summary refs log tree commit diff stats
path: root/results/classifier/gemma3:12b/device/1892966
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/gemma3:12b/device/1892966')
-rw-r--r--results/classifier/gemma3:12b/device/189296679
1 files changed, 79 insertions, 0 deletions
diff --git a/results/classifier/gemma3:12b/device/1892966 b/results/classifier/gemma3:12b/device/1892966
new file mode 100644
index 00000000..ff895ffe
--- /dev/null
+++ b/results/classifier/gemma3:12b/device/1892966
@@ -0,0 +1,79 @@
+
+Null-pointer dereference in blk_bs through ide_cancel_dma_sync
+
+Hello,
+Reproducer:
+cat << EOF | ./qemu-system-i386 -M pc \
+-drive file=null-co://,if=none,format=raw,id=disk0 \
+-device ide-hd,drive=disk0,bus=ide.1,unit=1 \
+-display none -nodefaults -display none -qtest stdio -accel qtest
+outw 0x176 0x35b3
+outb 0x376 0x5f
+outb 0x376 0x40
+outl 0xcf8 0x80000904
+outl 0xcfc 0x5c0525b7
+outb 0x176 0x0
+outl 0xcf8 0x8000091e
+outl 0xcfc 0xd7580584
+write 0x187 0x1 0x34
+write 0x277 0x1 0x34
+write 0x44f 0x1 0x5c
+write 0x53f 0x1 0x5c
+write 0x717 0x1 0x34
+write 0x807 0x1 0x34
+write 0x9df 0x1 0x5c
+write 0xbb7 0x1 0x34
+write 0xca7 0x1 0x34
+write 0xe7f 0x1 0x5c
+write 0xf6f 0x1 0x5c
+outb 0xd758 0x5f
+outb 0xd758 0x40
+EOF
+
+
+Trace:
+[S +0.083320] OK
+[R +0.083328] outb 0xd758 0x5f
+OK
+[S +0.084167] OK
+[R +0.084183] outb 0xd758 0x40
+../block/block-backend.c:714:17: runtime error: member access within null pointer of type 'BlockBackend' (aka 'struct BlockBackend')
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../block/block-backend.c:714:17 in 
+AddressSanitizer:DEADLYSIGNAL
+=================================================================
+==843136==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x5593520d8ebc bp 0x7ffc0bb9e0b0 sp 0x7ffc0bb9e010 T0)
+==843136==The signal is caused by a READ memory access.
+==843136==Hint: address points to the zero page.
+    #0 0x5593520d8ebc in blk_bs /home/alxndr/Development/qemu/general-fuzz/build/../block/block-backend.c:714:12
+    #1 0x5593520d2d07 in blk_drain /home/alxndr/Development/qemu/general-fuzz/build/../block/block-backend.c:1715:28
+    #2 0x55935096e9dc in ide_cancel_dma_sync /home/alxndr/Development/qemu/general-fuzz/build/../hw/ide/core.c:723:9
+    #3 0x55934f96b9ed in bmdma_cmd_writeb /home/alxndr/Development/qemu/general-fuzz/build/../hw/ide/pci.c:298:13
+    #4 0x55934fea0547 in bmdma_write /home/alxndr/Development/qemu/general-fuzz/build/../hw/ide/piix.c:75:9
+    #5 0x55935175dde0 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:483:5
+    #6 0x55935175d2bd in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:544:18
+    #7 0x55935175af70 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:1466:16
+    #8 0x5593513b98a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3176:23
+    #9 0x5593513a2878 in flatview_write /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3216:14
+    #10 0x5593513a23a8 in address_space_write /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3308:18
+    #11 0x559351803e07 in cpu_outb /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/ioport.c:60:5
+    #12 0x5593516c7b6d in qtest_process_command /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:392:13
+    #13 0x5593516c363e in qtest_process_inbuf /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:710:9
+    #14 0x5593516c23e3 in qtest_read /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:722:5
+    #15 0x5593527c8762 in qemu_chr_be_write_impl /home/alxndr/Development/qemu/general-fuzz/build/../chardev/char.c:188:9
+    #16 0x5593527c88aa in qemu_chr_be_write /home/alxndr/Development/qemu/general-fuzz/build/../chardev/char.c:200:9
+    #17 0x5593527ee514 in fd_chr_read /home/alxndr/Development/qemu/general-fuzz/build/../chardev/char-fd.c:68:9
+    #18 0x5593526da736 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/general-fuzz/build/../io/channel-watch.c:84:12
+    #19 0x7f3be18ef4cd in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x504cd)
+    #20 0x559352c65c67 in glib_pollfds_poll /home/alxndr/Development/qemu/general-fuzz/build/../util/main-loop.c:217:9
+    #21 0x559352c63567 in os_host_main_loop_wait /home/alxndr/Development/qemu/general-fuzz/build/../util/main-loop.c:240:5
+    #22 0x559352c62f47 in main_loop_wait /home/alxndr/Development/qemu/general-fuzz/build/../util/main-loop.c:516:11
+    #23 0x55935144108d in qemu_main_loop /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/vl.c:1676:9
+    #24 0x55934edd351c in main /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/main.c:50:5
+    #25 0x7f3be10f8cc9 in __libc_start_main csu/../csu/libc-start.c:308:16
+    #26 0x55934ed28cf9 in _start (/home/alxndr/Development/qemu/general-fuzz/build/qemu-system-i386+0x2cb0cf9)
+
+AddressSanitizer can not provide additional info.
+SUMMARY: AddressSanitizer: SEGV /home/alxndr/Development/qemu/general-fuzz/build/../block/block-backend.c:714:12 in blk_bs
+==843136==ABORTING
+
+-Alex
\ No newline at end of file