summary refs log tree commit diff stats
path: root/results/classifier/118/user-level/1803160
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/user-level/1803160')
-rw-r--r--results/classifier/118/user-level/1803160236
1 files changed, 236 insertions, 0 deletions
diff --git a/results/classifier/118/user-level/1803160 b/results/classifier/118/user-level/1803160
new file mode 100644
index 00000000..fdfad0de
--- /dev/null
+++ b/results/classifier/118/user-level/1803160
@@ -0,0 +1,236 @@
+user-level: 0.802
+permissions: 0.790
+register: 0.771
+hypervisor: 0.760
+performance: 0.754
+ppc: 0.753
+graphic: 0.738
+device: 0.736
+KVM: 0.734
+files: 0.731
+network: 0.731
+semantic: 0.731
+PID: 0.728
+arm: 0.722
+peripherals: 0.721
+virtual: 0.720
+VMM: 0.719
+TCG: 0.719
+vnc: 0.708
+assembly: 0.706
+debug: 0.705
+architecture: 0.705
+socket: 0.693
+kernel: 0.674
+x86: 0.668
+i386: 0.660
+risc-v: 0.652
+boot: 0.600
+mistranslation: 0.581
+--------------------
+TCG: 0.970
+i386: 0.955
+x86: 0.875
+debug: 0.872
+virtual: 0.428
+files: 0.166
+hypervisor: 0.072
+PID: 0.067
+register: 0.035
+kernel: 0.025
+semantic: 0.017
+performance: 0.015
+assembly: 0.008
+device: 0.008
+architecture: 0.007
+user-level: 0.007
+network: 0.004
+graphic: 0.003
+socket: 0.003
+boot: 0.002
+permissions: 0.002
+peripherals: 0.002
+ppc: 0.002
+VMM: 0.002
+risc-v: 0.001
+vnc: 0.001
+KVM: 0.001
+mistranslation: 0.001
+arm: 0.000
+
+qemu-3.1.0-rc0: tcg.c crash in temp_load
+
+QEMU version:
+-------------
+
+qemu-3.1.0-rc0 compiled from sources (earlier versions also affected)
+
+Summary:
+--------
+
+TCG crashes in i386 and x86_64 when it tries to execute some specific illegal instructions. When running full OS emulation, both the guest system and QEMU crash.
+
+The issue has been reproduced in two scenarios:
+
+Ubuntu x64 host running Debian x86 guest with the following command line: qemu-system-x86_64 -m 4G debian.qcow
+
+When the attached ELF file is executed inside the guest, QEMU crashes.
+
+It can also be reproduced from the command line:
+
+$ qemu-i386 tcg_crash.elf
+/home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863: tcg fatal error
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+zsh: segmentation fault (core dumped)  ../qemu-3.1.0-rc0/build/i386-linux-user/qemu-i386 tcg_crash.elf
+
+GDB backtrace:
+
+(gdb) bt
+#0  0x0000000060206488 in raise ()
+#1  0x0000000060206b8a in abort ()
+#2  0x0000000060007016 in temp_load (s=s@entry=0x607a2780 <tcg_init_ctx>, ts=ts@entry=0x607a3178 <tcg_init_ctx+2552>, desired_regs=<optimized out>, allocated_regs=allocated_regs@entry=16400)
+    at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863
+#3  0x000000006000a4d9 in tcg_reg_alloc_op (op=0x62808c20, s=<optimized out>) at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3070
+#4  tcg_gen_code (s=<optimized out>, tb=tb@entry=0x607ac040 <static_code_gen_buffer+4144>) at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3598
+#5  0x000000006003ef9a in tb_gen_code (cpu=cpu@entry=0x627e0010, pc=pc@entry=134512724, cs_base=cs_base@entry=0, flags=flags@entry=4194483, cflags=cflags@entry=0)
+    at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/translate-all.c:1752
+#6  0x000000006003d979 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0x0) at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:404
+#7  cpu_exec (cpu=cpu@entry=0x627e0010) at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:724
+#8  0x000000006006e1a0 in cpu_loop (env=env@entry=0x627e82c0) at /home/alberto/Documents/qemu-3.1.0-rc0/linux-user/i386/cpu_loop.c:93
+#9  0x00000000600037c5 in main (argc=2, argv=0x7fffffffdd28, envp=<optimized out>) at /home/alberto/Documents/qemu-3.1.0-rc0/linux-user/main.c:819
+(gdb)
+
+Testcase:
+---------
+
+Find ELF file attached, and also in the following hexdump:
+
+$ hexdump -C tcg_crash.elf
+00000000  7f 45 4c 46 01 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
+00000010  02 00 03 00 01 00 00 00  54 80 04 08 34 00 00 00  |........T...4...|
+00000020  00 00 00 00 00 00 00 00  34 00 20 00 01 00 00 00  |........4. .....|
+00000030  00 00 00 00 01 00 00 00  00 00 00 00 00 80 04 08  |................|
+00000040  00 80 04 08 64 00 00 00  64 00 00 00 05 00 00 00  |....d...d.......|
+00000050  00 10 00 00 d2 dc a8 45  31 ca f0 35 d9 4d 8f 18  |.......E1..5.M..|
+00000060  05 2e 6f 9f                                       |..o.|
+
+
+
+Can you please re-test on the current master, I think this was fixed by:
+
+commit e84fcd7f662a0d8198703f6f89416d7ac2c32767
+Author: Richard Henderson <email address hidden>
+Date:   Tue Nov 13 20:35:10 2018 +0100
+
+    target/i386: Generate #UD when applying LOCK to a register destination
+
+Testing on my box:
+
+12:14:20 [alex@idun:~/l/qemu.git] master + ./i386-linux-user/qemu-i386 ~/tcg_crash.elf
+qemu: uncaught target signal 4 (Illegal instruction) - core dumped
+fish: “./i386-linux-user/qemu-i386 ~/t…” terminated by signal SIGILL (Illegal instruction)
+
+
+I've tested this again and I haven't been able to reproduce it anymore on the current master, it looks fixed.
+
+Thanks! :)
+
+Hello again,
+
+After more testing I've been able to trigger this bug again using qemu from git master. Find attached a new ELF that will reproduce the problem:
+
+$ qemu-i386 tcg_crash1.elf
+/home/alberto/Documents/qemu/tcg/tcg.c:2863: tcg fatal error
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+zsh: segmentation fault (core dumped)  ./qemu/build/i386-linux-user/qemu-i386 tcg_crash1.elf
+
+Invalid instructions:
+
+f0 invalid
+40 inc eax
+a7 cmpsd dword [esi], dword ptr es:[edi]
+48 dec eax
+
+GDB backtrace is the same as before.
+
+This second crash is of course a different bug.
+
+Hi Alberto,
+
+Can you open another ticket for your new bug?
+
+Thanks.
+
+On Fri, Dec 7, 2018 at 6:22 PM Richard Henderson <email address hidden> wrote:
+>
+> This second crash is of course a different bug.
+>
+> --
+> You received this bug notification because you are a member of qemu-
+> devel-ml, which is subscribed to QEMU.
+> https://bugs.launchpad.net/bugs/1803160
+>
+> Title:
+>   qemu-3.1.0-rc0: tcg.c crash in temp_load
+>
+> Status in QEMU:
+>   Fix Committed
+>
+> Bug description:
+>   QEMU version:
+>   -------------
+>
+>   qemu-3.1.0-rc0 compiled from sources (earlier versions also affected)
+>
+>   Summary:
+>   --------
+>
+>   TCG crashes in i386 and x86_64 when it tries to execute some specific
+>   illegal instructions. When running full OS emulation, both the guest
+>   system and QEMU crash.
+>
+>   The issue has been reproduced in two scenarios:
+>
+>   Ubuntu x64 host running Debian x86 guest with the following command
+>   line: qemu-system-x86_64 -m 4G debian.qcow
+>
+>   When the attached ELF file is executed inside the guest, QEMU crashes.
+>
+>   It can also be reproduced from the command line:
+>
+>   $ qemu-i386 tcg_crash.elf
+>   /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863: tcg fatal error
+>   qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+>   zsh: segmentation fault (core dumped)  ../qemu-3.1.0-rc0/build/i386-linux-user/qemu-i386 tcg_crash.elf
+>
+>   GDB backtrace:
+>
+>   (gdb) bt
+>   #0  0x0000000060206488 in raise ()
+>   #1  0x0000000060206b8a in abort ()
+>   #2  0x0000000060007016 in temp_load (s=s@entry=0x607a2780 <tcg_init_ctx>, ts=ts@entry=0x607a3178 <tcg_init_ctx+2552>, desired_regs=<optimized out>, allocated_regs=allocated_regs@entry=16400)
+>       at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863
+>   #3  0x000000006000a4d9 in tcg_reg_alloc_op (op=0x62808c20, s=<optimized out>) at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3070
+>   #4  tcg_gen_code (s=<optimized out>, tb=tb@entry=0x607ac040 <static_code_gen_buffer+4144>) at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3598
+>   #5  0x000000006003ef9a in tb_gen_code (cpu=cpu@entry=0x627e0010, pc=pc@entry=134512724, cs_base=cs_base@entry=0, flags=flags@entry=4194483, cflags=cflags@entry=0)
+>       at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/translate-all.c:1752
+>   #6  0x000000006003d979 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0x0) at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:404
+>   #7  cpu_exec (cpu=cpu@entry=0x627e0010) at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:724
+>   #8  0x000000006006e1a0 in cpu_loop (env=env@entry=0x627e82c0) at /home/alberto/Documents/qemu-3.1.0-rc0/linux-user/i386/cpu_loop.c:93
+>   #9  0x00000000600037c5 in main (argc=2, argv=0x7fffffffdd28, envp=<optimized out>) at /home/alberto/Documents/qemu-3.1.0-rc0/linux-user/main.c:819
+>   (gdb)
+>
+>   Testcase:
+>   ---------
+>
+>   Find ELF file attached.
+>
+> To manage notifications about this bug go to:
+> https://bugs.launchpad.net/qemu/+bug/1803160/+subscriptions
+>
+
+
+I've just opened #1807675 for the new bug.
+
+Thanks!
+