summary refs log tree commit diff stats
path: root/results/classifier/108/other/1493
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--results/classifier/108/other/1493100
-rw-r--r--results/classifier/108/other/149303373
2 files changed, 173 insertions, 0 deletions
diff --git a/results/classifier/108/other/1493 b/results/classifier/108/other/1493
new file mode 100644
index 00000000..0aaf0b11
--- /dev/null
+++ b/results/classifier/108/other/1493
@@ -0,0 +1,100 @@
+other: 0.952
+permissions: 0.939
+files: 0.938
+debug: 0.933
+vnc: 0.930
+device: 0.928
+semantic: 0.927
+graphic: 0.926
+KVM: 0.925
+performance: 0.924
+socket: 0.923
+PID: 0.921
+network: 0.917
+boot: 0.900
+
+Devision by zero in uart_parameters_setup()
+Description of problem:
+s->r[R_BRGR] could be zero but there is no check[1].
+
+```
+static void uart_parameters_setup(CadenceUARTState *s)
+{
+    QEMUSerialSetParams ssp;
+    unsigned int baud_rate, packet_size, input_clk;
+    input_clk = clock_get_hz(s->refclk);
+
+    baud_rate = (s->r[R_MR] & UART_MR_CLKS) ? input_clk / 8 : input_clk;
+    baud_rate /= (s->r[R_BRGR] * (s->r[R_BDIV] + 1)); // ----> [1]
+```
+Steps to reproduce:
+Build with ASan.
+
+```
+export QEMU=/path/to/qemu-system-aarch64
+
+cat << EOF | $QEMU \
+-machine xlnx-zcu102 -monitor none -serial none \
+-display none -nodefaults -qtest stdio
+writel 0xff000018 0x12330000
+writew 0xff000004 0xbcc4
+EOF
+```
+Additional information:
+```
+==23==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
+INFO: found LLVMFuzzerCustomMutator (0x55555d6bab70). Disabling -len_control by default.
+INFO: Running with entropic power schedule (0xFF, 100).
+INFO: Seed: 4102190864
+INFO: Loaded 1 modules   (603606 inline 8-bit counters): 603606 [0x555560d6e000, 0x555560e015d6), 
+INFO: Loaded 1 PC tables (603606 PCs): 603606 [0x5555604379b0,0x555560d6d710), 
+./qemu-videzzo-aarch64-target-videzzo-fuzz-cadence-uart: Running 1 inputs 1 time(s) each.
+INFO: Reading pre_seed_input if any ...
+INFO: Executing pre_seed_input if any ...
+Matching objects by name , *uart*
+This process will fuzz the following MemoryRegions:
+  * uart[0] (size 1000)
+  * uart[0] (size 1000)
+This process will fuzz through the following interfaces:
+  * clock_step, EVENT_TYPE_CLOCK_STEP, 0xffffffff +0xffffffff, 255,255
+  * uart, EVENT_TYPE_MMIO_READ, 0xff000000 +0x1000, 1,4
+  * uart, EVENT_TYPE_MMIO_WRITE, 0xff000000 +0x1000, 1,4
+  * uart, EVENT_TYPE_MMIO_READ, 0xff010000 +0x1000, 1,4
+  * uart, EVENT_TYPE_MMIO_WRITE, 0xff010000 +0x1000, 1,4
+INFO: A corpus is not provided, starting from an empty corpus
+#2      INITED cov: 3 ft: 4 corp: 1/1b exec/s: 0 rss: 512Mb
+Running: ./poc-qemu-videzzo-aarch64-target-videzzo-fuzz-cadence-uart-crash-cef41ca061384b94899472d8e2e6b5a86b62d259.minimized
+../hw/char/cadence_uart.c:181:15: runtime error: division by zero
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/char/cadence_uart.c:181:15 in 
+AddressSanitizer:DEADLYSIGNAL
+=================================================================
+==23==ERROR: AddressSanitizer: FPE on unknown address 0x555558fee913 (pc 0x555558fee913 bp 0x7fffffffb5f0 sp 0x7fffffffb220 T0)
+    #0 0x555558fee913 in uart_parameters_setup /root/videzzo/videzzo_qemu/qemu/out-san/../hw/char/cadence_uart.c:181:15
+    #1 0x555558fe8165 in uart_write /root/videzzo/videzzo_qemu/qemu/out-san/../hw/char/cadence_uart.c:471:9
+    #2 0x55555c7bee3e in memory_region_write_with_attrs_accessor /root/videzzo/videzzo_qemu/qemu/out-san/../softmmu/memory.c:514:12
+    #3 0x55555c7be051 in access_with_adjusted_size /root/videzzo/videzzo_qemu/qemu/out-san/../softmmu/memory.c:555:18
+    #4 0x55555c7bcd1e in memory_region_dispatch_write /root/videzzo/videzzo_qemu/qemu/out-san/../softmmu/memory.c:1522:13
+    #5 0x55555c84ce1e in flatview_write_continue /root/videzzo/videzzo_qemu/qemu/out-san/../softmmu/physmem.c:2826:23
+    #6 0x55555c83abcb in flatview_write /root/videzzo/videzzo_qemu/qemu/out-san/../softmmu/physmem.c:2868:12
+    #7 0x55555c83a688 in address_space_write /root/videzzo/videzzo_qemu/qemu/out-san/../softmmu/physmem.c:2964:18
+    #8 0x555558b3e91e in qemu_writew /root/videzzo/videzzo_qemu/qemu/out-san/../tests/qtest/videzzo/videzzo_qemu.c:1101:5
+    #9 0x555558b3d173 in dispatch_mmio_write /root/videzzo/videzzo_qemu/qemu/out-san/../tests/qtest/videzzo/videzzo_qemu.c:1253:28
+    #10 0x55555d6b5fef in videzzo_dispatch_event /root/videzzo/videzzo.c:1140:5
+    #11 0x55555d6ad36d in __videzzo_execute_one_input /root/videzzo/videzzo.c:288:9
+    #12 0x55555d6ad114 in videzzo_execute_one_input /root/videzzo/videzzo.c:329:9
+    #13 0x555558b4646c in videzzo_qemu /root/videzzo/videzzo_qemu/qemu/out-san/../tests/qtest/videzzo/videzzo_qemu.c:1530:12
+    #14 0x55555d6bae3b in LLVMFuzzerTestOneInput /root/videzzo/videzzo.c:1910:18
+    #15 0x555558a26bf6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:594:17
+    #16 0x555558a09824 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:21
+    #17 0x555558a147ce in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char*, unsigned long)) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:885:19
+    #18 0x555558a00db6 in main /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:30
+    #19 0x7ffff607a082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
+    #20 0x555558a00e0d in _start (/root/bugs/metadata/cadence_uart-00/qemu-videzzo-aarch64-target-videzzo-fuzz-cadence-uart+0x34ace0d)
+
+AddressSanitizer can not provide additional info.
+SUMMARY: AddressSanitizer: FPE /root/videzzo/videzzo_qemu/qemu/out-san/../hw/char/cadence_uart.c:181:15 in uart_parameters_setup
+==23==ABORTING
+MS: 0 ; base unit: 0000000000000000000000000000000000000000
+0x1,0x9,0x18,0x0,0x0,0xff,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0x0,0x33,0x12,0x0,0x0,0x0,0x0,0x1,0x9,0x4,0x0,0x0,0xff,0x0,0x0,0x0,0x0,0x2,0x0,0x0,0x0,0xc4,0xbc,0x4e,0x4c,0x0,0x0,0x0,0x0,
+\x01\x09\x18\x00\x00\xff\x00\x00\x00\x00\x04\x00\x00\x00\x00\x003\x12\x00\x00\x00\x00\x01\x09\x04\x00\x00\xff\x00\x00\x00\x00\x02\x00\x00\x00\xc4\xbcNL\x00\x00\x00\x00
+```
diff --git a/results/classifier/108/other/1493033 b/results/classifier/108/other/1493033
new file mode 100644
index 00000000..f23aa3b5
--- /dev/null
+++ b/results/classifier/108/other/1493033
@@ -0,0 +1,73 @@
+graphic: 0.877
+device: 0.704
+files: 0.685
+performance: 0.647
+network: 0.612
+vnc: 0.594
+socket: 0.558
+PID: 0.521
+permissions: 0.404
+semantic: 0.386
+other: 0.331
+boot: 0.304
+debug: 0.289
+KVM: 0.148
+
+memory leak/high memory usage with spice webdav feature
+
+This bug is being open due the comment:
+https://bugs.freedesktop.org/show_bug.cgi?id=91350#c9
+
+Description of problem:
+When copying big files from client to guest, the memory usage in the host grows by about the size of the file. This is partially spice problem due the memory pool being able to increase as much as necessary without a limit which should be handled by the patches sent in the mailing list [0]
+
+[0] http://lists.freedesktop.org/archives/spice-devel/2015-August/021644.html
+
+At the same time, massif shows high memory usage by qemu as well [1] (output attached)
+
+[1] (peak)
+->49.64% (267,580,319B) 0x308B89: malloc_and_trace (vl.c:2724)
+| ->49.38% (266,167,561B) 0x67CE678: g_malloc (gmem.c:97)
+| | ->49.03% (264,241,152B) 0x511D8E: qemu_coroutine_new (coroutine-ucontext.c:106)
+| | | ->49.03% (264,241,152B) 0x510E24: qemu_coroutine_create (qemu-coroutine.c:74)
+(...)
+
+The file being shared was a 320M ogv video.
+
+Version-Release number of selected component (if applicable):
+QEMU emulator version 2.3.93
+SPICE and SPICE-GTK: from git master
+
+How reproducible:
+100%
+
+Steps to Reproduce:
+1-) build spice-gtk with --enable-webdav=yes
+2-) enable webdav in your VM by following:
+https://elmarco.fedorapeople.org/manual.html#_folder_sharing
+3-) using remote-viewer with webdav patches, connects to a fedora guest
+4-) Open nautilus, go to 'Browse Network'
+5-) On remote-viewer, enable shared folder by File > Preferences > [X] Share folder
+6-) The spice client folder should appear: Double-click to mount it.
+7-) Check the memory of your qemu process
+8-) Copy a big file (let's say, 300 MB) from the shared folder to local VM
+9-) See the memory consumption of qemu grows by a lot;
+
+Actual results:
+Memory usage grows during copy and is not freed
+
+Expected results:
+Memory should have an upper limit to grow and should be freed after copy
+
+Additional info:
+Also reported in Fedora/rawhide: https://bugzilla.redhat.com/show_bug.cgi?id=1256376
+SPICE upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=91350
+
+
+
+patches: http://lists.freedesktop.org/archives/spice-devel/2015-August/021644.html
+
+Looking through old bug tickets... can you still reproduce this issue with the latest version of QEMU and spice? Or could we close this ticket nowadays?
+
+[Expired for QEMU because there has been no activity for 60 days.]
+