diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 07:27:52 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 07:27:52 +0000 |
| commit | d0c85e36e4de67af628d54e9ab577cc3fad7796a (patch) | |
| tree | f8f784b0f04343b90516a338d6df81df3a85dfa2 /results/classifier/gemma3:12b/files/2851 | |
| parent | 7f4364274750eb8cb39a3e7493132fca1c01232e (diff) | |
| download | qemu-analysis-d0c85e36e4de67af628d54e9ab577cc3fad7796a.tar.gz qemu-analysis-d0c85e36e4de67af628d54e9ab577cc3fad7796a.zip | |
add deepseek and gemma results
Diffstat (limited to 'results/classifier/gemma3:12b/files/2851')
| -rw-r--r-- | results/classifier/gemma3:12b/files/2851 | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/results/classifier/gemma3:12b/files/2851 b/results/classifier/gemma3:12b/files/2851 new file mode 100644 index 000000000..dd9498553 --- /dev/null +++ b/results/classifier/gemma3:12b/files/2851 @@ -0,0 +1,52 @@ + +Assert failure in ../util/error.c:68: void error_setv() +Description of problem: +If bdrv_snapshot_goto() returns an error, it is not handled immediately, +allowing *errp to be reassigned when qcow_open() fails, which triggers +assert(*errp == NULL) in util/error.c: void error_setv(). +Steps to reproduce: +1. [test.qed](/uploads/17005dfba241f5a355e3592e12e356f6/test.qed) +2. ./qemu-img snapshot -q -a test test.qed +Additional information: +<details> +<pre> +qemu-img-fuzz: ../util/error.c:68: void error_setv(Error **, const char *, int, const char *, ErrorClass, const char *, struct __va_list_tag *, const char *): Assertion `*errp == NULL' failed. +==20841== ERROR: libFuzzer: deadly signal + #0 0x56384b84a46a in __sanitizer_print_stack_trace /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/asan/asan_stack.cpp:86:3 + #1 0x56384b79bb79 in fuzzer::PrintStackTrace() /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:38 + #2 0x56384b77d5a6 in fuzzer::Fuzzer::CrashCallback() (.part.0) /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:18 + #3 0x56384b77d667 in fuzzer::Fuzzer::CrashCallback() /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:205:1 + #4 0x56384b77d667 in fuzzer::Fuzzer::StaticCrashSignalCallback() /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:204:19 + #5 0x7effd07c09df (/lib64/libpthread.so.0+0x139df) + #6 0x7effcf659450 in raise (/lib64/libc.so.6+0x3d450) + #7 0x7effcf642547 in abort (/lib64/libc.so.6+0x26547) + #8 0x7effcf642430 (/lib64/libc.so.6+0x26430) + #9 0x7effcf651ce1 in __assert_fail (/lib64/libc.so.6+0x35ce1) + #10 0x56384bf211dc in error_setv /home/gerben/qemu-img_fuzz/build/../util/error.c:68:5 + #11 0x56384bf213fc in error_setg_internal /home/gerben/qemu-img_fuzz/build/../util/error.c:105:5 + #12 0x56384bb2b71f in qcow_open /home/gerben/qemu-img_fuzz/build/../block/qcow.c:306:5 + #13 0x56384bb17654 in bdrv_snapshot_goto /home/gerben/qemu-img_fuzz/build/../block/snapshot.c:299:20 + #14 0x56384bdd52c1 in img_snapshot /home/gerben/qemu-img_fuzz/build/../qemu-img-wrapper.c:3476:15 + #15 0x56384bdbcede in qemu_img_main /home/gerben/qemu-img_fuzz/build/../qemu-img-wrapper.c:5624:20 + #16 0x56384bdb6e7d in command_snapshot /home/gerben/qemu-img_fuzz/build/../qemu-img_fuzz.c:309:20 + #17 0x56384bdb6e7d in generator_command /home/gerben/qemu-img_fuzz/build/../qemu-img_fuzz.c:1285:17 + #18 0x56384bdaf718 in LLVMFuzzerTestOneInput /home/gerben/qemu-img_fuzz/build/../qemu-img_fuzz.c:1303:5 + #19 0x56384b77e1c8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:559:17 + #20 0x56384b781af0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:471:18 + #21 0x56384b784796 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:771:13 + #22 0x56384b784c7e in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:800:28 + #23 0x56384b76bb57 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:847:10 + #24 0x56384b758fe2 in main /usr/src/RPM/BUILD/llvm-11.0.1.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:30 + #25 0x7effcf643efc in __libc_start_main (/lib64/libc.so.6+0x27efc) + #26 0x56384b759089 in _start /usr/src/RPM/BUILD/glibc-2.32-alt5.p10.3/csu/../sysdeps/x86_64/start.S:120 + +NOTE: libFuzzer has rudimentary signal handlers. + Combine libFuzzer with AddressSanitizer or similar for better crash reports. +SUMMARY: libFuzzer: deadly signal +MS: 0 ; base unit: 0000000000000000000000000000000000000000 +0x2b,0x25,0xff,0xff,0xff,0xff,0x3a,0x9a,0xc9,0xff,0xa, ++%\xff\xff\xff\xff:\x9a\xc9\xff\x0a +artifact_prefix='./'; Test unit written to ./crash-e9c4f1b8a97ffa93544e87a5a819ac524aa82029 +Base64: KyX/////OprJ/wo= +</pre> +</details> |