summary refs log tree commit diff stats
path: root/results/classifier/108/other/1429
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--results/classifier/108/other/142970
-rw-r--r--results/classifier/108/other/142903440
-rw-r--r--results/classifier/108/other/1429841134
3 files changed, 244 insertions, 0 deletions
diff --git a/results/classifier/108/other/1429 b/results/classifier/108/other/1429
new file mode 100644
index 00000000..6611eb40
--- /dev/null
+++ b/results/classifier/108/other/1429
@@ -0,0 +1,70 @@
+other: 0.722
+KVM: 0.632
+vnc: 0.582
+device: 0.564
+permissions: 0.548
+debug: 0.537
+graphic: 0.536
+boot: 0.531
+performance: 0.518
+network: 0.513
+socket: 0.508
+semantic: 0.500
+files: 0.496
+PID: 0.478
+
+Out of bounds in xilinx_spips_write()
+Description of problem:
+The size of TYPE_XILINX_SPIPS's and TYPE_XILINX_QSPIPS's memory regions is
+0x100, but it is set to 0x200. UBSAN captures Out of bounds accesses.
+Steps to reproduce:
+```
+export QEMU=/path/to/qemu-system-aarch64
+export UBSAN_OPTIONS=halt_on_error=1:symbolize=1:print_stacktrace=1
+
+cat << EOF | $QEMU \
+-machine xlnx-zcu102 -monitor none -serial none \
+-display none -nodefaults -qtest stdio
+writew 0xff050108 0x29be
+EOF
+```
+Additional information:
+```
+==852678==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
+[I 0.000001] OPENED
+pulseaudio: set_sink_input_volume() failed
+pulseaudio: Reason: Invalid argument
+pulseaudio: set_sink_input_mute() failed
+pulseaudio: Reason: Invalid argument
+qemu-system-aarch64: warning: nic cadence_gem.0 has no peer
+qemu-system-aarch64: warning: nic cadence_gem.1 has no peer
+qemu-system-aarch64: warning: nic cadence_gem.2 has no peer
+qemu-system-aarch64: warning: nic cadence_gem.3 has no peer
+[R +0.323364] writew 0xff050108 0x29be
+../hw/ssi/xilinx_spips.c:1031:22: runtime error: index 66 out of bounds for type 'uint32_t [64]'
+    #0 0x55b7450b6895 in xilinx_spips_write /home/liuqiang/project-videzzo/qemu-devel/build/../hw/ssi/xilinx_spips.c:1031:22
+    #1 0x55b747b29790 in memory_region_write_accessor /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/memory.c:493:5
+    #2 0x55b747b28c2d in access_with_adjusted_size /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/memory.c:555:18
+    #3 0x55b747b268f4 in memory_region_dispatch_write /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/memory.c:1515:16
+    #4 0x55b747c1a071 in flatview_write_continue /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/physmem.c:2825:23
+    #5 0x55b747c00d92 in flatview_write /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/physmem.c:2867:12
+    #6 0x55b747c007b8 in address_space_write /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/physmem.c:2963:18
+    #7 0x55b747c49f31 in qtest_process_command /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/qtest.c:528:13
+    #8 0x55b747c42f6e in qtest_process_inbuf /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/qtest.c:802:9
+    #9 0x55b747c5b783 in qtest_read /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/qtest.c:814:5
+    #10 0x55b748c6b602 in qemu_chr_be_write_impl /home/liuqiang/project-videzzo/qemu-devel/build/../chardev/char.c:201:9
+    #11 0x55b748c6b74a in qemu_chr_be_write /home/liuqiang/project-videzzo/qemu-devel/build/../chardev/char.c:213:9
+    #12 0x55b748c81f6a in fd_chr_read /home/liuqiang/project-videzzo/qemu-devel/build/../chardev/char-fd.c:72:9
+    #13 0x55b7481cbe66 in qio_channel_fd_source_dispatch /home/liuqiang/project-videzzo/qemu-devel/build/../io/channel-watch.c:84:12
+    #14 0x7fbad3de404d in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5204d)
+    #15 0x55b74923a917 in glib_pollfds_poll /home/liuqiang/project-videzzo/qemu-devel/build/../util/main-loop.c:297:9
+    #16 0x55b749238017 in os_host_main_loop_wait /home/liuqiang/project-videzzo/qemu-devel/build/../util/main-loop.c:320:5
+    #17 0x55b749237967 in main_loop_wait /home/liuqiang/project-videzzo/qemu-devel/build/../util/main-loop.c:606:11
+    #18 0x55b745858753 in qemu_main_loop /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/runstate.c:739:9
+    #19 0x55b74304cf34 in qemu_default_main /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/main.c:37:14
+    #20 0x55b74304cfd0 in main /home/liuqiang/project-videzzo/qemu-devel/build/../softmmu/main.c:48:12
+    #21 0x7fbad227a082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
+    #22 0x55b742fa271d in _start (/home/liuqiang/project-videzzo/qemu-devel/build/qemu-system-aarch64+0x3dc371d)
+
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/ssi/xilinx_spips.c:1031:22 in
+```
diff --git a/results/classifier/108/other/1429034 b/results/classifier/108/other/1429034
new file mode 100644
index 00000000..4fc8794c
--- /dev/null
+++ b/results/classifier/108/other/1429034
@@ -0,0 +1,40 @@
+graphic: 0.722
+permissions: 0.683
+other: 0.678
+debug: 0.676
+performance: 0.664
+semantic: 0.647
+network: 0.613
+files: 0.604
+device: 0.604
+PID: 0.603
+socket: 0.586
+vnc: 0.569
+boot: 0.564
+KVM: 0.549
+
+qemu abort in qemu_coroutine_enter when multi-thread writing
+
+qemu release version: 2.2.0
+platform: x86_64
+
+qemu would be aborted when there are two threads to write two seperate qcow2 files.
+
+call stack:
+
+#0 0x7ffff5e18989	__GI_raise(sig=sig@entry=6) (../nptl/sysdeps/unix/sysv/linux/raise.c:56)
+#1 0x7ffff5e1a098	__GI_abort() (abort.c:90)
+#2 0x7ffff728c034	qemu_coroutine_enter(co=0x7fffe0004800, opaque=0x0) (qemu-coroutine.c:117)
+#3 0x7ffff727df39	bdrv_co_io_em_complete(opaque=0x7ffff7fd6ae0, ret=0) (block.c:4847)
+#4 0x7ffff7270314	thread_pool_completion_bh(opaque=0x7fffe0006ad0) (thread-pool.c:187)
+#5 0x7ffff726f873	aio_bh_poll(ctx=0x7fffe0001d00) (async.c:82)
+#6 0x7ffff728340b	aio_dispatch(ctx=0x7fffe0001d00) (aio-posix.c:137)
+#7 0x7ffff72837b0	aio_poll(ctx=0x7fffe0001d00, blocking=true) (aio-posix.c:248)
+#8 ??	0x00007ffff72795a8 in bdrv_prwv_co (bs=0x7fffdc0021c0, offset=12071639552, qiov=0x7fffe67fa590, is_write=true, flags=(unknown: 0)) (block.c:2703)
+#9 ??	0x00007ffff727966a in bdrv_rw_co (bs=0x7fffdc0021c0, sector_num=23577421, buf=0x7fffe4629250 "\234\b\335Ǽ\254\213q\301\366\315=\005oI\301\245=\373\004+2?H\212\025\035+\262\274C;X\301FaP\324\335\061ҝ&Y\316=\347\335\020\365\003goɿ\214\312S=\v2]\373\363C\311\341\334\r5k\346k\204\332\023\264\315陌\230\203J\222u\214\066", nb_sectors=128, is_write=true, flags=(unknown: 0)) (block.c:2726)
+#10 0x7ffff7279758	bdrv_write(bs=0x7fffdc0021c0, sector_num=23577421, buf=0x7fffe4629250 "\234\b\335Ǽ\254\213q\301\366\315=\005oI\301\245=\373\004+2?H\212\025\035+\262\274C;X\301FaP\324\335\061ҝ&Y\316=\347\335\020\365\003goɿ\214\312S=\v2]\373\363C\311\341\334\r5k\346k\204\332\023\264\315陌\230\203J\222u\214\066", nb_sectors=128) (block.c:2760)
+
+Triaging old bug tickets... can you still reproduce this issue with the latest version of QEMU? Or could we close this ticket nowadays?
+
+[Expired for QEMU because there has been no activity for 60 days.]
+
diff --git a/results/classifier/108/other/1429841 b/results/classifier/108/other/1429841
new file mode 100644
index 00000000..baed7194
--- /dev/null
+++ b/results/classifier/108/other/1429841
@@ -0,0 +1,134 @@
+other: 0.816
+permissions: 0.809
+semantic: 0.759
+device: 0.729
+PID: 0.723
+network: 0.686
+graphic: 0.669
+debug: 0.657
+vnc: 0.653
+files: 0.649
+boot: 0.642
+performance: 0.637
+socket: 0.607
+KVM: 0.588
+
+error "rom: requested regions overlap" for NOLOAD sections
+
+command line:
+qemu-system-arm -semihosting -nographic -monitor null -serial null -no-reboot -kernel build/fw/0HNFcomSLuP1_CUNIT.elf
+
+output:
+rom: requested regions overlap (rom phdr #6: build/fw/0HNFcomSLuP1_CUNIT.elf. free=0x8001effc, addr=0x8001c000)
+rom loading failed
+
+I checked the sections of the .elf file with arm-none-eabi-objdump -h:
+Sections:
+Idx Name          Size      VMA       LMA       File off  Algn
+...
+ 35 .marker_appli 00001000  801ae000  801ae000  00025000  2**0
+                  ALLOC
+ 36 .safe_data    00000014  80200000  8001b000  00020000  2**2
+                  CONTENTS, ALLOC, LOAD, DATA
+ 37 .safe_bss     00000488  80200020  8001b020  00020014  2**2
+                  ALLOC
+ 38 .marker_safe_data 00001000  80201000  8001c000  00029000  2**0
+                  ALLOC
+ 39 .data         000008cc  80202000  8001b600  00022000  2**3
+                  CONTENTS, ALLOC, LOAD, DATA
+ 40 .bss          0000312c  802028d0  8001bed0  000228cc  2**3
+                  ALLOC
+ 41 .marker_data  00001000  80206000  8001f600  00026000  2**0
+                  ALLOC
+ 42 .cunit        00010000  80300000  80119600  00028000  2**0
+                  ALLOC
+ 43 .marker_code  00001000  8001c000  8001c000  00024000  2**0
+                  ALLOC
+...
+
+So I had a look where the values in  the error message could come from:
+0x8001c000: is the "LMA" value of section .marker_safe_data
+0x8001effc: is "Size" + "LMA" of the .bss section (0x0000312c + 0x8001bed0)
+
+So it is correct that (regarding the "LMA" value) the .marker_safe_data section collides with .bss section.
+But actually these sections have no "LOAD" attribute, so I would guess that their "LMA" should not be used anyway.
+Those section should reside at their "VMA" addresses (0x802xxxxx) during runtime but they have no data to load.
+
+Or am I getting something completely wrong?
+Should I give an additional option to qemu?
+
+I got this error with 2.0.0+dfsg-2ubuntu1.10 and 1.0.50-2012.03-0ubuntu2.1
+I didn't get this error (but others) with 0.10.2
+
+
+
+I did a test (with version 2.2.0) to simply not fail out upon this error (removed the "return -1" in function rom_load_all() in file hw/core/loader.c).
+
+With that hack I got the elf file running I'll attach with *this* comment (note that attachment #1 won't run correctly but probably for some other reason as I never had this working anywhere).
+So when I run with my hack:
+qemu-system-arm  -M integratorcp -semihosting -nographic -monitor null -serial null -no-reboot -kernel 0MFWSL_EmoDatauP1_CUNIT.elf
+
+I get:
+rom: requested regions overlap (rom phdr #4: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x0000000000017ae0, addr=0x0000000000016aac)
+rom: requested regions overlap (rom phdr #5: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x00000000000185e8, addr=0x0000000000017e64) 
+
+     CUnit - A Unit testing framework for C - Version 2.1-0
+     http://cunit.sourceforge.net/
+
+
+Suite: MFWSL_EmoData
+  Test: MFWSL_EmoFileOpen		 ... passed
+  Test: MFWSL_ChkEmosSodHdr		 ... passed
+  Test: MFWSL_ChkEmosFileHdr	 ... passed
+  Test: MFWSL_ChkEmosSodSect	 ... passed
+  Test: MFWSL_ChkEmosFileSect	 ... passed
+  Test: MFWSL_AddEntryToCpyList	 ... passed
+  Test: MFWSL_EmosAvailableForSect ... passed
+  Test: MFWSL_CreateCpyListFromSect ... passed
+  Test: MFWSL_SodEmosActive		 ... passed
+  Test: MFWSL_CreateExtMoList	 ... passed
+  Test: MFWSL_ExtendedEmosActive ... passed
+
+--Run Summary: Type      Total     Ran  Passed  Failed
+               suites        1       1     n/a       0
+               tests        11      11      11       0
+               asserts    2854    2854    2854       0  
+
+...where the last part is the output I expected for a clean run.
+
+regarding the values in the error messages I it looks like:
+free=0x0000000000017ae0 = end of .safe_bss (0x16aac + 0x1034) which is NOLOAD
+addr=0x0000000000016aac = start of .data which is LOAD
+free=0x00000000000185e8 = end of .bss (0x17570 + 0x1078) which is NOLOAD
+addr=0x0000000000017e64 = start of .marker1 which is NOLOAD
+
+Any optinions?
+
+additional info:
+0MFWSL_EmoDatauP1_CUNIT.elf from previous post runs fine with 1.0.50 (Debian 1.0.50-2012.03-0ubuntu2.1) and 0.10.2
+
+To make things more easy I added some debug output to function rom_load_all().
+It prints infos for every rom section is processes:
+
+rom phdr #1: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x0000000000000000, size=0x000000000000003c, addr=0x0000000000000000)
+rom phdr #2: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x00000000000008a0, size=0x00000000000161c4, addr=0x000000000000003c)
+rom phdr #3: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x0000000000016a64, size=0x000000000000107c, addr=0x0000000000016a64)
+rom phdr #4: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x0000000000016aac, size=0x0000000000001b3c, addr=0x0000000000017ae0)
+rom: requested regions overlap (rom phdr #4: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x0000000000017ae0, addr=0x0000000000016aac, size=0x0000000000001b3c)
+rom phdr #5: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x0000000000017e64, size=0x0000000000000400, addr=0x00000000000185e8)
+rom: requested regions overlap (rom phdr #5: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x00000000000185e8, addr=0x0000000000017e64, size=0x0000000000000400)
+rom phdr #6: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x00000000001152ac, size=0x0000000000000400, addr=0x0000000000018264)
+rom phdr #7: 0MFWSL_EmoDatauP1_CUNIT.elf. free=0x00000000001a7000, size=0x0000000000000400, addr=0x00000000001156ac)
+
+Retest with qemu 2.7.0: issue still occours
+Same fix works for me: removed 'return -1;' in function rom_check_and_register_reset() (line 1030 of file hw/core/loader.c)
+
+This bug is fixed in QEMU master by commits bf1733392ca2 and f33e5e6299288c, which will be in the upcoming QEMU 2.11 release.
+
+(PS: the thing the loader cares about is not elf sections but elf segments in the program header, so the section table and its attributes isn't relevant here, only the program header. In any case your example ELF file loads OK with the bugfixes applied.)
+
+
+Just tested with QEMU 2.10.93 in cygwin: problem does not occour anymore!
+
+Thanks a lot!
+