diff options
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/1815.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_missing/1815.toml | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/1815.toml b/gitlab/issues/target_missing/host_missing/accel_missing/1815.toml deleted file mode 100644 index ddcfc5aa6..000000000 --- a/gitlab/issues/target_missing/host_missing/accel_missing/1815.toml +++ /dev/null @@ -1,90 +0,0 @@ -id = 1815 -title = "Null pointer access in nvme_directive_receive()" -state = "closed" -created_at = "2023-08-06T05:30:10.529Z" -closed_at = "2023-08-09T22:02:51.584Z" -labels = ["Fuzzer", "block:NVMe", "kind::Bug"] -url = "https://gitlab.com/qemu-project/qemu/-/issues/1815" -host-os = "Ubuntu 20.04" -host-arch = "x86_64" -qemu-version = "commit at c167c80b46" -guest-os = "n/a" -guest-arch = "n/a" -description = """Got an access within null pointer error when fuzzing nvme.""" -reproduce = """Minimized reproducer for the error: - -```plaintext -cat << EOF | ./qemu-system-x86_64 -display none -machine accel=qtest, -m 512M -machine q35 \\ --nodefaults -drive file=null-co://,if=none,format=raw,id=disk0 -device \\ -nvme,drive=disk0,serial=1 -qtest /dev/null -qtest stdio -outl 0xcf8 0x80000810 -outl 0xcfc 0xe0000000 -outl 0xcf8 0x80000804 -outw 0xcfc 0x06 -write 0xe0000024 0x4 0x040002 -write 0xe0000014 0x4 0x61004600 -write 0xe0001000 0x1 0x04 -write 0x0 0x1 0x1a -write 0x4 0x1 0x01 -write 0x2c 0x1 0x01 -EOF -```""" -additional = """The crash report triggered by the reproducer is: - -```plaintext -[I 0.000000] OPENED -[R +0.025407] outl 0xcf8 0x80000810 -[S +0.025443] OK -OK -[R +0.025456] outl 0xcfc 0xe0000000 -[S +0.025470] OK -OK -[R +0.025476] outl 0xcf8 0x80000804 -[S +0.025483] OK -OK -[R +0.025489] outw 0xcfc 0x06 -[S +0.025934] OK -OK -[R +0.025946] write 0xe0000024 0x4 0x040002 -[S +0.025958] OK -OK -[R +0.025964] write 0xe0000014 0x4 0x61004600 -[S +0.025988] OK -OK -[R +0.026025] write 0xe0001000 0x1 0x04 -[S +0.026041] OK -OK -[R +0.026048] write 0x0 0x1 0x1a -[S +0.026256] OK -OK -[R +0.026268] write 0x4 0x1 0x01 -[S +0.026279] OK -OK -[R +0.026292] write 0x2c 0x1 0x01 -[S +0.026303] OK -OK -../hw/nvme/ctrl.c:6890:29: runtime error: member access within null pointer of type 'NvmeEnduranceGroup' (aka 'struct NvmeEnduranceGroup') -SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/nvme/ctrl.c:6890:29 in -AddressSanitizer:DEADLYSIGNAL -================================================================= -==1085476==ERROR: AddressSanitizer: SEGV on unknown address 0x000000001fc8 (pc 0x56306b765ebf bp 0x7ffff17fd890 sp 0x7ffff17f6a00 T0) -==1085476==The signal is caused by a READ memory access. - #0 0x56306b765ebf in nvme_directive_receive ../hw/nvme/ctrl.c:6890:33 - #1 0x56306b765ebf in nvme_admin_cmd ../hw/nvme/ctrl.c:6958:16 - #2 0x56306b765ebf in nvme_process_sq ../hw/nvme/ctrl.c:7015:13 - #3 0x56306cda2c3b in aio_bh_call ../util/async.c:169:5 - #4 0x56306cda3384 in aio_bh_poll ../util/async.c:216:13 - #5 0x56306cd3f15b in aio_dispatch ../util/aio-posix.c:423:5 - #6 0x56306cda72da in aio_ctx_dispatch ../util/async.c:358:5 - #7 0x7fa321cc417c in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5217c) (BuildId: 5fdb313daf182a33a858ba2cc945211b11d34561) - #8 0x56306cda840f in glib_pollfds_poll ../util/main-loop.c:290:9 - #9 0x56306cda840f in os_host_main_loop_wait ../util/main-loop.c:313:5 - #10 0x56306cda840f in main_loop_wait ../util/main-loop.c:592:11 - #11 0x56306bd17f76 in qemu_main_loop ../softmmu/runstate.c:732:9 - #12 0x56306c721835 in qemu_default_main ../softmmu/main.c:37:14 - #13 0x7fa320aeb082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 - #14 0x56306af0309d in _start (./qemu-system-x86_64+0x1e9109d) - -AddressSanitizer can not provide additional info. -SUMMARY: AddressSanitizer: SEGV ../hw/nvme/ctrl.c:6890:33 in nvme_directive_receive -```""" |