summary refs log tree commit diff stats
path: root/results/classifier/gemma3:12b/device/1878263
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/gemma3:12b/device/1878263')
-rw-r--r--results/classifier/gemma3:12b/device/187826345
1 files changed, 45 insertions, 0 deletions
diff --git a/results/classifier/gemma3:12b/device/1878263 b/results/classifier/gemma3:12b/device/1878263
new file mode 100644
index 00000000..ea7c1e78
--- /dev/null
+++ b/results/classifier/gemma3:12b/device/1878263
@@ -0,0 +1,45 @@
+
+Assertion-failure in scsi_dma_complete, with megasas
+
+Hello,
+While fuzzing, I found an input that triggers an assertion-failure in scsi_dma_complete, with megasas:
+
+#3  0x00007ffff6866092 in __GI___assert_fail (assertion=0x555556efa460 <str> "r->req.aiocb != NULL", file=0x555556ef9b20 <str> "/home/alxndr/Development/qemu/hw/scsi/scsi-disk.c", line=0x124, function=0x555556efa560 <__PRETTY_FUNCTION__.scsi_dma_complete> "void scsi_dma_complete(void *, int)") at assert.c:101
+#4  0x000055555669d473 in scsi_dma_complete (opaque=0x616000040280, ret=<optimized out>) at /home/alxndr/Development/qemu/hw/scsi/scsi-disk.c:292
+#5  0x000055555639c89b in dma_complete (dbs=<optimized out>, ret=<optimized out>) at /home/alxndr/Development/qemu/dma-helpers.c:118
+#6  0x000055555639c89b in dma_blk_cb (opaque=<optimized out>, ret=<optimized out>) at /home/alxndr/Development/qemu/dma-helpers.c:136
+#7  0x000055555639bd58 in dma_blk_io (ctx=<optimized out>, sg=<optimized out>, offset=<optimized out>, align=<optimized out>, io_func=<optimized
+out>, io_func_opaque=<optimized out>, cb=<optimized out>, opaque=<optimized out>, dir=<optimized out>) at /home/alxndr/Development/qemu/dma-helpers.c:232
+#8  0x000055555669baa5 in scsi_write_data (req=0x616000040280) at /home/alxndr/Development/qemu/hw/scsi/scsi-disk.c:583
+#9  0x00005555566b5d93 in scsi_req_continue (req=0x616000040280) at /home/alxndr/Development/qemu/hw/scsi/scsi-bus.c:1337
+#10 0x00005555566f52e3 in megasas_enqueue_req (cmd=<optimized out>, is_write=<optimized out>) at /home/alxndr/Development/qemu/hw/scsi/megasas.c:1651
+#11 0x00005555566e276f in megasas_handle_io (s=<optimized out>, cmd=<optimized out>, frame_cmd=<optimized out>) at /home/alxndr/Development/qemu/hw/scsi/megasas.c:1790
+#12 0x00005555566e276f in megasas_handle_frame (s=<optimized out>, frame_addr=<optimized out>, frame_count=<optimized out>) at /home/alxndr/Development/qemu/hw/scsi/megasas.c:1969
+#13 0x00005555566e276f in megasas_mmio_write (opaque=<optimized out>, addr=<optimized out>, val=<optimized out>, size=<optimized out>) at /home/alxndr/Development/qemu/hw/scsi/megasas.c:2122
+#14 0x00005555560028d7 in memory_region_write_accessor (mr=<optimized out>, addr=<optimized out>, value=<optimized out>, size=<optimized out>, shift=<optimized out>, mask=<optimized out>, attrs=...) at /home/alxndr/Development/qemu/memory.c:483
+#15 0x0000555556002280 in access_with_adjusted_size (addr=<optimized out>, value=<optimized out>, size=<optimized out>, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=<optimized out>, mr=0x7fffeeb301e0, attrs=...) at /home/alxndr/Development/qemu/memory.c:544
+#16 0x0000555556002280 in memory_region_dispatch_write (mr=<optimized out>, addr=<optimized out>, data=0x17, op=<optimized out>, attrs=...) at /home/alxndr/Development/qemu/memory.c:1476
+#17 0x0000555555f171d4 in flatview_write_continue (fv=<optimized out>, addr=0xc1c0, attrs=..., ptr=<optimized out>, len=0x1, addr1=0x7fffffffae00, l=<optimized out>, mr=0x7fffeeb301e0) at /home/alxndr/Development/qemu/exec.c:3137
+#18 0x0000555555f0fb98 in flatview_write (fv=0x606000038180, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /home/alxndr/Development/qemu/exec.c:3177
+
+
+I can reproduce it in qemu 5.0 using:
+
+cat << EOF | ~/Development/qemu/build/i386-softmmu/qemu-system-i386 -qtest stdio -nographic -monitor none -serial none -M q35 -device megasas -device scsi-cd,drive=null0 -blockdev driver=null-co,read-zeroes=on,node-name=null0
+outl 0xcf8 0x80001818
+outl 0xcfc 0xc101
+outl 0xcf8 0x8000181c
+outl 0xcf8 0x80001804
+outw 0xcfc 0x7
+outl 0xcf8 0x8000186a
+write 0x14 0x1 0xfe
+write 0x0 0x1 0x02
+outb 0xc1c0 0x17
+EOF
+
+I also attached the commands to this launchpad report, in case the formatting is broken:
+
+qemu-system-i386 -qtest stdio -nographic -monitor none -serial none -M q35 -device megasas -device scsi-cd,drive=null0 -blockdev driver=null-co,read-zeroes=on,node-name=null0 < attachment
+
+Please let me know if I can provide any further info.
+-Alex
\ No newline at end of file