diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:00 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-16 16:59:33 +0000 |
| commit | 9aba81d8eb048db908c94a3c40c25a5fde0caee6 (patch) | |
| tree | b765e7fb5e9a3c2143c68b0414e0055adb70e785 /results/classifier/118/none/1890159 | |
| parent | b89a938452613061c0f1f23e710281cf5c83cb29 (diff) | |
| download | qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.tar.gz qemu-analysis-9aba81d8eb048db908c94a3c40c25a5fde0caee6.zip | |
add 18th iteration of classifier
Diffstat (limited to 'results/classifier/118/none/1890159')
| -rw-r--r-- | results/classifier/118/none/1890159 | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/results/classifier/118/none/1890159 b/results/classifier/118/none/1890159 new file mode 100644 index 000000000..76e754d56 --- /dev/null +++ b/results/classifier/118/none/1890159 @@ -0,0 +1,74 @@ +graphic: 0.564 +device: 0.312 +semantic: 0.229 +network: 0.164 +i386: 0.137 +architecture: 0.125 +PID: 0.113 +user-level: 0.110 +performance: 0.110 +debug: 0.101 +permissions: 0.099 +assembly: 0.092 +mistranslation: 0.088 +peripherals: 0.072 +boot: 0.056 +register: 0.052 +risc-v: 0.052 +ppc: 0.050 +arm: 0.047 +files: 0.037 +socket: 0.036 +vnc: 0.035 +x86: 0.030 +TCG: 0.029 +kernel: 0.026 +hypervisor: 0.026 +VMM: 0.019 +virtual: 0.018 +KVM: 0.002 + +Assertion failure in net_tx_pkt_add_raw_fragment through vmxnet3 + +Hello, +Reproducer: + +cat << EOF | ./i386-softmmu/qemu-system-i386 \ +-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic +outl 0xcf8 0x80001010 +outl 0xcfc 0xe0000000 +outl 0xcf8 0x80001014 +outl 0xcfc 0xe0001000 +outl 0xcf8 0x80001018 +outl 0xcf8 0x80001001 +outl 0xcfc 0x3fff3fff +outl 0xcf8 0x80001016 +outl 0xcfc 0x5c84ff00 +outl 0xcf8 0x800010ff +write 0x0 0x1 0xe1 +write 0x1 0x1 0xfe +write 0x2 0x1 0xbe +write 0x3 0x1 0xba +writeq 0xff001020 0xef0bff5ecafe0000 +writel 0xe0000605 0xa7ff845e +EOF + +============================================================== +qemu-system-i386: hw/net/net_tx_pkt.c:382: _Bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *, hwaddr, size_t): Assertion `pkt->max_raw_frags > pkt->raw_frags' failed. +Aborted + + +#9 0x5607db7efdc0 in net_tx_pkt_add_raw_fragment /home/alxndr/Development/qemu/general-fuzz/hw/net/net_tx_pkt.c:382:5 +#10 0x5607db902ef0 in vmxnet3_process_tx_queue /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:653:18 +#11 0x5607db9021db in vmxnet3_io_bar0_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1097:9 +#12 0x5607da41f193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5 +#13 0x5607da41e637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18 +#14 0x5607da41c256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16 +#15 0x5607d97cd4a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23 + +-Alex + +This still triggers with the current version of QEMU. Marking as "Confirmed" + +Looks like this was fixed by 283f0a05e2 ("hw/net/net_tx_pkt: Fix crash detected by fuzzer") + |