add gemma accelerator classification results

author: Christian Krinitsin <mail@krinitsin.com> 2025-07-03 16:27:09 +0000
committer: Christian Krinitsin <mail@krinitsin.com> 2025-07-03 16:27:09 +0000
commit: 4d9e26c0333abd39bdbd039dcdb30ed429c475ba (patch)
tree: 4010d5fb3e8bc48c110a2c1ff2a16b8648cb86bb /results/classifier/accel-gemma3:12b/kvm/1892761
parent: 5541099586dbd6018574cb44e1934907c121526f (diff)
download: qemu-analysis-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.tar.gz
qemu-analysis-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/results/classifier/accel-gemma3:12b/kvm/1892761 b/results/classifier/accel-gemma3:12b/kvm/1892761
new file mode 100644
index 000000000..ece5485a4
--- /dev/null
+++ b/results/classifier/accel-gemma3:12b/kvm/1892761
@@ -0,0 +1,11 @@
+
+Heap-use-after-free through double-fetch in ehci
+
+Hello,
+I don't have a qtest reproducer for this crash because it involves a DMA double-fetch, and I don't think we can reproduce those with qtest.
+
+Instead, I attached the pseudo-qtest trace produced by the fuzzer, along with some trace events.
+The lines annotated with [DMA] are write commands that were triggered by a callback from a DMA read by the device. The lines annotated with [DOUBLE-FETCH] are DMA accesses that hit the same address more than once (possible double-fetches).
+
+I am still thinking of nicer ways of presenting this trace and providing a reproducer.
+-Alex
\ No newline at end of file
author	Christian Krinitsin <mail@krinitsin.com>	2025-07-03 16:27:09 +0000
committer	Christian Krinitsin <mail@krinitsin.com>	2025-07-03 16:27:09 +0000
commit	4d9e26c0333abd39bdbd039dcdb30ed429c475ba (patch)
tree	4010d5fb3e8bc48c110a2c1ff2a16b8648cb86bb /results/classifier/accel-gemma3:12b/kvm/1892761
parent	5541099586dbd6018574cb44e1934907c121526f (diff)
download	qemu-analysis-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.tar.gz qemu-analysis-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.zip