summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_missing/host_missing/accel_missing/1692
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/1692')
-rw-r--r--gitlab/issues_text/target_missing/host_missing/accel_missing/1692102
1 files changed, 0 insertions, 102 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/1692 b/gitlab/issues_text/target_missing/host_missing/accel_missing/1692
deleted file mode 100644
index 6482baceb..000000000
--- a/gitlab/issues_text/target_missing/host_missing/accel_missing/1692
+++ /dev/null
@@ -1,102 +0,0 @@
-Got "Assertion `bus->irq_count[i] == 0` failed" when running fuzzing
-Description of problem:
-When running the fuzzer on ac97, it always stops with "Assertion `bus->irq_count[i] == 0` failed".
-Steps to reproduce:
-Run `./qemu-fuzz-x86_64 --fuzz-target=generic-fuzz-ac97`
-Additional information:
-The logs triggered by the crash report are:
-```
-==2330108==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
-[I 0.000000] OPENED
-INFO: libFuzzer ignores flags that start with '--'
-INFO: Running with entropic power schedule (0xFF, 100).
-INFO: Seed: 1879893091
-INFO: Loaded 1 modules   (358762 inline 8-bit counters): 358762 [0x55bec313a1a0, 0x55bec3191b0a), 
-INFO: Loaded 1 PC tables (358762 PCs): 358762 [0x55bec3191b10,0x55bec370b1b0), 
-./qemu-fuzz-x86_64: Running 1 inputs 1 time(s) each.
-Running: ./crash-55e7a160b7c66d5b41718e22c7620a29e9f568f1
-Starting x86_64 with Arguments: -display none -machine accel=qtest, -m 512M -machine q35 -nodefaults -device ac97,audiodev=snd0 -audiodev none,id=snd0 -nodefaults -qtest /dev/null
-Matching objects by name ac97*
-This process will try to fuzz the following MemoryRegions:
-  * bus master[0] (size 0xffffffffffffffff)
-  * ac97-nabm[0] (size 0x100)
-  * bus master container[0] (size 0xffffffffffffffff)
-  * ac97-nam[0] (size 0x400)
-[R +0.033680] outl 0xcf8 0x80000800
-[S +0.033714] [R +0.033729] inw 0xcfc
-[S +0.033750] [R +0.033766] outl 0xcf8 0x80000810
-[S +0.033781] [R +0.033792] outl 0xcfc 0xffffffff
-[S +0.033816] [R +0.033827] outl 0xcf8 0x80000810
-[S +0.033841] [R +0.033852] inl 0xcfc
-[S +0.033866] [R +0.033879] outl 0xcf8 0x80000810
-[S +0.033894] [R +0.033904] outl 0xcfc 0xc001
-[S +0.033920] [R +0.033935] outl 0xcf8 0x80000814
-[S +0.033952] [R +0.033967] outl 0xcfc 0xffffffff
-[S +0.033984] [R +0.033994] outl 0xcf8 0x80000814
-[S +0.034008] [R +0.034017] inl 0xcfc
-[S +0.034031] [R +0.034043] outl 0xcf8 0x80000814
-[S +0.034057] [R +0.034067] outl 0xcfc 0xc401
-[S +0.034085] [R +0.034096] outl 0xcf8 0x80000804
-[S +0.034110] [R +0.034120] inw 0xcfc
-[S +0.034133] [R +0.034145] outl 0xcf8 0x80000804
-[S +0.034159] [R +0.034170] outw 0xcfc 0x7 
-[S +0.035259] [R +0.035272] outl 0xcf8 0x80000804
-[S +0.035285] [R +0.035291] inw 0xcfc
-[S +0.035300] [I +0.035389] CLOSED
-x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] outl 0xcf8 0x80000805
-x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] outl 0xcfc 0x5050505
-x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] outw 0xc40b 0x6f0d
-[DMA] x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] write 0x0 0x8 0x2a256c5a2c008425
-x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] clock_step
-x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] outl 0xcf8 0x80000805
-x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] outl 0xcfc 0x8468920
-x86_64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed
-[R +0.000000] clock_step
-qemu-fuzz-x86_64: ../../../../hw/pci/pci.c:435: void pcibus_reset(BusState *): Assertion `bus->irq_count[i] == 0' failed.
-==2330108== ERROR: libFuzzer: deadly signal
-    #0 0x55bebf2624de in __sanitizer_print_stack_trace ../../llvm-project-15.0.0.src/compiler-rt/lib/asan/asan_stack.cpp:87:3
-    #1 0x55bebf1a4b31 in fuzzer::PrintStackTrace() ../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:38
-    #2 0x55bebf17f406 in fuzzer::Fuzzer::CrashCallback() (.part.0) ../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:18
-    #3 0x55bebf17f4cd in fuzzer::Fuzzer::CrashCallback() ../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:205:1
-    #4 0x55bebf17f4cd in fuzzer::Fuzzer::StaticCrashSignalCallback() ../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:204:19
-    #5 0x7fae9f8a441f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
-    #6 0x7fae9f69800a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
-    #7 0x7fae9f69800a in raise /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
-    #8 0x7fae9f677858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
-    #9 0x7fae9f677728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
-    #10 0x7fae9f688fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
-    #11 0x55bebfab33a7 in pcibus_reset ../hw/pci/pci.c:435:9
-    #12 0x55bec0c75ae3 in resettable_phase_hold ../hw/core/resettable.c
-    #13 0x55bec0c6e543 in device_reset_child_foreach ../hw/core/qdev.c:276:9
-    #14 0x55bec0c757c5 in resettable_phase_hold ../hw/core/resettable.c:173:5
-    #15 0x55bec0c5c421 in bus_reset_child_foreach ../hw/core/bus.c:97:13
-    #16 0x55bec0c757c5 in resettable_phase_hold ../hw/core/resettable.c:173:5
-    #17 0x55bec0c73729 in resettable_assert_reset ../hw/core/resettable.c:60:5
-    #18 0x55bec0c7336a in resettable_reset ../hw/core/resettable.c:45:5
-    #19 0x55bec0c7309a in qemu_devices_reset ../hw/core/reset.c:84:9
-    #20 0x55bec02d95bb in pc_machine_reset ../hw/i386/pc.c:1901:5
-    #21 0x55bebff4ede6 in qemu_system_reset ../softmmu/runstate.c:451:9
-    #22 0x55bec0c49684 in fuzz_reset ../tests/qtest/fuzz/fuzz.c:56:5
-    #23 0x55bec0c55641 in generic_fuzz ../tests/qtest/fuzz/generic_fuzz.c:676:5
-    #24 0x55bec0c4a0f7 in LLVMFuzzerTestOneInput ../tests/qtest/fuzz/fuzz.c:158:5
-    #25 0x55bebf17fc88 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) .. /../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:612:15
-    #26 0x55bebf1630a4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) ../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:21
-    #27 0x55bebf16fa8a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) ../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:19
-    #28 0x55bebf15a856 in main ../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:30
-    #29 0x7fae9f679082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
-    #30 0x55bebf15a8dd in _start (../qemu-fuzz-x86_64+0x1e938dd)
-
-NOTE: libFuzzer has rudimentary signal handlers.
-      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
-SUMMARY: libFuzzer: deadly signal
-
-```
-
-After some manual checks, I find out that the instruction `outl 0xcf8 0x80000805` and `outl 0xcfc 0x8468920` will set irq_count[5] to -1 while the pcibus_reset() doesn't set it back to 0 so it will fail the assertion.