summary refs log tree commit diff stats
path: root/results/classifier/105/other/1911216
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/105/other/1911216')
-rw-r--r--results/classifier/105/other/1911216101
1 files changed, 101 insertions, 0 deletions
diff --git a/results/classifier/105/other/1911216 b/results/classifier/105/other/1911216
new file mode 100644
index 000000000..19c6eb299
--- /dev/null
+++ b/results/classifier/105/other/1911216
@@ -0,0 +1,101 @@
+mistranslation: 0.956
+other: 0.954
+device: 0.944
+boot: 0.931
+assembly: 0.931
+semantic: 0.930
+graphic: 0.930
+instruction: 0.925
+socket: 0.919
+vnc: 0.916
+KVM: 0.913
+network: 0.905
+
+abort issue locates in hw/usb/hcd-ohci.c:1297:ohci_frame_boundary
+
+Hello,
+
+I found an assertion failure in hw/usb/hcd-ohci.c:1297
+
+This was found in latest version 5.2.0.
+
+my reproduced environment is as follows:
+    Host: ubuntu 18.04
+    Guest: ubuntu 18.04
+
+QEMU boot command line:
+qemu-system-x86_64 -enable-kvm -boot c -m 4G -drive format=qcow2,file=./ubuntu.img -nic user,hostfwd=tcp:0.0.0.0:5555-:22 -display none -device pci-ohci,id=ohci -device usb-tablet,bus=ohci.0,port=1,id=usbdev1
+
+
+backtrace is as follows 
+pwndbg> bt
+#0  0x00007fdf392aa438 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
+#1  0x00007fdf392ac03a in __GI_abort () at abort.c:89
+#2  0x000055c613721118 in ohci_frame_boundary (opaque=0x6270000191f0) at hw/usb/hcd-ohci.c:1297
+#3  0x000055c6140bdf0e in timerlist_run_timers (timer_list=0x60b00005bcc0) at util/qemu-timer.c:572
+#4  0x000055c6140be15a in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at util/qemu-timer.c:586
+#5  0x000055c6140beac7 in qemu_clock_run_all_timers () at util/qemu-timer.c:672
+#6  0x000055c6140a1938 in main_loop_wait (nonblocking=0) at util/main-loop.c:523
+#7  0x000055c6125d87e9 in qemu_main_loop () at /home/dell/qemu5-hypervisor/vm/fuzz-seedpool/hcd-ohci/qemu-5.1.0/softmmu/vl.c:1676
+#8  0x000055c613f216ea in main (argc=7, argv=0x7fff174cdd28, envp=0x7fff174cdd68) at /home/dell/qemu5-hypervisor/vm/fuzz-seedpool/hcd-ohci/qemu-5.1.0/softmmu/main.c:49
+#9  0x00007fdf39295840 in __libc_start_main (main=0x55c613f21699 <main>, argc=7, argv=0x7fff174cdd28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff174cdd18) at ../csu/libc-start.c:291
+#10 0x000055c6120a4349 in _start ()
+
+The poc is attached.
+
+
+
+Seems to be the same as OSS-Fuzz Issue 29224
+
+=== Reproducer ===
+cat << EOF | ./qemu-system-i386  -machine q35 \
+-machine accel=qtest, -m 512M -nodefaults \
+-device pci-ohci -display none -qtest stdio
+outl 0xcf8 0x80000801
+outl 0xcfc 0x16000000
+outl 0xcf8 0x80000813
+outl 0xcfc 0x23
+clock_step
+write 0x23000004 0x1 0x84
+clock_step
+write 0x0 0x1 0x7e
+write 0x1 0x1 0xaa
+write 0x3 0x1 0x16
+write 0x1600aa8a 0x1 0xa0
+write 0xa1 0x1 0x80
+write 0xa4 0x1 0x20
+clock_step
+EOF
+
+=== Stack Trace ===
+==6351==ERROR: AddressSanitizer: ABRT on unknown address 0x0539000018cf (pc 0x7f675c885438 bp 0x7fff157e6150 sp 0x7fff157e5e68 T0)
+#0 raise
+#1 abort
+#2 ohci_frame_boundary /src/qemu/hw/usb/hcd-ohci.c:1297:13
+#3 timerlist_run_timers /src/qemu/util/qemu-timer.c:574:9
+#4 qemu_clock_run_timers /src/qemu/util/qemu-timer.c:588:12
+#5 qtest_clock_warp /src/qemu/softmmu/qtest.c:356:9
+#6 qtest_process_command /src/qemu/softmmu/qtest.c:752:9
+#7 qtest_process_inbuf /src/qemu/softmmu/qtest.c:797:9
+#8 qtest_server_inproc_recv /src/qemu/softmmu/qtest.c:904:9
+#9 send_wrapper /src/qemu/tests/qtest/libqtest.c:1388:5
+#10 qtest_sendf /src/qemu/tests/qtest/libqtest.c:438:5
+#11 qtest_clock_step_next /src/qemu/tests/qtest/libqtest.c:910:5
+#12 op_clock_step /src/qemu/tests/qtest/fuzz/generic_fuzz.c:575:5
+#13 generic_fuzz /src/qemu/tests/qtest/fuzz/generic_fuzz.c:681:17
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29176
+
+
+Hi! Can you still reproduce this issue with QEMU v6.0 ? At least Alexander's reproducer does not seem to trigger this issue anymore...
+
+OSS-Fuzz still has a functioning reproducer. I'll copy this one over to gitlab
+
+I moved this report over to QEMU's new bug tracker on gitlab.com.
+Please continue with the discussion here:
+
+https://gitlab.com/qemu-project/qemu/-/issues/545
+
+Thanks for moving it over! ... let's close this one here on Launchpad now.
+
+