summaryrefslogtreecommitdiffstats
path: root/results/classifier/zero-shot/118/all/1926111
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/zero-shot/118/all/1926111')
-rw-r--r--results/classifier/zero-shot/118/all/1926111229
1 files changed, 229 insertions, 0 deletions
diff --git a/results/classifier/zero-shot/118/all/1926111 b/results/classifier/zero-shot/118/all/1926111
new file mode 100644
index 00000000..2edc7e1b
--- /dev/null
+++ b/results/classifier/zero-shot/118/all/1926111
@@ -0,0 +1,229 @@
+performance: 0.984
+debug: 0.984
+permissions: 0.983
+register: 0.982
+semantic: 0.982
+device: 0.982
+assembly: 0.981
+PID: 0.981
+peripherals: 0.980
+architecture: 0.980
+vnc: 0.980
+graphic: 0.978
+virtual: 0.978
+arm: 0.977
+socket: 0.973
+kernel: 0.972
+network: 0.969
+user-level: 0.966
+i386: 0.966
+hypervisor: 0.965
+mistranslation: 0.964
+files: 0.964
+boot: 0.964
+x86: 0.963
+ppc: 0.952
+risc-v: 0.951
+VMM: 0.944
+TCG: 0.942
+KVM: 0.925
+
+Assertion `tx_queue_idx <= s->txq_num' failed in vmxnet3_io_bar0_write
+
+=== Stacktrace ===
+
+qemu-fuzz-i386: ../hw/net/vmxnet3.c:1096: void vmxnet3_io_bar0_write(void *, hwaddr, uint64_t, unsigned int): Assertion `tx_queue_idx <= s->txq_num' failed.
+==602353== ERROR: libFuzzer: deadly signal
+#5 0x7fe4b93a7ce0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
+#6 0x7fe4b9391536 in abort stdlib/abort.c:79:7
+#7 0x7fe4b939140e in __assert_fail_base assert/assert.c:92:3
+#8 0x7fe4b93a0661 in __assert_fail assert/assert.c:101:3
+#9 0x563e6cf5ebb5 in vmxnet3_io_bar0_write hw/net/vmxnet3.c:1096:9
+#10 0x563e6eefdb00 in memory_region_write_accessor softmmu/memory.c:491:5
+#11 0x563e6eefcfdd in access_with_adjusted_size softmmu/memory.c:552:18
+#12 0x563e6eefac90 in memory_region_dispatch_write softmmu/memory.c:1502:16
+#13 0x563e6e834e16 in flatview_write_continue softmmu/physmem.c:2746:23
+#14 0x563e6e81cd38 in flatview_write softmmu/physmem.c:2786:14
+#15 0x563e6e81c868 in address_space_write softmmu/physmem.c:2878:18
+
+=== Reproducer ===
+cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
+512M -machine q35 -nodefaults -device vmxnet3,netdev=net0 -netdev \
+user,id=net0 -qtest stdio
+outl 0xcf8 0x80000810
+outl 0xcfc 0xe0000000
+outl 0xcf8 0x80000814
+outl 0xcf8 0x80000804
+outw 0xcfc 0x7
+outl 0xcf8 0x80000815
+outl 0xcfc 0xffff00b5
+write 0x0 0x1 0xe1
+write 0x1 0x1 0xfe
+write 0x2 0x1 0xbe
+write 0x3 0x1 0xba
+write 0xff00b020 0x4 0x0000feca
+write 0xe0000630 0x1 0x00
+EOF
+
+
+=== Testcase ===
+
+/*
+ * Autogenerated Fuzzer Test Case
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "libqos/libqtest.h"
+
+static void test_fuzz(void) {
+ QTestState *s = qtest_init(" -display none , -m 512M -machine q35 -nodefaults "
+ "-device vmxnet3,netdev=net0 -netdev user,id=net0");
+ qtest_outl(s, 0xcf8, 0x80000810);
+ qtest_outl(s, 0xcfc, 0xe0000000);
+ qtest_outl(s, 0xcf8, 0x80000814);
+ qtest_outl(s, 0xcf8, 0x80000804);
+ qtest_outw(s, 0xcfc, 0x7);
+ qtest_outl(s, 0xcf8, 0x80000815);
+ qtest_outl(s, 0xcfc, 0xffff00b5);
+ qtest_bufwrite(s, 0x0, "\xe1", 0x1);
+ qtest_bufwrite(s, 0x1, "\xfe", 0x1);
+ qtest_bufwrite(s, 0x2, "\xbe", 0x1);
+ qtest_bufwrite(s, 0x3, "\xba", 0x1);
+ qtest_bufwrite(s, 0xff00b020, "\x00\x00\xfe\xca", 0x4);
+ qtest_bufwrite(s, 0xe0000630, "\x00", 0x1);
+ qtest_quit(s);
+}
+int main(int argc, char **argv) {
+ const char *arch = qtest_get_arch();
+
+ g_test_init(&argc, &argv, NULL);
+
+ if (strcmp(arch, "i386") == 0) {
+ qtest_add_func("fuzz/test_fuzz", test_fuzz);
+ }
+
+ return g_test_run();
+}
+
+
+=== OSS-Fuzz Report ===
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33603
+https://oss-fuzz.com/testcase?key=6071483232288768
+
+Cc'ing maintainers.
+
+./scripts/get_maintainer.pl -f hw/net/vmxnet3.c
+Dmitry Fleytman <email address hidden> (maintainer:Vmware)
+Jason Wang <email address hidden> (odd fixer:Network devices)
+
+On 4/26/21 5:19 AM, Alexander Bulekov wrote:
+> Public bug reported:
+>
+> === Stacktrace ===
+>
+> qemu-fuzz-i386: ../hw/net/vmxnet3.c:1096: void vmxnet3_io_bar0_write(void *, hwaddr, uint64_t, unsigned int): Assertion `tx_queue_idx <= s->txq_num' failed.
+> ==602353== ERROR: libFuzzer: deadly signal
+> #5 0x7fe4b93a7ce0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3
+> #6 0x7fe4b9391536 in abort stdlib/abort.c:79:7
+> #7 0x7fe4b939140e in __assert_fail_base assert/assert.c:92:3
+> #8 0x7fe4b93a0661 in __assert_fail assert/assert.c:101:3
+> #9 0x563e6cf5ebb5 in vmxnet3_io_bar0_write hw/net/vmxnet3.c:1096:9
+> #10 0x563e6eefdb00 in memory_region_write_accessor softmmu/memory.c:491:5
+> #11 0x563e6eefcfdd in access_with_adjusted_size softmmu/memory.c:552:18
+> #12 0x563e6eefac90 in memory_region_dispatch_write softmmu/memory.c:1502:16
+> #13 0x563e6e834e16 in flatview_write_continue softmmu/physmem.c:2746:23
+> #14 0x563e6e81cd38 in flatview_write softmmu/physmem.c:2786:14
+> #15 0x563e6e81c868 in address_space_write softmmu/physmem.c:2878:18
+>
+> === Reproducer ===
+> cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
+> 512M -machine q35 -nodefaults -device vmxnet3,netdev=net0 -netdev \
+> user,id=net0 -qtest stdio
+> outl 0xcf8 0x80000810
+> outl 0xcfc 0xe0000000
+> outl 0xcf8 0x80000814
+> outl 0xcf8 0x80000804
+> outw 0xcfc 0x7
+> outl 0xcf8 0x80000815
+> outl 0xcfc 0xffff00b5
+> write 0x0 0x1 0xe1
+> write 0x1 0x1 0xfe
+> write 0x2 0x1 0xbe
+> write 0x3 0x1 0xba
+> write 0xff00b020 0x4 0x0000feca
+> write 0xe0000630 0x1 0x00
+> EOF
+>
+>
+> === Testcase ===
+>
+> /*
+> * Autogenerated Fuzzer Test Case
+> *
+> * This work is licensed under the terms of the GNU GPL, version 2 or later.
+> * See the COPYING file in the top-level directory.
+> */
+>
+> #include "qemu/osdep.h"
+>
+> #include "libqos/libqtest.h"
+>
+> static void test_fuzz(void) {
+> QTestState *s = qtest_init(" -display none , -m 512M -machine q35 -nodefaults "
+> "-device vmxnet3,netdev=net0 -netdev user,id=net0");
+> qtest_outl(s, 0xcf8, 0x80000810);
+> qtest_outl(s, 0xcfc, 0xe0000000);
+> qtest_outl(s, 0xcf8, 0x80000814);
+> qtest_outl(s, 0xcf8, 0x80000804);
+> qtest_outw(s, 0xcfc, 0x7);
+> qtest_outl(s, 0xcf8, 0x80000815);
+> qtest_outl(s, 0xcfc, 0xffff00b5);
+> qtest_bufwrite(s, 0x0, "\xe1", 0x1);
+> qtest_bufwrite(s, 0x1, "\xfe", 0x1);
+> qtest_bufwrite(s, 0x2, "\xbe", 0x1);
+> qtest_bufwrite(s, 0x3, "\xba", 0x1);
+> qtest_bufwrite(s, 0xff00b020, "\x00\x00\xfe\xca", 0x4);
+> qtest_bufwrite(s, 0xe0000630, "\x00", 0x1);
+> qtest_quit(s);
+> }
+> int main(int argc, char **argv) {
+> const char *arch = qtest_get_arch();
+>
+> g_test_init(&argc, &argv, NULL);
+>
+> if (strcmp(arch, "i386") == 0) {
+> qtest_add_func("fuzz/test_fuzz", test_fuzz);
+> }
+>
+> return g_test_run();
+> }
+>
+>
+> === OSS-Fuzz Report ===
+> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33603
+> https://oss-fuzz.com/testcase?key=6071483232288768
+>
+> ** Affects: qemu
+> Importance: Undecided
+> Status: New
+>
+>
+> ** Tags: fuzzer
+>
+> ** Tags removed: fuzz
+> ** Tags added: fuzzer
+>
+
+
+
+I can reproduce this issue with the latest version of QEMU. Marking as "Confirmed"
+
+Suggested fix: https://<email address hidden>/
+
+Fix has been included here:
+https://gitlab.com/qemu-project/qemu/-/commit/6a932c4ed8748b08c58c
+