diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-30 12:24:58 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-30 12:27:06 +0000 |
| commit | 33606b41d35115f887ea688b1a16f2ff85bf2fe4 (patch) | |
| tree | 406b2c7b19a087ba437c68f3dbf0b589fa1d6150 /results/scraper/launchpad-without-comments/1926111 | |
| parent | adedf8771bc4de3113041ca21bd4d0d1c0014b6a (diff) | |
| download | qemu-analysis-33606b41d35115f887ea688b1a16f2ff85bf2fe4.tar.gz qemu-analysis-33606b41d35115f887ea688b1a16f2ff85bf2fe4.zip | |
add launchpad bug reports without comments
Diffstat (limited to 'results/scraper/launchpad-without-comments/1926111')
| -rw-r--r-- | results/scraper/launchpad-without-comments/1926111 | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1926111 b/results/scraper/launchpad-without-comments/1926111 new file mode 100644 index 000000000..4e015ed65 --- /dev/null +++ b/results/scraper/launchpad-without-comments/1926111 @@ -0,0 +1,85 @@ +Assertion `tx_queue_idx <= s->txq_num' failed in vmxnet3_io_bar0_write + +=== Stacktrace === + +qemu-fuzz-i386: ../hw/net/vmxnet3.c:1096: void vmxnet3_io_bar0_write(void *, hwaddr, uint64_t, unsigned int): Assertion `tx_queue_idx <= s->txq_num' failed. +==602353== ERROR: libFuzzer: deadly signal +#5 0x7fe4b93a7ce0 in raise signal/../sysdeps/unix/sysv/linux/raise.c:48:3 +#6 0x7fe4b9391536 in abort stdlib/abort.c:79:7 +#7 0x7fe4b939140e in __assert_fail_base assert/assert.c:92:3 +#8 0x7fe4b93a0661 in __assert_fail assert/assert.c:101:3 +#9 0x563e6cf5ebb5 in vmxnet3_io_bar0_write hw/net/vmxnet3.c:1096:9 +#10 0x563e6eefdb00 in memory_region_write_accessor softmmu/memory.c:491:5 +#11 0x563e6eefcfdd in access_with_adjusted_size softmmu/memory.c:552:18 +#12 0x563e6eefac90 in memory_region_dispatch_write softmmu/memory.c:1502:16 +#13 0x563e6e834e16 in flatview_write_continue softmmu/physmem.c:2746:23 +#14 0x563e6e81cd38 in flatview_write softmmu/physmem.c:2786:14 +#15 0x563e6e81c868 in address_space_write softmmu/physmem.c:2878:18 + +=== Reproducer === +cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \ +512M -machine q35 -nodefaults -device vmxnet3,netdev=net0 -netdev \ +user,id=net0 -qtest stdio +outl 0xcf8 0x80000810 +outl 0xcfc 0xe0000000 +outl 0xcf8 0x80000814 +outl 0xcf8 0x80000804 +outw 0xcfc 0x7 +outl 0xcf8 0x80000815 +outl 0xcfc 0xffff00b5 +write 0x0 0x1 0xe1 +write 0x1 0x1 0xfe +write 0x2 0x1 0xbe +write 0x3 0x1 0xba +write 0xff00b020 0x4 0x0000feca +write 0xe0000630 0x1 0x00 +EOF + + +=== Testcase === + +/* + * Autogenerated Fuzzer Test Case + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "libqos/libqtest.h" + +static void test_fuzz(void) { + QTestState *s = qtest_init(" -display none , -m 512M -machine q35 -nodefaults " + "-device vmxnet3,netdev=net0 -netdev user,id=net0"); + qtest_outl(s, 0xcf8, 0x80000810); + qtest_outl(s, 0xcfc, 0xe0000000); + qtest_outl(s, 0xcf8, 0x80000814); + qtest_outl(s, 0xcf8, 0x80000804); + qtest_outw(s, 0xcfc, 0x7); + qtest_outl(s, 0xcf8, 0x80000815); + qtest_outl(s, 0xcfc, 0xffff00b5); + qtest_bufwrite(s, 0x0, "\xe1", 0x1); + qtest_bufwrite(s, 0x1, "\xfe", 0x1); + qtest_bufwrite(s, 0x2, "\xbe", 0x1); + qtest_bufwrite(s, 0x3, "\xba", 0x1); + qtest_bufwrite(s, 0xff00b020, "\x00\x00\xfe\xca", 0x4); + qtest_bufwrite(s, 0xe0000630, "\x00", 0x1); + qtest_quit(s); +} +int main(int argc, char **argv) { + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0) { + qtest_add_func("fuzz/test_fuzz", test_fuzz); + } + + return g_test_run(); +} + + +=== OSS-Fuzz Report === +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33603 +https://oss-fuzz.com/testcase?key=6071483232288768 \ No newline at end of file |