summary refs log tree commit diff stats
path: root/results/classifier/118/unknown/1883733
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/unknown/1883733')
-rw-r--r--results/classifier/118/unknown/1883733387
1 files changed, 387 insertions, 0 deletions
diff --git a/results/classifier/118/unknown/1883733 b/results/classifier/118/unknown/1883733
new file mode 100644
index 00000000..5b44c0ad
--- /dev/null
+++ b/results/classifier/118/unknown/1883733
@@ -0,0 +1,387 @@
+mistranslation: 0.945
+VMM: 0.944
+register: 0.937
+TCG: 0.932
+KVM: 0.928
+hypervisor: 0.921
+ppc: 0.917
+user-level: 0.914
+risc-v: 0.909
+vnc: 0.901
+performance: 0.896
+i386: 0.894
+permissions: 0.892
+x86: 0.888
+peripherals: 0.868
+assembly: 0.866
+architecture: 0.849
+arm: 0.849
+semantic: 0.832
+device: 0.814
+graphic: 0.811
+debug: 0.810
+files: 0.808
+virtual: 0.808
+kernel: 0.792
+PID: 0.786
+boot: 0.785
+network: 0.779
+socket: 0.756
+
+FIXME xhci_alloc_device_streams:972 guest streams config not identical for all eps
+
+To reproduce run the QEMU with the following command line:
+```
+qemu-system-x86_64 -cdrom hypertrash_os_bios_crash.iso -nographic -m 100 -enable-kvm -device virtio-gpu-pci -device nec-usb-xhci -device usb-audio
+```
+
+QEMU Version:
+```
+# qemu-5.0.0
+$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
+$ x86_64-softmmu/qemu-system-x86_64 --version
+QEMU emulator version 5.0.0
+Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
+```
+
+
+
+OSS-Fuzz reported this:
+
+=== Reproducer ===
+cat << EOF | ./qemu-system-i386 -display none \
+-machine accel=qtest, -m 512M -machine q35 -nodefaults \
+-device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 \
+-device usb-tablet -device usb-wacom-tablet -device usb-audio \
+-qtest stdio
+outl 0xcf8 0x80000803
+outl 0xcfc 0x18ffffff
+outl 0xcf8 0x80000813
+outb 0xcfc 0x5e
+write 0x5e000074 0x4 0x5a636c6f
+writel 0x5e000040 0x5adeb005
+write 0xd 0x1 0x24
+write 0x1d 0x1 0x2e
+write 0x2d 0x1 0xff
+write 0x3d 0x1 0x24
+write 0x4d 0x1 0x2e
+write 0x5d 0x1 0xff
+write 0x6d 0x1 0x24
+write 0x7d 0x1 0x2e
+write 0x8d 0x1 0xff
+write 0x9d 0x1 0x24
+write 0xad 0x1 0x2e
+write 0xbd 0x1 0xff
+write 0xcd 0x1 0x24
+write 0xdd 0x1 0x2e
+write 0x6d04 0x1 0x03
+write 0x6d26 0x1 0x04
+write 0xed 0x1 0xff
+write 0xfd 0x1 0x24
+write 0x10d 0x1 0x2e
+write 0x11d 0x1 0xff
+write 0x12d 0x1 0x24
+write 0x13d 0x1 0x2e
+write 0x14d 0x1 0xff
+write 0x15d 0x1 0x24
+write 0x16d 0x1 0x2e
+write 0x17d 0x1 0xff
+write 0x18d 0x1 0x24
+write 0x19d 0x1 0x2e
+write 0x1ad 0x1 0xff
+write 0x1bd 0x1 0x24
+write 0x1cd 0x1 0x2e
+write 0x1dd 0x1 0xff
+write 0x1ed 0x1 0x24
+write 0x1fd 0x1 0x2e
+write 0x20d 0x1 0xff
+write 0x21d 0x1 0x24
+write 0x22d 0x1 0x2e
+write 0x23d 0x1 0xff
+write 0x24d 0x1 0x24
+write 0x25d 0x1 0x2e
+write 0x26d 0x1 0xff
+write 0x27d 0x1 0x24
+write 0x28d 0x1 0x2e
+write 0x29d 0x1 0xff
+write 0x2ad 0x1 0x24
+write 0x2bd 0x1 0x2e
+write 0x2cd 0x1 0xff
+write 0x2dd 0x1 0x24
+write 0x2ed 0x1 0x2e
+write 0x2fd 0x1 0xff
+write 0x30d 0x1 0x24
+write 0x31d 0x1 0x2e
+write 0x32d 0x1 0xff
+write 0x33d 0x1 0x24
+write 0x34d 0x1 0x2e
+write 0x35d 0x1 0xff
+write 0x36d 0x1 0x24
+write 0x37d 0x1 0x2e
+write 0x38d 0x1 0xff
+write 0x39d 0x1 0x24
+write 0x3ad 0x1 0x2e
+write 0x3bd 0x1 0xff
+write 0x3cd 0x1 0x24
+write 0x3dd 0x1 0x2e
+write 0x3ed 0x1 0xff
+write 0x3fd 0x1 0x24
+write 0x40d 0x1 0x2e
+write 0x41d 0x1 0xff
+write 0x42d 0x1 0x24
+write 0x43d 0x1 0x2e
+write 0x44d 0x1 0xff
+write 0x45d 0x1 0x24
+write 0x46d 0x1 0x2e
+write 0x47d 0x1 0xff
+write 0x48d 0x1 0x24
+write 0x49d 0x1 0x2e
+write 0x4ad 0x1 0xff
+write 0x4bd 0x1 0x24
+write 0x4cd 0x1 0x2e
+write 0x4dd 0x1 0xff
+write 0x4ed 0x1 0x24
+write 0x4fd 0x1 0x2e
+write 0x50d 0x1 0xff
+write 0x51d 0x1 0x24
+write 0x52d 0x1 0x2e
+write 0x53d 0x1 0xff
+write 0x54d 0x1 0x24
+write 0x55d 0x1 0x2e
+write 0x56d 0x1 0xff
+write 0x57d 0x1 0x24
+write 0x58d 0x1 0x2e
+write 0x59d 0x1 0xff
+write 0x5ad 0x1 0x24
+write 0x5bd 0x1 0x2e
+write 0x5cd 0x1 0xff
+write 0x5dd 0x1 0x24
+write 0x5ed 0x1 0x2e
+write 0x5fd 0x1 0xff
+write 0x60d 0x1 0x24
+write 0x61d 0x1 0x2e
+write 0x62d 0x1 0xff
+write 0x63d 0x1 0x24
+write 0x64d 0x1 0x2e
+write 0x65d 0x1 0xff
+write 0x66d 0x1 0x24
+write 0x67d 0x1 0x2e
+write 0x68d 0x1 0xff
+write 0x69d 0x1 0x24
+write 0x6ad 0x1 0x2e
+write 0x6bd 0x1 0xff
+write 0x6cd 0x1 0x24
+write 0x6dd 0x1 0x2e
+write 0x6ed 0x1 0xff
+write 0x6fd 0x1 0x24
+write 0x70d 0x1 0x2e
+write 0x71d 0x1 0xff
+write 0x72d 0x1 0x24
+write 0x73d 0x1 0x2e
+write 0x74d 0x1 0xff
+write 0x75d 0x1 0x24
+write 0x76d 0x1 0x2e
+write 0x77d 0x1 0xff
+write 0x78d 0x1 0x24
+write 0x79d 0x1 0x2e
+write 0x7ad 0x1 0xff
+write 0x7bd 0x1 0x24
+write 0x7cd 0x1 0x2e
+write 0x7dd 0x1 0xff
+write 0x7ed 0x1 0x24
+write 0x7fd 0x1 0x2e
+write 0x80d 0x1 0xff
+write 0x81d 0x1 0x24
+write 0x82d 0x1 0x2e
+write 0x83d 0x1 0xff
+write 0x84d 0x1 0x24
+write 0x85d 0x1 0x2e
+write 0x86d 0x1 0xff
+write 0x87d 0x1 0x24
+write 0x88d 0x1 0x2e
+write 0x89d 0x1 0xff
+write 0x8ad 0x1 0x24
+write 0x8bd 0x1 0x2e
+write 0x8cd 0x1 0xff
+write 0x8dd 0x1 0x24
+write 0x8ed 0x1 0x2e
+write 0x8fd 0x1 0xff
+write 0x90d 0x1 0x24
+write 0x91d 0x1 0x2e
+write 0x92d 0x1 0xff
+write 0x93d 0x1 0x24
+write 0x94d 0x1 0x2e
+write 0x95d 0x1 0xff
+write 0x96d 0x1 0x24
+write 0x97d 0x1 0x2e
+write 0x98d 0x1 0xff
+write 0x99d 0x1 0x24
+write 0x9ad 0x1 0x2e
+write 0x9bd 0x1 0xff
+write 0x9cd 0x1 0x24
+write 0x9dd 0x1 0x2e
+write 0x9ed 0x1 0xff
+write 0x9fd 0x1 0x24
+write 0xa0d 0x1 0x2e
+write 0xa1d 0x1 0xff
+write 0xa2d 0x1 0x24
+write 0xa3d 0x1 0x2e
+write 0xa4d 0x1 0xff
+write 0xa5d 0x1 0x24
+write 0xa6d 0x1 0x2e
+write 0xa7d 0x1 0xff
+write 0xa8d 0x1 0x24
+write 0xa9d 0x1 0x2e
+write 0xaad 0x1 0xff
+write 0xabd 0x1 0x24
+write 0xacd 0x1 0x2e
+write 0xadd 0x1 0xff
+write 0xaed 0x1 0x24
+write 0xafd 0x1 0x2e
+write 0xb0d 0x1 0xff
+write 0xb1d 0x1 0x24
+write 0xb2d 0x1 0x2e
+write 0xb3d 0x1 0xff
+write 0xb4d 0x1 0x24
+write 0xb5d 0x1 0x2e
+write 0xb6d 0x1 0xff
+write 0xb7d 0x1 0x24
+write 0xb8d 0x1 0x2e
+write 0xb9d 0x1 0xff
+write 0xbad 0x1 0x24
+write 0xbbd 0x1 0x2e
+write 0xbcd 0x1 0xff
+write 0xbdd 0x1 0x24
+write 0xbed 0x1 0x2e
+write 0xbfd 0x1 0xff
+write 0xc0d 0x1 0x24
+write 0xc1d 0x1 0x2e
+write 0xc2d 0x1 0xff
+write 0xc3d 0x1 0x24
+write 0xc4d 0x1 0x2e
+write 0xc5d 0x1 0xff
+write 0xc6d 0x1 0x24
+write 0xc7d 0x1 0x2e
+write 0xc8d 0x1 0xff
+write 0xc9d 0x1 0x24
+write 0xcad 0x1 0x2e
+write 0xcbd 0x1 0xff
+write 0xccd 0x1 0x24
+write 0xcdd 0x1 0x2e
+write 0xced 0x1 0xff
+write 0xcfd 0x1 0x24
+write 0xd0d 0x1 0x2e
+write 0xd1d 0x1 0xff
+write 0xd2d 0x1 0x24
+write 0xd3d 0x1 0x2e
+write 0xd4d 0x1 0xff
+write 0xd5d 0x1 0x24
+write 0xd6d 0x1 0x2e
+write 0xd7d 0x1 0xff
+write 0xd8d 0x1 0x24
+write 0xd9d 0x1 0x2e
+write 0xdad 0x1 0xff
+write 0xdbd 0x1 0x24
+write 0xdcd 0x1 0x2e
+write 0xddd 0x1 0xff
+write 0xded 0x1 0x24
+write 0xdfd 0x1 0x2e
+write 0xe0d 0x1 0xff
+write 0xe1d 0x1 0x24
+write 0xe2d 0x1 0x2e
+write 0xe3d 0x1 0xff
+write 0xe4d 0x1 0x24
+write 0xe5d 0x1 0x2e
+write 0xe6d 0x1 0xff
+write 0xe7d 0x1 0x24
+write 0xe8d 0x1 0x2e
+write 0xe9d 0x1 0xff
+write 0xead 0x1 0x24
+write 0xebd 0x1 0x2e
+write 0xecd 0x1 0xff
+write 0xedd 0x1 0x24
+write 0xeed 0x1 0x2e
+write 0xefd 0x1 0xff
+write 0xf0d 0x1 0x24
+write 0xf1d 0x1 0x2e
+write 0xf2d 0x1 0xff
+write 0xf3d 0x1 0x24
+write 0xf4d 0x1 0x2e
+write 0xf5d 0x1 0xff
+write 0xf6d 0x1 0x24
+write 0xf7d 0x1 0x2e
+write 0xf8d 0x1 0xff
+write 0xf9d 0x1 0x24
+write 0xfad 0x1 0x2e
+write 0xfbd 0x1 0xff
+write 0xfcd 0x1 0x24
+write 0xfdd 0x1 0x2e
+write 0xfed 0x1 0xff
+write 0xffd 0x1 0x24
+write 0x1001 0x1 0x6d
+write 0x100d 0x1 0x2e
+write 0x100f 0x1 0x05
+writel 0x5e002000 0x0
+write 0x102d 0x1 0x24
+write 0x103d 0x1 0x2e
+write 0x1040 0x1 0xfe
+write 0x1041 0x1 0xff
+write 0x1042 0x1 0xff
+write 0x1043 0x1 0xff
+write 0x1044 0x1 0xff
+write 0x1045 0x1 0xff
+write 0x1046 0x1 0xff
+write 0x1047 0x1 0xff
+write 0x104d 0x1 0x31
+write 0x104f 0x1 0x05
+write 0x2 0x1 0x11
+write 0x3 0x1 0x07
+write 0xf 0x1 0x73
+write 0x9f 0x1 0x65
+write 0x13f 0x1 0x6d
+writel 0x5e002000 0x0
+EOF
+
+=== Stack Trace ===
+FIXME xhci_alloc_device_streams:921 guest streams config not identical for all eps
+==683875== ERROR: libFuzzer: deadly signal
+0x56009f09d311 in __sanitizer_print_stack_trace (fuzz-i386+0x2b16311)
+0x56009efe63d8 in fuzzer::PrintStackTrace() (fuzz-i386+0x2a5f3d8)
+0x56009efcc413 in fuzzer::Fuzzer::CrashCallback() (fuzz-i386+0x2a45413)
+0x7f0aed93e13f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1413f)
+0x7f0aed773db0 in __libc_signal_restore_set signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
+0x7f0aed773db0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
+0x7f0aed75d536 in abort stdlib/abort.c:79:7
+0x56009f4ecde7 in xhci_alloc_device_streams hw/usb/hcd-xhci.c:921:13
+0x56009f4ecde7 in xhci_configure_slot hw/usb/hcd-xhci.c:2223:11
+0x56009f4ecde7 in xhci_process_commands hw/usb/hcd-xhci.c:2466:31
+0x56009f4e36fb in xhci_doorbell_write hw/usb/hcd-xhci.c:3100:13
+0x5600a07fb025 in memory_region_write_accessor softmmu/memory.c:491:5
+0x5600a07faa93 in access_with_adjusted_size softmmu/memory.c:552:18
+0x5600a07fa2f0 in memory_region_dispatch_write softmmu/memory.c
+0x5600a0249f36 in flatview_write_continue softmmu/physmem.c:2759:23
+0x5600a023fbbb in flatview_write softmmu/physmem.c:2799:14
+0x5600a023fbbb in address_space_write softmmu/physmem.c:2891:18
+0x5600a06d4362 in qtest_process_command softmmu/qtest.c:534:13
+0x5600a06d15bf in qtest_process_inbuf softmmu/qtest.c:797:9
+0x5600a06d1315 in qtest_server_inproc_recv softmmu/qtest.c:904:9
+0x5600a0d0edf8 in qtest_sendf tests/qtest/libqtest.c:438:5
+0x5600a0d1038e in qtest_write tests/qtest/libqtest.c:1004:5
+0x5600a0d1038e in qtest_writel tests/qtest/libqtest.c:1020:5
+0x56009f0d7eaa in __wrap_qtest_writel tests/qtest/fuzz/qtest_wrappers.c:180:9
+0x56009f0d0299 in op_write tests/qtest/fuzz/generic_fuzz.c:473:13
+0x56009f0ce4e9 in generic_fuzz tests/qtest/fuzz/generic_fuzz.c:680:17
+0x56009f0c7723 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:151:5
+
+OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28602
+
+
+
+
+This is an automated cleanup. This bug report has been moved to QEMU's
+new bug tracker on gitlab.com and thus gets marked as 'expired' now.
+Please continue with the discussion here:
+
+ https://gitlab.com/qemu-project/qemu/-/issues/274
+
+