summary refs log tree commit diff stats
path: root/results/classifier/118/unknown/2273
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/unknown/2273')
-rw-r--r--results/classifier/118/unknown/227375
1 files changed, 75 insertions, 0 deletions
diff --git a/results/classifier/118/unknown/2273 b/results/classifier/118/unknown/2273
new file mode 100644
index 00000000..9d82de6f
--- /dev/null
+++ b/results/classifier/118/unknown/2273
@@ -0,0 +1,75 @@
+debug: 0.803
+register: 0.791
+arm: 0.776
+graphic: 0.774
+TCG: 0.771
+risc-v: 0.767
+architecture: 0.766
+device: 0.763
+user-level: 0.761
+assembly: 0.759
+virtual: 0.759
+semantic: 0.753
+hypervisor: 0.753
+permissions: 0.752
+KVM: 0.750
+peripherals: 0.746
+files: 0.746
+performance: 0.746
+x86: 0.741
+boot: 0.740
+VMM: 0.734
+socket: 0.730
+PID: 0.730
+kernel: 0.728
+network: 0.727
+vnc: 0.726
+ppc: 0.715
+mistranslation: 0.714
+i386: 0.709
+
+Abort in net_tx_pkt_update_sctp_checksum()
+Description of problem:
+In the function _net_tx_pkt_update_sctp_checksum(),_ an abort happened:
+
+```
+qemu-fuzz-x86_64: ../../../third_party/qemu/util/iov.c:39: size_t iov_from_buf_full(const struct iovec *, unsigned int, size_t, const void *, size_t): Assertion `offset == 0' failed.
+==1052929== ERROR: libFuzzer: deadly signal
+    #0 0x5575e5cccbe1 in __sanitizer_print_stack_trace llvm/compiler-rt/lib/asan/asan_stack.cpp:87:3
+    #1 0x5575e5c479b8 in fuzzer::PrintStackTrace() llvm/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
+    #2 0x5575e5c2bbb3 in fuzzer::Fuzzer::CrashCallback() llvm/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
+    #3 0x7f691f24251f  (/lib/x86_64-linux-gnu/libc.so.6+0x4251f)
+    #4 0x7f691f2969fb in __pthread_kill_implementation nptl/./nptl/pthread_kill.c:43:17
+    #5 0x7f691f2969fb in __pthread_kill_internal nptl/./nptl/pthread_kill.c:78:10
+    #6 0x7f691f2969fb in pthread_kill nptl/./nptl/pthread_kill.c:89:10
+    #7 0x7f691f242475 in gsignal signal/../sysdeps/posix/raise.c:26:13
+    #8 0x7f691f2287f2 in abort stdlib/./stdlib/abort.c:79:7
+    #9 0x7f691f22871a in __assert_fail_base assert/./assert/assert.c:92:3
+    #10 0x7f691f239e95 in __assert_fail assert/./assert/assert.c:101:3
+    #11 0x5575e81e952a in iov_from_buf_full qemu/util/iov.c:39:5
+    #12 0x5575e6500768 in net_tx_pkt_update_sctp_checksum qemu/hw/net/net_tx_pkt.c:144:9
+    #13 0x5575e659f3e1 in igb_setup_tx_offloads qemu/hw/net/igb_core.c:478:11
+    #14 0x5575e659f3e1 in igb_tx_pkt_send qemu/hw/net/igb_core.c:552:10
+    #15 0x5575e659f3e1 in igb_process_tx_desc qemu/hw/net/igb_core.c:671:17
+    #16 0x5575e659f3e1 in igb_start_xmit qemu/hw/net/igb_core.c:903:9
+    #17 0x5575e659f3e1 in igb_set_tdt qemu/hw/net/igb_core.c:2812:5
+    #18 0x5575e657d6a4 in igb_core_write qemu/hw/net/igb_core.c:4248:9
+```
+Steps to reproduce:
+Here's a simple PoC:
+
+```
+cat << EOF | \
+qemu-system-x86_64 \
+-display none -machine accel=qtest -m 512M -M q35 -nodefaults -device \
+igb,netdev=net0 -netdev user,id=net0 -qtest stdio
+outl 0xcf8 0x80000810
+outl 0xcfc 0xe0000000
+outl 0xcf8 0x80000804
+outw 0xcfc 0x06
+write 0xe0000403 0x1 0x02
+writel 0xe0003808 0xffffffff
+write 0xe000381a 0x1 0x5b
+write 0xe000381b 0x1 0x00
+EOF
+```