summary refs log tree commit diff stats
path: root/results/classifier/105/other/1915535
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/105/other/1915535')
-rw-r--r--results/classifier/105/other/191553596
1 files changed, 96 insertions, 0 deletions
diff --git a/results/classifier/105/other/1915535 b/results/classifier/105/other/1915535
new file mode 100644
index 000000000..ee79797c3
--- /dev/null
+++ b/results/classifier/105/other/1915535
@@ -0,0 +1,96 @@
+other: 0.892
+instruction: 0.830
+network: 0.804
+device: 0.803
+semantic: 0.787
+graphic: 0.784
+mistranslation: 0.770
+socket: 0.768
+vnc: 0.765
+boot: 0.764
+KVM: 0.755
+assembly: 0.749
+
+Assertion `child->perm & BLK_PERM_WRITE' failed in bdrv_co_write_req_prepare through atapi
+
+Maybe this is a duplicate of https://bugs.launchpad.net/qemu/+bug/1906693 ... 
+In any case, ATAPI is probably a lot more common than megasas, so this might be a more useful  reproducer
+
+==Reproducer==
+
+cat << EOF | ./qemu-system-i386 -display none \
+-m 512M -machine q35 -nodefaults \
+-drive file=null-co://,if=none,format=raw,id=disk0 \
+-device ide-cd,drive=disk0 -machine accel=qtest -qtest stdio
+outl 0xcf8 0x8000fa24
+outl 0xcfc 0xe0000000
+outl 0xcf8 0x8000fa04
+outw 0xcfc 0x06
+write 0xe0000398 0x1 0x01
+write 0x63 0x1 0x06
+write 0x68 0x1 0x06
+write 0x69 0x1 0xf8
+write 0x6a 0x1 0xff
+write 0xfff806 0x1 0x27
+write 0xfff807 0x1 0x80
+write 0xfff808 0x1 0x61
+write 0x1005734 0x1 0x3f
+write 0x1005774 0x1 0x20
+write 0x1005784 0x1 0x34
+write 0x10057a4 0x1 0x27
+write 0x10057b4 0x1 0x3f
+write 0x10057c3 0x1 0xce
+write 0x10057d4 0x1 0x1a
+write 0x10057e3 0x1 0xff
+write 0x10057e4 0x1 0x3f
+write 0x10057f4 0x1 0x38
+write 0x1005814 0x1 0x3e
+write 0x1005823 0x1 0x60
+write 0x1005824 0x1 0x2d
+write 0x1005833 0x1 0x74
+write 0x1005834 0x1 0x01
+write 0x1005863 0x1 0xff
+write 0x1005883 0x1 0x5a
+write 0x1005884 0x1 0x06
+write 0xe00003b8 0x1 0x08
+EOF
+
+
+==Stack Trace==
+i386: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x5a00)
+qemu-fuzz-i386-target-generic-fuzz-ahci-atapi: ../block/io.c:1982: int
+bdrv_co_write_req_prepare(BdrvChild *, int64_t, int64_t, BdrvTrackedRequest
+*, int): Assertion `child->perm & BLK_PERM_WRITE' failed.
+==279048== ERROR: libFuzzer: deadly signal
+#0 0x560c92718f50 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:33:3
+#1 0x560c926c2f98 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
+#2 0x560c926a7fd3 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
+#3 0x7ff7d707038f in libpthread.so.0
+#4 0x7ff7d66a8437 in raise
+#5 0x7ff7d66aa039 in abort
+#6 0x7ff7d66a0be6 in libc.so.6
+#7 0x7ff7d66a0c91 in __assert_fail
+#8 0x560c92f4fc79 in bdrv_co_write_req_prepare /src/qemu/block/io.c:1982:13
+#9 0x560c92f4c974 in bdrv_aligned_pwritev /src/qemu/block/io.c:2065:11
+#10 0x560c92f4b937 in bdrv_co_pwritev_part /src/qemu/block/io.c:2270:11
+#11 0x560c92f392e7 in blk_do_pwritev_part /src/qemu/block/block-backend.c:1260:11
+#12 0x560c92f39a55 in blk_aio_write_entry /src/qemu/block/block-backend.c:1476:17
+#13 0x560c930d19d5 in coroutine_trampoline /src/qemu/util/coroutine-ucontext.c:173:9
+#14 0x7ff7d66bd5df in libc.so.6
+
+OSS-Fuzz link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30857
+
+Not a duplicate of the other bug. Confirmed on development head beyond 6.0.
+
+Please migrate this bug to gitlab and assign me.
+
+--js
+
+
+This is an automated cleanup. This bug report has been moved to QEMU's
+new bug tracker on gitlab.com and thus gets marked as 'expired' now.
+Please continue with the discussion here:
+
+ https://gitlab.com/qemu-project/qemu/-/issues/342
+
+