diff options
Diffstat (limited to '')
| -rw-r--r-- | results/classifier/gemma3:12b/kernel/1921 | 31 | ||||
| -rw-r--r-- | results/classifier/gemma3:12b/kernel/1921138 | 14 | ||||
| -rw-r--r-- | results/classifier/gemma3:12b/kernel/1921664 | 93 | ||||
| -rw-r--r-- | results/classifier/gemma3:12b/kernel/1921948 | 39 |
4 files changed, 177 insertions, 0 deletions
diff --git a/results/classifier/gemma3:12b/kernel/1921 b/results/classifier/gemma3:12b/kernel/1921 new file mode 100644 index 00000000..5797f4a1 --- /dev/null +++ b/results/classifier/gemma3:12b/kernel/1921 @@ -0,0 +1,31 @@ + +qemu-system-x86_64 segfaults in iotlb_to_section() on riscv64 +Description of problem: +QEMU segfaults when booting up the Arch Linux x86_64 installation ISO. The ISO could be downloaded from https://geo.mirror.pkgbuild.com/iso/2023.09.01/archlinux-2023.09.01-x86_64.iso or any other Arch Linux mirrors. + +The crash often happens after "Probing EDD...". It's more reliably reproducible with higher `-smp` numbers, and may hang with "rcu_preempt detected stalls" without the -smp option. +Additional information: +I have reproduced the same issues with different RISC-V hardware, including SG2042 and TH1520. + +Errors: +``` +qemu-system-x86_64: ../qemu-8.1.1/softmmu/physmem.c:2419: iotlb_to_section: Assertion `section_index < d->map.sections_nb' failed. +``` + +Backtrace: +``` +#0 0x0000003fa74f0ece in __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 +#1 0x0000003fa74f0f0e in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 +#2 0x0000003fa74ba912 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 +#3 0x0000003fa74aa164 in __GI_abort () at abort.c:79 +#4 0x0000003fa74b54a4 in __assert_fail_base + (fmt=0x3fa7594c10 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x2ae1de0458 "section_index < d->map.sections_nb", file=file@entry=0x2ae1ddf980 "../qemu-8.1.1/softmmu/physmem.c", line=line@entry=2419, function=function@entry=0x2ae1f05f20 <__PRETTY_FUNCTION__.11> "iotlb_to_section") at assert.c:92 +#5 0x0000003fa74b54f8 in __assert_fail (assertion=0x2ae1de0458 "section_index < d->map.sections_nb", file=0x2ae1ddf980 "../qemu-8.1.1/softmmu/physmem.c", line=2419, function=0x2ae1f05f20 <__PRETTY_FUNCTION__.11> "iotlb_to_section") at assert.c:101 +#6 0x0000002ae1b69788 in iotlb_to_section () at ../qemu-8.1.1/softmmu/physmem.c:2419 +#7 0x0000002ae1b9d774 in io_writex () at ../qemu-8.1.1/accel/tcg/cputlb.c:1432 +#8 0x0000002ae1b9d924 in do_st_mmio_leN () at ../qemu-8.1.1/accel/tcg/cputlb.c:2755 +#9 0x0000002ae1ba127c in do_st_4 () at ../qemu-8.1.1/accel/tcg/cputlb.c:2921 +#10 do_st4_mmu () at ../qemu-8.1.1/accel/tcg/cputlb.c:3006 +#11 0x0000003f600dd7ec in code_gen_buffer () +#12 0x5f085e2755518600 in () +``` diff --git a/results/classifier/gemma3:12b/kernel/1921138 b/results/classifier/gemma3:12b/kernel/1921138 new file mode 100644 index 00000000..51c6a1f3 --- /dev/null +++ b/results/classifier/gemma3:12b/kernel/1921138 @@ -0,0 +1,14 @@ + +tcg.c:3329: tcg fatal error + +I am currently building my own kernel with bootloader and qemu crashed after I have set an IDT in protected mode and then create a invalid opcode exception with the opcode 0xff. + +My code is here: https://github.com/Luis-Hebendanz/svm_kernel/blob/qemu_crash/svm_kernel/external/bootloader/src/main.rs#L80 + +Build instructions are here: https://github.com/Luis-Hebendanz/svm_kernel/tree/qemu_crash + +A precompiled binary is here: https://cloud.gchq.icu/s/LcjoDWRW2CbxJ5i + +I executed the following command: qemu-system-x86_64 -smp cores=4 -cdrom target/x86_64-os/debug/bootimage-svm_kernel.iso -serial stdio -display none -m 4G + +I am running QEMU emulator version 5.1.0 \ No newline at end of file diff --git a/results/classifier/gemma3:12b/kernel/1921664 b/results/classifier/gemma3:12b/kernel/1921664 new file mode 100644 index 00000000..3794916d --- /dev/null +++ b/results/classifier/gemma3:12b/kernel/1921664 @@ -0,0 +1,93 @@ + +QEMU coroutines fail with LTO on non-x86_64 architectures + +I regularly run a RISC-V (RV64GC) QEMU VM, but an update a few days ago broke it. Now when I launch it, it hits an assertion: + + +OpenSBI v0.6 + ____ _____ ____ _____ + / __ \ / ____| _ \_ _| + | | | |_ __ ___ _ __ | (___ | |_) || | + | | | | '_ \ / _ \ '_ \ \___ \| _ < | | + | |__| | |_) | __/ | | |____) | |_) || |_ + \____/| .__/ \___|_| |_|_____/|____/_____| + | | + |_| + +... +Found /boot/extlinux/extlinux.conf +Retrieving file: /boot/extlinux/extlinux.conf +618 bytes read in 2 ms (301.8 KiB/s) +RISC-V Qemu Boot Options +1: Linux kernel-5.5.0-dirty +2: Linux kernel-5.5.0-dirty (recovery mode) +Enter choice: 1: Linux kernel-5.5.0-dirty +Retrieving file: /boot/initrd.img-5.5.0-dirty +qemu-system-riscv64: ../../block/aio_task.c:64: aio_task_pool_wait_one: Assertion `qemu_coroutine_self() == pool->main_co' failed. +./run.sh: line 31: 1604 Aborted (core dumped) qemu-system-riscv64 -machine virt -nographic -smp 8 -m 8G -bios fw_payload.bin -device virtio-blk-devi +ce,drive=hd0 -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-device,rng=rng0 -drive file=riscv64-UbuntuFocal-qemu.qcow2,format=qcow2,id=hd0 -devi +ce virtio-net-device,netdev=usernet -netdev user,id=usernet,$ports + +Interestingly this doesn't happen on the AMD64 version of Ubuntu 21.04 (fully updated). + + +Think you have everything already, but just in case: + +$ lsb_release -rd +Description: Ubuntu Hirsute Hippo (development branch) +Release: 21.04 + +$ uname -a +Linux minimacvm 5.11.0-11-generic #12-Ubuntu SMP Mon Mar 1 19:27:36 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux +(note this is a VM running on macOS/M1) + +$ apt-cache policy qemu +qemu: + Installed: 1:5.2+dfsg-9ubuntu1 + Candidate: 1:5.2+dfsg-9ubuntu1 + Version table: + *** 1:5.2+dfsg-9ubuntu1 500 + 500 http://ports.ubuntu.com/ubuntu-ports hirsute/universe arm64 Packages + 100 /var/lib/dpkg/status + +ProblemType: Bug +DistroRelease: Ubuntu 21.04 +Package: qemu 1:5.2+dfsg-9ubuntu1 +ProcVersionSignature: Ubuntu 5.11.0-11.12-generic 5.11.0 +Uname: Linux 5.11.0-11-generic aarch64 +ApportVersion: 2.20.11-0ubuntu61 +Architecture: arm64 +CasperMD5CheckResult: unknown +CurrentDmesg: + Error: command ['pkexec', 'dmesg'] failed with exit code 127: polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie + Error executing command as another user: Not authorized + + This incident has been reported. +Date: Mon Mar 29 02:33:25 2021 +Dependencies: + +KvmCmdLine: COMMAND STAT EUID RUID PID PPID %CPU COMMAND +Lspci-vt: + -[0000:00]-+-00.0 Apple Inc. Device f020 + +-01.0 Red Hat, Inc. Virtio network device + +-05.0 Red Hat, Inc. Virtio console + +-06.0 Red Hat, Inc. Virtio block device + \-07.0 Red Hat, Inc. Virtio RNG +Lsusb: Error: command ['lsusb'] failed with exit code 1: +Lsusb-t: + +Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1: +ProcEnviron: + TERM=screen + PATH=(custom, no user) + XDG_RUNTIME_DIR=<set> + LANG=C.UTF-8 + SHELL=/bin/bash +ProcKernelCmdLine: console=hvc0 root=/dev/vda +SourcePackage: qemu +UpgradeStatus: Upgraded to hirsute on 2020-12-30 (88 days ago) +acpidump: + Error: command ['pkexec', '/usr/share/apport/dump_acpi_tables.py'] failed with exit code 127: polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie + Error executing command as another user: Not authorized + + This incident has been reported. \ No newline at end of file diff --git a/results/classifier/gemma3:12b/kernel/1921948 b/results/classifier/gemma3:12b/kernel/1921948 new file mode 100644 index 00000000..2746deb9 --- /dev/null +++ b/results/classifier/gemma3:12b/kernel/1921948 @@ -0,0 +1,39 @@ + +MTE tags not checked properly for unaligned accesses at EL1 + +For kernel memory accesses that span across two memory granules, QEMU's MTE implementation only checks the tag of the first granule but not of the second one. + +To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS enabled, apply the patch below, and boot the kernel: + +diff --git a/sound/last.c b/sound/last.c +index f0bb98780e70..04745cb30b74 100644 +--- a/sound/last.c ++++ b/sound/last.c +@@ -5,12 +5,18 @@ + */ + + #include <linux/init.h> ++#include <linux/slab.h> + #include <sound/core.h> + + static int __init alsa_sound_last_init(void) + { + struct snd_card *card; + int idx, ok = 0; ++ ++ char *ptr = kmalloc(128, GFP_KERNEL); ++ pr_err("KASAN report should follow:\n"); ++ *(volatile unsigned long *)(ptr + 124); ++ kfree(ptr); + + printk(KERN_INFO "ALSA device list:\n"); + for (idx = 0; idx < SNDRV_CARDS; idx++) { + +KASAN tags the 128 allocated bytes with the same tag as the returned pointer. The memory granule that follows the 128 allocated bytes has a different tag (with 1/15 probability). + +Expected result: a tag fault is detected and a KASAN report is printed when accessing bytes [124, 130). +Observed result: no tag fault is detected and no KASAN report is printed. + +Here are the flags that I use to run QEMU if they matter: + +qemu-system-aarch64 -s -machine virt,mte=on -cpu max -m 2G -smp 2 -net user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 -net nic -nographic -kernel ./Image -append "console=ttyAMA0 root=/dev/vda earlyprintk=serial" -drive file=./fs.img,format=raw,if=virtio -no-shutdown -no-reboot \ No newline at end of file |