diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:00 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:33 +0000 |
| commit | 9aba81d8eb048db908c94a3c40c25a5fde0caee6 (patch) | |
| tree | b765e7fb5e9a3c2143c68b0414e0055adb70e785 /results/classifier/118/none/1527322 | |
| parent | b89a938452613061c0f1f23e710281cf5c83cb29 (diff) | |
| download | qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.tar.gz qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.zip | |
add 18th iteration of classifier
Diffstat (limited to 'results/classifier/118/none/1527322')
| -rw-r--r-- | results/classifier/118/none/1527322 | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/results/classifier/118/none/1527322 b/results/classifier/118/none/1527322 new file mode 100644 index 000000000..7140a147d --- /dev/null +++ b/results/classifier/118/none/1527322 @@ -0,0 +1,82 @@ +mistranslation: 0.778 +risc-v: 0.732 +device: 0.681 +graphic: 0.679 +virtual: 0.654 +register: 0.646 +peripherals: 0.645 +network: 0.645 +hypervisor: 0.628 +user-level: 0.627 +architecture: 0.623 +performance: 0.610 +ppc: 0.604 +debug: 0.601 +x86: 0.599 +permissions: 0.585 +TCG: 0.575 +arm: 0.571 +socket: 0.570 +KVM: 0.562 +semantic: 0.560 +boot: 0.560 +i386: 0.550 +PID: 0.545 +kernel: 0.541 +VMM: 0.530 +assembly: 0.506 +vnc: 0.500 +files: 0.495 + +segfault in thread-pool.c:246:5: + +Building qemu-2.5.0 with -fsanitize=undefined shows, e.g.: + +markus@x4 linux % qemu-system-x86_64 -s -enable-kvm -net nic,vlan=0,model=virtio -net user -fsdev local,security_model=none,id=root,path=/ -device virtio-9p-pci,id=root,fsdev +=root,mount_tag=/dev/root -m 512 -smp 2 -kernel /usr/src/linux/arch/x86/boot/bzImage -nographic -append "init=/bin/zsh root=/dev/root console=ttyS0 kgdboc=ttyS0 rootflags=rw, +trans=virtio rootfstype=9p ip=dhcp earlyprintk=ttyS0" +/var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/exec.c:307:5: runtime error: variable length array bound evaluates to non-positive value 0 +/var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/hw/i386/kvm/apic.c:37:47: runtime error: left shift of 15 by 28 places cannot be represented in type 'int' +/var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/include/qemu/rcu.h:85:21: runtime error: member access within null pointer of type 'struct rcu_reader_data' +/var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/include/qemu/rcu.h:101:5: runtime error: member access within null pointer of type 'struct rcu_reader_data' +/var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/include/qemu/rcu.h:102:8: runtime error: member access within null pointer of type 'struct rcu_reader_data' +... +ALSA device list: + No soundcards found. +/var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/thread-pool.c:246:5: runtime error: member access within null pointer of type 'struct ThreadPool' +[1] 9295 segmentation fault qemu-system-x86_64 -s -enable-kvm -net nic,vlan=0,model=virtio -net user + +As you can see it segfaults when build with upcoming gcc-6, that is more aggressive when it comes to undefined behavior. +The compiler just assumes that "this" can never be NULL and optimizes accordingly. + +It also segfaults when build with gcc-4.9.4 or gcc-5.3. + +Program received signal SIGSEGV, Segmentation fault. +thread_pool_submit_aio (pool=0x0, func=0x555555820bc0 <coroutine_enter_func>, arg=0x5555579db430, cb=<optimized out>, opaque=<optimized out>) + at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/thread-pool.c:246 +246 QLIST_INSERT_HEAD(&pool->head, req, all); +(gdb) bt +#0 thread_pool_submit_aio (pool=0x0, func=0x555555820bc0 <coroutine_enter_func>, arg=0x5555579db430, cb=<optimized out>, opaque=<optimized out>) + at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/thread-pool.c:246 +#1 0x00005555559451cd in aio_bh_call (bh=<optimized out>) at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/async.c:64 +#2 aio_bh_poll (ctx=ctx@entry=0x5555561c1da0) at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/async.c:92 +#3 0x00005555559524f0 in aio_dispatch (ctx=0x5555561c1da0) at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/aio-posix.c:305 +#4 0x0000555555944f4e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) + at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/async.c:231 +#5 0x00007ffff726ce2e in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 +#6 0x0000555555950baa in glib_pollfds_poll () at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/main-loop.c:211 +#7 os_host_main_loop_wait (timeout=<optimized out>) at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/main-loop.c:256 +#8 main_loop_wait (nonblocking=<optimized out>) at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/main-loop.c:504 +#9 0x00005555556ddf46 in main_loop () at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/vl.c:1923 +#10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /var/tmp/portage/app-emulation/qemu-2.5.0/work/qemu-2.5.0/vl.c:4684 +(gdb) p pool +$1 = (ThreadPool *) 0x0 + + +This issue was fixed with the following upstream commit: + +http://git.qemu.org/?p=qemu.git;a=commit;h=4b3a4f2d458ca5a7c6c16ac36a8d9ac22cc253d6 + +Shipped in QEMU 2.5.1 and 2.6. + + |