diff options
Diffstat (limited to 'results/classifier/accel-gemma3:12b/tcg/1910826')
| -rw-r--r-- | results/classifier/accel-gemma3:12b/tcg/1910826 | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/results/classifier/accel-gemma3:12b/tcg/1910826 b/results/classifier/accel-gemma3:12b/tcg/1910826 new file mode 100644 index 00000000..50106005 --- /dev/null +++ b/results/classifier/accel-gemma3:12b/tcg/1910826 @@ -0,0 +1,65 @@ + +[OSS-Fuzz] Issue 29224 rtl8139: Stack-overflow in rtlNUMBER_transmit_one + +=== Reproducer === +cat << EOF | ../build/qemu-system-i386 -machine q35 \ +-nodefaults -device rtl8139,netdev=net0 \ +-netdev user,id=net0 -display none -qtest stdio +outl 0xcf8 0x80000804 +outb 0xcfc 0x26 +outl 0xcf8 0x80000817 +outb 0xcfc 0xff +write 0x1 0x1 0x42 +write 0x5 0x1 0x42 +write 0x9 0x1 0x42 +write 0xd 0x1 0x42 +write 0xff000044 0x4 0x11 +write 0xff000037 0x1 0x1c +writel 0xff000030 0xff000000 +write 0xff000040 0x4 0x100006 +write 0xff000010 0x4 0x01020 +EOF + +=== Stack Trace === +==2819215==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd2c714040 (pc 0x5639b3a933d9 bp 0x7ffd2c716210 sp 0x7ffd2c714040 T0) +#0 rtl8139_transmit_one /src/qemu/hw/net/rtl8139.c:1815 +#1 rtl8139_transmit /src/qemu/hw/net/rtl8139.c:2388:9 +#2 rtl8139_TxStatus_write /src/qemu/hw/net/rtl8139.c:2442:5 +#3 rtl8139_io_writel /src/qemu/hw/net/rtl8139.c:2865:13 +#4 rtl8139_ioport_write /src/qemu/hw/net/rtl8139.c:3290:9 +#5 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5 +#6 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18 +#7 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13 +#8 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23 +#9 flatview_write /src/qemu/softmmu/physmem.c:2799:14 +#10 address_space_write /src/qemu/softmmu/physmem.c:2891:18 +#11 address_space_rw /src/qemu/softmmu/physmem.c:2901:16 +#12 dma_memory_rw_relaxed /src/qemu/include/sysemu/dma.h:88:12 +#13 dma_memory_rw /src/qemu/include/sysemu/dma.h:127:12 +#14 pci_dma_rw /src/qemu/include/hw/pci/pci.h:801:12 +#15 pci_dma_write /src/qemu/include/hw/pci/pci.h:837:12 +#16 rtl8139_write_buffer /src/qemu/hw/net/rtl8139.c:778:5 +#17 rtl8139_do_receive /src/qemu/hw/net/rtl8139.c:1172:9 +#18 rtl8139_transfer_frame /src/qemu/hw/net/rtl8139.c:1798:9 +#19 rtl8139_transmit_one /src/qemu/hw/net/rtl8139.c:1845:5 +#20 rtl8139_transmit /src/qemu/hw/net/rtl8139.c:2388:9 +#21 rtl8139_TxStatus_write /src/qemu/hw/net/rtl8139.c:2442:5 +#22 rtl8139_io_writel /src/qemu/hw/net/rtl8139.c:2865:13 +#23 rtl8139_ioport_write /src/qemu/hw/net/rtl8139.c:3290:9 +#24 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5 +#25 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18 +#26 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13 +#27 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23 +#28 flatview_write /src/qemu/softmmu/physmem.c:2799:14 +#29 address_space_write /src/qemu/softmmu/physmem.c:2891:18 +#30 address_space_rw /src/qemu/softmmu/physmem.c:2901:16 +#31 dma_memory_rw_relaxed /src/qemu/include/sysemu/dma.h:88:12 +#32 dma_memory_rw /src/qemu/include/sysemu/dma.h:127:12 +#33 pci_dma_rw /src/qemu/include/hw/pci/pci.h:801:12 +#34 pci_dma_write /src/qemu/include/hw/pci/pci.h:837:12 +#35 rtl8139_write_buffer /src/qemu/hw/net/rtl8139.c:778:5 +#36 rtl8139_do_receive /src/qemu/hw/net/rtl8139.c:1172:9 +#37 rtl8139_transfer_frame /src/qemu/hw/net/rtl8139.c:1798:9 +Repeat until we run out of stack + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29224 \ No newline at end of file |