+However, when an incorrectly NaN-boxed value is passed to froundnx.h, QEMU produces 0 instead of the canonical NaN. This is because there is a typo in the definition of helper_froundnx_h:
+```
+// target/riscv/fpu_helper.c
+uint64_t helper_froundnx_h(CPURISCVState *env, uint64_t rs1)
+{
+    float16 frs1 = check_nanbox_s(env, rs1); // This should be check_nanbox_h.
+    frs1 = float16_round_to_int(frs1, &env->fp_status);
+    return nanbox_h(env, frs1);
+}
+```
+Steps to reproduce:
+1. Write `test.c`.
+```
+#include <stdio.h>
+
+char i_F6[8] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 };
+char o_F5[8];
+
+void __attribute__ ((noinline)) show_state() {
+    for (int i = 0; i < 8; i++) {
+        printf("%02x ", o_F5[i]);
+    }
+    printf("\n");
+}
+
+void __attribute__ ((noinline)) run() {
+    __asm__ (
+        "lui t5, %hi(i_F6)\n"
+        "addi t5, t5, %lo(i_F6)\n"
+        "fld ft6, 0(t5)\n"
+        ".insn 0x445372d3\n" // froundnx.h ft5, ft6
+        "lui t5, %hi(o_F5)\n"
+        "addi t5, t5, %lo(o_F5)\n"
+        "fsd ft5, 0(t5)\n"
+    );
+}
+
+int main(int argc, char **argv) {
+    run();
+    show_state();
+
+    return 0;
+}
+```
+2. Compile `test.bin` using this command: `riscv64-linux-gnu-gcc-12 -O2 -no-pie -march=rv64iv ./test.c -o ./test.bin`.
+3. Run QEMU using this command: `qemu-riscv64 -L /usr/riscv64-linux-gnu/ ./test.bin`.
+4. The program, runs on top of the buggy QEMU, prints `00 00 ff ff ff ff ff ff`. It should print `00 7e ff ff ff ff ff ff` after the bug is fixed.
+Additional information:
+
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2390 b/results/classifier/zero-shot-user-mode/output/runtime/2390
new file mode 100644
index 00000000..2449f134
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2390
@@ -0,0 +1,69 @@
+runtime: 0.353
+instruction: 0.346
+syscall: 0.301
+
+
+
+linux-user: Qemu handles `getsockopt` with NULL `optval` incorrectly
+Description of problem:
+In short call to `getsockopt(_, SOL_TCP, TCP_KEEPIDLE, NULL, _)` behaves differently on RISC-V Qemu than on x64 Linux. 
+On Linux syscall returns 0, but on Qemu it fails with `"Bad address"`.
+Apparently Qemu `getsockopt` implementation is more conservative about NULL `optval` argument than kernel implementation. However man permits passing NULL [link](https://man7.org/linux/man-pages/man2/setsockopt.2.html):
+
+>  For getsockopt(), optlen is a value-result argument, initially
+       containing the size of the buffer pointed to by optval, and
+       modified on return to indicate the actual size of the value
+       returned.  **If no option value is to be supplied** or returned,
+       **optval may be NULL.**"
+
+For me it sounds like accepting NULL without error (and x64 confirms that interpretation).
+Steps to reproduce:
+1. Use below toy program `getsockopt.c` and compile it without optimizations like:
+```
+    gcc -Wall -W -std=gnu11 -pedantic  getsockopt.c -o getsockopt
+```
+
+```
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <netinet/tcp.h>
+
+static void fail_on_error(int error, const char *msg) {
+    if (error < 0) {
+        perror(msg);
+        exit(errno);
+    }
+}
+
+int main(int argc, char **argv) {
+     int socketfd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
+     fail_on_error(socketfd, "socket error");
+     uint8_t *option_value = NULL;
+     int32_t len = 0;
+     int32_t *option_len = &len;
+     socklen_t opt_len = (socklen_t)*option_len;
+     int status = getsockopt(socketfd, SOL_TCP, TCP_KEEPIDLE, option_value, &opt_len);
+     fail_on_error(status, "getsockopt error");
+     return 0;
+}
+```
+
+
+2. Run program on Qemu and compare output with output from x64 build. In my case it looks like:
+```
+root@57646f544f3a:/runtime/programs# ./getsockopt-x64
+root@57646f544f3a:/runtime/programs# ./getsockopt-riscv
+getsockopt error: Bad address
+```
+Additional information:
+I don't think issue is platform specific assuming Qemu `getsockopt` implementation that is actually running is here:
+[link](https://github.com/qemu/qemu/blob/master/linux-user/syscall.c#L2522)
+
+Looking at sources, I'm not sure why Qemu can't simply forward everything to kernel space 
+instead doing extra sanity checks together with `optval` dereference attempt that eventually fails in one of `put_user*_` function: [link](https://github.com/qemu/qemu/blob/master/linux-user/syscall.c#L2753) 
+
+Anyway, I think that interpretation of man quote is rather straightforward and Qemu `getsockopt` implementation should follow it.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2446 b/results/classifier/zero-shot-user-mode/output/runtime/2446
new file mode 100644
index 00000000..5dacdba1
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2446
@@ -0,0 +1,66 @@
+runtime: 0.359
+instruction: 0.329
+syscall: 0.312
+
+
+
+linux-user: Qemu doesn't support `set_robust_list` used by glibc robust mutex implementation
+Description of problem:
+It seems that syscall set_robust_list is not implemented on Qemu for any Linux platform: [link]( https://github.com/qemu/qemu/blob/master/linux-user/syscall.c#L12811)
+Steps to reproduce:
+1.  Use below toy program `set_robust_list.c` and compile it without optimizations like:
+```
+    gcc -Wall -W -Wextra -std=gnu17 -pedantic set_robust_list.c -o set_robust_list
+```
+
+```
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <linux/futex.h>
+#include <syscall.h>
+
+int main(void)
+{
+#ifdef __NR_set_robust_list
+    struct robust_list_head head;
+    size_t len = sizeof(struct robust_list_head);
+
+    // This call to set_robust_list function should fail
+    int err = syscall(__NR_set_robust_list, &head, -1);
+    if (err < 0)
+        perror("1st set_robust_list error");
+    else
+        puts("1st set_robust_list OK");
+
+    // This call to set_robust_list function should be sucessful
+    err = syscall(__NR_set_robust_list, &head, len);
+    if (err < 0)
+        perror("2nd set_robust_list error");
+    else
+        puts("2nd set_robust_list OK");
+#else
+    puts("No set_robust_list support");
+#endif
+    exit(0);
+}
+```
+
+2. Run program on Qemu and compare output with output from x64 build. In my case it looks like:
+```
+root@AMDC4705:/runtime/set_robust_list# ./set_robust_list
+1st set_robust_list error: Invalid argument
+2nd set_robust_list OK
+root@AMDC4705:/runtime/set_robust_list# ./set_robust_list-riscv
+1st set_robust_list error: Function not implemented
+2nd set_robust_list error: Function not implemented
+```
+Additional information:
+Working `set_robust_list` on Linux is quite important in context of named robust mutexes. In NPTL `set_robust_list` is used internally at ld.so initialization time to perform following check: [link](https://github.com/bminor/glibc/blob/master/sysdeps/nptl/dl-tls_init_tp.c#L96)
+
+When syscall fails, later `pthread_mutex_init` (with `PTHREAD_MUTEX_ROBUST` + `PTHREAD_PROCESS_SHARED` attributes) end up with `ENOTSUP` error [link](https://github.com/bminor/glibc/blob/master/nptl/pthread_mutex_init.c#L99).
+
+In dotnet we use robust mutexes for process synchronization purpose. Although there are other available techniques like named semaphores or file locks, robust mutexes are better locking option in case of unexpected process death.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2460 b/results/classifier/zero-shot-user-mode/output/runtime/2460
new file mode 100644
index 00000000..4d67124b
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2460
@@ -0,0 +1,14 @@
+runtime: 0.432
+instruction: 0.358
+syscall: 0.210
+
+
+
+Significant performance degradation of qemu-x86_64 starting from version 3 on aarch64
+Description of problem:
+When I ran CoreMark with different qemu user-mode versions,guest x86-64-> host arm64, I found that the performance was highest with QEMU 2.x versions, and there was a significant performance degradation starting from QEMU version 3. What is the reason?
+
+|  |             |             |             |             |             |             |            |             |             |             |             |
+|------------------------------------------|-------------|-------------|-------------|-------------|-------------|-------------|------------|-------------|-------------|-------------|-------------|
+| qemu version                             | 2.5.1       | 2.8.0       | 2.9.0       | 2.9.1       | 3.0.0       | 4.0.0       | 5.2.0      | 6.2.0       | 7.2.13      | 8.2.6       | 9.0.1       |
+| coremark score                           | 3905.995703 | 4465.947153 | 4534.119247 | 4538.577912 | 1167.337886 | 1163.399453 | 928.348384 | 1327.051954 | 1301.659616 | 1034.714677 | 1085.304971 |
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2487 b/results/classifier/zero-shot-user-mode/output/runtime/2487
new file mode 100644
index 00000000..c3fc0e72
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2487
@@ -0,0 +1,74 @@
+runtime: 0.459
+syscall: 0.341
+instruction: 0.200
+
+
+
+qemu-x86_64: qemu/tcg/ppc/tcg-target.c.inc:1777:tcg_out_test: code should not be reached
+Description of problem:
+Using this basic test file:
+
+```c
+int
+main (void)
+{
+    return 0;
+}
+```
+
+compiled into a static executable using an x86_64 toolchain (glibc or musl both tested),
+
+```
+gwyn ~/qemu-bug # file test1
+test1: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), static-pie linked, with debug_info, not stripped
+
+gwyn ~/qemu-bug # file test2
+test2: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=276dc49ee7cbd3b760e24761bf9fb9e1cc4b4349, for GNU/Linux 3.2.0, not stripped
+```
+
+Using QEMU from 15957eb9efe2da67c796612cead95cba28ba9bda or newer:
+
+```
+gwyn ~/qemu-bug # ../emus-ppc64/bin/qemu-x86_64 --version
+qemu-x86_64 version 9.0.50 (v9.0.0-521-g15957eb9ef-dirty)
+Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers
+```
+
+QEMU crashes:
+
+```
+gwyn ~/qemu-bug # ../emus-ppc64/bin/qemu-x86_64 ./test2
+**
+ERROR:/root/qemu/tcg/ppc/tcg-target.c.inc:1777:tcg_out_test: code should not be reached
+Bail out! ERROR:/root/qemu/tcg/ppc/tcg-target.c.inc:1777:tcg_out_test: code should not be reached
+Aborted
+```
+Steps to reproduce:
+1. Build QEMU user for ppc64 (may affect other hosts) using commit 15957eb9efe2da67c796612cead95cba28ba9bda or newer.
+2. Run any simple x86_64 executable.
+3. Observe the crash.
+Additional information:
+Bisected to here:
+
+```
+commit 15957eb9efe2da67c796612cead95cba28ba9bda
+Author: Paolo Bonzini <pbonzini@redhat.com>
+Date:   Fri Oct 27 05:57:31 2023 +0200
+
+    target/i386: use TSTEQ/TSTNE to test low bits
+    
+    When testing the sign bit or equality to zero of a partial register, it
+    is useful to use a single TSTEQ or TSTNE operation.  It can also be used
+    to test the parity flag, using bit 0 of the population count.
+    
+    Do not do this for target_ulong-sized values however; the optimizer would
+    produce a comparison against zero anyway, and it avoids shifts by 64
+    which are undefined behavior.
+    
+    Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+ target/i386/tcg/emit.c.inc  |  5 ++---
+ target/i386/tcg/translate.c | 28 ++++++++++++++++++++--------
+ 2 files changed, 22 insertions(+), 11 deletions(-)
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2560 b/results/classifier/zero-shot-user-mode/output/runtime/2560
new file mode 100644
index 00000000..6a58e0ea
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2560
@@ -0,0 +1,111 @@
+runtime: 0.446
+instruction: 0.357
+syscall: 0.197
+
+
+
+Go garbage collector crashes when using qemu-x86_64 on an aarch64 host
+Description of problem:
+Apps compiled for Go and the Go compiler/tool itself crash when they are run with `qemu-x86_64` on an AARCH64 host system. This was not a problem on QEMU 8.2.x (I bisected, see further down). I also seem to recall that Go 1.21 is fine on QEMU 9.x, so maybe some recent change in Go 1.22 + recent changes in QEMU broke something?
+
+The crash from Go seems to be in the garbage collector, I cannot reproduce the issue when I disable the GC with `GOGC=off`.
+
+Output from Go when it crashes:
+
+```
+$ sudo chroot . go build main.go
+runtime: lfstack.push invalid packing: node=0xffff6542b2c0 cnt=0x1 packed=0xffff6542b2c00001 -> node=0xffffffff6542b2c0
+fatal error: lfstack.push
+
+runtime stack:
+runtime.throw({0xa95b29?, 0x797b1e2a383c?})
+        runtime/panic.go:1023 +0x5c fp=0xc000515f08 sp=0xc000515ed8 pc=0x43c27c
+runtime.(*lfstack).push(0x0?, 0xc0005041c0?)
+        runtime/lfstack.go:29 +0x125 fp=0xc000515f48 sp=0xc000515f08 pc=0x40fd45
+runtime.(*spanSetBlockAlloc).free(...)
+        runtime/mspanset.go:322
+runtime.(*spanSet).reset(0xf46980)
+        runtime/mspanset.go:264 +0x79 fp=0xc000515f78 sp=0xc000515f48 pc=0x437219
+runtime.finishsweep_m()
+        runtime/mgcsweep.go:258 +0x8d fp=0xc000515fb8 sp=0xc000515f78 pc=0x42a6cd
+runtime.gcStart.func2()
+        runtime/mgc.go:685 +0xf fp=0xc000515fc8 sp=0xc000515fb8 pc=0x46e40f
+runtime.systemstack(0x0)
+        runtime/asm_amd64.s:509 +0x4a fp=0xc000515fd8 sp=0xc000515fc8 pc=0x47442a
+````
+Steps to reproduce:
+0. Use an aarch64 host system!
+
+1. Set up binfmt to use qemu-x86_64:
+
+```
+$ cat /proc/sys/fs/binfmt_misc/qemu-x86_64
+enabled
+interpreter /usr/bin/qemu-x86_64
+flags: OCF
+offset 0
+magic 7f454c4602010100000000000000000002003e00
+mask fffffffffffefe00fffffffffffffffffeffffff
+```
+
+2. Download/extract x86_64 rootfs:
+
+```
+$ curl -O https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-minirootfs-3.20.2-x86_64.tar.gz	
+```
+
+3. Create example app in the x86_64 rootfs:
+
+```
+package main
+
+func main() {
+}
+```
+
+4. Build using chroot:
+
+```
+$ sudo chroot /path/to/x86_64/rootfs apk add go
+$ sudo chroot /path/to/x86_64/rootfs go build main.go
+runtime: lfstack.push invalid packing: node=0xffff6542b2c0 cnt=0x1 packed=0xffff6542b2c00001 -> node=0xffffffff6542b2c0
+fatal error: lfstack.push
+...
+```
+
+5. As noted previously, if the Go garbage collector is disabled, then it works, presumably because it avoids the bug(?) in QEMU:
+
+```
+$ sudo chroot . env GOGC=off go build main.go
+# might have to mount /dev to build successfully, but Go doesn't panic!
+```
+Additional information:
+I've bisected this exact crash/failure to:
+
+```
+commit 2952b642a555207748dd961fcbfdc48f198eebb6
+Author: Richard Henderson <richard.henderson@linaro.org>
+Date:   Tue Feb 13 10:20:27 2024 -1000
+
+    linux-user: Split out do_munmap
+
+    Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+    Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+```
+
+Though a different crash starts happening at the commit before that one:
+
+```
+commit ad87d26e6bb13257409f412224c862fc54025e8b
+Author: Richard Henderson <richard.henderson@linaro.org>
+Date:   Tue Jan 2 12:57:55 2024 +1100
+
+    linux-user: Do early mmap placement only for reserved_va
+
+    For reserved_va, place all non-fixed maps then proceed
+    as for MAP_FIXED.
+
+    Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+```
+
+FYI @rth7680
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/2632 b/results/classifier/zero-shot-user-mode/output/runtime/2632
new file mode 100644
index 00000000..174e430d
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/2632
@@ -0,0 +1,89 @@
+runtime: 0.376
+instruction: 0.343
+syscall: 0.281
+
+
+
+tcg optimization breaking memory access ordering
+Description of problem:
+The following code creates register dependency between 2 loads, which forces the first load to finish before the second:
+```
+movz	w0, #0x2
+str	w0, [x1]
+ldr	w2, [x1]
+eor	w3, w2, w2
+ldr	w4, [x5, w3, sxtw]
+```
+
+While translating it to tcg IR, it keeps this dependency correctly.
+But after running tcg optimizations, it optimized the tcg sequence for `eor	w3, w2, w2` at `0000000000000144` to `mov_i64 x3,$0x0`. which then removes the dependency between the loads.
+
+It results in incorrect behavior on the host on a multiple threaded program
+Steps to reproduce:
+1.
+2.
+3.
+Additional information:
+```
+OP:
+ ld_i32 loc0,env,$0xfffffffffffffff0
+ brcond_i32 loc0,$0x0,lt,$L0
+ st8_i32 $0x0,env,$0xfffffffffffffff4
+
+ ---- 0000000000000134 0000000000000000 0000000000000000
+ add_i64 x28,x28,$0x2
+
+ ---- 0000000000000138 0000000000000000 0000000000000000
+ mov_i64 x0,$0x2
+
+ ---- 000000000000013c 0000000000000000 0000000000001c00
+ mov_i64 loc3,x1
+ mov_i64 loc4,loc3
+ qemu_st_a64_i64 x0,loc4,w16+un+leul,2
+
+ ---- 0000000000000140 0000000000000000 0000000000001c10
+ mov_i64 loc5,x1
+ mov_i64 loc6,loc5
+ qemu_ld_a64_i64 x2,loc6,w16+un+leul,2
+
+ ---- 0000000000000144 0000000000000000 0000000000000000
+ and_i64 loc7,x2,$0xffffffff
+ xor_i64 x3,x2,loc7
+ and_i64 x3,x3,$0xffffffff
+
+ ---- 0000000000000148 0000000000000000 0000000000001c20
+ mov_i64 loc9,x5
+ mov_i64 loc10,x3
+ ext32s_i64 loc10,loc10
+ add_i64 loc9,loc9,loc10
+ mov_i64 loc11,loc9
+ qemu_ld_a64_i64 x4,loc11,w16+un+leul,2
+ st8_i32 $0x1,env,$0xfffffffffffffff4
+```
+
+
+```
+OP after optimization and liveness analysis:
+ ld_i32 tmp0,env,$0xfffffffffffffff0      pref=0xffffffff
+ brcond_i32 tmp0,$0x0,lt,$L0              dead: 0
+ st8_i32 $0x0,env,$0xfffffffffffffff4     dead: 0
+
+ ---- 0000000000000134 0000000000000000 0000000000000000
+ add_i64 x28,x28,$0x2                     sync: 0  dead: 0 1  pref=0xffffffff
+
+ ---- 0000000000000138 0000000000000000 0000000000000000
+ mov_i64 x0,$0x2                          sync: 0  dead: 0  pref=0xffffffff
+
+ ---- 000000000000013c 0000000000000000 0000000000001c00
+ qemu_st_a64_i64 $0x2,x1,w16+un+leul,2    dead: 0
+
+ ---- 0000000000000140 0000000000000000 0000000000001c10
+ qemu_ld_a64_i64 x2,x1,w16+un+leul,2      sync: 0  dead: 0 1  pref=0xffffffff
+
+ ---- 0000000000000144 0000000000000000 0000000000000000
+ mov_i64 x3,$0x0                          sync: 0  dead: 0 1  pref=0xffffffff
+
+ ---- 0000000000000148 0000000000000000 0000000000001c20
+ qemu_ld_a64_i64 x4,x5,w16+un+leul,2      sync: 0  dead: 0 1  pref=0xffffffff
+ st8_i32 $0x1,env,$0xfffffffffffffff4     dead: 0
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/324 b/results/classifier/zero-shot-user-mode/output/runtime/324
new file mode 100644
index 00000000..14630268
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/324
@@ -0,0 +1,7 @@
+runtime: 0.566
+instruction: 0.306
+syscall: 0.128
+
+
+
+chrome based apps can not be run under qemu user mode
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/618 b/results/classifier/zero-shot-user-mode/output/runtime/618
new file mode 100644
index 00000000..6376e77e
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/618
@@ -0,0 +1,101 @@
+runtime: 0.346
+instruction: 0.345
+syscall: 0.309
+
+
+
+overflow condition code determined incorrectly after subtraction on s390x
+Description of problem:
+Paul Eggert found this bug, just by taking a look at the file `qemu/target/s390x/tcg/cc_helper.c`.
+
+The following program
+[foo.c](/uploads/c1f425684fd661c4437950d7d8ddf31d/foo.c)
+```
+#include <stdio.h>
+
+int overflow_32 (int x, int y)
+{
+  int sum;
+  return __builtin_sub_overflow (x, y, &sum);
+}
+
+int overflow_64 (long long x, long long y)
+{
+  long sum;
+  return __builtin_sub_overflow (x, y, &sum);
+}
+
+int a1 = 0;
+int b1 = -2147483648;
+long long a2 = 0L;
+long long b2 = -9223372036854775808L;
+
+int main ()
+{
+  {
+    int a = a1;
+    int b = b1;
+    printf ("a = 0x%x, b = 0x%x\n", a, b);
+    printf ("no_overflow = %d\n", ! overflow_32 (a, b));
+  }
+  {
+    long long a = a2;
+    long long b = b2;
+    printf ("a = 0x%llx, b = 0x%llx\n", a, b);
+    printf ("no_overflow = %d\n", ! overflow_64 (a, b));
+  }
+}
+```
+should print
+```
+a = 0x0, b = 0x80000000
+no_overflow = 0
+a = 0x0, b = 0x8000000000000000
+no_overflow = 0
+```
+However, when compiled as an s390x program and executed through qemu 6.1.0 (Linux user-mode), it prints 'no_overflow = 1' twice.
+```
+$ s390x-linux-gnu-gcc-10 --version
+s390x-linux-gnu-gcc-10 (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0
+```
+
+```
+$ s390x-linux-gnu-gcc-10 -static foo.c
+$ ~/inst-qemu/6.1.0/bin/qemu-s390x a.out
+a = 0x0, b = 0x80000000
+no_overflow = 1
+a = 0x0, b = 0x8000000000000000
+no_overflow = 1
+```
+
+```
+$ s390x-linux-gnu-gcc-10 -O2 -static foo.c
+$ ~/inst-qemu/6.1.0/bin/qemu-s390x a.out
+a = 0x0, b = 0x80000000
+no_overflow = 1
+a = 0x0, b = 0x8000000000000000
+no_overflow = 1
+```
+
+The code generated by 's390x-linux-gnu-gcc-10 -O2' makes use of the 'o' (overflow / ones) condition code:
+```
+overflow_64:
+        lgr     %r1,%r2    ;; copy a into %r1
+        lghi    %r2,0
+        sgr     %r1,%r3    ;; subtract b from a
+        bnor    %r14       ;; if no overflow, return %r2 = 0
+        lghi    %r2,1
+        br      %r14       ;; otherwise, return %r2 = 1
+```
+
+The condition code and the overflow bit are defined in the z/Architecture Principles of Operation (POP) http://publibfi.boulder.ibm.com/epubs/pdf/dz9zr011.pdf page 7-5 / 7-6 / 7-388 : "In mathematical terms, signed addition and subtraction produce a fixed-point overflow when the result is outside the range of representation for signed binary integers."
+
+I conclude that the bug is in QEMU: QEMU does not set the overflow condition code correctly.
+Steps to reproduce:
+[foo.static.s390x](/uploads/e4b79b019db590f3a4b13cac41e57ba6/foo.static.s390x)
+(the result of "s390x-linux-gnu-gcc-10 -static -O2 foo.c -o foo.static.s390x")
+
+1. `qemu-s390x foo.static.s390x`
+Additional information:
+The attached patch fixes it.
+[0002-s390x-Fix-determination-of-overflow-condition-code-a.patch](/uploads/8d414f84fe0ed36bf07bd28f5e7836ab/0002-s390x-Fix-determination-of-overflow-condition-code-a.patch)
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/645662 b/results/classifier/zero-shot-user-mode/output/runtime/645662
new file mode 100644
index 00000000..c0f0d917
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/645662
@@ -0,0 +1,46 @@
+runtime: 0.501
+instruction: 0.321
+syscall: 0.177
+
+
+
+QEMU x87 emulation of trig and other complex ops is only at 64-bit precision, not 80-bit
+
+When doing the regression tests for Python 3.1.2 with Qemu 0.12.5, (Linux version 2.6.26-2-686 (Debian 2.6.26-25lenny1)),
+gcc (Debian 4.3.2-1.1) 4.3.2, Python compiled from sources within qemu,
+3 math tests fail, apparently because the floating point unit is buggy. Qmeu was compiled from original sources
+on Debian Lenny with kernel  2.6.34.6 from kernel.org, gcc  (Debian 4.3.2-1.1) 4.3. 
+
+Regression testing errors:
+
+test_cmath
+test test_cmath failed -- Traceback (most recent call last):
+  File "/root/tools/python3/Python-3.1.2/Lib/test/test_cmath.py", line 364, in
+    self.fail(error_message)
+AssertionError: acos0034: acos(complex(-1.0000000000000002, 0.0))
+Expected: complex(3.141592653589793, -2.1073424255447014e-08)
+Received: complex(3.141592653589793, -2.1073424338879928e-08)
+Received value insufficiently close to expected value.
+
+
+test_float
+test test_float failed -- Traceback (most recent call last):
+  File "/root/tools/python3/Python-3.1.2/Lib/test/test_float.py", line 479, in
+    self.assertEqual(s, repr(float(s)))
+AssertionError: '8.72293771110361e+25' != '8.722937711103609e+25'
+
+
+test_math
+test test_math failed -- multiple errors occurred; run in verbose mode for deta
+
+=>
+
+runtests.sh -v test_math
+
+le01:~/tools/python3/Python-3.1.2# ./runtests.sh -v test_math
+test_math BAD
+ 1 BAD
+ 0 GOOD
+ 0 SKIPPED
+ 1 total
+le01:~/tools/python3/Python-3.1.2#
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/698 b/results/classifier/zero-shot-user-mode/output/runtime/698
new file mode 100644
index 00000000..9b538922
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/698
@@ -0,0 +1,364 @@
+runtime: 0.374
+instruction: 0.321
+syscall: 0.304
+
+
+
+linux-user: emulated process reading /proc/self/mem doesn't see guest view of memory map
+Description of problem:
+QEMU user-mode emulation of a 32-bit guest on a 64-bit host doesn't seem to emulate `/proc/self/mem` (or `/proc/$pid/mem`) correctly. Based on the contents of `/proc/self/maps`, there seems to be some sort of address translation happening that `/proc/self/mem` doesn't honor.
+
+The following source file:
+
+```c
+#include <fcntl.h>
+#include <inttypes.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/wait.h>
+
+static const char string[] = "Hello, world!\n";
+
+static bool copy_to_stdout(const char *path)
+{
+	bool success = false;
+
+	int fd = open(path, O_RDONLY);
+	if (fd < 0) {
+		perror("open");
+		return false;
+	}
+
+	char buf[16 * 1024];
+	while (true) {
+		ssize_t bytes_read = read(fd, buf, sizeof(buf));
+		if (bytes_read == 0) {
+			success = true;
+			goto out;
+		} else if (bytes_read < 0) {
+			perror("read");
+			goto out;
+		}
+		ssize_t bytes_written = 0;
+		while (bytes_written < bytes_read) {
+			ssize_t ret = write(STDOUT_FILENO, buf + bytes_written,
+					    bytes_read - bytes_written);
+			if (ret < 0) {
+				perror("write");
+				goto out;
+			}
+			bytes_written += ret;
+		}
+	}
+
+out:
+	close(fd);
+	return success;
+}
+
+static bool dump_maps(void)
+{
+	printf("Maps read by self:\n");
+	fflush(stdout);
+	if (!copy_to_stdout("/proc/self/maps"))
+		return false;
+
+	printf("\nMaps read by child process:\n");
+	fflush(stdout);
+	pid_t pid = fork();
+	if (pid < 0) {
+		perror("fork");
+		return false;
+	}
+	if (pid == 0) {
+		char parent_maps[32];
+		sprintf(parent_maps, "/proc/%u/maps", (unsigned int)getppid());
+		if (copy_to_stdout(parent_maps))
+			_exit(EXIT_SUCCESS);
+		else
+			_exit(EXIT_FAILURE);
+	}
+	int wstatus;
+	if (waitpid(pid, &wstatus, 0) < 0 ||
+	    !WIFEXITED(wstatus) || WEXITSTATUS(wstatus) != EXIT_SUCCESS)
+		return false;
+
+	printf("\n");
+	return true;
+}
+
+int main(void)
+{
+	if (!dump_maps())
+		return EXIT_FAILURE;
+
+	int fd = open("/proc/self/mem", O_RDONLY);
+	if (fd < 0) {
+		perror("open: /proc/self/mem");
+		return EXIT_FAILURE;
+	}
+
+	char buf[sizeof(string)];
+	printf("Reading %zu bytes from %p (%" PRIuPTR ") to %p of PID %u\n",
+	       sizeof(buf), string, (uintptr_t)string, buf,
+	       (unsigned int)getpid());
+	fflush(stdout);
+
+	if (pread(fd, buf, sizeof(buf), (uintptr_t)string) < 0) {
+		perror("pread: /proc/self/mem");
+		return EXIT_FAILURE;
+	}
+
+	if (memcmp(buf, string, sizeof(buf)) != 0) {
+		fprintf(stderr, "buffer doesn't match\n");
+		return EXIT_FAILURE;
+	}
+
+	return EXIT_SUCCESS;
+}
+```
+
+when compiled for 32-bit ARM produces the following output:
+
+```
+Maps read by self:
+10000-7c000 r-xp 00000000 00:19 8275924                                  /home/osandov/repro
+7c000-8b000 ---p 00000000 00:00 0                                        
+8b000-8c000 r--p 0006b000 00:19 8275924                                  /home/osandov/repro
+8c000-8d000 rw-p 0006c000 00:19 8275924                                  /home/osandov/repro
+8d000-b0000 rw-p 00000000 00:00 0                                        
+3ffff000-40000000 r-xp 00000000 00:00 0                                  
+40000000-40001000 ---p 00000000 00:00 0                                  
+40001000-40801000 rw-p 00000000 00:00 0                                  [stack]
+
+Maps read by child process:
+00010000-00020000 ---p 00000000 00:00 0 
+00020000-0008c000 r--p 00000000 00:19 8275924                            /home/osandov/repro
+0008c000-0009b000 ---p 00000000 00:00 0 
+0009b000-0009c000 r--p 0006b000 00:19 8275924                            /home/osandov/repro
+0009c000-0009d000 rw-p 0006c000 00:19 8275924                            /home/osandov/repro
+0009d000-000c0000 rw-p 00000000 00:00 0 
+000c0000-4000f000 ---p 00000000 00:00 0 
+4000f000-40010000 r--p 00000000 00:00 0 
+40010000-40011000 ---p 00000000 00:00 0 
+40011000-40811000 rw-p 00000000 00:00 0 
+40811000-100000000 ---p 00000000 00:00 0 
+100000000-100001000 r--p 00000000 00:00 0 
+5636dd7a2000-5636dd8a4000 r--p 00000000 00:19 8270028                    /home/osandov/repos/qemu/build/qemu-arm
+5636dd8a4000-5636ddb13000 r-xp 00102000 00:19 8270028                    /home/osandov/repos/qemu/build/qemu-arm
+5636ddb13000-5636ddf69000 r--p 00371000 00:19 8270028                    /home/osandov/repos/qemu/build/qemu-arm
+5636ddf6a000-5636ddfe7000 r--p 007c7000 00:19 8270028                    /home/osandov/repos/qemu/build/qemu-arm
+5636ddfe7000-5636ddff3000 rw-p 00844000 00:19 8270028                    /home/osandov/repos/qemu/build/qemu-arm
+5636ddff3000-5636de010000 rw-p 00000000 00:00 0 
+5636df67b000-5636df80c000 rw-p 00000000 00:00 0                          [heap]
+7f3008000000-7f300ffff000 rwxp 00000000 00:00 0 
+7f300ffff000-7f3010000000 ---p 00000000 00:00 0 
+7f3010000000-7f3010021000 rw-p 00000000 00:00 0 
+7f3010021000-7f3014000000 ---p 00000000 00:00 0 
+7f3017119000-7f301719a000 rw-p 00000000 00:00 0 
+7f301719a000-7f301719b000 ---p 00000000 00:00 0 
+7f301719b000-7f30179a1000 rw-p 00000000 00:00 0 
+7f30179a1000-7f30179a3000 r--p 00000000 00:19 3660771                    /usr/lib/libffi.so.8.1.0
+7f30179a3000-7f30179a9000 r-xp 00002000 00:19 3660771                    /usr/lib/libffi.so.8.1.0
+7f30179a9000-7f30179ab000 r--p 00008000 00:19 3660771                    /usr/lib/libffi.so.8.1.0
+7f30179ab000-7f30179ac000 r--p 00009000 00:19 3660771                    /usr/lib/libffi.so.8.1.0
+7f30179ac000-7f30179ad000 rw-p 0000a000 00:19 3660771                    /usr/lib/libffi.so.8.1.0
+7f30179ad000-7f30179be000 r--p 00000000 00:19 1476709                    /usr/lib/libgmp.so.10.4.1
+7f30179be000-7f3017a32000 r-xp 00011000 00:19 1476709                    /usr/lib/libgmp.so.10.4.1
+7f3017a32000-7f3017a49000 r--p 00085000 00:19 1476709                    /usr/lib/libgmp.so.10.4.1
+7f3017a49000-7f3017a4a000 ---p 0009c000 00:19 1476709                    /usr/lib/libgmp.so.10.4.1
+7f3017a4a000-7f3017a4c000 r--p 0009c000 00:19 1476709                    /usr/lib/libgmp.so.10.4.1
+7f3017a4c000-7f3017a4d000 rw-p 0009e000 00:19 1476709                    /usr/lib/libgmp.so.10.4.1
+7f3017a4d000-7f3017a56000 r--p 00000000 00:19 2871144                    /usr/lib/libhogweed.so.6.4
+7f3017a56000-7f3017a69000 r-xp 00009000 00:19 2871144                    /usr/lib/libhogweed.so.6.4
+7f3017a69000-7f3017a93000 r--p 0001c000 00:19 2871144                    /usr/lib/libhogweed.so.6.4
+7f3017a93000-7f3017a95000 r--p 00045000 00:19 2871144                    /usr/lib/libhogweed.so.6.4
+7f3017a95000-7f3017a96000 rw-p 00047000 00:19 2871144                    /usr/lib/libhogweed.so.6.4
+7f3017a96000-7f3017a98000 rw-p 00000000 00:00 0 
+7f3017a98000-7f3017aa4000 r--p 00000000 00:19 2871147                    /usr/lib/libnettle.so.8.4
+7f3017aa4000-7f3017ac5000 r-xp 0000c000 00:19 2871147                    /usr/lib/libnettle.so.8.4
+7f3017ac5000-7f3017adb000 r--p 0002d000 00:19 2871147                    /usr/lib/libnettle.so.8.4
+7f3017adb000-7f3017adc000 ---p 00043000 00:19 2871147                    /usr/lib/libnettle.so.8.4
+7f3017adc000-7f3017ade000 r--p 00043000 00:19 2871147                    /usr/lib/libnettle.so.8.4
+7f3017ade000-7f3017adf000 rw-p 00045000 00:19 2871147                    /usr/lib/libnettle.so.8.4
+7f3017adf000-7f3017ae2000 r--p 00000000 00:19 2550729                    /usr/lib/libtasn1.so.6.6.1
+7f3017ae2000-7f3017aee000 r-xp 00003000 00:19 2550729                    /usr/lib/libtasn1.so.6.6.1
+7f3017aee000-7f3017af2000 r--p 0000f000 00:19 2550729                    /usr/lib/libtasn1.so.6.6.1
+7f3017af2000-7f3017af3000 ---p 00013000 00:19 2550729                    /usr/lib/libtasn1.so.6.6.1
+7f3017af3000-7f3017af4000 r--p 00013000 00:19 2550729                    /usr/lib/libtasn1.so.6.6.1
+7f3017af4000-7f3017af5000 rw-p 00014000 00:19 2550729                    /usr/lib/libtasn1.so.6.6.1
+7f3017af5000-7f3017b06000 r--p 00000000 00:19 937656                     /usr/lib/libunistring.so.2.1.0
+7f3017b06000-7f3017b3b000 r-xp 00011000 00:19 937656                     /usr/lib/libunistring.so.2.1.0
+7f3017b3b000-7f3017c72000 r--p 00046000 00:19 937656                     /usr/lib/libunistring.so.2.1.0
+7f3017c72000-7f3017c76000 r--p 0017c000 00:19 937656                     /usr/lib/libunistring.so.2.1.0
+7f3017c76000-7f3017c77000 rw-p 00180000 00:19 937656                     /usr/lib/libunistring.so.2.1.0
+7f3017c77000-7f3017c79000 r--p 00000000 00:19 3212638                    /usr/lib/libidn2.so.0.3.7
+7f3017c79000-7f3017c7d000 r-xp 00002000 00:19 3212638                    /usr/lib/libidn2.so.0.3.7
+7f3017c7d000-7f3017c97000 r--p 00006000 00:19 3212638                    /usr/lib/libidn2.so.0.3.7
+7f3017c97000-7f3017c98000 r--p 0001f000 00:19 3212638                    /usr/lib/libidn2.so.0.3.7
+7f3017c98000-7f3017c99000 rw-p 00020000 00:19 3212638                    /usr/lib/libidn2.so.0.3.7
+7f3017c99000-7f3017cc2000 r--p 00000000 00:19 3663986                    /usr/lib/libp11-kit.so.0.3.0
+7f3017cc2000-7f3017d60000 r-xp 00029000 00:19 3663986                    /usr/lib/libp11-kit.so.0.3.0
+7f3017d60000-7f3017dba000 r--p 000c7000 00:19 3663986                    /usr/lib/libp11-kit.so.0.3.0
+7f3017dba000-7f3017dc4000 r--p 00120000 00:19 3663986                    /usr/lib/libp11-kit.so.0.3.0
+7f3017dc4000-7f3017dce000 rw-p 0012a000 00:19 3663986                    /usr/lib/libp11-kit.so.0.3.0
+7f3017dce000-7f3017dd0000 r--p 00000000 00:19 2549813                    /usr/lib/libdl-2.33.so
+7f3017dd0000-7f3017dd2000 r-xp 00002000 00:19 2549813                    /usr/lib/libdl-2.33.so
+7f3017dd2000-7f3017dd3000 r--p 00004000 00:19 2549813                    /usr/lib/libdl-2.33.so
+7f3017dd3000-7f3017dd4000 r--p 00004000 00:19 2549813                    /usr/lib/libdl-2.33.so
+7f3017dd4000-7f3017dd5000 rw-p 00005000 00:19 2549813                    /usr/lib/libdl-2.33.so
+7f3017dd5000-7f3017dd7000 rw-p 00000000 00:00 0 
+7f3017dd7000-7f3017dd9000 r--p 00000000 00:19 3020974                    /usr/lib/libpcre.so.1.2.13
+7f3017dd9000-7f3017e2f000 r-xp 00002000 00:19 3020974                    /usr/lib/libpcre.so.1.2.13
+7f3017e2f000-7f3017e4c000 r--p 00058000 00:19 3020974                    /usr/lib/libpcre.so.1.2.13
+7f3017e4c000-7f3017e4d000 r--p 00074000 00:19 3020974                    /usr/lib/libpcre.so.1.2.13
+7f3017e4d000-7f3017e4e000 rw-p 00075000 00:19 3020974                    /usr/lib/libpcre.so.1.2.13
+7f3017e4e000-7f3017e74000 r--p 00000000 00:19 2549806                    /usr/lib/libc-2.33.so
+7f3017e74000-7f3017fbf000 r-xp 00026000 00:19 2549806                    /usr/lib/libc-2.33.so
+7f3017fbf000-7f301800b000 r--p 00171000 00:19 2549806                    /usr/lib/libc-2.33.so
+7f301800b000-7f301800e000 r--p 001bc000 00:19 2549806                    /usr/lib/libc-2.33.so
+7f301800e000-7f3018011000 rw-p 001bf000 00:19 2549806                    /usr/lib/libc-2.33.so
+7f3018011000-7f301801a000 rw-p 00000000 00:00 0 
+7f301801a000-7f3018021000 r--p 00000000 00:19 2549847                    /usr/lib/libpthread-2.33.so
+7f3018021000-7f3018030000 r-xp 00007000 00:19 2549847                    /usr/lib/libpthread-2.33.so
+7f3018030000-7f3018034000 r--p 00016000 00:19 2549847                    /usr/lib/libpthread-2.33.so
+7f3018034000-7f3018035000 ---p 0001a000 00:19 2549847                    /usr/lib/libpthread-2.33.so
+7f3018035000-7f3018036000 r--p 0001a000 00:19 2549847                    /usr/lib/libpthread-2.33.so
+7f3018036000-7f3018037000 rw-p 0001b000 00:19 2549847                    /usr/lib/libpthread-2.33.so
+7f3018037000-7f301803b000 rw-p 00000000 00:00 0 
+7f301803b000-7f301803e000 r--p 00000000 00:19 2550528                    /usr/lib/libgcc_s.so.1
+7f301803e000-7f3018050000 r-xp 00003000 00:19 2550528                    /usr/lib/libgcc_s.so.1
+7f3018050000-7f3018053000 r--p 00015000 00:19 2550528                    /usr/lib/libgcc_s.so.1
+7f3018053000-7f3018054000 ---p 00018000 00:19 2550528                    /usr/lib/libgcc_s.so.1
+7f3018054000-7f3018055000 r--p 00018000 00:19 2550528                    /usr/lib/libgcc_s.so.1
+7f3018055000-7f3018056000 rw-p 00019000 00:19 2550528                    /usr/lib/libgcc_s.so.1
+7f3018056000-7f3018065000 r--p 00000000 00:19 2549819                    /usr/lib/libm-2.33.so
+7f3018065000-7f30180ff000 r-xp 0000f000 00:19 2549819                    /usr/lib/libm-2.33.so
+7f30180ff000-7f3018197000 r--p 000a9000 00:19 2549819                    /usr/lib/libm-2.33.so
+7f3018197000-7f3018198000 ---p 00141000 00:19 2549819                    /usr/lib/libm-2.33.so
+7f3018198000-7f3018199000 r--p 00141000 00:19 2549819                    /usr/lib/libm-2.33.so
+7f3018199000-7f301819a000 rw-p 00142000 00:19 2549819                    /usr/lib/libm-2.33.so
+7f301819a000-7f3018233000 r--p 00000000 00:19 2550558                    /usr/lib/libstdc++.so.6.0.29
+7f3018233000-7f3018333000 r-xp 00099000 00:19 2550558                    /usr/lib/libstdc++.so.6.0.29
+7f3018333000-7f301839f000 r--p 00199000 00:19 2550558                    /usr/lib/libstdc++.so.6.0.29
+7f301839f000-7f30183ac000 r--p 00204000 00:19 2550558                    /usr/lib/libstdc++.so.6.0.29
+7f30183ac000-7f30183ad000 rw-p 00211000 00:19 2550558                    /usr/lib/libstdc++.so.6.0.29
+7f30183ad000-7f30183b2000 rw-p 00000000 00:00 0 
+7f30183b2000-7f30183e6000 r--p 00000000 00:19 2907924                    /usr/lib/libgnutls.so.30.30.0
+7f30183e6000-7f3018508000 r-xp 00034000 00:19 2907924                    /usr/lib/libgnutls.so.30.30.0
+7f3018508000-7f301859d000 r--p 00156000 00:19 2907924                    /usr/lib/libgnutls.so.30.30.0
+7f301859d000-7f301859e000 ---p 001eb000 00:19 2907924                    /usr/lib/libgnutls.so.30.30.0
+7f301859e000-7f30185af000 r--p 001eb000 00:19 2907924                    /usr/lib/libgnutls.so.30.30.0
+7f30185af000-7f30185b1000 rw-p 001fc000 00:19 2907924                    /usr/lib/libgnutls.so.30.30.0
+7f30185b1000-7f30185b3000 rw-p 00000000 00:00 0 
+7f30185b3000-7f30185b5000 r--p 00000000 00:19 3662215                    /usr/lib/libgmodule-2.0.so.0.7000.0
+7f30185b5000-7f30185b7000 r-xp 00002000 00:19 3662215                    /usr/lib/libgmodule-2.0.so.0.7000.0
+7f30185b7000-7f30185b8000 r--p 00004000 00:19 3662215                    /usr/lib/libgmodule-2.0.so.0.7000.0
+7f30185b8000-7f30185b9000 r--p 00004000 00:19 3662215                    /usr/lib/libgmodule-2.0.so.0.7000.0
+7f30185b9000-7f30185ba000 rw-p 00005000 00:19 3662215                    /usr/lib/libgmodule-2.0.so.0.7000.0
+7f30185ba000-7f30185d7000 r--p 00000000 00:19 3662212                    /usr/lib/libglib-2.0.so.0.7000.0
+7f30185d7000-7f3018664000 r-xp 0001d000 00:19 3662212                    /usr/lib/libglib-2.0.so.0.7000.0
+7f3018664000-7f30186ec000 r--p 000aa000 00:19 3662212                    /usr/lib/libglib-2.0.so.0.7000.0
+7f30186ec000-7f30186ed000 ---p 00132000 00:19 3662212                    /usr/lib/libglib-2.0.so.0.7000.0
+7f30186ed000-7f30186ee000 r--p 00132000 00:19 3662212                    /usr/lib/libglib-2.0.so.0.7000.0
+7f30186ee000-7f30186ef000 rw-p 00133000 00:19 3662212                    /usr/lib/libglib-2.0.so.0.7000.0
+7f30186ef000-7f30186f0000 rw-p 00000000 00:00 0 
+7f30186f0000-7f30186f2000 r--p 00000000 00:19 3440204                    /usr/lib/liburing.so.2.1.0
+7f30186f2000-7f30186f4000 r-xp 00002000 00:19 3440204                    /usr/lib/liburing.so.2.1.0
+7f30186f4000-7f30186f5000 r--p 00004000 00:19 3440204                    /usr/lib/liburing.so.2.1.0
+7f30186f5000-7f30186f6000 r--p 00004000 00:19 3440204                    /usr/lib/liburing.so.2.1.0
+7f30186f6000-7f30186f7000 rw-p 00005000 00:19 3440204                    /usr/lib/liburing.so.2.1.0
+7f30186f7000-7f30186fa000 r--p 00000000 00:19 2549855                    /usr/lib/librt-2.33.so
+7f30186fa000-7f30186fe000 r-xp 00003000 00:19 2549855                    /usr/lib/librt-2.33.so
+7f30186fe000-7f3018700000 r--p 00007000 00:19 2549855                    /usr/lib/librt-2.33.so
+7f3018700000-7f3018701000 r--p 00008000 00:19 2549855                    /usr/lib/librt-2.33.so
+7f3018701000-7f3018702000 rw-p 00009000 00:19 2549855                    /usr/lib/librt-2.33.so
+7f3018702000-7f3018705000 r--p 00000000 00:19 15838                      /usr/lib/libz.so.1.2.11
+7f3018705000-7f3018713000 r-xp 00003000 00:19 15838                      /usr/lib/libz.so.1.2.11
+7f3018713000-7f3018719000 r--p 00011000 00:19 15838                      /usr/lib/libz.so.1.2.11
+7f3018719000-7f301871a000 ---p 00017000 00:19 15838                      /usr/lib/libz.so.1.2.11
+7f301871a000-7f301871b000 r--p 00017000 00:19 15838                      /usr/lib/libz.so.1.2.11
+7f301871b000-7f301871c000 rw-p 00018000 00:19 15838                      /usr/lib/libz.so.1.2.11
+7f301871c000-7f301871e000 rw-p 00000000 00:00 0 
+7f301871e000-7f301871f000 r--p 00000000 00:19 2549795                    /usr/lib/ld-2.33.so
+7f301871f000-7f3018743000 r-xp 00001000 00:19 2549795                    /usr/lib/ld-2.33.so
+7f3018743000-7f301874c000 r--p 00025000 00:19 2549795                    /usr/lib/ld-2.33.so
+7f301874c000-7f301874e000 r--p 0002d000 00:19 2549795                    /usr/lib/ld-2.33.so
+7f301874e000-7f3018750000 rw-p 0002f000 00:19 2549795                    /usr/lib/ld-2.33.so
+7ffc5c8f6000-7ffc5c917000 rw-p 00000000 00:00 0                          [stack]
+7ffc5c935000-7ffc5c939000 r--p 00000000 00:00 0                          [vvar]
+7ffc5c939000-7ffc5c93b000 r-xp 00000000 00:00 0                          [vdso]
+ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]
+
+Reading 15 bytes from 0x6377c (407420) to 0x40800638 of PID 278331
+buffer doesn't match
+```
+
+The program is trying to read from 0x6377c, which according to the emulated maps is in this mapping:
+
+```
+10000-7c000 r-xp 00000000 00:19 8275924                                  /home/osandov/repro
+```
+
+but on the host, it's mapped differently:
+
+```
+00020000-0008c000 r--p 00000000 00:19 8275924                            /home/osandov/repro
+```
+
+When using `qemu-arm-static` (version `6.1.0 (Debian 1:6.1+dfsg-6)`) via `binfmt_misc`, I also saw a case where the address isn't mapped in the host at all:
+
+```
+Maps read by self:
+10000-7c000 r-xp 00000000 00:19 8275924                                  /home/osandov/repro
+7c000-8b000 ---p 00000000 00:00 0                                        
+8b000-8c000 r--p 0006b000 00:19 8275924                                  /home/osandov/repro
+8c000-8d000 rw-p 0006c000 00:19 8275924                                  /home/osandov/repro
+8d000-b0000 rw-p 00000000 00:00 0                                        
+40000000-40001000 ---p 00000000 00:00 0                                  
+40001000-40801000 rw-p 00000000 00:00 0                                  [stack]
+
+Maps read by child process:
+00400000-00401000 r--p 00000000 00:19 297                                /usr/bin/qemu-arm-static
+00401000-00769000 r-xp 00001000 00:19 297                                /usr/bin/qemu-arm-static
+00769000-00abe000 r--p 00369000 00:19 297                                /usr/bin/qemu-arm-static
+00abe000-00c58000 r--p 006bd000 00:19 297                                /usr/bin/qemu-arm-static
+00c58000-00cd3000 rw-p 00857000 00:19 297                                /usr/bin/qemu-arm-static
+00cd3000-00cf7000 rw-p 00000000 00:00 0 
+0253c000-0268e000 rw-p 00000000 00:00 0                                  [heap]
+42645000-42655000 ---p 00000000 00:00 0 
+42655000-426c1000 r--p 00000000 00:19 8275924                            /home/osandov/repro
+426c1000-426d0000 ---p 00000000 00:00 0 
+426d0000-426d1000 r--p 0006b000 00:19 8275924                            /home/osandov/repro
+426d1000-426d2000 rw-p 0006c000 00:19 8275924                            /home/osandov/repro
+426d2000-426f5000 rw-p 00000000 00:00 0 
+426f5000-82645000 ---p 00000000 00:00 0 
+82645000-82646000 ---p 00000000 00:00 0 
+82646000-82e46000 rw-p 00000000 00:00 0 
+82e46000-142635000 ---p 00000000 00:00 0 
+142635000-142636000 r--p 00000000 00:00 0 
+7f5584000000-7f558bfff000 rwxp 00000000 00:00 0 
+7f558bfff000-7f558c000000 ---p 00000000 00:00 0 
+7f558c000000-7f558c021000 rw-p 00000000 00:00 0 
+7f558c021000-7f5590000000 ---p 00000000 00:00 0 
+7f55929b5000-7f5592a36000 rw-p 00000000 00:00 0 
+7f5592a36000-7f5592a37000 ---p 00000000 00:00 0 
+7f5592a37000-7f5593237000 rw-p 00000000 00:00 0 
+7ffc4971a000-7ffc4973b000 rw-p 00000000 00:00 0                          [stack]
+7ffc497fa000-7ffc497fe000 r--p 00000000 00:00 0                          [vvar]
+7ffc497fe000-7ffc49800000 r-xp 00000000 00:00 0                          [vdso]
+ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]
+
+Reading 15 bytes from 0x6377c (407420) to 0x40800648 of PID 278443
+pread: /proc/self/mem: Input/output error
+```
+Steps to reproduce:
+1. Download statically-linked ARM [reproducer](/uploads/5563ad67d01f0ec4a10f27d1967216c4/repro).
+2. Run `qemu-arm ./repro`.
+Additional information:
+I encountered this when trying out a CI system that uses QEMU user-mode emulation for 32-bit ARM builds. My project is a debugger that uses `/proc/self/mem`, and a test case tripped over this. See https://github.com/osandov/drgn/pull/126.
+
+This also seems to happen with a i386 guest, but not with an aarch64 guest, so I'm assuming that it's a 32-bit guest issue.
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/856 b/results/classifier/zero-shot-user-mode/output/runtime/856
new file mode 100644
index 00000000..575d68f9
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/856
@@ -0,0 +1,67 @@
+runtime: 0.382
+instruction: 0.333
+syscall: 0.285
+
+
+
+Occasional deadlock in linux-user (sh4) when running threadcount test
+Description of problem:
+
+Steps to reproduce:
+1. docker run --rm -it -u (id -u) -v $HOME:$HOME -w (pwd) qemu/debian-all-test-cross /bin/bash
+2. '../../configure' '--cc=clang' '--cxx=clang++' '--disable-system' '--target-list-exclude=microblazeel-linux-user,aarch64_be-linux-user,i386-linux-user,m68k-linux-user,mipsn32el-linux-user,xtensaeb-linux-user' '--extra-cflags=-fsanitize=undefined' '--extra-cflags=-fno-sanitize-recover=undefined'
+3. make; make build-tcg
+4. retry.py -n 400 -c -- timeout --foreground 90 ./qemu-sh4 -plugin ./tests/plugin/libinsn.so -d plugin ./tests/tcg/sh4-linux-user/threadcount
+
+Failure rate on hackbox:
+
+```
+Results summary:
+0: 397 times (99.25%), avg time 0.686 (0.00 varience/0.01 deviation)
+124: 3 times (0.75%), avg time 90.559 (0.00 varience/0.01 deviation)
+```
+
+It seems to fail more frequently on Gitlabs CI
+Additional information:
+Without the timeout you end up with a deadlock. The following backtrace was found, stepping in gdb unwedges the hang:
+
+```
+(gdb) info threads
+  Id   Target Id         Frame 
+* 1    LWP 15894 "qemu-sh4" safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75
+  2    LWP 15994 "qemu-sh4" 0x00007f956b800f59 in syscall () from target:/lib/x86_64-linux-gnu/libc.so.6
+  3    LWP 15997 "qemu-sh4" safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75
+(gdb) bt
+#0  safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75
+#1  0x0000560ee17196e4 in safe_futex (uaddr=0x58e8, op=-513652411, val=<optimized out>, timeout=0xf0, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:681
+#2  do_safe_futex (uaddr=0x58e8, op=-513652411, val=<optimized out>, timeout=0xf0, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:7757
+#3  0x0000560ee170c8d9 in do_syscall1 (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=22760, arg4=<optimized out>, arg5=<optimized out>, arg6=240, arg7=0, arg8=0) at /home/alex.bennee/lsrc/qemu.git/include/exec/cpu_ldst.h:90
+#4  0x0000560ee170220c in do_syscall (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=<optimized out>, arg5=<optimized out>, arg6=<optimized out>, arg7=<optimized out>, arg8=<optimized out>) at ../../linux-user/syscall.c:13239
+#5  0x0000560ee1626111 in cpu_loop (env=0x560ee294b028) at ../../linux-user/sh4/cpu_loop.c:43
+#6  0x0000560ee16ee37d in main (argc=-493657104, argv=0x7ffdcaf52028, envp=<optimized out>) at ../../linux-user/main.c:883
+(gdb) thread 2
+[Switching to thread 2 (LWP 15994)]
+#0  0x00007f956b800f59 in syscall () from target:/lib/x86_64-linux-gnu/libc.so.6
+(gdb) bt
+#0  0x00007f956b800f59 in syscall () from target:/lib/x86_64-linux-gnu/libc.so.6
+#1  0x0000560ee1847bd6 in qemu_futex_wait (f=<optimized out>, val=<optimized out>) at /home/alex.bennee/lsrc/qemu.git/include/qemu/futex.h:29
+#2  qemu_event_wait (ev=0x560ee2738974 <rcu_call_ready_event>) at ../../util/qemu-thread-posix.c:481
+#3  0x0000560ee18539a2 in call_rcu_thread (opaque=<optimized out>) at ../../util/rcu.c:261
+#4  0x0000560ee1847f17 in qemu_thread_start (args=0x560ee2933eb0) at ../../util/qemu-thread-posix.c:556
+#5  0x00007f956b8f6fa3 in start_thread () from target:/lib/x86_64-linux-gnu/libpthread.so.0
+#6  0x00007f956b8064cf in clone () from target:/lib/x86_64-linux-gnu/libc.so.6
+(gdb) thread 3
+[Switching to thread 3 (LWP 15997)]
+#0  safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75
+75              cmp     $-4095, %rax
+(gdb) bt
+#0  safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75
+#1  0x0000560ee17196e4 in safe_futex (uaddr=0x2, op=-513652411, val=<optimized out>, timeout=0x3f7fcdc4, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:681
+#2  do_safe_futex (uaddr=0x2, op=-513652411, val=<optimized out>, timeout=0x3f7fcdc4, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:7757
+#3  0x0000560ee170c8d9 in do_syscall1 (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=2, arg4=<optimized out>, arg5=<optimized out>, arg6=1065340356, arg7=0, arg8=0) at /home/alex.bennee/lsrc/qemu.git/include/exec/cpu_ldst.h:90
+#4  0x0000560ee170220c in do_syscall (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=<optimized out>, arg5=<optimized out>, arg6=<optimized out>, arg7=<optimized out>, arg8=<optimized out>) at ../../linux-user/syscall.c:13239
+#5  0x0000560ee1626111 in cpu_loop (env=0x560ee2a2c2d8) at ../../linux-user/sh4/cpu_loop.c:43
+#6  0x0000560ee171728f in clone_func (arg=<optimized out>) at ../../linux-user/syscall.c:6608
+#7  0x00007f956b8f6fa3 in start_thread () from target:/lib/x86_64-linux-gnu/libpthread.so.0
+#8  0x00007f956b8064cf in clone () from target:/lib/x86_64-linux-gnu/libc.so.6
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/866 b/results/classifier/zero-shot-user-mode/output/runtime/866
new file mode 100644
index 00000000..18cec591
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/866
@@ -0,0 +1,59 @@
+runtime: 0.454
+syscall: 0.313
+instruction: 0.232
+
+
+
+linux-user: substantial memory leak when threads are created and destroyed
+Description of problem:
+Substantial memory leak when the following simple program is executed on `qemu-arm`,
+```c
+// compile with `arm-none-linux-gnueabihf-gcc test_qemu.c -o test_qemu.out -pthread`
+
+#include <assert.h>
+#include <pthread.h>
+
+#define MAGIC_RETURN ((void *)42)
+
+void *thread_main(void *arg)
+{
+    return MAGIC_RETURN;
+}
+
+int main(int argc, char *argv[])
+{
+    size_t i;
+    for (i = 0;; i++)
+    {
+        pthread_t thread;
+        assert(pthread_create(&thread, NULL, thread_main, NULL) == 0);
+        void *ret;
+        assert(pthread_join(thread, &ret) == 0);
+        assert(ret == MAGIC_RETURN);
+    }
+
+    return 0;
+}
+```
+Steps to reproduce:
+1. 
+```
+export TOOLCHAIN_PREFIX=arm-none-linux-gnueabihf
+export ARMSDK=/${TOOLCHAIN_PREFIX}
+export SYSROOT=${ARMSDK}/${TOOLCHAIN_PREFIX}/libc
+export CC=${ARMSDK}/bin/${TOOLCHAIN_PREFIX}-gcc
+```
+2. Download the arm toolchain: `curl --output ${TOOLCHAIN_PREFIX}.tar.xz -L 'https://developer.arm.com/-/media/Files/downloads/gnu-a/10.2-2020.11/binrel/gcc-arm-10.2-2020.11-x86_64-arm-none-linux-gnueabihf.tar.xz?revision=d0b90559-3960-4e4b-9297-7ddbc3e52783&la=en&hash=985078B758BC782BC338DB947347107FBCF8EF6B'`
+3. `mkdir -p ${ARMSDK} && tar xf ${TOOLCHAIN_PREFIX}.tar.xz -C ${ARMSDK} --strip-components=1`
+4. `$CC test_qemu.c -o test_qemu.out -pthread`
+5. `qemu-arm -L $SYSROOT ./test_qemu.out`
+6. Observe memory usage keeps ramping up and crashes the process once out of memory.
+Additional information:
+Valgrind annotation logs [annot.log](/uploads/f8d05d8f216d5a589e8da0758a345de6/annot.log) generated by a local build on master@0a301624c2f4ced3331ffd5bce85b4274fe132af from
+```bash
+valgrind --xtree-memory=full --xtree-memory-file=xtmemory.kcg bin/debug/native/qemu-arm -L $SYSROOT /mnt/f/test_qemu3.out
+# Send CTRL-C before the process crashes due to oom
+callgrind_annotate --auto=yes --inclusive=yes --sort=curB:100,curBk:100,totB:100,totBk:100,totFdB:100,totFdBk:100  xtmemory.kcg > annot.log
+```
+
+#
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/904308 b/results/classifier/zero-shot-user-mode/output/runtime/904308
new file mode 100644
index 00000000..4714075a
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/904308
@@ -0,0 +1,104 @@
+runtime: 0.425
+instruction: 0.371
+syscall: 0.205
+
+
+
+x86: BT/BTS/BTR/BTC: ZF flag is unaffected
+
+Hello!
+
+Bug was found in qemu.git.
+See target-i386/translate.c:
+
+    case 0x1ba: /* bt/bts/btr/btc Gv, im */
+        ot = dflag + OT_WORD;
+        modrm = ldub_code(s->pc++);
+        op = (modrm >> 3) & 7;
+        mod = (modrm >> 6) & 3;
+        rm = (modrm & 7) | REX_B(s);
+        if (mod != 3) {
+            s->rip_offset = 1;
+            gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
+            gen_op_ld_T0_A0(ot + s->mem_index);
+        } else {
+            gen_op_mov_TN_reg(ot, 0, rm);
+        }
+        /* load shift */
+        val = ldub_code(s->pc++);
+        gen_op_movl_T1_im(val);
+        if (op < 4)
+            goto illegal_op;
+        op -= 4;
+        goto bt_op;
+    case 0x1a3: /* bt Gv, Ev */
+        op = 0;
+        goto do_btx;
+    case 0x1ab: /* bts */
+        op = 1;
+        goto do_btx;
+    case 0x1b3: /* btr */
+        op = 2;
+        goto do_btx;
+    case 0x1bb: /* btc */
+        op = 3;
+    do_btx:
+        ot = dflag + OT_WORD;
+        modrm = ldub_code(s->pc++);
+        reg = ((modrm >> 3) & 7) | rex_r;
+        mod = (modrm >> 6) & 3;
+        rm = (modrm & 7) | REX_B(s);
+        gen_op_mov_TN_reg(OT_LONG, 1, reg);
+        if (mod != 3) {
+            gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
+            /* specific case: we need to add a displacement */
+            gen_exts(ot, cpu_T[1]);
+            tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
+            tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
+            tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
+            gen_op_ld_T0_A0(ot + s->mem_index);
+        } else {
+            gen_op_mov_TN_reg(ot, 0, rm);
+        }
+    bt_op:
+        tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
+        switch(op) {
+        case 0:
+            tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
+            tcg_gen_movi_tl(cpu_cc_dst, 0);                               <<<<<<<<<<<<<<<<<<<<<< always set zf
+            break;
+        case 1:
+            tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
+            tcg_gen_movi_tl(cpu_tmp0, 1);
+            tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
+            tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
+            break;
+        case 2:
+            tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
+            tcg_gen_movi_tl(cpu_tmp0, 1);
+            tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
+            tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
+            tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
+            break;
+        default:
+        case 3:
+            tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
+            tcg_gen_movi_tl(cpu_tmp0, 1);
+            tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
+            tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
+            break;
+        }
+        s->cc_op = CC_OP_SARB + ot;
+        if (op != 0) {
+            if (mod != 3)
+                gen_op_st_T0_A0(ot + s->mem_index);
+            else
+                gen_op_mov_reg_T0(ot, rm);
+            tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
+            tcg_gen_movi_tl(cpu_cc_dst, 0);                           <<<<<<<<<<<<<<<<<<<<<< always set zf
+        }
+        break;
+
+always set zf...
+
+There is fixed patch.
\ No newline at end of file
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/939 b/results/classifier/zero-shot-user-mode/output/runtime/939
new file mode 100644
index 00000000..67c107df
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/939
@@ -0,0 +1,81 @@
+runtime: 0.361
+instruction: 0.347
+syscall: 0.292
+
+
+
+qemu-mipsn32el user mode emulator allocates pointers beyond upper memory limit
+Description of problem:
+In qemu-based N32 mips chroots (both BE and LE), I became aware of memory-intensive programs segfaulting, apparently at random. tar, gcc, but only in specific situations. Watching the strace output of gcc, I got the impression that it happens when memory beyond 2Gbyte is allocated. (mips n32 and o32 uses only 31 bit of a pointer, I've been told, so this is somewhat expected, but a segfault is nevertheless wrong.) 
+
+So, I used the following test program, statically linked:
+```
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+int main() {
+
+  char *pointer;
+  int i;
+
+  for (i=1; i<301; i++) {
+
+    printf("Allocation %i : ", i);
+    pointer = malloc(20480000 * sizeof(char));
+
+    printf(" pointer is %p, ", pointer);
+
+    if (! pointer) {
+      printf("malloc failed\n");
+      exit(0);
+    };
+
+    memset(pointer, 0xDB, 20480000);
+    printf(" filled\n");
+  }
+};
+```
+
+With mips3 n32 I get the following output:
+```
+pinacolada ~ # file /var/lib/machines/mips64el-n32/root/memtest
+/var/lib/machines/mips64el-n32/root/memtest: ELF 32-bit LSB executable, MIPS, N32 MIPS-III version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, not stripped
+pinacolada ~ # /usr/bin/qemu-mipsn32el /var/lib/machines/mips64el-n32/root/memtest
+Allocation 1 :  pointer is 0x40802010,  filled
+Allocation 2 :  pointer is 0x41b8b010,  filled
+Allocation 3 :  pointer is 0x42f14010,  filled
+[...]
+Allocation 51 :  pointer is 0x7d8c4010,  filled
+Allocation 52 :  pointer is 0x7ec4d010,  filled
+qemu: unhandled CPU exception 0x15 - aborting
+pc=0x0000000010021944 HI=0x0000000000000004 LO=0x00000000100218f0 ds 02ea 00000000100218f0 0
+GPR00: r0 0000000000000000 at 0000000000000001 v0 000000007ffd6010 v1 0000000026f77200
+GPR04: a0 000000007ffd6010 a1 dbdbdbdbdbdbdbdb a2 0000000001388000 a3 0000000001388000
+GPR08: t0 0000000025252525 t1 0000000025252525 t2 ffffffffffffffff t3 000000001006c369
+GPR12: t4 000000001006c368 t5 0000000000000000 t6 0000000000000000 t7 0000000000000010
+GPR16: s0 0000000000000001 s1 00000000407ffd54 s2 000000001009b270 s3 0000000000000000
+GPR20: s4 0000000010000760 s5 00000000407ffd5c s6 0000000000000000 s7 0000000000000000
+GPR24: t8 0000000000000000 t9 00000000100218f0 k0 0000000000000000 k1 0000000000000000
+GPR28: gp 00000000100a7320 sp 00000000407ffbf0 s8 00000000407ffbf0 ra 0000000010000854
+CP0 Status  0x24800010 Cause   0x00000000 EPC    0x0000000000000000
+    Config0 0x80004482 Config1 0xbe61309b LLAddr 0x0000000000000000
+    Config2 0x80000000 Config3 0x00000000
+    Config4 0x00000000 Config5 0x00000000
+**
+ERROR:../accel/tcg/cpu-exec.c:928:cpu_exec: assertion failed: (cpu == current_cpu)
+Bail out! ERROR:../accel/tcg/cpu-exec.c:928:cpu_exec: assertion failed: (cpu == current_cpu)
+```
+
+For mips2 o32 I get the more correct looking output
+```
+pinacolada ~ # file /var/lib/machines/mips-o32/root/memtest
+/var/lib/machines/mips-o32/root/memtest: ELF 32-bit MSB executable, MIPS, MIPS-II version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, not stripped
+pinacolada ~ # /usr/bin/qemu-mips /var/lib/machines/mips-o32/root/memtest
+Allocation 1 :  pointer is 0x3ec76008,  filled
+Allocation 2 :  pointer is 0x3d8ed008,  filled
+Allocation 3 :  pointer is 0x3c564008,  filled
+[...]
+Allocation 104 :  pointer is 0x4082c008,  filled
+Allocation 105 :  pointer is (nil), malloc failed
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/967 b/results/classifier/zero-shot-user-mode/output/runtime/967
new file mode 100644
index 00000000..dd19291e
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/967
@@ -0,0 +1,230 @@
+runtime: 0.443
+syscall: 0.316
+instruction: 0.240
+
+
+
+qemu 6.2 user mode memory leak when mmap + munmap is called
+Description of problem:
+Launch a program with qemu user mode emulator,
+If this program calls mmap to allocate 40GB virtual memory and call munmap to free it later, the memory const of qemu user mode emulator grows to a very big value. 
+
+Excepted behavior: qemu-x86_64 costs very less memory after munmap is called.
+Observed behavior: qemu-x86_64 costs around 2.5GiB after munmap is called. Most of the memory is consumed by [heap].
+Steps to reproduce:
+1.Compile this code with g++.
+```shell
+g++ -o main.bin main.cpp
+```
+```cpp
+#include <chrono>
+#include <cstdio>
+#include <sys/types.h>
+#include <unistd.h>
+#include <cstdlib>
+#include <sys/mman.h>
+
+#include <thread>
+
+static constexpr size_t  pageSize = 4096;
+
+int main(){
+	constexpr size_t size = 1024*100*pageSize*1000;
+
+	void* data = mmap(nullptr, size, PROT_NONE,  MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+	
+	if(data == nullptr){
+		perror("mmap failed");
+		exit(1);
+	}
+
+	int error = munmap(data, size);
+
+	if(error !=0){
+		perror("munmap failed");
+		exit(1);
+	}
+	
+
+	printf("mmap munmap test done\n");
+	while(true){
+		std::this_thread::sleep_for(std::chrono::seconds(10000));
+	}
+	
+	return 0;
+}
+```
+2. run main.bin with qemu-x86_64
+```shell
+$ qemu-x86_64 ./main.bin
+mmap munmap test done
+```
+3. check memory usage by top
+```
+$ top -p `pgrep "qemu"`
+top - 16:00:39 up  6:41,  1 user,  load average: 0.08, 0.12, 0.10
+Tasks:   1 total,   0 running,   1 sleeping,   0 stopped,   0 zombie
+%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
+MiB Mem :  15969.1 total,   8249.3 free,   6048.2 used,   1671.5 buff/cache
+MiB Swap:   2048.0 total,   1209.6 free,    838.4 used.   9544.3 avail Mem 
+
+    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                                                                                                             
+  38521 jcq       20   0 2634324   2.3g   7840 S   0.0  14.8   0:04.48 qemu-x86_64                                                                                                                         
+```
+
+4. check memory usage by mmap. Heap is 5611ca5e0000-56125d125000, the size of heap is more than 2GiB.
+```shell
+$ cat /proc/38521/maps
+4000000000-4000001000 r--p 00000000 00:35 49812                          /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin
+4000001000-4000002000 r--p 00001000 00:35 49812                          /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin
+4000002000-4000003000 r--p 00002000 00:35 49812                          /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin
+4000003000-4000004000 r--p 00002000 00:35 49812                          /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin
+4000004000-4000005000 rw-p 00003000 00:35 49812                          /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin
+4000005000-4000026000 rw-p 00000000 00:00 0 
+4001005000-4001006000 ---p 00000000 00:00 0 
+4001006000-4001806000 rw-p 00000000 00:00 0 
+4001806000-400183d000 r--p 00000000 08:05 4456513                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+400183d000-400183e000 ---p 00000000 00:00 0 
+400183e000-4001840000 r--p 00037000 08:05 4456513                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+4001840000-4001842000 rw-p 00039000 08:05 4456513                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+4001842000-4001844000 rw-p 00000000 00:00 0 
+4001863000-4001a78000 r--p 00000000 08:05 4456541                        /usr/lib/x86_64-linux-gnu/libc.so.6
+4001a78000-4001a7c000 r--p 00214000 08:05 4456541                        /usr/lib/x86_64-linux-gnu/libc.so.6
+4001a7c000-4001a7e000 rw-p 00218000 08:05 4456541                        /usr/lib/x86_64-linux-gnu/libc.so.6
+4001a7e000-4001a8d000 rw-p 00000000 00:00 0 
+5611c96af000-5611c9734000 r--p 00000000 08:05 4467878                    /usr/bin/qemu-x86_64
+5611c9734000-5611c9885000 r-xp 00085000 08:05 4467878                    /usr/bin/qemu-x86_64
+5611c9885000-5611c9901000 r--p 001d6000 08:05 4467878                    /usr/bin/qemu-x86_64
+5611c9902000-5611c993c000 r--p 00252000 08:05 4467878                    /usr/bin/qemu-x86_64
+5611c993c000-5611c9950000 rw-p 0028c000 08:05 4467878                    /usr/bin/qemu-x86_64
+5611c9950000-5611c996e000 rw-p 00000000 00:00 0 
+5611ca5e0000-56125d125000 rw-p 00000000 00:00 0                          [heap]
+7f2038000000-7f203ffff000 rwxp 00000000 00:00 0 
+7f203ffff000-7f2040000000 ---p 00000000 00:00 0 
+7f2040000000-7f2040021000 rw-p 00000000 00:00 0 
+7f2040021000-7f2044000000 ---p 00000000 00:00 0 
+7f2047def000-7f2047e70000 rw-p 00000000 00:00 0 
+7f2047e70000-7f2047e71000 ---p 00000000 00:00 0 
+7f2047e71000-7f2048676000 rw-p 00000000 00:00 0 
+7f2048676000-7f2048678000 r--p 00000000 08:05 4456538                    /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
+7f2048678000-7f204867f000 r-xp 00002000 08:05 4456538                    /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
+7f204867f000-7f2048680000 r--p 00009000 08:05 4456538                    /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
+7f2048680000-7f2048681000 ---p 0000a000 08:05 4456538                    /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
+7f2048681000-7f2048682000 r--p 0000a000 08:05 4456538                    /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
+7f2048682000-7f2048683000 rw-p 0000b000 08:05 4456538                    /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
+7f2048683000-7f204868d000 r--p 00000000 08:05 4457088                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
+7f204868d000-7f20486ec000 r-xp 0000a000 08:05 4457088                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
+7f20486ec000-7f2048703000 r--p 00069000 08:05 4457088                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
+7f2048703000-7f2048704000 r--p 0007f000 08:05 4457088                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
+7f2048704000-7f2048705000 rw-p 00080000 08:05 4457088                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
+7f2048705000-7f204870d000 r--p 00000000 08:05 4461541                    /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4
+7f204870d000-7f2048720000 r-xp 00008000 08:05 4461541                    /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4
+7f2048720000-7f204874a000 r--p 0001b000 08:05 4461541                    /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4
+7f204874a000-7f204874b000 ---p 00045000 08:05 4461541                    /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4
+7f204874b000-7f204874c000 r--p 00045000 08:05 4461541                    /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4
+7f204874c000-7f204874d000 rw-p 00046000 08:05 4461541                    /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4
+7f204874d000-7f2048757000 r--p 00000000 08:05 4464736                    /usr/lib/x86_64-linux-gnu/libnettle.so.8.4
+7f2048757000-7f204877a000 r-xp 0000a000 08:05 4464736                    /usr/lib/x86_64-linux-gnu/libnettle.so.8.4
+7f204877a000-7f2048790000 r--p 0002d000 08:05 4464736                    /usr/lib/x86_64-linux-gnu/libnettle.so.8.4
+7f2048790000-7f2048792000 r--p 00042000 08:05 4464736                    /usr/lib/x86_64-linux-gnu/libnettle.so.8.4
+7f2048792000-7f2048793000 rw-p 00044000 08:05 4464736                    /usr/lib/x86_64-linux-gnu/libnettle.so.8.4
+7f2048793000-7f2048795000 rw-p 00000000 00:00 0 
+7f2048795000-7f2048798000 r--p 00000000 08:05 4459610                    /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2
+7f2048798000-7f20487a6000 r-xp 00003000 08:05 4459610                    /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2
+7f20487a6000-7f20487aa000 r--p 00011000 08:05 4459610                    /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2
+7f20487aa000-7f20487ab000 ---p 00015000 08:05 4459610                    /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2
+7f20487ab000-7f20487ac000 r--p 00015000 08:05 4459610                    /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2
+7f20487ac000-7f20487ad000 rw-p 00016000 08:05 4459610                    /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2
+7f20487ad000-7f20487be000 r--p 00000000 08:05 4460136                    /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0
+7f20487be000-7f20487f4000 r-xp 00011000 08:05 4460136                    /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0
+7f20487f4000-7f2048952000 r--p 00047000 08:05 4460136                    /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0
+7f2048952000-7f2048956000 r--p 001a5000 08:05 4460136                    /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0
+7f2048956000-7f2048957000 rw-p 001a9000 08:05 4460136                    /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0
+7f2048957000-7f2048959000 r--p 00000000 08:05 4465922                    /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7
+7f2048959000-7f204895d000 r-xp 00002000 08:05 4465922                    /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7
+7f204895d000-7f2048976000 r--p 00006000 08:05 4465922                    /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7
+7f2048976000-7f2048977000 r--p 0001e000 08:05 4465922                    /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7
+7f2048977000-7f2048978000 rw-p 0001f000 08:05 4465922                    /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7
+7f2048978000-7f20489a1000 r--p 00000000 08:05 4459606                    /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
+7f20489a1000-7f2048a45000 r-xp 00029000 08:05 4459606                    /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
+7f2048a45000-7f2048a9f000 r--p 000cd000 08:05 4459606                    /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
+7f2048a9f000-7f2048aa9000 r--p 00126000 08:05 4459606                    /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
+7f2048aa9000-7f2048ab3000 rw-p 00130000 08:05 4459606                    /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
+7f2048ab3000-7f2048ab5000 r--p 00000000 08:05 4456747                    /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3
+7f2048ab5000-7f2048b0a000 r-xp 00002000 08:05 4456747                    /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3
+7f2048b0a000-7f2048b27000 r--p 00057000 08:05 4456747                    /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3
+7f2048b27000-7f2048b28000 r--p 00073000 08:05 4456747                    /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3
+7f2048b28000-7f2048b29000 rw-p 00074000 08:05 4456747                    /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3
+7f2048b29000-7f2048b51000 r--p 00000000 08:05 4456541                    /usr/lib/x86_64-linux-gnu/libc.so.6
+7f2048b51000-7f2048ce6000 r-xp 00028000 08:05 4456541                    /usr/lib/x86_64-linux-gnu/libc.so.6
+7f2048ce6000-7f2048d3e000 r--p 001bd000 08:05 4456541                    /usr/lib/x86_64-linux-gnu/libc.so.6
+7f2048d3e000-7f2048d42000 r--p 00214000 08:05 4456541                    /usr/lib/x86_64-linux-gnu/libc.so.6
+7f2048d42000-7f2048d44000 rw-p 00218000 08:05 4456541                    /usr/lib/x86_64-linux-gnu/libc.so.6
+7f2048d44000-7f2048d53000 rw-p 00000000 00:00 0 
+7f2048d53000-7f2048d56000 r--p 00000000 08:05 4457972                    /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
+7f2048d56000-7f2048d6d000 r-xp 00003000 08:05 4457972                    /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
+7f2048d6d000-7f2048d71000 r--p 0001a000 08:05 4457972                    /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
+7f2048d71000-7f2048d72000 r--p 0001d000 08:05 4457972                    /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
+7f2048d72000-7f2048d73000 rw-p 0001e000 08:05 4457972                    /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
+7f2048d73000-7f2048d81000 r--p 00000000 08:05 4456717                    /usr/lib/x86_64-linux-gnu/libm.so.6
+7f2048d81000-7f2048dfd000 r-xp 0000e000 08:05 4456717                    /usr/lib/x86_64-linux-gnu/libm.so.6
+7f2048dfd000-7f2048e58000 r--p 0008a000 08:05 4456717                    /usr/lib/x86_64-linux-gnu/libm.so.6
+7f2048e58000-7f2048e59000 r--p 000e4000 08:05 4456717                    /usr/lib/x86_64-linux-gnu/libm.so.6
+7f2048e59000-7f2048e5a000 rw-p 000e5000 08:05 4456717                    /usr/lib/x86_64-linux-gnu/libm.so.6
+7f2048e5a000-7f2048e8b000 r--p 00000000 08:05 4456481                    /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0
+7f2048e8b000-7f2048fb4000 r-xp 00031000 08:05 4456481                    /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0
+7f2048fb4000-7f2049031000 r--p 0015a000 08:05 4456481                    /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0
+7f2049031000-7f2049041000 r--p 001d6000 08:05 4456481                    /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0
+7f2049041000-7f2049043000 rw-p 001e6000 08:05 4456481                    /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0
+7f2049043000-7f2049045000 rw-p 00000000 00:00 0 
+7f2049045000-7f2049047000 r--p 00000000 08:05 4465165                    /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0
+7f2049047000-7f2049049000 r-xp 00002000 08:05 4465165                    /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0
+7f2049049000-7f204904a000 r--p 00004000 08:05 4465165                    /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0
+7f204904a000-7f204904b000 r--p 00004000 08:05 4465165                    /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0
+7f204904b000-7f204904c000 rw-p 00005000 08:05 4465165                    /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0
+7f204904c000-7f2049069000 r--p 00000000 08:05 4465132                    /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0
+7f2049069000-7f20490f8000 r-xp 0001d000 08:05 4465132                    /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0
+7f20490f8000-7f2049182000 r--p 000ac000 08:05 4465132                    /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0
+7f2049182000-7f2049183000 ---p 00136000 08:05 4465132                    /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0
+7f2049183000-7f2049184000 r--p 00136000 08:05 4465132                    /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0
+7f2049184000-7f2049185000 rw-p 00137000 08:05 4465132                    /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0
+7f2049185000-7f2049186000 rw-p 00000000 00:00 0 
+7f2049186000-7f2049188000 r--p 00000000 08:05 4463546                    /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0
+7f2049188000-7f204918a000 r-xp 00002000 08:05 4463546                    /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0
+7f204918a000-7f204918b000 r--p 00004000 08:05 4463546                    /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0
+7f204918b000-7f204918c000 r--p 00004000 08:05 4463546                    /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0
+7f204918c000-7f204918d000 rw-p 00005000 08:05 4463546                    /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0
+7f20491ac000-7f20491ae000 rw-p 00000000 00:00 0 
+7f20491ae000-7f20491b0000 r--p 00000000 08:05 4456513                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+7f20491b0000-7f20491da000 r-xp 00002000 08:05 4456513                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+7f20491da000-7f20491e5000 r--p 0002c000 08:05 4456513                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+7f20491e6000-7f20491e8000 r--p 00037000 08:05 4456513                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+7f20491e8000-7f20491ea000 rw-p 00039000 08:05 4456513                    /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+7fffe17ee000-7fffe1810000 rw-p 00000000 00:00 0                          [stack]
+7fffe19d1000-7fffe19d5000 r--p 00000000 00:00 0                          [vvar]
+7fffe19d5000-7fffe19d7000 r-xp 00000000 00:00 0                          [vdso]
+ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]
+```
+Additional information:
+qemu is installed by ubuntu's apt.
+
+sudo apt install qemu-user
+
+compiler version:
+```
+g++ --version
+g++ (Ubuntu 11.2.0-19ubuntu1) 11.2.0
+Copyright (C) 2021 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+```
+
+libc version:
+```
+ldd --version
+ldd (Ubuntu GLIBC 2.35-0ubuntu3) 2.35
+Copyright (C) 2022 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+Written by Roland McGrath and Ulrich Drepper.
+```
diff --git a/results/classifier/zero-shot-user-mode/output/runtime/979 b/results/classifier/zero-shot-user-mode/output/runtime/979
new file mode 100644
index 00000000..d758d078
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/runtime/979
@@ -0,0 +1,13 @@
+runtime: 0.413
+instruction: 0.402
+syscall: 0.185
+
+
+
+s390x floating point conversion functions broken
+Description of problem:
+While collecting additional reference files for float_convs (and float_convd) I noticed that the s390x handling of some cases is broken. See diff for details:
+
+```
+ diff -y tests/tcg/s390x-linux-user/float_convs.out ../../tests/tcg/s390x/float_convs.ref
+#