1 files changed, 123 insertions, 0 deletions

diff --git a/results/classifier/105/other/1913510 b/results/classifier/105/other/1913510
new file mode 100644
index 00000000..7b1ff253
--- /dev/null
+++ b/results/classifier/105/other/1913510
@@ -0,0 +1,123 @@
+other: 0.815
+device: 0.796
+graphic: 0.786
+instruction: 0.784
+assembly: 0.769
+semantic: 0.767
+socket: 0.735
+boot: 0.722
+mistranslation: 0.715
+KVM: 0.700
+network: 0.688
+vnc: 0.677
+
+[Fuzz] qemu-system-i386 virtio-mouse: Assertion in address_space_lduw_le_cached failed
+
+--[ Reproducer
+
+cat << EOF | ./build/qemu-system-i386 -machine q35,accel=qtest -nodefaults \
+-device virtio-mouse -display none -qtest stdio
+outl 0xcf8 0x80000820
+outl 0xcfc 0xe0004000
+outl 0xcf8 0x80000804
+outb 0xcfc 0x02
+write 0xe000400c 0x4 0x003fe62e
+write 0xe0004016 0x1 0x01
+write 0xe0004024 0x1 0x01
+write 0xe000401c 0x1 0x01
+write 0xe0007007 0x1 0x00
+write 0xe0004018 0x1 0x41
+write 0xe0007007 0x1 0x00
+EOF
+
+
+--[ Output
+
+[I 1611805425.711054] OPENED
+[R +0.040080] outl 0xcf8 0x80000820
+OK
+[S +0.040117] OK
+[R +0.040136] outl 0xcfc 0xe0004000
+OK
+[S +0.040155] OK
+[R +0.040165] outl 0xcf8 0x80000804
+OK
+[S +0.040172] OK
+[R +0.040184] outb 0xcfc 0x02
+OK
+[S +0.040683] OK
+[R +0.040702] write 0xe000400c 0x4 0x003fe62e
+OK
+[S +0.040735] OK
+[R +0.040743] write 0xe0004016 0x1 0x01
+OK
+[S +0.040748] OK
+[R +0.040755] write 0xe0004024 0x1 0x01
+OK
+[S +0.040760] OK
+[R +0.040767] write 0xe000401c 0x1 0x01
+OK
+[S +0.040785] OK
+[R +0.040792] write 0xe0007007 0x1 0x00
+OK
+[S +0.040810] OK
+[R +0.040817] write 0xe0004018 0x1 0x41
+OK
+[S +0.040822] OK
+[R +0.040839] write 0xe0007007 0x1 0x00
+qemu-system-i386: /home/ubuntu/qemu/include/exec/memory_ldst_cached.h.inc:54: uint32_t address_space_lduw_le_cached(MemoryRegionCache *, hwaddr, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
+
+
+-- [ Original ASAN report
+
+qemu-fuzz-i386: /home/ubuntu/qemu/include/exec/memory_ldst_cached.h.inc:54: uint32_t address_space_lduw_le_cached(MemoryRegionCache *, hwaddr, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
+==3406167== ERROR: libFuzzer: deadly signal
+    #0 0x5644e4ae0f21 in __sanitizer_print_stack_trace (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2a47f21)
+    #1 0x5644e4a29fe8 in fuzzer::PrintStackTrace() (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2990fe8)
+    #2 0x5644e4a10023 in fuzzer::Fuzzer::CrashCallback() (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2977023)
+    #3 0x7f77e2a4b3bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
+    #4 0x7f77e285c18a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
+    #5 0x7f77e283b858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
+    #6 0x7f77e283b728  (/lib/x86_64-linux-gnu/libc.so.6+0x25728)
+    #7 0x7f77e284cf35 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x36f35)
+    #8 0x5644e60051b2 in address_space_lduw_le_cached /home/ubuntu/qemu/include/exec/memory_ldst_cached.h.inc:54:5
+    #9 0x5644e60051b2 in lduw_le_phys_cached /home/ubuntu/qemu/include/exec/memory_ldst_phys.h.inc:91:12
+    #10 0x5644e60051b2 in virtio_lduw_phys_cached /home/ubuntu/qemu/include/hw/virtio/virtio-access.h:166:12
+    #11 0x5644e5ff476d in vring_avail_ring /home/ubuntu/qemu/build/../hw/virtio/virtio.c:327:12
+    #12 0x5644e5ff476d in vring_get_used_event /home/ubuntu/qemu/build/../hw/virtio/virtio.c:333:12
+    #13 0x5644e5ff476d in virtio_split_should_notify /home/ubuntu/qemu/build/../hw/virtio/virtio.c:2473:35
+    #14 0x5644e5ff476d in virtio_should_notify /home/ubuntu/qemu/build/../hw/virtio/virtio.c:2524:16
+    #15 0x5644e5ff5556 in virtio_notify /home/ubuntu/qemu/build/../hw/virtio/virtio.c:2566:14
+    #16 0x5644e5571d2a in virtio_input_handle_sts /home/ubuntu/qemu/build/../hw/input/virtio-input.c:100:5
+    #17 0x5644e5ff20ec in virtio_queue_notify /home/ubuntu/qemu/build/../hw/virtio/virtio.c:2366:9
+    #18 0x5644e60908fb in memory_region_write_accessor /home/ubuntu/qemu/build/../softmmu/memory.c:491:5
+    #19 0x5644e6090363 in access_with_adjusted_size /home/ubuntu/qemu/build/../softmmu/memory.c:552:18
+    #20 0x5644e608fbc0 in memory_region_dispatch_write /home/ubuntu/qemu/build/../softmmu/memory.c
+    #21 0x5644e5b97bc6 in flatview_write_continue /home/ubuntu/qemu/build/../softmmu/physmem.c:2759:23
+    #22 0x5644e5b8d328 in flatview_write /home/ubuntu/qemu/build/../softmmu/physmem.c:2799:14
+    #23 0x5644e5b8d328 in address_space_write /home/ubuntu/qemu/build/../softmmu/physmem.c:2891:18
+    #24 0x5644e6018906 in qtest_process_command /home/ubuntu/qemu/build/../softmmu/qtest.c:539:13
+    #25 0x5644e60159df in qtest_process_inbuf /home/ubuntu/qemu/build/../softmmu/qtest.c:797:9
+    #26 0x5644e6015735 in qtest_server_inproc_recv /home/ubuntu/qemu/build/../softmmu/qtest.c:904:9
+    #27 0x5644e667cf68 in qtest_sendf /home/ubuntu/qemu/build/../tests/qtest/libqtest.c:438:5
+    #28 0x5644e667e54e in qtest_write /home/ubuntu/qemu/build/../tests/qtest/libqtest.c:1002:5
+    #29 0x5644e667e54e in qtest_writeq /home/ubuntu/qemu/build/../tests/qtest/libqtest.c:1023:5
+    #30 0x5644e4b1037e in __wrap_qtest_writeq /home/ubuntu/qemu/build/../tests/qtest/fuzz/qtest_wrappers.c:190:9
+    #31 0x5644e4b1c33d in op_write /home/ubuntu/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:479:13
+    #32 0x5644e4b1a259 in generic_fuzz /home/ubuntu/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:681:17
+    #33 0x5644e4b0b333 in LLVMFuzzerTestOneInput /home/ubuntu/qemu/build/../tests/qtest/fuzz/fuzz.c:151:5
+    #34 0x5644e4a11581 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2978581)
+    #35 0x5644e49fcc92 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2963c92)
+    #36 0x5644e4a02cfe in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x2969cfe)
+    #37 0x5644e4a2a7c2 in main (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x29917c2)
+    #38 0x7f77e283d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+    #39 0x5644e49d739d in _start (/home/ubuntu/qemu/build/qemu-fuzz-i386+0x293e39d)
+
+
+This is an automated cleanup. This bug report has been moved to QEMU's
+new bug tracker on gitlab.com and thus gets marked as 'expired' now.
+Please continue with the discussion here:
+
+ https://gitlab.com/qemu-project/qemu/-/issues/302
+
+