diff options
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2273.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_missing/2273.toml | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2273.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2273.toml deleted file mode 100644 index cb187979..00000000 --- a/gitlab/issues/target_missing/host_missing/accel_missing/2273.toml +++ /dev/null @@ -1,55 +0,0 @@ -id = 2273 -title = "Abort in net_tx_pkt_update_sctp_checksum()" -state = "closed" -created_at = "2024-04-08T09:42:58.231Z" -closed_at = "2024-04-10T15:08:32.133Z" -labels = ["Fuzzer", "Networking", "workflow::Patch available"] -url = "https://gitlab.com/qemu-project/qemu/-/issues/2273" -host-os = "Ubuntu 22.04.4 LTS" -host-arch = "x86_64" -qemu-version = "commit ce64e6224a" -guest-os = "Debian GNU/Linux 10 (buster)" -guest-arch = "x86_64" -description = """In the function _net_tx_pkt_update_sctp_checksum(),_ an abort happened: - -``` -qemu-fuzz-x86_64: ../../../third_party/qemu/util/iov.c:39: size_t iov_from_buf_full(const struct iovec *, unsigned int, size_t, const void *, size_t): Assertion `offset == 0' failed. -==1052929== ERROR: libFuzzer: deadly signal - #0 0x5575e5cccbe1 in __sanitizer_print_stack_trace llvm/compiler-rt/lib/asan/asan_stack.cpp:87:3 - #1 0x5575e5c479b8 in fuzzer::PrintStackTrace() llvm/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 - #2 0x5575e5c2bbb3 in fuzzer::Fuzzer::CrashCallback() llvm/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3 - #3 0x7f691f24251f (/lib/x86_64-linux-gnu/libc.so.6+0x4251f) - #4 0x7f691f2969fb in __pthread_kill_implementation nptl/./nptl/pthread_kill.c:43:17 - #5 0x7f691f2969fb in __pthread_kill_internal nptl/./nptl/pthread_kill.c:78:10 - #6 0x7f691f2969fb in pthread_kill nptl/./nptl/pthread_kill.c:89:10 - #7 0x7f691f242475 in gsignal signal/../sysdeps/posix/raise.c:26:13 - #8 0x7f691f2287f2 in abort stdlib/./stdlib/abort.c:79:7 - #9 0x7f691f22871a in __assert_fail_base assert/./assert/assert.c:92:3 - #10 0x7f691f239e95 in __assert_fail assert/./assert/assert.c:101:3 - #11 0x5575e81e952a in iov_from_buf_full qemu/util/iov.c:39:5 - #12 0x5575e6500768 in net_tx_pkt_update_sctp_checksum qemu/hw/net/net_tx_pkt.c:144:9 - #13 0x5575e659f3e1 in igb_setup_tx_offloads qemu/hw/net/igb_core.c:478:11 - #14 0x5575e659f3e1 in igb_tx_pkt_send qemu/hw/net/igb_core.c:552:10 - #15 0x5575e659f3e1 in igb_process_tx_desc qemu/hw/net/igb_core.c:671:17 - #16 0x5575e659f3e1 in igb_start_xmit qemu/hw/net/igb_core.c:903:9 - #17 0x5575e659f3e1 in igb_set_tdt qemu/hw/net/igb_core.c:2812:5 - #18 0x5575e657d6a4 in igb_core_write qemu/hw/net/igb_core.c:4248:9 -```""" -reproduce = """Here's a simple PoC: - -``` -cat << EOF | \\ -qemu-system-x86_64 \\ --display none -machine accel=qtest -m 512M -M q35 -nodefaults -device \\ -igb,netdev=net0 -netdev user,id=net0 -qtest stdio -outl 0xcf8 0x80000810 -outl 0xcfc 0xe0000000 -outl 0xcf8 0x80000804 -outw 0xcfc 0x06 -write 0xe0000403 0x1 0x02 -writel 0xe0003808 0xffffffff -write 0xe000381a 0x1 0x5b -write 0xe000381b 0x1 0x00 -EOF -```""" -additional = "n/a" |