path: root/results/classifier/zero-shot/118/device/2777

device: 0.900
graphic: 0.692
x86: 0.685
performance: 0.630
architecture: 0.503
hypervisor: 0.378
kernel: 0.377
user-level: 0.279
PID: 0.277
network: 0.266
ppc: 0.260
semantic: 0.246
permissions: 0.240
socket: 0.215
debug: 0.207
mistranslation: 0.199
i386: 0.183
arm: 0.171
vnc: 0.170
risc-v: 0.165
files: 0.165
VMM: 0.162
KVM: 0.146
register: 0.132
assembly: 0.126
TCG: 0.111
boot: 0.104
peripherals: 0.080
virtual: 0.078

Assert failure in ahci-hd device
Description of problem:
Assert 

```
qemu-system-x86_64: ../hw/ide/core.c:934: void ide_dma_cb(void *, int): Assertion `prep_size >= 0 && prep_size <= n * 512' failed.
```
can be triggered with some qtest commands. This was found by fuzzing.
Steps to reproduce:
Command:

```
cat << EOF | ./qemu-system-x86_64 -display none -machine accel=qtest, -m 512M -machine q35 -nodefaults -drive file=null-co://,if=none,format=raw,id=disk0 -device ide-hd,drive=disk0  -qtest stdio
outl 0xcf8 0x8000fa24
outl 0xcfc 0xe0000000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x06
write 0x0 0x1 0x27
write 0x1 0x1 0x80
write 0x2 0x1 0x25
write 0xe00003b8 0x1 0x02
write 0xe0000398 0x1 0x01
EOF
```

Results in 

```
[I 0.000001] OPENED
[R +0.076075] outl 0xcf8 0x8000fa24
[S +0.076165] OK
OK
[R +0.076198] outl 0xcfc 0xe0000000
[S +0.076242] OK
OK
[R +0.076320] outl 0xcf8 0x8000fa04
[S +0.076344] OK
OK
[R +0.076379] outw 0xcfc 0x06
[S +0.077676] OK
OK
[R +0.077760] write 0x0 0x1 0x27
[S +0.079429] OK
OK
[R +0.079552] write 0x1 0x1 0x80
[S +0.079592] OK
OK
[R +0.079618] write 0x2 0x1 0x25
[S +0.079645] OK
OK
[R +0.079669] write 0xe00003b8 0x1 0x02
[S +0.079709] OK
OK
[R +0.079733] write 0xe0000398 0x1 0x01
qemu-system-x86_64: ../hw/ide/core.c:934: void ide_dma_cb(void *, int): Assertion `prep_size >= 0 && prep_size <= n * 512' failed.
Aborted
```
Additional information:
Maybe we can just `goto eot;` instead of assert?