summary refs log tree commit diff stats
path: root/results/classifier/105/other/1883728
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-06-03 12:04:13 +0000
committerChristian Krinitsin <mail@krinitsin.com>2025-06-03 12:04:13 +0000
commit256709d2eb3fd80d768a99964be5caa61effa2a0 (patch)
tree05b2352fba70923126836a64b6a0de43902e976a /results/classifier/105/other/1883728
parent2ab14fa96a6c5484b5e4ba8337551bb8dcc79cc5 (diff)
downloadqemu-analysis-256709d2eb3fd80d768a99964be5caa61effa2a0.tar.gz
qemu-analysis-256709d2eb3fd80d768a99964be5caa61effa2a0.zip
add new classifier result
Diffstat (limited to 'results/classifier/105/other/1883728')
-rw-r--r--results/classifier/105/other/1883728176


1 files changed, 176 insertions, 0 deletions
diff --git a/results/classifier/105/other/1883728 b/results/classifier/105/other/1883728
new file mode 100644
index 000000000..0a64e7bc0
--- /dev/null
+++ b/results/classifier/105/other/1883728
@@ -0,0 +1,176 @@
+other: 0.973
+vnc: 0.969
+KVM: 0.949
+instruction: 0.935
+semantic: 0.933
+device: 0.931
+assembly: 0.923
+socket: 0.923
+graphic: 0.923
+mistranslation: 0.907
+network: 0.900
+boot: 0.897
+
+address_space_unmap: Assertion `mr != NULL' failed.
+
+To reproduce run the QEMU with the following command line:
+```
+qemu-system-x86_64 -cdrom hypertrash_os_bios_crash.iso -nographic -m 100 -enable-kvm -device virtio-gpu-pci -device nec-usb-xhci -device usb-audio
+```
+
+QEMU Version:
+```
+# qemu-5.0.0
+$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
+$ x86_64-softmmu/qemu-system-x86_64 --version
+QEMU emulator version 5.0.0
+Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
+```
+
+
+
+Here's a qtest reproducer:
+
+cat << EOF | ./i386-softmmu/qemu-system-i386 \
+-device nec-usb-xhci -trace usb\* \
+-device usb-audio -device usb-storage,drive=mydrive \
+-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
+-nodefaults -nographic -qtest stdio
+outl 0xcf8 0x80001016
+outl 0xcfc 0x3c319f0d
+outl 0xcf8 0x80001004
+outl 0xcfc 0xc77695e
+writel 0x9f0d000000000040 0xffffd855
+write 0x1d 0x1 0x27
+write 0x2d 0x1 0x2e
+write 0x17232 0x1 0x03
+write 0x17254 0x1 0x05
+write 0x17276 0x1 0x72
+write 0x17278 0x1 0x02
+write 0x3d 0x1 0x27
+write 0x40 0x1 0x2e
+write 0x41 0x1 0x72
+write 0x42 0x1 0x01
+write 0x4d 0x1 0x2e
+write 0x4f 0x1 0x01
+writeq 0x9f0d000000002000 0x5c05140100000000
+writeq 0x9f0d000000002000 0x5c05140100000000
+write 0x2008d 0x1 0x13
+writeq 0x9f0d000000002000 0x100ef0100000009
+write 0x200ad 0x1 0x27
+write 0x200bd 0x1 0x5c
+write 0x200cd 0x1 0x2e
+write 0x200dd 0x1 0x2f
+write 0x200e8 0x1 0x08
+write 0x200ec 0x1 0xfe
+write 0x200ed 0x1 0x08
+write 0x200fd 0x1 0x05
+write 0x2010d 0x1 0x2e
+write 0x2011d 0x1 0x2f
+write 0x2012d 0x1 0x08
+write 0x20137 0x1 0x5e
+write 0x2013a 0x1 0x2f
+write 0x2013d 0x1 0x05
+write 0x2014d 0x1 0x13
+writeq 0x9f0d000000002000 0x100ef0100000009
+EOF
+
+...
+[S +0.017146] OK
+[R +0.017149] writeq 0x9f0d000000002000 0x5c05140100000000
+30899@1597183147.299108:usb_xhci_doorbell_write off 0x0000, val 0x00000000
+30899@1597183147.299112:usb_xhci_fetch_trb addr 0x0000000000000000, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000
+30899@1597183147.299115:usb_xhci_doorbell_write off 0x0004, val 0x5c051401
+OK
+[S +0.017162] OK
+[R +0.017166] writeq 0x9f0d000000002000 0x5c05140100000000
+30899@1597183147.299124:usb_xhci_doorbell_write off 0x0000, val 0x00000000
+30899@1597183147.299126:usb_xhci_fetch_trb addr 0x0000000000000010, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
+30899@1597183147.299129:usb_xhci_slot_enable slotid 1
+30899@1597183147.299132:usb_xhci_fetch_trb addr 0x0000000000000020, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002e00
+30899@1597183147.299134:usb_xhci_fetch_trb addr 0x0000000000000030, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
+30899@1597183147.299137:usb_xhci_slot_enable slotid 2
+30899@1597183147.299139:usb_xhci_fetch_trb addr 0x0000000000000040, CR_ADDRESS_DEVICE, p 0x000000000001722e, s 0x00000000, c 0x01002e00
+30899@1597183147.299144:usb_xhci_slot_address slotid 1, port 1
+30899@1597183147.299148:usb_xhci_ep_enable slotid 1, epid 1
+30899@1597183147.299151:usb_xhci_fetch_trb addr 0x0000000000000050, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000
+30899@1597183147.299154:usb_xhci_doorbell_write off 0x0004, val 0x5c051401
+30899@1597183147.299157:usb_xhci_ep_kick slotid 1, epid 1, streamid 23557
+30899@1597183147.299161:usb_xhci_fetch_trb addr 0x0000000000020070, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000
+OK
+[S +0.017210] OK
+[R +0.017214] write 0x2008d 0x1 0x13
+OK
+[S +0.017219] OK
+[R +0.017223] writeq 0x9f0d000000002000 0x100ef0100000009
+30899@1597183147.299181:usb_xhci_doorbell_write off 0x0000, val 0x00000009
+30899@1597183147.299183:usb_xhci_doorbell_write off 0x0004, val 0x0100ef01
+30899@1597183147.299185:usb_xhci_ep_kick slotid 1, epid 1, streamid 256
+30899@1597183147.299189:usb_xhci_fetch_trb addr 0x0000000000020080, TR_STATUS, p 0x0000000000000000, s 0x00000000, c 0x00001300
+30899@1597183147.299191:usb_xhci_xfer_start 0x5622548f9760: slotid 1, epid 1, streamid 0
+TRB_SETUP 1300 1300 1300 0
+30899@1597183147.299196:usb_xhci_fetch_trb addr 0x0000000000020090, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000
+OK
+[S +0.017244] OK
+[R +0.017248] write 0x200ad 0x1 0x27
+OK
+[S +0.017338] OK
+[R +0.017342] writeq 0x9f0d000000002000 0x100ef0100000009
+30899@1597183147.299300:usb_xhci_doorbell_write off 0x0000, val 0x00000009
+30899@1597183147.299302:usb_xhci_doorbell_write off 0x0004, val 0x0100ef01
+30899@1597183147.299304:usb_xhci_ep_kick slotid 1, epid 1, streamid 256
+30899@1597183147.299308:usb_xhci_fetch_trb addr 0x00000000000200a0, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
+30899@1597183147.299310:usb_xhci_xfer_start 0x5622548f9890: slotid 1, epid 1, streamid 0
+TRB_SETUP 2700 2700 2700 0
+30899@1597183147.299315:usb_xhci_fetch_trb addr 0x00000000000200b0, CR_NOOP, p 0x0000000000000000, s 0x00000000, c 0x00005c00
+30899@1597183147.299318:usb_xhci_xfer_start 0x5622548f99a0: slotid 1, epid 1, streamid 0
+TRB_SETUP 5c00 5c00 5c00 0
+30899@1597183147.299322:usb_xhci_fetch_trb addr 0x00000000000200c0, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002e00
+30899@1597183147.299325:usb_xhci_xfer_start 0x5622548f9ab0: slotid 1, epid 1, streamid 0
+TRB_SETUP 2e00 2e00 2e00 0
+30899@1597183147.299329:usb_xhci_fetch_trb addr 0x00000000000200d0, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002f00
+30899@1597183147.299331:usb_xhci_xfer_start 0x5622548f9c10: slotid 1, epid 1, streamid 0
+TRB_SETUP 2f00 2f00 2f00 0
+30899@1597183147.299337:usb_xhci_fetch_trb addr 0x00000000000200e0, TR_SETUP, p 0x0000000000000000, s 0x00000008, c 0x000008fe
+30899@1597183147.299340:usb_xhci_fetch_trb addr 0x00000000000200f0, TR_NORMAL, p 0x0000000000000000, s 0x00000000, c 0x00000500
+30899@1597183147.299342:usb_xhci_fetch_trb addr 0x0000000000020100, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002e00
+30899@1597183147.299345:usb_xhci_fetch_trb addr 0x0000000000020110, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002f00
+30899@1597183147.299348:usb_xhci_fetch_trb addr 0x0000000000020120, TR_SETUP, p 0x0000000000000000, s 0x00000000, c 0x00000800
+30899@1597183147.299351:usb_xhci_fetch_trb addr 0x0000000000020130, TR_NORMAL, p 0x5e00000000000000, s 0x002f0000, c 0x00000500
+30899@1597183147.299353:usb_xhci_fetch_trb addr 0x0000000000020140, TR_STATUS, p 0x0000000000000000, s 0x00000000, c 0x00001300
+30899@1597183147.299356:usb_xhci_xfer_start 0x5622548f9d70: slotid 1, epid 1, streamid 0
+TRB_SETUP 8fe 1300 8fe 8
+30899@1597183147.299361:usb_packet_state_change bus 0, port 1, ep 0, packet 0x5622548f9d78, state undef -> setup
+30899@1597183147.299466:usb_packet_state_change bus 0, port 1, ep 0, packet 0x5622548f9d78, state setup -> complete
+qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
+
+
+
+
+
+#8 0x7f8f9e7e6091 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
+#9 0x55f7507b374a in address_space_unmap exec.c:3623:9
+#10 0x55f750baeab8 in dma_memory_unmap include/sysemu/dma.h:145:5
+#11 0x55f750baea1b in usb_packet_unmap hw/usb/libhw.c:65:9
+#12 0x55f750bcbb73 in xhci_xfer_unmap hw/usb/hcd-xhci.c:1487:5
+#13 0x55f750bcba3d in xhci_try_complete_packet hw/usb/hcd-xhci.c:1642:9
+#14 0x55f750bcc888 in xhci_fire_ctl_transfer hw/usb/hcd-xhci.c:1728:5
+#15 0x55f750bcb306 in xhci_kick_epctx hw/usb/hcd-xhci.c:1991:13
+#16 0x55f750bd04e9 in xhci_kick_ep hw/usb/hcd-xhci.c:1861:5
+#17 0x55f750bd253c in xhci_doorbell_write hw/usb/hcd-xhci.c:3162:13
+#18 0x55f75091def1 in memory_region_write_accessor softmmu/memory.c:483:5
+#19 0x55f75091ddf3 in access_with_adjusted_size softmmu/memory.c:544:18
+#20 0x55f75091dac5 in memory_region_dispatch_write softmmu/memory.c
+#21 0x55f7507b51e2 in flatview_write_continue exec.c:3176:23
+#22 0x55f7507b2a30 in flatview_write exec.c:3216:14
+#23 0x55f7507b2968 in address_space_write exec.c:3308:18
+#24 0x55f750929e3b in qtest_process_command softmmu/qtest.c
+
+
+Can you still reproduce this assert with QEMU v6.0 ? For me, it does not seem to run into the assert() anymore, so I assume this has been fixed within the last months?
+
+OSS-Fuzz never picked up on this one, so I'm guessing it was fixed sometime between 5.1 and 5.2. 
+Not a fun section to bisect, but looks like it was fixed by 21bc31524e ("hw: xhci: check return value of 'usb_packet_map'")
+
+Ok, thanks for checking! So seems like this has been fixed, thus I'm closing the bug. If it happens again, please open a new ticket in our new gitlab issue tracker.
+