summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_missing/2299.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2299.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_missing/2299.toml215
1 files changed, 0 insertions, 215 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2299.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2299.toml
deleted file mode 100644
index 9b5272676..000000000
--- a/gitlab/issues/target_missing/host_missing/accel_missing/2299.toml
+++ /dev/null
@@ -1,215 +0,0 @@
-id = 2299
-title = "UFS Device sanitizers error"
-state = "closed"
-created_at = "2024-04-22T03:29:29.520Z"
-closed_at = "2024-05-01T22:14:33.454Z"
-labels = ["Fuzzer"]
-url = "https://gitlab.com/qemu-project/qemu/-/issues/2299"
-host-os = "n/a"
-host-arch = "n/a"
-qemu-version = "n/a"
-guest-os = "n/a"
-guest-arch = "n/a"
-description = """Sanitizers error reported by Zheyu Ma zheyuma97@gmail.com
-
-The following log can reveal it:
-
-==3619819==ERROR: AddressSanitizer: heap-buffer-overflow on address
-
-0x62a000011200 at pc 0x7f9f9903a2c3 bp 0x7ffd44e1ee60 sp 0x7ffd44e1e608
-
-WRITE of size 20512 at 0x62a000011200 thread T0
-
-```
-#0 0x7f9f9903a2c2 in __interceptor_memcpy
-```
-
-../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
-
-```
-#1 0x5f23331ea4fc in memcpy
-```
-
-/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
-
-```
-#2 0x5f23331ea4fc in flatview_read_continue_step
-```
-
-../system/physmem.c:2818
-
-```
-#3 0x5f23331eab72 in flatview_read_continue ../system/physmem.c:2835
-
-#4 0x5f23331eadc4 in flatview_read ../system/physmem.c:2865
-
-#5 0x5f23331ec2a5 in address_space_read_full ../system/physmem.c:2878
-
-#6 0x5f23331ec2a5 in address_space_rw ../system/physmem.c:2906
-
-#7 0x5f23326b7ad0 in ufs_dma_read_req_upiu ../hw/ufs/ufs.c:129
-
-#8 0x5f23326b7ad0 in ufs_dma_read_upiu ../hw/ufs/ufs.c:185
-
-#9 0x5f23326b7ad0 in ufs_exec_req ../hw/ufs/ufs.c:1021
-
-#10 0x5f23326b7ad0 in ufs_process_req ../hw/ufs/ufs.c:1066
-
-#11 0x5f2333a9160d in aio_bh_call ../util/async.c:171
-
-#12 0x5f2333a91f45 in aio_bh_poll ../util/async.c:218
-
-#13 0x5f2333a217a9 in aio_dispatch ../util/aio-posix.c:423
-
-#14 0x5f2333a90d01 in aio_ctx_dispatch ../util/async.c:360
-
-#15 0x7f9f985c4d3a in g_main_context_dispatch
-```
-
-(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55d3a)
-
-```
-#16 0x5f2333a9690f in glib_pollfds_poll ../util/main-loop.c:287
-
-#17 0x5f2333a9690f in os_host_main_loop_wait ../util/main-loop.c:310
-
-#18 0x5f2333a9690f in main_loop_wait ../util/main-loop.c:589
-
-#19 0x5f23329370e0 in qemu_main_loop ../system/runstate.c:783
-
-#20 0x5f23333b4d7a in qemu_default_main ../system/main.c:37
-
-#21 0x7f9f97629d8f in __libc_start_call_main
-```
-
-../sysdeps/nptl/libc_start_call_main.h:58
-
-```
-#22 0x7f9f97629e3f in __libc_start_main_impl ../csu/libc-start.c:392
-
-#23 0x5f2331c8df64 in _start
-```
-
-(/home/joey/repo/qemu/build/qemu-system-x86_64+0x2ea8f64)
-
-0x62a000011200 is located 0 bytes to the right of 20480-byte region
-
-\\[0x62a00000c200,0x62a000011200)
-
-allocated by thread T0 here:
-
-```
-#0 0x7f9f990b4a57 in __interceptor_calloc
-```
-
-../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
-
-```
-#1 0x7f9f985cdc50 in g_malloc0
-```
-
-(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50)
-
-```
-#2 0xf0e808deae299ff  (<unknown module>)
-```
-
-SUMMARY: AddressSanitizer: heap-buffer-overflow
-
-../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
-
-in \\__interceptor_memcpy
-
-Shadow bytes around the buggy address:
-
-0x0c547fffa1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-
-0x0c547fffa200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-
-0x0c547fffa210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-
-0x0c547fffa220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-
-0x0c547fffa230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-
-=\\>0x0c547fffa240:\\[fa\\]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-
-0x0c547fffa250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-
-0x0c547fffa260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-
-0x0c547fffa270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-
-0x0c547fffa280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-
-0x0c547fffa290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-
-Shadow byte legend (one shadow byte represents 8 application bytes):
-
-Addressable: 00
-
-Partially addressable: 01 02 03 04 05 06 07
-
-Heap left redzone: fa
-
-Freed heap region: fd
-
-Stack left redzone: f1
-
-Stack mid redzone: f2
-
-Stack right redzone: f3
-
-Stack after return: f5
-
-Stack use after scope: f8
-
-Global redzone: f9
-
-Global init order: f6
-
-Poisoned by user: f7
-
-Container overflow: fc
-
-Array cookie: ac
-
-Intra object redzone: bb
-
-ASan internal: fe
-
-Left alloca redzone: ca
-
-Right alloca redzone: cb
-
-Shadow gap: cc
-
-==3619819==ABORTING
-
-And Here is a simple PoC:
-
-cat \\<\\< EOF \\\\
-
-qemu-system-x86_64 \\\\
-
-\\-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \\\\
-
-file=[null-co://,if=none,id=disk0](null-co://,if=none,id=disk0) -device ufs,id=ufs_bus -device \\\\
-
-ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
-
-outl 0xcf8 0x80000810
-
-outl 0xcfc 0xe0000000
-
-outl 0xcf8 0x80000804
-
-outw 0xcfc 0x06
-
-write 0xe0000058 0x1 0xa7
-
-write 0xa 0x1 0x50
-
-EOF"""
-reproduce = "n/a"
-additional = "n/a"