diff options
Diffstat (limited to 'results/classifier/zero-shot/108/other/1883729')
| -rw-r--r-- | results/classifier/zero-shot/108/other/1883729 | 413 |
1 files changed, 413 insertions, 0 deletions
diff --git a/results/classifier/zero-shot/108/other/1883729 b/results/classifier/zero-shot/108/other/1883729 new file mode 100644 index 00000000..0bdf393c --- /dev/null +++ b/results/classifier/zero-shot/108/other/1883729 @@ -0,0 +1,413 @@ +graphic: 0.726 +other: 0.705 +vnc: 0.687 +KVM: 0.632 +device: 0.581 +performance: 0.536 +semantic: 0.524 +debug: 0.513 +permissions: 0.482 +network: 0.465 +files: 0.463 +boot: 0.461 +PID: 0.455 +socket: 0.452 + +xhci_find_stream: Assertion `streamid != 0' failed. + +To reproduce run the QEMU with the following command line: +``` +qemu-system-x86_64 -cdrom hypertrash_os_bios_crash.iso -nographic -m 100 -enable-kvm -device virtio-gpu-pci -device nec-usb-xhci -device usb-audio +``` + +QEMU Version: +``` +# qemu-5.0.0 +$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make +$ x86_64-softmmu/qemu-system-x86_64 --version +QEMU emulator version 5.0.0 +Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers +``` + + + +Attaching a QTest reproducer. +./i386-softmmu/qemu-system-i386 -device nec-usb-xhci -trace usb\* \ +-device usb-audio -device usb-storage,drive=mydrive \ +-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \ +-nodefaults -nographic -qtest stdio < repro + + +Close to the crash: +21000@1597111713.503068:usb_xhci_slot_configure slotid 58 +21000@1597111713.503074:usb_xhci_ep_disable slotid 58, epid 2 +21000@1597111713.503077:usb_xhci_ep_enable slotid 58, epid 2 +21000@1597111713.503085:usb_xhci_ep_disable slotid 58, epid 6 +21000@1597111713.503088:usb_xhci_ep_enable slotid 58, epid 6 +21000@1597111713.503092:usb_xhci_ep_disable slotid 58, epid 24 +21000@1597111713.503095:usb_xhci_ep_enable slotid 58, epid 24 +21000@1597111713.503099:usb_xhci_ep_disable slotid 58, epid 25 +21000@1597111713.503102:usb_xhci_ep_enable slotid 58, epid 25 +21000@1597111713.503106:usb_xhci_ep_disable slotid 58, epid 29 +21000@1597111713.503109:usb_xhci_ep_enable slotid 58, epid 29 +21000@1597111713.503113:usb_xhci_ep_disable slotid 58, epid 30 +21000@1597111713.503116:usb_xhci_ep_enable slotid 58, epid 30 +21000@1597111713.503121:usb_xhci_fetch_trb addr 0x0000000000000b20, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700 +21000@1597111713.503127:usb_xhci_slot_enable slotid 59 +21000@1597111713.503130:usb_xhci_fetch_trb addr 0x0000000000000b30, CR_SET_TR_DEQUEUE, p 0x0000000000000000, s 0x00000000, c 0x00004300 +21000@1597111713.503135:usb_xhci_fetch_trb addr 0x0000000000000b40, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700 +21000@1597111713.503140:usb_xhci_slot_enable slotid 60 +21000@1597111713.503143:usb_xhci_fetch_trb addr 0x0000000000000b50, CR_EVALUATE_CONTEXT, p 0x0000000000000000, s 0x00000000, c 0x00003600 +21000@1597111713.503149:usb_xhci_fetch_trb addr 0x0000000000000b60, CR_STOP_ENDPOINT, p 0x0000000000000000, s 0x00000000, c 0x3afd3c00 +21000@1597111713.503154:usb_xhci_ep_stop slotid 58, epid 29 +21000@1597111713.503159:usb_xhci_ep_state slotid 58, epid 29, running -> stopped +21000@1597111713.503163:usb_xhci_fetch_trb addr 0x0000000000000b70, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700 +21000@1597111713.503168:usb_xhci_slot_enable slotid 61 +21000@1597111713.503171:usb_xhci_fetch_trb addr 0x0000000000000b80, CR_SET_TR_DEQUEUE, p 0x0000000000000000, s 0x00000000, c 0x3afd4300 +21000@1597111713.503177:usb_xhci_ep_set_dequeue slotid 58, epid 29, streamid 0, ptr 0x0000000000000000 +qemu-system-i386: hw/usb/hcd-xhci.c:1016: XHCIStreamContext *xhci_find_stream(XHCIEPContext *, unsigned int, uint32_t *): Assertion `streamid != 0' failed. +Aborted + + +Can you still reproduce this assertion with the latest version 6.0 of QEMU? ... I cannot trigger it here, so I assume this issue has been fixed? + +I don't think it is fixed yet.. This is https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28571#c4 + +Bash Reproducer: +./qemu-system-i386 -display none -machine accel=qtest, -m 512M \ +-machine q35 -nodefaults -drive \ +file=null-co://,if=none,format=raw,id=disk0 -device qemu-xhci,id=xhci \ +-device usb-tablet,bus=xhci.0 -device usb-bot -device \ +usb-storage,drive=disk0 -chardev null,id=cd0 -chardev null,id=cd1 \ +-device usb-braille,chardev=cd0 -device usb-ccid -device usb-ccid \ +-device usb-kbd -device usb-mouse -device usb-serial,chardev=cd1 -device\ + usb-tablet -device usb-wacom-tablet -device usb-audio -qtest /dev/null \ +-qtest stdio < attachment + +Testcase: +/* + * Autogenerated Fuzzer Test Case + * + * Copyright (c) 2021 <name of author> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "libqos/libqtest.h" + +static void test_fuzz(void) +{ + QTestState *s = qtest_init( + "-display none , -m 512M -machine q35 -nodefaults -drive " + "file=null-co://,if=none,format=raw,id=disk0 -device qemu-xhci,id=xhci -device " + "usb-tablet,bus=xhci.0 -device usb-bot -device usb-storage,drive=disk0 -chardev " + "null,id=cd0 -chardev null,id=cd1 -device usb-braille,chardev=cd0 -device " + "usb-ccid -device usb-ccid -device usb-kbd -device usb-mouse -device " + "usb-serial,chardev=cd1 -device usb-tablet -device usb-wacom-tablet -device " + "usb-audio -qtest /dev/null"); + qtest_outl(s, 0xcf8, 0x80000816); + qtest_outl(s, 0xcfc, 0xffff); + qtest_outl(s, 0xcf8, 0x80000803); + qtest_outl(s, 0xcfc, 0x0600); + qtest_outl(s, 0xcf8, 0x80000810); + qtest_outl(s, 0xcfc, 0x2e654000); + qtest_writel(s, 0xffff00002e654040, 0xffffff05); + qtest_bufwrite(s, 0x4d, "\x04", 0x1); + qtest_bufwrite(s, 0x5d, "\x04", 0x1); + qtest_bufwrite(s, 0x6d, "\x04", 0x1); + qtest_bufwrite(s, 0x7d, "\x04", 0x1); + qtest_bufwrite(s, 0x8d, "\x04", 0x1); + qtest_bufwrite(s, 0x9d, "\x04", 0x1); + qtest_bufwrite(s, 0xad, "\x04", 0x1); + qtest_bufwrite(s, 0xbd, "\x04", 0x1); + qtest_bufwrite(s, 0xcd, "\x04", 0x1); + qtest_bufwrite(s, 0xdd, "\x04", 0x1); + qtest_bufwrite(s, 0xed, "\x04", 0x1); + qtest_bufwrite(s, 0xfd, "\x04", 0x1); + qtest_bufwrite(s, 0x10d, "\x04", 0x1); + qtest_bufwrite(s, 0x11d, "\x04", 0x1); + qtest_bufwrite(s, 0x12d, "\x04", 0x1); + qtest_bufwrite(s, 0x13d, "\x04", 0x1); + qtest_bufwrite(s, 0x14d, "\x04", 0x1); + qtest_bufwrite(s, 0x15d, "\x04", 0x1); + qtest_bufwrite(s, 0x16d, "\x04", 0x1); + qtest_bufwrite(s, 0x17d, "\x04", 0x1); + qtest_bufwrite(s, 0x18d, "\x04", 0x1); + qtest_bufwrite(s, 0x19d, "\x04", 0x1); + qtest_bufwrite(s, 0x1ad, "\x04", 0x1); + qtest_bufwrite(s, 0x1bd, "\x04", 0x1); + qtest_bufwrite(s, 0x1cd, "\x04", 0x1); + qtest_bufwrite(s, 0x1dd, "\x04", 0x1); + qtest_bufwrite(s, 0x1ed, "\x04", 0x1); + qtest_bufwrite(s, 0x1fd, "\x04", 0x1); + qtest_bufwrite(s, 0x20d, "\x04", 0x1); + qtest_bufwrite(s, 0x21d, "\x04", 0x1); + qtest_bufwrite(s, 0x22d, "\x04", 0x1); + qtest_bufwrite(s, 0x23d, "\x04", 0x1); + qtest_bufwrite(s, 0x24d, "\x04", 0x1); + qtest_bufwrite(s, 0x25d, "\x04", 0x1); + qtest_bufwrite(s, 0x26d, "\x04", 0x1); + qtest_bufwrite(s, 0x27d, "\x04", 0x1); + qtest_bufwrite(s, 0x28d, "\x04", 0x1); + qtest_bufwrite(s, 0x29d, "\x04", 0x1); + qtest_bufwrite(s, 0x2ad, "\x04", 0x1); + qtest_bufwrite(s, 0x2bd, "\x04", 0x1); + qtest_bufwrite(s, 0x2cd, "\x04", 0x1); + qtest_bufwrite(s, 0x2dd, "\x04", 0x1); + qtest_bufwrite(s, 0x2ed, "\x04", 0x1); + qtest_bufwrite(s, 0x2fd, "\x04", 0x1); + qtest_bufwrite(s, 0x30d, "\x04", 0x1); + qtest_bufwrite(s, 0x31d, "\x04", 0x1); + qtest_bufwrite(s, 0x32d, "\x04", 0x1); + qtest_bufwrite(s, 0x33d, "\x04", 0x1); + qtest_bufwrite(s, 0x34d, "\x04", 0x1); + qtest_bufwrite(s, 0x35d, "\x04", 0x1); + qtest_bufwrite(s, 0x36d, "\x04", 0x1); + qtest_bufwrite(s, 0x37d, "\x04", 0x1); + qtest_bufwrite(s, 0x38d, "\x04", 0x1); + qtest_bufwrite(s, 0x39d, "\x04", 0x1); + qtest_bufwrite(s, 0x3ad, "\x04", 0x1); + qtest_bufwrite(s, 0x3bd, "\x04", 0x1); + qtest_bufwrite(s, 0x3cd, "\x04", 0x1); + qtest_bufwrite(s, 0x3dd, "\x04", 0x1); + qtest_bufwrite(s, 0x3ed, "\x04", 0x1); + qtest_bufwrite(s, 0x3fd, "\x04", 0x1); + qtest_bufwrite(s, 0x40d, "\x04", 0x1); + qtest_bufwrite(s, 0x41d, "\x04", 0x1); + qtest_bufwrite(s, 0x42d, "\x04", 0x1); + qtest_bufwrite(s, 0x43d, "\x04", 0x1); + qtest_bufwrite(s, 0x44d, "\x04", 0x1); + qtest_bufwrite(s, 0x45d, "\x04", 0x1); + qtest_bufwrite(s, 0x46d, "\x04", 0x1); + qtest_bufwrite(s, 0x47d, "\x04", 0x1); + qtest_bufwrite(s, 0x48d, "\x04", 0x1); + qtest_bufwrite(s, 0x49d, "\x04", 0x1); + qtest_bufwrite(s, 0x4ad, "\x04", 0x1); + qtest_bufwrite(s, 0x4bd, "\x04", 0x1); + qtest_bufwrite(s, 0x4cd, "\x04", 0x1); + qtest_bufwrite(s, 0x4dd, "\x04", 0x1); + qtest_bufwrite(s, 0x4ed, "\x04", 0x1); + qtest_bufwrite(s, 0x4fd, "\x04", 0x1); + qtest_bufwrite(s, 0x50d, "\x04", 0x1); + qtest_bufwrite(s, 0x51d, "\x04", 0x1); + qtest_bufwrite(s, 0x52d, "\x04", 0x1); + qtest_bufwrite(s, 0x53d, "\x04", 0x1); + qtest_bufwrite(s, 0x54d, "\x04", 0x1); + qtest_bufwrite(s, 0x55d, "\x04", 0x1); + qtest_bufwrite(s, 0x56d, "\x04", 0x1); + qtest_bufwrite(s, 0x57d, "\x04", 0x1); + qtest_bufwrite(s, 0x58d, "\x04", 0x1); + qtest_bufwrite(s, 0x59d, "\x04", 0x1); + qtest_bufwrite(s, 0x5ad, "\x04", 0x1); + qtest_bufwrite(s, 0x5bd, "\x04", 0x1); + qtest_bufwrite(s, 0x5cd, "\x04", 0x1); + qtest_bufwrite(s, 0x5dd, "\x04", 0x1); + qtest_bufwrite(s, 0x5ed, "\x04", 0x1); + qtest_bufwrite(s, 0x5fd, "\x04", 0x1); + qtest_bufwrite(s, 0x60d, "\x04", 0x1); + qtest_bufwrite(s, 0x61d, "\x04", 0x1); + qtest_bufwrite(s, 0x62d, "\x04", 0x1); + qtest_bufwrite(s, 0x63d, "\x04", 0x1); + qtest_bufwrite(s, 0x64d, "\x04", 0x1); + qtest_bufwrite(s, 0x65d, "\x04", 0x1); + qtest_bufwrite(s, 0x66d, "\x04", 0x1); + qtest_bufwrite(s, 0x67d, "\x04", 0x1); + qtest_bufwrite(s, 0x68d, "\x04", 0x1); + qtest_bufwrite(s, 0x69d, "\x04", 0x1); + qtest_bufwrite(s, 0x6ad, "\x04", 0x1); + qtest_bufwrite(s, 0x6bd, "\x04", 0x1); + qtest_bufwrite(s, 0x6cd, "\x04", 0x1); + qtest_bufwrite(s, 0x6dd, "\x04", 0x1); + qtest_bufwrite(s, 0x6ed, "\x04", 0x1); + qtest_bufwrite(s, 0x6fd, "\x04", 0x1); + qtest_bufwrite(s, 0x70d, "\x04", 0x1); + qtest_bufwrite(s, 0x71d, "\x04", 0x1); + qtest_bufwrite(s, 0x72d, "\x04", 0x1); + qtest_bufwrite(s, 0x73d, "\x04", 0x1); + qtest_bufwrite(s, 0x74d, "\x04", 0x1); + qtest_bufwrite(s, 0x75d, "\x04", 0x1); + qtest_bufwrite(s, 0x76d, "\x04", 0x1); + qtest_bufwrite(s, 0x77d, "\x04", 0x1); + qtest_bufwrite(s, 0x78d, "\x04", 0x1); + qtest_bufwrite(s, 0x79d, "\x04", 0x1); + qtest_bufwrite(s, 0x7ad, "\x04", 0x1); + qtest_bufwrite(s, 0x7bd, "\x04", 0x1); + qtest_bufwrite(s, 0x7cd, "\x04", 0x1); + qtest_bufwrite(s, 0x7dd, "\x04", 0x1); + qtest_bufwrite(s, 0x7ed, "\x04", 0x1); + qtest_bufwrite(s, 0x7fd, "\x04", 0x1); + qtest_bufwrite(s, 0x80d, "\x04", 0x1); + qtest_bufwrite(s, 0x81d, "\x04", 0x1); + qtest_bufwrite(s, 0x82d, "\x04", 0x1); + qtest_bufwrite(s, 0x83d, "\x04", 0x1); + qtest_bufwrite(s, 0x84d, "\x04", 0x1); + qtest_bufwrite(s, 0x85d, "\x04", 0x1); + qtest_bufwrite(s, 0x86d, "\x04", 0x1); + qtest_bufwrite(s, 0x87d, "\x04", 0x1); + qtest_bufwrite(s, 0x88d, "\x04", 0x1); + qtest_bufwrite(s, 0x89d, "\x04", 0x1); + qtest_bufwrite(s, 0x8ad, "\x04", 0x1); + qtest_bufwrite(s, 0x8bd, "\x04", 0x1); + qtest_bufwrite(s, 0x8cd, "\x04", 0x1); + qtest_bufwrite(s, 0x8dd, "\x04", 0x1); + qtest_bufwrite(s, 0x8ed, "\x04", 0x1); + qtest_bufwrite(s, 0x8fd, "\x04", 0x1); + qtest_bufwrite(s, 0x90d, "\x04", 0x1); + qtest_bufwrite(s, 0x91d, "\x04", 0x1); + qtest_bufwrite(s, 0x92d, "\x04", 0x1); + qtest_bufwrite(s, 0x93d, "\x04", 0x1); + qtest_bufwrite(s, 0x94d, "\x04", 0x1); + qtest_bufwrite(s, 0x95d, "\x04", 0x1); + qtest_bufwrite(s, 0x96d, "\x04", 0x1); + qtest_bufwrite(s, 0x97d, "\x04", 0x1); + qtest_bufwrite(s, 0x98d, "\x04", 0x1); + qtest_bufwrite(s, 0x99d, "\x04", 0x1); + qtest_bufwrite(s, 0x9ad, "\x04", 0x1); + qtest_bufwrite(s, 0x9bd, "\x04", 0x1); + qtest_bufwrite(s, 0x9cd, "\x04", 0x1); + qtest_bufwrite(s, 0x9dd, "\x04", 0x1); + qtest_bufwrite(s, 0x9ed, "\x04", 0x1); + qtest_bufwrite(s, 0x9fd, "\x04", 0x1); + qtest_bufwrite(s, 0xa0d, "\x04", 0x1); + qtest_bufwrite(s, 0xa1d, "\x04", 0x1); + qtest_bufwrite(s, 0xa2d, "\x04", 0x1); + qtest_bufwrite(s, 0xa3d, "\x04", 0x1); + qtest_bufwrite(s, 0xa4d, "\x04", 0x1); + qtest_bufwrite(s, 0xa5d, "\x04", 0x1); + qtest_bufwrite(s, 0xa6d, "\x04", 0x1); + qtest_bufwrite(s, 0xa7d, "\x04", 0x1); + qtest_bufwrite(s, 0xa8d, "\x04", 0x1); + qtest_bufwrite(s, 0xa9d, "\x04", 0x1); + qtest_bufwrite(s, 0xaad, "\x04", 0x1); + qtest_bufwrite(s, 0xabd, "\x04", 0x1); + qtest_bufwrite(s, 0xacd, "\x04", 0x1); + qtest_bufwrite(s, 0xadd, "\x04", 0x1); + qtest_bufwrite(s, 0xaed, "\x04", 0x1); + qtest_bufwrite(s, 0xafd, "\x04", 0x1); + qtest_bufwrite(s, 0xb0d, "\x04", 0x1); + qtest_bufwrite(s, 0xb1d, "\x04", 0x1); + qtest_bufwrite(s, 0xb2d, "\x04", 0x1); + qtest_bufwrite(s, 0xb3d, "\x04", 0x1); + qtest_bufwrite(s, 0xb4d, "\x04", 0x1); + qtest_bufwrite(s, 0xb5d, "\x04", 0x1); + qtest_bufwrite(s, 0xb6d, "\x04", 0x1); + qtest_bufwrite(s, 0xb7d, "\x04", 0x1); + qtest_bufwrite(s, 0xb8d, "\x04", 0x1); + qtest_bufwrite(s, 0xb9d, "\x04", 0x1); + qtest_bufwrite(s, 0xbad, "\x04", 0x1); + qtest_bufwrite(s, 0xbbd, "\x04", 0x1); + qtest_bufwrite(s, 0xbcd, "\x04", 0x1); + qtest_bufwrite(s, 0xbdd, "\x04", 0x1); + qtest_bufwrite(s, 0xbed, "\x04", 0x1); + qtest_bufwrite(s, 0xbfd, "\x04", 0x1); + qtest_bufwrite(s, 0xc0d, "\x04", 0x1); + qtest_bufwrite(s, 0xc1d, "\x04", 0x1); + qtest_bufwrite(s, 0xc2d, "\x04", 0x1); + qtest_bufwrite(s, 0xc3d, "\x04", 0x1); + qtest_bufwrite(s, 0xc4d, "\x04", 0x1); + qtest_bufwrite(s, 0xc5d, "\x04", 0x1); + qtest_bufwrite(s, 0xc6d, "\x04", 0x1); + qtest_bufwrite(s, 0xc7d, "\x04", 0x1); + qtest_bufwrite(s, 0xc8d, "\x04", 0x1); + qtest_bufwrite(s, 0xc9d, "\x04", 0x1); + qtest_bufwrite(s, 0xcad, "\x04", 0x1); + qtest_bufwrite(s, 0xcbd, "\x04", 0x1); + qtest_bufwrite(s, 0xccd, "\x04", 0x1); + qtest_bufwrite(s, 0xcdd, "\x04", 0x1); + qtest_bufwrite(s, 0xced, "\x04", 0x1); + qtest_bufwrite(s, 0xcfd, "\x04", 0x1); + qtest_bufwrite(s, 0xd0d, "\x04", 0x1); + qtest_bufwrite(s, 0xd1d, "\x04", 0x1); + qtest_bufwrite(s, 0xd2d, "\x04", 0x1); + qtest_bufwrite(s, 0xd3d, "\x04", 0x1); + qtest_bufwrite(s, 0xd4d, "\x04", 0x1); + qtest_bufwrite(s, 0xd5d, "\x04", 0x1); + qtest_bufwrite(s, 0xd6d, "\x04", 0x1); + qtest_bufwrite(s, 0xd7d, "\x04", 0x1); + qtest_bufwrite(s, 0xd8d, "\x04", 0x1); + qtest_bufwrite(s, 0xd9d, "\x04", 0x1); + qtest_bufwrite(s, 0xdad, "\x04", 0x1); + qtest_bufwrite(s, 0xdbd, "\x04", 0x1); + qtest_bufwrite(s, 0xdcd, "\x04", 0x1); + qtest_bufwrite(s, 0xddd, "\x04", 0x1); + qtest_bufwrite(s, 0xded, "\x04", 0x1); + qtest_bufwrite(s, 0xdfd, "\x04", 0x1); + qtest_bufwrite(s, 0xe0d, "\x04", 0x1); + qtest_bufwrite(s, 0xe1d, "\x04", 0x1); + qtest_bufwrite(s, 0xe2d, "\x04", 0x1); + qtest_bufwrite(s, 0xe3d, "\x04", 0x1); + qtest_bufwrite(s, 0xe4d, "\x04", 0x1); + qtest_bufwrite(s, 0xe5d, "\x04", 0x1); + qtest_bufwrite(s, 0xe6d, "\x04", 0x1); + qtest_bufwrite(s, 0xe7d, "\x04", 0x1); + qtest_bufwrite(s, 0xe8d, "\x04", 0x1); + qtest_bufwrite(s, 0xe9d, "\x04", 0x1); + qtest_bufwrite(s, 0xead, "\x04", 0x1); + qtest_bufwrite(s, 0xebd, "\x04", 0x1); + qtest_bufwrite(s, 0xecd, "\x04", 0x1); + qtest_bufwrite(s, 0xedd, "\x04", 0x1); + qtest_bufwrite(s, 0xeed, "\x04", 0x1); + qtest_bufwrite(s, 0xefd, "\x04", 0x1); + qtest_bufwrite(s, 0xf0d, "\x04", 0x1); + qtest_bufwrite(s, 0xf1d, "\x04", 0x1); + qtest_bufwrite(s, 0xf2d, "\x04", 0x1); + qtest_bufwrite(s, 0xf3d, "\x04", 0x1); + qtest_bufwrite(s, 0xf4d, "\x04", 0x1); + qtest_bufwrite(s, 0xf5d, "\x04", 0x1); + qtest_bufwrite(s, 0xf6d, "\x04", 0x1); + qtest_bufwrite(s, 0xf7d, "\x04", 0x1); + qtest_bufwrite(s, 0xf8d, "\x04", 0x1); + qtest_bufwrite(s, 0xf9d, "\x04", 0x1); + qtest_bufwrite(s, 0xfad, "\x04", 0x1); + qtest_bufwrite(s, 0xfbd, "\x04", 0x1); + qtest_bufwrite(s, 0xfcd, "\x04", 0x1); + qtest_bufwrite(s, 0xfdd, "\x04", 0x1); + qtest_bufwrite(s, 0xfed, "\x24", 0x1); + qtest_bufwrite(s, 0xffd, "\x24", 0x1); + qtest_bufwrite(s, 0x100d, "\x24", 0x1); + qtest_bufwrite(s, 0x101d, "\x24", 0x1); + qtest_bufwrite(s, 0x102d, "\x24", 0x1); + qtest_bufwrite(s, 0x1041, "\x6d", 0x1); + qtest_bufwrite(s, 0x104d, "\x2c", 0x1); + qtest_bufwrite(s, 0x104f, "\x05", 0x1); + qtest_writel(s, 0xffff00002e656000, 0x0); + qtest_writel(s, 0xffff00002e656000, 0x0); + qtest_writel(s, 0xffff00002e656000, 0x0); + qtest_writel(s, 0xffff00002e656000, 0x0); + qtest_bufwrite(s, 0x6d04, "\x03", 0x1); + qtest_bufwrite(s, 0x6d26, "\x04", 0x1); + qtest_bufwrite(s, 0x6d41, "\x04", 0x1); + qtest_writel(s, 0xffff00002e656000, 0x0); + qtest_writel(s, 0xffff00002e656000, 0x0); + qtest_bufwrite(s, 0xffff00002e656014, "\x01\x00\x00\x00", 0x4); + qtest_quit(s); +} +int main(int argc, char **argv) +{ + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0) { + qtest_add_func("fuzz/test_fuzz", test_fuzz); + } + + return g_test_run(); +} + + + + +Ok, with the new attachment from comment #5, I can also reporoduce the bug again. It does not reproduce with the attachments from comment #1 or #2 anymore, so this now seems to be a different way to run into this assert. Anyway, setting the status back to Confirmed since it is reproducible again. + + +This is an automated cleanup. This bug report has been moved to QEMU's +new bug tracker on gitlab.com and thus gets marked as 'expired' now. +Please continue with the discussion here: + + https://gitlab.com/qemu-project/qemu/-/issues/273 + + |