diff options
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2548.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_missing/2548.toml | 416 |
1 files changed, 0 insertions, 416 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2548.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2548.toml deleted file mode 100644 index 33b435743..000000000 --- a/gitlab/issues/target_missing/host_missing/accel_missing/2548.toml +++ /dev/null @@ -1,416 +0,0 @@ -id = 2548 -title = "Assert failure in `usb_ep_get` : Assertion `pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT` failed." -state = "opened" -created_at = "2024-08-30T17:07:07.116Z" -closed_at = "n/a" -labels = ["Fuzzer", "Security", "USB"] -url = "https://gitlab.com/qemu-project/qemu/-/issues/2548" -host-os = "Ubuntu 23.04" -host-arch = "x86_64" -qemu-version = "commit at 6af69d02706c821797802cfd56acdac13a7c9422" -guest-os = "n/a" -guest-arch = "n/a" -description = """Assert failure in `usb_ep_get` : Assertion `pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT` failed. - -The TD PID needs to be either `USB_TOKEN_IN` or `USB_TOKEN_OUT` in `usb_ep_get`, but in the caller `uhci_handle_td` it may be `USB_TOKEN_SETUP`. - -An unprivileged guest user may be able to reach the assertion, I think this bug is quite akin to CVE-2024-3567 (https://gitlab.com/qemu-project/qemu/-/issues/2273) : - -Users are not directly able to craft URBs, however as a user, one might be able to find a kernel path that would send a TD with PID `USB_TOKEN_SETUP` to QEMU (which is called `USB_PID_SETUP` in Linux). -For instance in the Linux Kernel, `uhci_submit_control` in `drivers/usb/host/uhci-q.c:789` does link a `USB_PID_SETUP` TD to the URB.""" -reproduce = """Minimized reproducer: - -``` -cat << EOF | ./qemu/build2/qemu-system-x86_64 -machine q35 -nodefaults \\ --device \\ -ich9-usb-ehci1,bus=pcie.0,addr=1d.7,multifunction=on,id=ich9-ehci-1 \\ --device ich9-usb-uhci1,bus=pcie.0,addr=1d.0,multifunction=on,masterbus=i\\ -ch9-ehci-1.0,firstport=0 -device ich9-usb-uhci2,bus=pcie.0,addr=1d.1,mul\\ -tifunction=on,masterbus=ich9-ehci-1.0,firstport=2 -device ich9-usb-uhci3\\ -,bus=pcie.0,addr=1d.2,multifunction=on,masterbus=ich9-ehci-1.0,firstport\\ -=4 -drive if=none,id=usbcdrom,media=cdrom -device \\ -usb-tablet,bus=ich9-ehci-1.0,port=1,usb_version=1 -device \\ -usb-storage,bus=ich9-ehci-1.0,port=2,drive=usbcdrom -qtest stdio -outl 0xcf8 0x8000e900 -inw 0xcfc -outl 0xcf8 0x8000e920 -outl 0xcfc 0xffffffff -outl 0xcf8 0x8000e920 -inl 0xcfc -outl 0xcf8 0x8000e920 -outl 0xcfc 0xc001 -outl 0xcf8 0x8000e904 -inw 0xcfc -outl 0xcf8 0x8000e904 -outw 0xcfc 0x7 -outl 0xcf8 0x8000e904 -inw 0xcfc -outl 0xcf8 0x8000ef00 -inw 0xcfc -outl 0xcf8 0x8000ef10 -outl 0xcfc 0xffffffff -outl 0xcf8 0x8000ef10 -inl 0xcfc -outl 0xcf8 0x8000ef10 -outl 0xcfc 0xe0000000 -outl 0xcf8 0x8000ef04 -inw 0xcfc -outl 0xcf8 0x8000ef04 -outw 0xcfc 0x7 -outl 0xcf8 0x8000ef04 -inw 0xcfc -outl 0xcf8 0x8000ea00 -inw 0xcfc -outl 0xcf8 0x8000ea20 -outl 0xcfc 0xffffffff -outl 0xcf8 0x8000ea20 -inl 0xcfc -outl 0xcf8 0x8000ea20 -outl 0xcfc 0xc021 -outl 0xcf8 0x8000ea04 -inw 0xcfc -outl 0xcf8 0x8000ea04 -outw 0xcfc 0x7 -outl 0xcf8 0x8000ea04 -inw 0xcfc -outl 0xcf8 0x8000e800 -inw 0xcfc -outl 0xcf8 0x8000e820 -outl 0xcfc 0xffffffff -outl 0xcf8 0x8000e820 -inl 0xcfc -outl 0xcf8 0x8000e820 -outl 0xcfc 0xc041 -outl 0xcf8 0x8000e804 -inw 0xcfc -outl 0xcf8 0x8000e804 -outw 0xcfc 0x7 -outl 0xcf8 0x8000e804 -inw 0xcfc -outl 0xcf8 0x8000fa00 -inw 0xcfc -outl 0xcf8 0x8000fa20 -outl 0xcfc 0xffffffff -outl 0xcf8 0x8000fa20 -inl 0xcfc -outl 0xcf8 0x8000fa20 -outl 0xcfc 0xc061 -outl 0xcf8 0x8000fa24 -outl 0xcfc 0xffffffff -outl 0xcf8 0x8000fa24 -inl 0xcfc -outl 0xcf8 0x8000fa24 -outl 0xcfc 0xe0001000 -outl 0xcf8 0x8000fa04 -inw 0xcfc -outl 0xcf8 0x8000fa04 -outw 0xcfc 0x7 -outl 0xcf8 0x8000fa04 -inw 0xcfc -outl 0xcf8 0x8000ea20 -outl 0xcfc 0x625f69a0 -outb 0xc040 0x46 -outb 0xc040 0x69 -inb 0xc000 -outb 0xc040 0x46 -clock_step -outb 0xc040 0x69 -clock_step -write 0x0 0x4 0x64657669 -write 0x69766560 0x8 0x000000ff6c46f228 -write 0x69766568 0x8 0x2d323334319c6c65 -write 0xff000000 0x8 0x000000ff6c6f6766 -write 0xff000008 0x8 0x8d6c65652d736400 -outb 0xc040 0x69 -outl 0xcf8 0x8000ef76 -outw 0xcfc 0x6563 -outb 0xc040 0x46 -clock_step -outb 0xc040 0x69 -inb 0xc000 -clock_step -write 0x4 0x4 0x64657669 -write 0x69766560 0x8 0x000000ff6c46f228 -write 0x69766568 0x8 0x2d323334319c6c65 -write 0xff000000 0x8 0x000000ff6c6f6766 -write 0xff000008 0x8 0x8d6c65652d736400 -outb 0xc040 0x69 -outw 0xc003 0x6769 -outb 0xc040 0x69 -readq 0xe0000074 -outb 0xc040 0x46 -clock_step -outb 0xc040 0x69 -clock_step -write 0x8 0x4 0x00000100 -write 0x10000 0x10 0x000000ff6c46f2282d00363939333336 -write 0xff000000 0x8 0x6465766963656d69 -write 0xff000008 0x8 0x740d00699b652d63 -write 0x69766560 0x8 0x000000ff6c46f228 -write 0x69766568 0x8 0x2d323334319c6c65 -clock_step -write 0xc 0x4 0x000000ff -write 0xff000000 0x8 0x0000010000000069 -write 0xff000008 0x8 0x636c395f61707269 -write 0x10000 0x10 0x000000ff6c46f2282d00363939333336 -outw 0xc003 0x6f00 -outb 0xc040 0x69 -outl 0xc053 0x6378616d -clock_step -write 0x10 0x4 0x000000ff -write 0xff000000 0x8 0x6465766963656d69 -write 0xff000008 0x8 0x740d00699b652d63 -write 0x69766560 0x8 0x000000ff6c46f228 -write 0x69766568 0x8 0x2d323334319c6c65 -outb 0xc051 0x6d -outb 0xc04f 0x61 -outb 0xc040 0x69 -clock_step -write 0x14 0x4 0x000000ff -write 0xff000000 0x8 0x0000010000000069 -write 0xff000008 0x8 0x636c395f61707269 -write 0x10000 0x10 0x000000ff6c46f2282d00363939333336 -EOF -``` - -# Additional information -The crash report triggered by the reproducer is: - -``` -[R +0.033173] outl 0xcf8 0x8000e900 -[S +0.033189] [R +0.033195] inw 0xcfc -[S +0.033205] [R +0.033212] outl 0xcf8 0x8000e920 -[S +0.033218] [R +0.033222] outl 0xcfc 0xffffffff -[S +0.033231] [R +0.033235] outl 0xcf8 0x8000e920 -[S +0.033241] [R +0.033245] inl 0xcfc -[S +0.033250] [R +0.033255] outl 0xcf8 0x8000e920 -[S +0.033261] [R +0.033265] outl 0xcfc 0xc001 -[S +0.033271] [R +0.033275] outl 0xcf8 0x8000e904 -[S +0.033281] [R +0.033285] inw 0xcfc -[S +0.033290] [R +0.033295] outl 0xcf8 0x8000e904 -[S +0.033300] [R +0.033306] outw 0xcfc 0x7 -[S +0.033755] [R +0.033767] outl 0xcf8 0x8000e904 -[S +0.033774] [R +0.033779] inw 0xcfc -[S +0.033785] [R +0.033792] outl 0xcf8 0x8000ef00 -[S +0.033798] [R +0.033802] inw 0xcfc -[S +0.033808] [R +0.033813] outl 0xcf8 0x8000ef10 -[S +0.033818] [R +0.033840] outl 0xcfc 0xffffffff -[S +0.033848] [R +0.033853] outl 0xcf8 0x8000ef10 -[S +0.033859] [R +0.033864] inl 0xcfc -[S +0.033870] [R +0.033875] outl 0xcf8 0x8000ef10 -[S +0.033880] [R +0.033884] outl 0xcfc 0xe0000000 -[S +0.033891] [R +0.033895] outl 0xcf8 0x8000ef04 -[S +0.033901] [R +0.033904] inw 0xcfc -[S +0.033909] [R +0.033916] outl 0xcf8 0x8000ef04 -[S +0.033922] [R +0.033926] outw 0xcfc 0x7 -[S +0.034381] [R +0.034389] outl 0xcf8 0x8000ef04 -[S +0.034395] [R +0.034399] inw 0xcfc -[S +0.034405] [R +0.034412] outl 0xcf8 0x8000ea00 -[S +0.034417] [R +0.034421] inw 0xcfc -[S +0.034427] [R +0.034431] outl 0xcf8 0x8000ea20 -[S +0.034437] [R +0.034441] outl 0xcfc 0xffffffff -[S +0.034448] [R +0.034452] outl 0xcf8 0x8000ea20 -[S +0.034457] [R +0.034463] inl 0xcfc -[S +0.034469] [R +0.034474] outl 0xcf8 0x8000ea20 -[S +0.034480] [R +0.034484] outl 0xcfc 0xc021 -[S +0.034490] [R +0.034494] outl 0xcf8 0x8000ea04 -[S +0.034500] [R +0.034504] inw 0xcfc -[S +0.034509] [R +0.034515] outl 0xcf8 0x8000ea04 -[S +0.034521] [R +0.034525] outw 0xcfc 0x7 -[S +0.034948] [R +0.034955] outl 0xcf8 0x8000ea04 -[S +0.034961] [R +0.034965] inw 0xcfc -[S +0.034971] [R +0.034989] outl 0xcf8 0x8000e800 -[S +0.034996] [R +0.035000] inw 0xcfc -[S +0.035005] [R +0.035010] outl 0xcf8 0x8000e820 -[S +0.035016] [R +0.035020] outl 0xcfc 0xffffffff -[S +0.035027] [R +0.035033] outl 0xcf8 0x8000e820 -[S +0.035039] [R +0.035043] inl 0xcfc -[S +0.035048] [R +0.035053] outl 0xcf8 0x8000e820 -[S +0.035059] [R +0.035065] outl 0xcfc 0xc041 -[S +0.035071] [R +0.035075] outl 0xcf8 0x8000e804 -[S +0.035081] [R +0.035084] inw 0xcfc -[S +0.035089] [R +0.035094] outl 0xcf8 0x8000e804 -[S +0.035100] [R +0.035103] outw 0xcfc 0x7 -[S +0.035525] [R +0.035532] outl 0xcf8 0x8000e804 -[S +0.035538] [R +0.035542] inw 0xcfc -[S +0.035548] [R +0.035553] outl 0xcf8 0x8000fa00 -[S +0.035558] [R +0.035562] inw 0xcfc -[S +0.035567] [R +0.035572] outl 0xcf8 0x8000fa20 -[S +0.035578] [R +0.035581] outl 0xcfc 0xffffffff -[S +0.035589] [R +0.035594] outl 0xcf8 0x8000fa20 -[S +0.035600] [R +0.035604] inl 0xcfc -[S +0.035609] [R +0.035613] outl 0xcf8 0x8000fa20 -[S +0.035618] [R +0.035623] outl 0xcfc 0xc061 -[S +0.035629] [R +0.035633] outl 0xcf8 0x8000fa24 -[S +0.035638] [R +0.035642] outl 0xcfc 0xffffffff -[S +0.035648] [R +0.035652] outl 0xcf8 0x8000fa24 -[S +0.035658] [R +0.035664] inl 0xcfc -[S +0.035669] [R +0.035673] outl 0xcf8 0x8000fa24 -[S +0.035679] [R +0.035683] outl 0xcfc 0xe0001000 -[S +0.035689] [R +0.035696] outl 0xcf8 0x8000fa04 -[S +0.035702] [R +0.035706] inw 0xcfc -[S +0.035711] [R +0.035716] outl 0xcf8 0x8000fa04 -[S +0.035722] [R +0.035725] outw 0xcfc 0x7 -[S +0.036402] [R +0.036412] outl 0xcf8 0x8000fa04 -[S +0.036418] [R +0.036422] inw 0xcfc -[S +0.036434] [R +0.036442] outl 0xcf8 0x8000ea20 -[S +0.036448] [R +0.036463] outl 0xcfc 0x625f69a0 -[S +0.036906] [I +0.036981] CLOSED -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x46 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] inb 0xc000 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x46 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x0 0x4 0x64657669 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766560 0x8 0x000000ff6c46f228 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766568 0x8 0x2d323334319c6c65 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000000 0x8 0x000000ff6c6f6766 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000008 0x8 0x8d6c65652d736400 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outl 0xcf8 0x8000ef76 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outw 0xcfc 0x6563 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x46 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] inb 0xc000 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x4 0x4 0x64657669 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766560 0x8 0x000000ff6c46f228 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766568 0x8 0x2d323334319c6c65 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000000 0x8 0x000000ff6c6f6766 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000008 0x8 0x8d6c65652d736400 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outw 0xc003 0x6769 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] readq 0xe0000074 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x46 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x8 0x4 0x00000100 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x10000 0x10 0x000000ff6c46f2282d00363939333336 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000000 0x8 0x6465766963656d69 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000008 0x8 0x740d00699b652d63 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766560 0x8 0x000000ff6c46f228 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766568 0x8 0x2d323334319c6c65 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xc 0x4 0x000000ff -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000000 0x8 0x0000010000000069 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000008 0x8 0x636c395f61707269 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x10000 0x10 0x000000ff6c46f2282d00363939333336 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outw 0xc003 0x6f00 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outl 0xc053 0x6378616d -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x10 0x4 0x000000ff -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000000 0x8 0x6465766963656d69 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000008 0x8 0x740d00699b652d63 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766560 0x8 0x000000ff6c46f228 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x69766568 0x8 0x2d323334319c6c65 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc051 0x6d -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc04f 0x61 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] outb 0xc040 0x69 -x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] clock_step -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x14 0x4 0x000000ff -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000000 0x8 0x0000010000000069 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0xff000008 0x8 0x636c395f61707269 -[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed -[R +0.000000] write 0x10000 0x10 0x000000ff6c46f2282d00363939333336 -qemu-fuzz-x86_64: ../hw/usb/core.c:744: struct USBEndpoint *usb_ep_get(USBDevice *, int, int): Assertion `pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT' failed. -==892641== ERROR: libFuzzer: deadly signal - #0 0x557dd985fc41 in __sanitizer_print_stack_trace (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x20b2c41) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) - #1 0x557dd97cfa58 in fuzzer::PrintStackTrace() (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x2022a58) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) - #2 0x557dd97b5ae3 in fuzzer::Fuzzer::CrashCallback() (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x2008ae3) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) - #3 0x7fd7e623c45f (/lib/x86_64-linux-gnu/libc.so.6+0x3c45f) (BuildId: d320ce4e63925d698610ed423fc4b1f0e8ed51f1) - #4 0x7fd7e629152a in __pthread_kill_implementation nptl/pthread_kill.c:43:17 - #5 0x7fd7e629152a in __pthread_kill_internal nptl/pthread_kill.c:78:10 - #6 0x7fd7e629152a in pthread_kill nptl/pthread_kill.c:89:10 - #7 0x7fd7e623c3b5 in raise signal/../sysdeps/posix/raise.c:26:13 - #8 0x7fd7e622287b in abort stdlib/abort.c:79:7 - #9 0x7fd7e622279a in __assert_fail_base assert/assert.c:92:3 - #10 0x7fd7e6233b65 in __assert_fail assert/assert.c:101:3 - #11 0x557dda3b67c6 in usb_ep_get /home/hypervisor/qemu_fuzz/qemu/build2/../hw/usb/core.c:744:5 - #12 0x557dda3d8820 in uhci_handle_td /home/hypervisor/qemu_fuzz/qemu/build2/../hw/usb/hcd-uhci.c:819:14 - #13 0x557dda3d41ed in uhci_process_frame /home/hypervisor/qemu_fuzz/qemu/build2/../hw/usb/hcd-uhci.c:1022:15 - #14 0x557dda3cbf7e in uhci_frame_timer /home/hypervisor/qemu_fuzz/qemu/build2/../hw/usb/hcd-uhci.c:1121:9 - #15 0x557ddb90c0ff in timerlist_run_timers /home/hypervisor/qemu_fuzz/qemu/build2/../util/qemu-timer.c:576:9 - #16 0x557ddb90d3e8 in qemu_clock_run_timers /home/hypervisor/qemu_fuzz/qemu/build2/../util/qemu-timer.c:590:12 - #17 0x557ddb90d3e8 in qemu_clock_advance_virtual_time /home/hypervisor/qemu_fuzz/qemu/build2/../util/qemu-timer.c:696:9 - #18 0x557dda67fa2f in qtest_process_command /home/hypervisor/qemu_fuzz/qemu/build2/../system/qtest.c:722:9 - #19 0x557dda67b3bb in qtest_process_inbuf /home/hypervisor/qemu_fuzz/qemu/build2/../system/qtest.c:776:9 - #20 0x557dda67acf6 in qtest_server_inproc_recv /home/hypervisor/qemu_fuzz/qemu/build2/../system/qtest.c:907:9 - #21 0x557ddb5fa3e2 in qtest_sendf /home/hypervisor/qemu_fuzz/qemu/build2/../tests/qtest/libqtest.c:640:5 - #22 0x557ddb5fa4f4 in qtest_clock_step_next /home/hypervisor/qemu_fuzz/qemu/build2/../tests/qtest/libqtest.c:1009:5 - #23 0x557ddb67c2ef in generic_fuzz /home/hypervisor/qemu_fuzz/qemu/build2/../tests/qtest/fuzz/generic_fuzz.c:667:13 - #24 0x557ddb66e807 in LLVMFuzzerTestOneInput /home/hypervisor/qemu_fuzz/qemu/build2/../tests/qtest/fuzz/fuzz.c:158:5 - #25 0x557dd97b6f52 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x2009f52) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) - #26 0x557dd97a1080 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x1ff4080) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) - #27 0x557dd97a6d07 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x1ff9d07) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) - #28 0x557dd97d0292 in main (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x2023292) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) - #29 0x7fd7e6223a8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 - #30 0x7fd7e6223b48 in __libc_start_main csu/../csu/libc-start.c:360:3 - #31 0x557dd979b884 in _start (/home/hypervisor/qemu_fuzz/qemu/build2/qemu-fuzz-x86_64+0x1fee884) (BuildId: 1208fb4c12f2da2381e7763dabbbdabaf2db65e5) -```""" -additional = "n/a" |