diff options
Diffstat (limited to '')
| -rw-r--r-- | results/classifier/108/other/141 | 16 | ||||
| -rw-r--r-- | results/classifier/108/other/1410 | 29 | ||||
| -rw-r--r-- | results/classifier/108/other/1410288 | 81 | ||||
| -rw-r--r-- | results/classifier/108/other/1411 | 470 | ||||
| -rw-r--r-- | results/classifier/108/other/1412 | 20 | ||||
| -rw-r--r-- | results/classifier/108/other/1412098 | 116 | ||||
| -rw-r--r-- | results/classifier/108/other/1414 | 35 | ||||
| -rw-r--r-- | results/classifier/108/other/1414222 | 107 | ||||
| -rw-r--r-- | results/classifier/108/other/1414293 | 26 | ||||
| -rw-r--r-- | results/classifier/108/other/1414466 | 201 | ||||
| -rw-r--r-- | results/classifier/108/other/1415 | 104 | ||||
| -rw-r--r-- | results/classifier/108/other/1416 | 20 | ||||
| -rw-r--r-- | results/classifier/108/other/1416246 | 70 | ||||
| -rw-r--r-- | results/classifier/108/other/1416988 | 50 | ||||
| -rw-r--r-- | results/classifier/108/other/1418 | 102 | ||||
| -rw-r--r-- | results/classifier/108/other/1419 | 107 |
16 files changed, 1554 insertions, 0 deletions
diff --git a/results/classifier/108/other/141 b/results/classifier/108/other/141 new file mode 100644 index 000000000..56967fabb --- /dev/null +++ b/results/classifier/108/other/141 @@ -0,0 +1,16 @@ +device: 0.688 +network: 0.535 +debug: 0.451 +socket: 0.384 +performance: 0.343 +semantic: 0.333 +graphic: 0.317 +boot: 0.260 +PID: 0.256 +permissions: 0.211 +files: 0.193 +vnc: 0.161 +other: 0.040 +KVM: 0.005 + +qemu-system-x86_64+gdb: unable to correctly disassemble "real mode" (i8086) instructions after attaching to QEMU started with "-S -s" options diff --git a/results/classifier/108/other/1410 b/results/classifier/108/other/1410 new file mode 100644 index 000000000..5f02a4735 --- /dev/null +++ b/results/classifier/108/other/1410 @@ -0,0 +1,29 @@ +graphic: 0.920 +boot: 0.843 +device: 0.740 +performance: 0.617 +PID: 0.458 +files: 0.410 +permissions: 0.380 +semantic: 0.377 +debug: 0.321 +socket: 0.264 +vnc: 0.165 +other: 0.120 +network: 0.036 +KVM: 0.016 + +system_powerdown only works once +Description of problem: +When the guest is configured to sleep on power button events, something in the ACPI states are not restored coming out of resume. The first call to `system_powerdown` succeeds, but the second after waking the system is rejected in `acpi_pm1_evt_power_down()` since `ar->pm1.evt.en` is zero coming out of the resume path. + +There is probably something deeper (or perhaps in seabios?) since removing the test in that handler doesn't cause a second sleep either. +Steps to reproduce: + +1. Boot a guest configured to sleep when it receives a power button event +2. `system_powerdown` from the monitor to tell it to sleep +3. `info status` to verify that it is suspended +4. Wake the guest, either with `system_wakeup` or moving the mouse or something +5. `system_powerdown` has no effect +Additional information: +This is using qemu-7.2.0 built from source with a Windows 10 guest and IGD GPU+audio passthrough. diff --git a/results/classifier/108/other/1410288 b/results/classifier/108/other/1410288 new file mode 100644 index 000000000..0647ed4e9 --- /dev/null +++ b/results/classifier/108/other/1410288 @@ -0,0 +1,81 @@ +socket: 0.886 +permissions: 0.874 +other: 0.872 +device: 0.849 +graphic: 0.830 +debug: 0.829 +PID: 0.821 +files: 0.807 +boot: 0.798 +semantic: 0.777 +network: 0.759 +performance: 0.721 +vnc: 0.623 +KVM: 0.534 + +qemu-img conversion to qcow2 hangs with blank image less than 100kiB + +If you try to convert a blank image to qcow2 that is less than 100kiB in size then qemu-img hangs trying to seek to the end of the file. + +$ truncate --size 102399 /tmp/temp +$ qemu-img convert -p -O qcow2 /tmp/temp /tmp/temp2.qcow2 + +I'm finding this on all versions of qemu-img v2. + +strace shows a seek loop. + +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 +ioctl(6, FS_IOC_FIEMAP, 0xb5e68dc4) = 0 +_llseek(6, 0, [100000], SEEK_END) = 0 + +ProblemType: Bug +DistroRelease: Ubuntu 14.04 +Package: qemu-utils 2.0.0+dfsg-2ubuntu1.10 +ProcVersionSignature: User Name 3.13.0-43.72-generic 3.13.11.11 +Uname: Linux 3.13.0-43-generic i686 +ApportVersion: 2.14.1-0ubuntu3.6 +Architecture: i386 +Date: Tue Jan 13 14:30:39 2015 +SourcePackage: qemu +UpgradeStatus: No upgrade log present (probably fresh install) + + + +Status changed to 'Confirmed' because the bug affects multiple users. + +Workaround is to 'fallocate'. Problem seems to be linked to files with sparse holes in them. + + + +verified this fails as described on vivid: +$ dpkg-query --show qemu-utils +qemu-utils 1:2.1+dfsg-11ubuntu1 + +and also on trusty. + +$ dpkg-query --show qemu-utils +qemu-utils 2.0.0+dfsg-2ubuntu1.10 + + +Does it also fail with the qemu from +https://launchpad.net/~ubuntu-virt/+archive/ubuntu/virt-daily-upstream ? +(This isn't quite git head, but it is qemu v2.2) + + +Went ahead and tested - it is in fact fixed in the v2.2 version. + +qemu is 2.5 in 16.04 and 2.6.1 in Zesty, so this is presumably Fix Released now. If incorrect, please explain and reopen. + diff --git a/results/classifier/108/other/1411 b/results/classifier/108/other/1411 new file mode 100644 index 000000000..7c11ef0cc --- /dev/null +++ b/results/classifier/108/other/1411 @@ -0,0 +1,470 @@ +other: 0.888 +permissions: 0.816 +debug: 0.813 +graphic: 0.804 +semantic: 0.771 +performance: 0.753 +PID: 0.747 +socket: 0.691 +files: 0.689 +network: 0.663 +vnc: 0.642 +device: 0.623 +KVM: 0.595 +boot: 0.582 + +QEMU 7.2.0 - Failed compilation under MacOS +Description of problem: +I downloaded and tried to build QEMU from git following the instructions from here: +https://www.qemu.org/download/ + +(I successfully installed QEMU with homebrew later, but I still want to figure out why my compilation failed.) +Steps to reproduce: +``` +git clone https://gitlab.com/qemu-project/qemu.git +cd qemu +git submodule init +git submodule update --recursive +./configure +make +``` +Additional information: +With `./configure` I got: + +``` +Using './build' as the directory for build output +Disabling PIE due to missing toolchain support +The Meson build system +Version: 0.61.5 +Source dir: /Users/xxx/qemu +Build dir: /Users/xxx/qemu/build +Build type: native build +Project name: qemu +Project version: 7.2.50 +C compiler for the host machine: cc (clang 14.0.0 "Apple clang version 14.0.0 (clang-1400.0.29.202)") +C linker for the host machine: cc ld64 820.1 +Host machine cpu family: aarch64 +Host machine cpu: arm64 +Program scripts/symlink-install-tree.py found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/scripts/symlink-install-tree.py) +Program sh found: YES (/bin/sh) +Program python3 found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10) +Program bzip2 found: YES (/usr/bin/bzip2) +Program iasl found: NO +Compiler for C supports link arguments -Wl,-z,relro: NO +Compiler for C supports link arguments -Wl,-z,now: NO +C++ compiler for the host machine: c++ (clang 14.0.0 "Apple clang version 14.0.0 (clang-1400.0.29.202)") +C++ linker for the host machine: c++ ld64 820.1 +Compiler for C++ supports link arguments -Wl,--warn-common: NO +Objective-C compiler for the host machine: clang (clang 14.0.0) +Objective-C linker for the host machine: clang ld64 820.1 +Program cgcc found: NO +Library m found: YES +Run-time dependency threads found: YES +Library util found: YES +Run-time dependency appleframeworks found: YES (CoreFoundation) +Run-time dependency appleframeworks found: YES (IOKit) +Run-time dependency appleframeworks found: YES (Hypervisor) +Found pkg-config: /opt/homebrew/bin/pkg-config (0.29.2) +Run-time dependency gio-2.0 found: YES 2.74.4 +Program /opt/homebrew/Cellar/glib/2.74.4/bin/gdbus-codegen found: YES (/opt/homebrew/Cellar/glib/2.74.4/bin/gdbus-codegen) +Run-time dependency gio-unix-2.0 found: YES 2.74.4 +Run-time dependency pixman-1 found: YES 0.42.2 +Run-time dependency zlib found: YES 1.2.11 +Has header "libaio.h" : NO +Run-time dependency liburing found: NO (tried pkgconfig) +Run-time dependency libnfs found: NO (tried pkgconfig) +Has header "attr/xattr.h" : NO +Run-time dependency appleframeworks found: YES (Cocoa, CoreVideo) +Run-time dependency appleframeworks found: YES (vmnet) +Header <vmnet/vmnet.h> has symbol "VMNET_BRIDGED_MODE" with dependency appleframeworks: YES +Run-time dependency libseccomp found: NO (tried pkgconfig) +Has header "cap-ng.h" : NO +Run-time dependency xkbcommon found: NO (tried pkgconfig) +Run-time dependency slirp found: NO (tried pkgconfig) +Has header "libvdeplug.h" : NO +Run-time dependency jack found: NO (tried pkgconfig) +Run-time dependency sndio found: NO (tried pkgconfig) +Run-time dependency spice-protocol found: NO (tried pkgconfig) +Run-time dependency spice-server found: NO (tried pkgconfig) +Library rt found: NO +Run-time dependency libiscsi found: NO (tried pkgconfig) +Run-time dependency libzstd found: NO (tried pkgconfig) +Run-time dependency virglrenderer found: NO (tried pkgconfig) +Run-time dependency blkio found: NO (tried pkgconfig) +Run-time dependency libcurl found: YES 7.84.0 +Run-time dependency ncursesw found: YES 5.7.20081102 +Has header "brlapi.h" : NO +sdl2-config found: NO +Run-time dependency sdl2 found: NO (tried pkgconfig, config-tool and framework) +Library rados found: NO +Has header "rbd/librbd.h" : NO +Run-time dependency glusterfs-api found: NO (tried pkgconfig) +Run-time dependency libssh found: NO (tried pkgconfig) +Has header "bzlib.h" : YES +Library bz2 found: YES +Has header "lzfse.h" : NO +Has header "sys/soundcard.h" : NO +Run-time dependency appleframeworks found: YES (CoreAudio) +Run-time dependency epoxy found: NO (tried pkgconfig) +Has header "epoxy/egl.h" with dependency epoxy: NO +Run-time dependency gnutls found: NO (tried pkgconfig) +Run-time dependency gnutls found: NO (tried pkgconfig) +libgcrypt-config found: NO need ['>=1.8'] +Run-time dependency libgcrypt found: NO (tried config-tool) +Run-time dependency nettle found: NO (tried pkgconfig) +Run-time dependency gmp found: NO (tried pkgconfig) +Run-time dependency gtk+-3.0 found: NO (tried pkgconfig) +Run-time dependency libpng found: NO (tried pkgconfig) +Run-time dependency libjpeg found: NO (tried pkgconfig) +Has header "sasl/sasl.h" : YES +Library sasl2 found: YES +Has header "security/pam_appl.h" : YES +Library pam found: YES +Has header "snappy-c.h" : NO +Has header "lzo/lzo1x.h" : NO +Has header "numa.h" : NO +Library ibumad found: NO +Has header "rdma/rdma_cma.h" : NO +Library ibverbs found: NO +Run-time dependency xencontrol found: NO (tried pkgconfig) +Library xenstore found: NO +Library xenctrl found: NO +Library xendevicemodel found: NO +Library xenforeignmemory found: NO +Library xengnttab found: NO +Library xenevtchn found: NO +Library xentoolcore found: NO +Run-time dependency libcacard found: NO (tried pkgconfig) +Run-time dependency u2f-emu found: NO (tried pkgconfig) +Run-time dependency canokey-qemu found: NO (tried pkgconfig) +Run-time dependency libusbredirparser-0.5 found: NO (tried pkgconfig) +Run-time dependency libusb-1.0 found: NO (tried pkgconfig) +Run-time dependency libpmem found: NO (tried pkgconfig) +Run-time dependency libdaxctl found: NO (tried pkgconfig) +Run-time dependency libkeyutils found: NO (tried pkgconfig) +Checking for function "gettid" : NO +Run-time dependency libselinux found: NO (tried pkgconfig) +Run-time dependency fuse3 found: NO (tried pkgconfig) +Run-time dependency libbpf found: NO (tried pkgconfig) +Has header "IOKit/storage/IOMedia.h" : YES +Checking for function "pthread_fchdir_np" : YES +Has header "sys/epoll.h" : NO +Has header "linux/magic.h" : NO +Has header "valgrind/valgrind.h" : NO +Has header "linux/btrfs.h" : NO +Has header "libdrm/drm.h" : NO +Has header "pty.h" : NO +Has header "sys/disk.h" : YES +Has header "sys/ioccom.h" : YES +Has header "sys/kcov.h" : NO +Checking for function "close_range" : NO +Checking for function "accept4" : NO +Checking for function "clock_adjtime" : NO +Checking for function "dup3" : NO +Checking for function "fallocate" : NO +Checking for function "posix_fallocate" : NO +Checking for function "posix_memalign" : YES +Checking for function "_aligned_malloc" : NO +Checking for function "valloc" : YES +Checking for function "memalign" : NO +Checking for function "ppoll" : NO +Checking for function "preadv" : YES +Checking for function "pthread_fchdir_np" : YES (cached) +Checking for function "sendfile" : YES +Checking for function "setns" : NO +Checking for function "syncfs" : NO +Checking for function "sync_file_range" : NO +Checking for function "timerfd_create" : NO +Checking for function "copy_file_range" : NO +Checking for function "getifaddrs" : YES +Checking for function "openpty" with dependency -lutil: YES +Checking for function "strchrnul" : NO +Checking for function "system" : YES +Header <byteswap.h> has symbol "bswap_32" : NO +Header <sys/epoll.h> has symbol "epoll_create1" : NO +Header <linux/falloc.h> has symbol "FALLOC_FL_PUNCH_HOLE" : NO +Header <linux/falloc.h> has symbol "FALLOC_FL_ZERO_RANGE" : NO +Has header "linux/fiemap.h" : NO +Checking for function "getrandom" : NO +Header <sys/inotify.h> has symbol "inotify_init" : NO +Header <sys/inotify.h> has symbol "inotify_init1" : NO +Header <machine/bswap.h> has symbol "bswap32" : NO +Header <sys/prctl.h> has symbol "PR_SET_TIMERSLACK" : NO +Header <linux/rtnetlink.h> has symbol "IFLA_PROTO_DOWN" : NO +Header <sys/sysmacros.h> has symbol "makedev" : NO +Header <getopt.h> has symbol "optreset" : YES +Header <netinet/in.h> has symbol "IPPROTO_MPTCP" : NO +Header <sys/mount.h> has symbol "FSCONFIG_SET_FLAG" : NO +Checking whether type "struct sigevent" has member "sigev_notify_thread_id" : NO +Checking whether type "struct stat" has member "st_atim" : NO +Checking for type "struct iovec" : YES +Checking for type "struct utmpx" : YES +Checking for type "struct mmsghdr" : NO +Header <linux/vm_sockets.h> has symbol "AF_VSOCK" : NO +Program scripts/minikconf.py found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/scripts/minikconf.py) +Configuring x86_64-softmmu-config-target.h using configuration +Configuring x86_64-softmmu-config-devices.mak with command +Reading depfile: /Users/xxx/qemu/build/meson-private/x86_64-softmmu-config-devices.mak.d +Configuring x86_64-softmmu-config-devices.h using configuration +Program scripts/make-config-poison.sh found: YES (/Users/xxx/qemu/scripts/make-config-poison.sh) +Run-time dependency capstone found: NO (tried pkgconfig) +Library fdt found: NO +Configuring config-host.h using configuration +Program scripts/hxtool found: YES (/Users/xxx/qemu/scripts/hxtool) +Program scripts/shaderinclude.pl found: YES (/usr/bin/env perl /Users/xxx/qemu/scripts/shaderinclude.pl) +Program scripts/qapi-gen.py found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/scripts/qapi-gen.py) +Program scripts/qemu-version.sh found: YES (/Users/xxx/qemu/scripts/qemu-version.sh) +Program scripts/decodetree.py found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/scripts/decodetree.py) +Program ../scripts/modules/module_block.py found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/block/../scripts/modules/module_block.py) +Program ../scripts/block-coroutine-wrapper.py found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/block/../scripts/block-coroutine-wrapper.py) +Configuring qemu-plugins-ld64.symbols with command +Program scripts/modinfo-collect.py found: YES (/Users/xxx/qemu/scripts/modinfo-collect.py) +Program scripts/modinfo-generate.py found: YES (/Users/xxx/qemu/scripts/modinfo-generate.py) +Program nm found: YES +Program scripts/undefsym.py found: YES (/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/scripts/undefsym.py) +Program scripts/feature_to_c.sh found: YES (/bin/sh /Users/xxx/qemu/scripts/feature_to_c.sh) +Program scripts/entitlement.sh found: YES (/Users/xxx/qemu/scripts/entitlement.sh) +Configuring 50-edk2-i386-secure.json using configuration +Configuring 50-edk2-x86_64-secure.json using configuration +Configuring 60-edk2-aarch64.json using configuration +Configuring 60-edk2-arm.json using configuration +Configuring 60-edk2-i386.json using configuration +Configuring 60-edk2-x86_64.json using configuration +Program qemu-keymap found: NO +Program sphinx-build-3 sphinx-build found: NO +Program bash found: NO found 3.2.57 but need: '>= 4.0' (/bin/bash) +Message: bash >= v4.0 not available ==> Disabled the qemu-iotests. +Program diff found: YES (/usr/bin/diff) +Program dbus-daemon found: NO +Did not find CMake 'cmake' +Found CMake: NO +Run-time dependency gvnc-1.0 found: NO (tried pkgconfig, framework and cmake) +Program initrd-stress.sh found: YES (/Users/xxx/qemu/tests/migration/initrd-stress.sh) +Build targets in project: 499 + +qemu 7.2.50 + + Directories + Install prefix : /usr/local + BIOS directory : share/qemu + firmware path : share/qemu-firmware + binary directory : /usr/local/bin + library directory : /usr/local/lib + module directory : lib/qemu + libexec directory : /usr/local/libexec + include directory : /usr/local/include + config directory : /usr/local/etc + local state directory : /var/local + Manual directory : /usr/local/share/man + Doc directory : /usr/local/share/doc + Build directory : /Users/xxx/qemu/build + Source path : /Users/xxx/qemu + GIT submodules : ui/keycodemapdb meson tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc + + Host binaries + git : git + make : make + python : /opt/homebrew/opt/python@3.10/bin/python3.10 (version: 3.10) + sphinx-build : NO + iasl : NO + genisoimage : + + Configurable features + Documentation : NO + system-mode emulation : YES + user-mode emulation : NO + block layer : YES + Install blobs : YES + module support : NO + fuzzing support : NO + Audio drivers : coreaudio + Trace backends : log + D-Bus display : NO + QOM debugging : NO + vhost-kernel support : NO + vhost-net support : NO + vhost-user support : NO + vhost-user-crypto support : NO + vhost-user-blk server support: NO + vhost-vdpa support : NO + build guest agent : NO + + Compilation + host CPU : aarch64 + host endianness : little + C compiler : cc + Host C compiler : cc + C++ compiler : c++ + Objective-C compiler : clang + CFLAGS : -O2 -g + CXXFLAGS : -O2 -g + OBJCFLAGS : -O2 -g + QEMU_CFLAGS : -DOS_OBJECT_USE_OBJC=0 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition -Wno-tautological-type-limit-compare -Wno-psabi -Wno-gnu-variable-sized-type-not-at-end -fstack-protector-strong + QEMU_CXXFLAGS : -DOS_OBJECT_USE_OBJC=0 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wundef -Wwrite-strings -fno-strict-aliasing -fno-common -fwrapv -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition -Wno-tautological-type-limit-compare -Wno-psabi -Wno-gnu-variable-sized-type-not-at-end -fstack-protector-strong + QEMU_OBJCFLAGS : -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition -Wno-tautological-type-limit-compare -Wno-psabi -Wno-gnu-variable-sized-type-not-at-end + QEMU_LDFLAGS : -fstack-protector-strong + profiler : NO + link-time optimization (LTO) : NO + PIE : NO + static build : NO + malloc trim support : NO + membarrier : NO + debug stack usage : NO + mutex debugging : NO + memory allocator : system + avx2 optimization : NO + avx512f optimization : NO + gprof enabled : NO + gcov : NO + thread sanitizer : NO + CFI support : NO + strip binaries : NO + sparse : NO + mingw32 support : NO + + Targets and accelerators + KVM support : NO + HAX support : NO + HVF support : NO + WHPX support : NO + NVMM support : NO + Xen support : NO + TCG support : YES + TCG backend : native (aarch64) + TCG plugins : YES + TCG debug enabled : NO + target list : x86_64-softmmu + default devices : YES + out of process emulation : NO + vfio-user server : NO + + Block layer support + coroutine backend : sigaltstack + coroutine pool : YES + Block whitelist (rw) : + Block whitelist (ro) : + Use block whitelist in tools : NO + VirtFS support : YES + build virtiofs daemon : NO + Live block migration : YES + replication support : YES + bochs support : YES + cloop support : YES + dmg support : YES + qcow v1 support : YES + vdi support : YES + vvfat support : YES + qed support : YES + parallels support : YES + FUSE exports : NO + VDUSE block exports : NO + + Crypto + TLS priority : NORMAL + GNUTLS support : NO + libgcrypt : NO + nettle : NO + AF_ALG support : NO + rng-none : NO + Linux keyring : NO + + Dependencies + Cocoa support : YES + vmnet.framework support : YES + SDL support : NO + SDL image support : NO + GTK support : NO + pixman : YES 0.42.2 + VTE support : NO + slirp support : NO + libtasn1 : NO + PAM : YES + iconv support : YES + curses support : YES + virgl support : NO + blkio support : NO + curl support : YES 7.84.0 + Multipath support : NO + PNG support : NO + VNC support : YES + VNC SASL support : YES + VNC JPEG support : NO + CoreAudio support : YES + JACK support : NO + brlapi support : NO + vde support : NO + netmap support : NO + l2tpv3 support : NO + Linux AIO support : NO + Linux io_uring support : NO + ATTR/XATTR support : NO + RDMA support : NO + PVRDMA support : NO + fdt support : internal + libcap-ng support : NO + bpf support : NO + spice protocol support : NO + rbd support : NO + smartcard support : NO + U2F support : NO + libusb : NO + usb net redir : NO + OpenGL support (epoxy) : NO + GBM : NO + libiscsi support : NO + libnfs support : NO + seccomp support : NO + GlusterFS support : NO + TPM support : YES + libssh support : NO + lzo support : NO + snappy support : NO + bzip2 support : YES + lzfse support : NO + zstd support : NO + NUMA host support : NO + capstone : NO + libpmem support : NO + libdaxctl support : NO + libudev : NO + FUSE lseek : NO + selinux : NO + + User defined options + Native files : config-meson.cross + prefix : /usr/local + b_pie : false + vfio_user_server : disabled + +Found ninja-1.11.1 at /opt/homebrew/bin/ninja +Running postconf script '/opt/homebrew/opt/python@3.10/bin/python3.10 /Users/xxx/qemu/scripts/symlink-install-tree.py' +``` + + +With `make` I got: + +``` +changing dir to build for /Library/Developer/CommandLineTools/usr/bin/make ""... + GIT ui/keycodemapdb meson tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc +[1/75] Generating qemu-version.h with a custom command (wrapped by meson to capture output) +changing dir to build for /Library/Developer/CommandLineTools/usr/bin/make ""... + GIT ui/keycodemapdb meson tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc +[1/75] Generating qemu-version.h with a custom command (wrapped by meson to capture output) +changing dir to build for /Library/Developer/CommandLineTools/usr/bin/make ""... +/opt/homebrew/bin/ninja build.ninja && touch build.ninja.stamp +ninja: no work to do. +/opt/homebrew/bin/python3 -B /Users/xxx/qemu/meson/meson.py introspect --targets --tests --benchmarks | /opt/homebrew/bin/python3 -B scripts/mtest2make.py > Makefile.mtest + GIT ui/keycodemapdb meson tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc + GIT ui/keycodemapdb meson tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc +[1/2455] Generating config-poison.h with a custom command (wrapped by meson to capture output) +[2/2455] Compiling C object libfdt.a.p/dtc_libfdt_fdt.c.o +[3/2455] Compiling C object libfdt.a.p/dtc_libfdt_fdt_ro.c.o +[4/2455] Compiling C object libfdt.a.p/dtc_libfdt_fdt_wip.c.o +[5/2455] Compiling C object libfdt.a.p/dtc_libfdt_fdt_sw.c.o +... (no error) +[2455/2455] Linking target tests/qtest/readconfig-test +changing dir to build for /Library/Developer/CommandLineTools/usr/bin/make ""... + GIT ui/keycodemapdb meson tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc +[1/48] Generating qemu-version.h with a custom command (wrapped by meson to capture output) +[2/34] Generating tests/include/QAPI test (include) with a custom command +``` diff --git a/results/classifier/108/other/1412 b/results/classifier/108/other/1412 new file mode 100644 index 000000000..47a0ab491 --- /dev/null +++ b/results/classifier/108/other/1412 @@ -0,0 +1,20 @@ +device: 0.794 +graphic: 0.745 +network: 0.666 +vnc: 0.606 +socket: 0.527 +debug: 0.448 +PID: 0.420 +semantic: 0.404 +other: 0.306 +boot: 0.260 +performance: 0.224 +permissions: 0.218 +files: 0.139 +KVM: 0.057 + +QEMU segfault (null pointer dereference) in sve_probe_page from ldff1* instructions +Description of problem: +After upgrading to QEMU v7.2.0 from v7.1.0, when executing any SVE ldff1* instructions with a faulting address, QEMU crashes due to a null pointer dereference at target/arm/sve_helper.c:5364 + +I believe this was introduced in b8967ddf393aaf35fdbc07b4cb538a40f8b6fe37 (@rth7680), since in that commit `full` is dereferenced before the `flags & TLB_INVALID_MASK` check at line 5369, and full is set to null by `probe_access_full` when `TLB_INVALID_MASK` is given. diff --git a/results/classifier/108/other/1412098 b/results/classifier/108/other/1412098 new file mode 100644 index 000000000..f5b24c576 --- /dev/null +++ b/results/classifier/108/other/1412098 @@ -0,0 +1,116 @@ +graphic: 0.878 +KVM: 0.854 +other: 0.845 +permissions: 0.838 +device: 0.835 +performance: 0.820 +socket: 0.818 +debug: 0.806 +semantic: 0.792 +network: 0.792 +vnc: 0.776 +PID: 0.749 +files: 0.748 +boot: 0.745 + +qemu crashes when ctrl-alt-u is pressed + +Qemu version: 2.2.0 release, compiled from source +Host OS: Windows 7 Ultimate x64 +Guest OS: not applicable, crash occurs even without OS and occurs with all OSs +Executable: qemu-system-i386.exe or qemu-system-i386w.exe + +To reproduce: +Start qemu-system-i386 or qemu-system-i386w without any options. Press CTRL-ALT-U, which is supposed to rescale the window. Instead, qemu just crashes. + +Compilation: +Qemu 2.2.0 release compiled from sources under MinGW on the host. +Configure options used: +'../qemu-2.2.0/configure' '--python=C:/Python27/python' '--prefix=/mingw/build/qemu-2.2.0-bin' '--target-list=i386-softmmu' + + + +I did a git bisect, and the offending commit appears to be this one: + +author Gerd Hoffmann <email address hidden> +Wed, 18 Jun 2014 09:03:15 +0000 (11:03 +0200) +committer Gerd Hoffmann <email address hidden> +Fri, 5 Sep 2014 11:27:11 +0000 (13:27 +0200) +commit 30f1e661b640de58ba1e8178f7f2290179a7e01c +tree dc373a0d374386bc793e67a9e185dbc5ecdfc8f1 tree | snapshot +parent 56bd9ea1a37395012adecca8b9c4762da15b01e7 commit | diff +console: stop using PixelFormat + +With this patch the qemu console core stops using PixelFormat and pixman +format codes side-by-side, pixman format code is the primary way to +specify the DisplaySurface format: + + * DisplaySurface stops carrying a PixelFormat field. + * qemu_create_displaysurface_from() expects a pixman format now. + +Functions to convert PixelFormat to pixman_format_code_t (and back) +exist for those who still use PixelFormat. As PixelFormat allows +easy access to masks and shifts it will probably continue to exist. + +[ xenfb added by Benjamin Herrenschmidt ] + +Signed-off-by: Gerd Hoffmann <email address hidden> + +A build from the current master attached in gdb reveals + +Program received signal SIGSEGV, Segmentation fault. +sdl_switch (dcl=0x7f4db26e4b20, new_surface=new_surface@entry=0x0) at ui/sdl.c:128 +128 PixelFormat pf = qemu_pixelformat_from_pixman(new_surface->format); +(gdb) bt +#0 sdl_switch (dcl=0x7f4db26e4b20, new_surface=new_surface@entry=0x0) at ui/sdl.c:128 +#1 0x00007f4dafdff9c4 in handle_keydown (ev=0x7fff1598ef60) at ui/sdl.c:552 +#2 sdl_refresh (dcl=0x7f4db26e4b20) at ui/sdl.c:799 +#3 0x00007f4dafdf33b2 in dpy_refresh (s=0x7f4db2792b40) at ui/console.c:1473 +#4 gui_update (opaque=0x7f4db2792b40) at ui/console.c:196 +#5 0x00007f4dafe30179 in timerlist_run_timers (timer_list=0x7f4db1dd4900) at qemu-timer.c:502 +#6 0x00007f4dafe30414 in qemu_clock_run_timers (type=<optimized out>) at qemu-timer.c:513 +#7 qemu_clock_run_all_timers () at qemu-timer.c:621 +#8 0x00007f4dafe2ebac in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:500 +#9 0x00007f4dafb8fe66 in main_loop () at vl.c:1794 +#10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4353 +(gdb) p new_surface +$1 = (DisplaySurface *) 0x0 + + + +Actually in any version this can never work, as you call + + sdl_switch(dcl,NULL); + +in ui/sdl.c:552. So the dereferncing statement + + new_surface->format + +must SEGFAULT. + +The obvious patch is very simple, of course, as just the statement below line 128 asks if(new_surface). So pf should be initialized after this check: + +diff --git a/ui/sdl.c b/ui/sdl.c +index 138ca73..c4fa1f6 100644 +--- a/ui/sdl.c ++++ b/ui/sdl.c +@@ -125,12 +125,13 @@ static void do_sdl_resize(int width, int height, int bpp) + static void sdl_switch(DisplayChangeListener *dcl, + DisplaySurface *new_surface) + { +- PixelFormat pf = qemu_pixelformat_from_pixman(new_surface->format); ++ PixelFormat pf; + + /* temporary hack: allows to call sdl_switch to handle scaling changes */ + if (new_surface) { + surface = new_surface; + } ++ pf = qemu_pixelformat_from_pixman(surface->format); + + if (!scaling_active) { + do_sdl_resize(surface_width(surface), surface_height(surface), 0); + + + +Ingo Krabbe's suggested change fixes the issue for me. + diff --git a/results/classifier/108/other/1414 b/results/classifier/108/other/1414 new file mode 100644 index 000000000..16dbc6de2 --- /dev/null +++ b/results/classifier/108/other/1414 @@ -0,0 +1,35 @@ +files: 0.745 +device: 0.716 +graphic: 0.703 +PID: 0.647 +semantic: 0.637 +vnc: 0.575 +network: 0.562 +other: 0.555 +permissions: 0.551 +performance: 0.529 +socket: 0.493 +debug: 0.485 +boot: 0.429 +KVM: 0.327 + +Configure script fix for glib version +Description of problem: +Script "configure" uses "pkg-config" directly, at line 2420: https://gitlab.com/qemu-project/qemu/-/blob/f9f0e6173e1d570847930abfe2b4560c7b6a964a/configure#L2420 + +Because of it, GLIB_VERSION in "config-host.mak" can be taken from host system, under some circumstances (if PKG_CONFIG_PATH is not defined). + +In case of cross-compilation, "**$pkg_config**" should be used instead of "pkg-config", to use pkg-config from cross-compilation toolchain and to take GLIB_VERSION of cross-compiled glib (as it is **correctly used at line 1476**: https://gitlab.com/qemu-project/qemu/-/blob/f9f0e6173e1d570847930abfe2b4560c7b6a964a/configure#L1476 ). +Steps to reproduce: +1. Do not define PKG_CONFIG_PATH environment variable, use PKG_CONFIG variable instead. +2. Try to ./configure with cross-compiled glib. +3. GLIB_VERSION in config-host.mak will be from host glib. +Additional information: +Change lihe 2420:<br> +https://gitlab.com/qemu-project/qemu/-/blob/f9f0e6173e1d570847930abfe2b4560c7b6a964a/configure#L2420 +<br> +echo "GLIB_VERSION=$(**pkg-config** --modversion glib-2.0)" >> $config_host_mak +<br>to:<br> +echo "GLIB_VERSION=$(**\$pkg_config** --modversion glib-2.0)" >> $config_host_mak + +P.s. Sorry for posting the patch here, GitLab requires signing with a key to push the commit, it's too complicated to post 2-bytes fix. diff --git a/results/classifier/108/other/1414222 b/results/classifier/108/other/1414222 new file mode 100644 index 000000000..89a4162c9 --- /dev/null +++ b/results/classifier/108/other/1414222 @@ -0,0 +1,107 @@ +other: 0.933 +debug: 0.920 +graphic: 0.919 +permissions: 0.917 +device: 0.913 +PID: 0.910 +vnc: 0.909 +performance: 0.906 +semantic: 0.904 +socket: 0.902 +files: 0.900 +network: 0.900 +KVM: 0.896 +boot: 0.873 + +qemu-system-i386: -vnc localhost:0,to=99,id=default: Invalid parameter 'to' + +git-bisect pints to: + +4db14629c38611061fc19ec6927405923de84f08 is the first bad commit +commit 4db14629c38611061fc19ec6927405923de84f08 +Author: Gerd Hoffmann <email address hidden> +Date: Tue Sep 16 12:33:03 2014 +0200 + + vnc: switch to QemuOpts, allow multiple servers + + This patch switches vnc over to QemuOpts, and it (more or less + as side effect) allows multiple vnc server instances. + + Signed-off-by: Gerd Hoffmann <email address hidden> + +:040000 040000 70020c79b463eaff4b91c8c7f985240d1d1914f0 354a3a125e7b82a1699ce4e0cfc5055662bd3466 M include +:100644 100644 0b4f131936052ed6062ba4b2b9434da0c2cce959 963305c26917a930f37d916df66b319d6558d281 M qmp.c +:040000 040000 e7933d52124ae48100893eed8e14cbe46f80b936 30fa5966f5c8362d6db6730a7091bbde7780d4d8 M ui +:100644 100644 9fb32c13df1c14daf8304184c6503d16bff7afce 983259bc9f7064b446da358a316a31a31731a223 M vl.c + +-vnc 127.0.0.1:0,to=99 is used by Xen + +On 01/29/15 07:52, <email address hidden> wrote: +> From: Gonglei <email address hidden> +> +> Reproducer: +> $ x86_64-softmmu/qemu-system-x86_64 +> qemu-system-x86_64: Invalid parameter 'to' +> Segmentation fault (core dumped) +> + +This looks to be a fix for + +Subject: [Qemu-devel] [Bug 1414222] [NEW] qemu-system-i386: -vnc + + -Don Slutz + + +> Patch 1~2 is bugfix, patch 3 is trivial. +> +> Gonglei (3): +> vnc: fix qemu crash when not configure vnc option +> vnc: correct missing property about vnc_display +> vnc: using bool type instead of int for QEMU_OPT_BOOL +> +> ui/vnc.c | 45 +++++++++++++++++++++++++++++++++++++-------- +> 1 file changed, 37 insertions(+), 8 deletions(-) +> + + + +On 2015/1/30 0:10, Don Slutz wrote: + +> On 01/29/15 07:52, <email address hidden> wrote: +>> From: Gonglei <email address hidden> +>> +>> Reproducer: +>> $ x86_64-softmmu/qemu-system-x86_64 +>> qemu-system-x86_64: Invalid parameter 'to' +>> Segmentation fault (core dumped) +>> +> +> This looks to be a fix for +> +> Subject: [Qemu-devel] [Bug 1414222] [NEW] qemu-system-i386: -vnc +> + +Oh, yes. Thanks for your point. I'll add it in commit message :) + +Regards, +-Gonglei + +> -Don Slutz +> +> +>> Patch 1~2 is bugfix, patch 3 is trivial. +>> +>> Gonglei (3): +>> vnc: fix qemu crash when not configure vnc option +>> vnc: correct missing property about vnc_display +>> vnc: using bool type instead of int for QEMU_OPT_BOOL +>> +>> ui/vnc.c | 45 +++++++++++++++++++++++++++++++++++++-------- +>> 1 file changed, 37 insertions(+), 8 deletions(-) +>> +> + + + + + diff --git a/results/classifier/108/other/1414293 b/results/classifier/108/other/1414293 new file mode 100644 index 000000000..9d3ade32e --- /dev/null +++ b/results/classifier/108/other/1414293 @@ -0,0 +1,26 @@ +device: 0.752 +graphic: 0.682 +files: 0.569 +socket: 0.502 +network: 0.409 +semantic: 0.400 +vnc: 0.349 +boot: 0.233 +other: 0.169 +PID: 0.161 +debug: 0.124 +performance: 0.109 +KVM: 0.095 +permissions: 0.079 + +target-lm32/translate.c:336: bad ? : operator + +[qemu/target-lm32/translate.c:336]: (style) Same expression in both branches of ternary operator. + + int rY = (dc->format == OP_FMT_RR) ? dc->r0 : dc->r0; + +Patch has been committed: +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=5db35b616b8d3a27783ec + +Released with version 2.8 + diff --git a/results/classifier/108/other/1414466 b/results/classifier/108/other/1414466 new file mode 100644 index 000000000..3fabd7edb --- /dev/null +++ b/results/classifier/108/other/1414466 @@ -0,0 +1,201 @@ +permissions: 0.914 +other: 0.907 +semantic: 0.901 +debug: 0.884 +network: 0.861 +device: 0.850 +PID: 0.838 +graphic: 0.830 +boot: 0.819 +vnc: 0.811 +files: 0.803 +KVM: 0.803 +performance: 0.777 +socket: 0.728 + +-net user,hostfwd=... is not working + +QEMU version: git a46b3aaf6bb038d4f6f192a84df204f10929e75c + + /opt/qemu.git/bin/qemu-system-aarch64 --version +QEMU emulator version 2.2.50, Copyright (c) 2003-2008 Fabrice Bellard + +Hosts: +ovs - host machine (Ubuntu 14.04.1, x86_64) +debian8-arm64 - guest + +Guest start: +user@ovs:~$ /opt/qemu.git/bin/qemu-system-aarch64 -machine virt -cpu cortex-a57 -nographic -smp 1 -m 512 -kernel vmlinuz-run -initrd initrd-run.img -append "root=/dev/sda2 console=ttyAMA0" -global virtio-blk-device.scsi=off -device virtio-scsi-device,id=scsi -drive file=debian8-arm64.img,id=rootimg,cache=unsafe,if=none -device scsi-hd,drive=rootimg -netdev user,id=unet -device virtio-net-device,netdev=unet -net user,hostfwd=tcp:127.0.0.1:1122-:22 + +root@debian8-arm64:~# netstat -ntplu | grep ssh +tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 410/sshd +tcp6 0 0 :::22 :::* LISTEN 410/sshd + +(no firewall in guest vm) + +user@ovs:~$ netstat -ntplu | grep 1122 +tcp 0 0 127.0.0.1:1122 0.0.0.0:* LISTEN 18722/qemu-system-a + +user@ovs:~$ time ssh user@127.0.0.1 -p 1122 +ssh_exchange_identification: read: Connection reset by peer + +real 1m29.341s +user 0m0.005s +sys 0m0.000s + +Inside guest vm sshd works fine: +root@debian8-arm64:~# ssh user@127.0.0.1 -p 22 +user@127.0.0.1's password: +.... +user@debian8-arm64:~$ exit +logout +Connection to 127.0.0.1 closed. + +root@debian8-arm64:~# ssh user@10.0.2.15 -p 22 +user@10.0.2.15's password: +... +user@debian8-arm64:~$ exit +logout +Connection to 10.0.2.15 closed. + +Also happens on Ubuntu 16.04.1 64-bit with QEMU 1:2.5+dfsg-5ubuntu10.4. I have the following settings added to instance xml config: + +<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> + + <qemu:commandline> + <qemu:arg value='-net'/> + <qemu:arg value='user,hostfwd=tcp::2222-:22'/> + </qemu:commandline> + +It looks like forwarding does not happen at all. When I try to connect to guest instance, I get exactly the same results regardless of whether sshd is running in that instance or not. + +I think this is not a bug, but you are using the command line parameters in a wrong way. When you use "-net user,hostfwd=tcp:127.0.0.1:1122-:22" you are creating a *new*, second host network device which is not connected to the guest NIC device that you specified. Please try to avoid mixing "-net" and "-netdev" options. You should rather do something like this instead: + + -netdev user,id=unet,hostfwd=tcp:127.0.0.1:1122-:22 -device virtio-net-device,netdev=unet + + +Doesn't work even with proper hostfwd +Doesn't work even with `-redir` + +$ qemu-system-x86_64 -machine type=pc,accel=kvm -netdev user,id=user.0,hostfwd=tcp::2851-:22 -display sdl -cpu host -smp cpus=2 -device rtl8139,netdev=user.0 -cdrom /home/kit/git/packer-xenserver/packer_cache/57f4a00eef5b4d4157f20847e586e5ef2a503ee05c83c9296c08fd0c2f0c8e4f.iso -boot once=d -vnc 127.0.0.1:19 -name XenServer62 -m 2048M -drive file=output-qemu/XenServer62,if=scsi,cache=writeback,discard=ignore,format=qcow2 + + + +Redirect does happen, but no packets appear on guest interface: checked by iptables rule for `NEW` on `tcpport 22` inside guest. + +On host: + +$ sudo lsof -itcp | grep 2851 +packer 24233 kit 6u IPv4 1532725 0t0 TCP localhost:52822->localhost:2851 (ESTABLISHED) +qemu-syst 24286 kit 12u IPv4 1530169 0t0 TCP *:2851 (LISTEN) +qemu-syst 24286 kit 21u IPv4 1575945 0t0 TCP localhost:2851->localhost:52820 (CLOSE_WAIT) +qemu-syst 24286 kit 22u IPv4 1532726 0t0 TCP localhost:2851->localhost:52822 (ESTABLISHED) +qemu-syst 24286 kit 23u IPv4 1532645 0t0 TCP localhost:2851->localhost:52812 (CLOSE_WAIT) +qemu-syst 24286 kit 24u IPv4 1532646 0t0 TCP localhost:2851->localhost:52814 (CLOSE_WAIT) + + +Do we got any solution for this issue ? + +I am seeing similar issue for qemu-system-arm, I have tried with "-nic user,model=virtio-net-pci,hostfwd=tcp:127.0.0.1:31258-:22,hostfwd=tcp:127.0.0.1:47175-:443,hostname=xxx.com" and also with "-net nic -net user,hostfwd=tcp:127.0.0.1:45276-:22,hostfwd=tcp:127.0.0.1:52541-:443,hostname=hostname=xxx.com" + +Is this issue resolved.? + + +Finally I found what was the issue. in the /etc/ssh/sshd_config after commenting the below lines I am able to ssh to the vm. +# grep -i LISTEN /etc/ssh/sshd_config +#ListenAddress 127.0.0.1 +#ListenAddress :: +# +check your sshd config. + +So is this now working for everybody with the correct ssh config (maybe also check your firewall settings)? Could we close this ticket nowadays? Or is somebody still having trouble? + +[Expired for QEMU because there has been no activity for 60 days.] + +Hello, I'm also experiencing such a problem, using qemu-system-x86_64 (hence the retitling of this issue). More information and output is available at http://issues.guix.gnu.org/48739, but basically with the following QEMU command used to run a VM: + +/gnu/store/vbjfas8smw260r0qw1d5bbnh5hz08haz-qemu-5.2.0/bin/qemu-system-x86_64 -kernel /gnu/store/0fylx9z8lzyrbdivqa2jzn574gk8lcjv-linux-libre-5.12.7/bzImage -initrd /gnu/store/76ikiyg6arhd40pmq6yyi0vgdszfl08w-system/initrd -append "--root=/dev/vda1 --system=/gnu/store/76ikiyg6arhd40pmq6yyi0vgdszfl08w-system --load=/gnu/store/76ikiyg6arhd40pmq6yyi0vgdszfl08w-system/boot modprobe.blacklist=usbmouse,usbkbd quiet" -enable-kvm -no-reboot -object rng-random,filename=/dev/urandom,id=guixsd-vm-rng -device virtio-rng-pci,rng=guixsd-vm-rng -virtfs local,path="/gnu/store",security_model=none,mount_tag="TAGjoptajej2oynju6yvboauz7pl6uj" -vga std -drive file=/gnu/store/gj50g71n2b7xa2s9lgcfijprvr4vj66y-qemu-image,if=virtio,cache=writeback,werror=report,readonly -m 512 -nic user,hostfwd=tcp::3333-:22 + +Trying to connect to the VM which has its sshd_config set to: +Port 22 +PermitRootLogin yes +PermitEmptyPasswords yes +PasswordAuthentication yes +PubkeyAuthentication yes +X11Forwarding no +AllowAgentForwarding yes +AllowTcpForwarding yes +GatewayPorts no +PidFile /var/run/sshd.pi +ChallengeResponseAuthentication no +UsePAM yes +PrintLastLog yes +LogLevel DEBUG +AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u +Subsytsem sftp internal-sftp + +The SSH client would hang with its last debug output being: + +debug1: Local version string SSH-2.0-OpenSSH_8.6 + +Inside the guest, /var/log/secure doesn't show any activity so itd oesn't seem to be reached. + +Ideas? + + +Here's what `tcpdump -i lo` reports during attempting the SSH access: + +17:09:30.573545 IP localhost.55526 > localhost.3333: Flags [S], seq 1198531632, win 65495, options [mss 65495,sackOK,TS val 1662149852 ecr 0,nop,wscale 7], length 0 +17:09:30.573569 IP localhost.3333 > localhost.55526: Flags [S.], seq 476868813, ack 1198531633, win 65483, options [mss 65495,sackOK,TS val 1662149852 ecr 1662149852,nop,wscale 7], length 0 +17:09:30.573588 IP localhost.55526 > localhost.3333: Flags [.], ack 1, win 512, options [nop,nop,TS val 1662149852 ecr 1662149852], length 0 +17:09:30.574162 IP localhost.55526 > localhost.3333: Flags [P.], seq 1:22, ack 1, win 512, options [nop,nop,TS val 1662149853 ecr 1662149852], length 21 +17:09:30.574176 IP localhost.3333 > localhost.55526: Flags [.], ack 22, win 512, options [nop,nop,TS val 1662149853 ecr 1662149853], length 0 +17:09:35.127136 IP localhost.3333 > localhost.55518: Flags [R.], seq 1, ack 1, win 512, options [nop,nop,TS val 1662154406 ecr 1662125014], length 0 + + +That's rather embarrassing, but the problem with my VM was that it was lacking networking support. I turned this (too) minimal example of a Guix System: + +;;; file: os.scm +(use-modules (gnu services ssh) + (gnu system) + (gnu tests)) + +(simple-operating-system + (service openssh-service-type + (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t) + (log-level 'debug)))) + +Into: +;;; file: os.scm +(use-modules (gnu services networking) + (gnu services ssh) + (gnu system) + (gnu tests)) + +(simple-operating-system + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t) + (log-level 'debug)))) + +After which using the '-nic user,hostfwd=tcp::3333-:22' allowed me to SSH to localhost port 3333 successfully. Closing! + +I have had the same problem, I tried logging into a buildroot image that was started using the following command line: + + qemu-system-i386 -drive file=output/images/disk.img,format=raw,index=0,media=disk -vga std -nic user,ipv6=off,model=e1000,mac=10:10:10:10:10:10,hostfwd=tcp::4000-:22 + +The ssh connection was picked up, but nothing happened. The problem was that the network device was not brought up! I added the following to /etc/network/interfaces + + auto eth0 + iface eth0 inet dhcp + +And voila, I can use + + ssh username@localhost -p 4000 + +to log into the machine using ssh. + diff --git a/results/classifier/108/other/1415 b/results/classifier/108/other/1415 new file mode 100644 index 000000000..eacc9b612 --- /dev/null +++ b/results/classifier/108/other/1415 @@ -0,0 +1,104 @@ +other: 0.956 +socket: 0.935 +semantic: 0.935 +device: 0.927 +permissions: 0.924 +boot: 0.922 +debug: 0.921 +graphic: 0.917 +PID: 0.916 +performance: 0.908 +vnc: 0.901 +files: 0.892 +network: 0.877 +KVM: 0.853 + +Abort in xlnx_dp_change_graphic_fmt() +Description of problem: +xlnx_dp_change_graphic_fmt() will directly abort if either graphic format or the +video format is not supported. + +Replacing abort() in xlnx_dp_change_graphic_fmt() to `return` might be OK but I +am not sure what side effect there is. +Steps to reproduce: +``` +export QEMU=/path/to/to/qemu-system-aarch64 + +cat << EOF | $QEMU \ +-machine xlnx-zcu102 -monitor none -serial none \ +-display none -nodefaults -qtest stdio +writel 0xfd4ab000 0xcf6e998 +EOF +``` +Additional information: +``` +==20455==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! +INFO: found LLVMFuzzerCustomMutator (0x564934146c90). Disabling -len_control by default. +INFO: Running with entropic power schedule (0xFF, 100). +INFO: Seed: 4022227410 +INFO: Loaded 1 modules (618619 inline 8-bit counters): 618619 [0x5649372a5000, 0x56493733c07b), +INFO: Loaded 1 PC tables (618619 PCs): 618619 [0x564936933f40,0x5649372a46f0), +./qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp: Running 1 inputs 1 time(s) each. +INFO: Reading pre_seed_input if any ... +INFO: Executing pre_seed_input if any ... +INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes +Matching objects by name , *.core*, *.v_blend*, *.av_buffer_manager*, *.audio* +This process will fuzz the following MemoryRegions: + * xlnx.v-dp.audio[0] (size 50) + * xlnx.v-dp.av_buffer_manager[0] (size 238) + * xlnx.v-dp.core[0] (size 3b0) + * xlnx.v-dp.v_blend[0] (size 1e0) +This process will fuzz through the following interfaces: + * clock_step, EVENT_TYPE_CLOCK_STEP, 0xffffffff +0xffffffff, 255,255 + * xlnx.v-dp.core, EVENT_TYPE_MMIO_READ, 0xfd4a0000 +0x3b0, 4,4 + * xlnx.v-dp.core, EVENT_TYPE_MMIO_WRITE, 0xfd4a0000 +0x3b0, 4,4 + * xlnx.v-dp.v_blend, EVENT_TYPE_MMIO_READ, 0xfd4aa000 +0x1e0, 4,4 + * xlnx.v-dp.v_blend, EVENT_TYPE_MMIO_WRITE, 0xfd4aa000 +0x1e0, 4,4 + * xlnx.v-dp.av_buffer_manager, EVENT_TYPE_MMIO_READ, 0xfd4ab000 +0x238, 4,4 + * xlnx.v-dp.av_buffer_manager, EVENT_TYPE_MMIO_WRITE, 0xfd4ab000 +0x238, 4,4 + * xlnx.v-dp.audio, EVENT_TYPE_MMIO_READ, 0xfd4ac000 +0x50, 1,4 + * xlnx.v-dp.audio, EVENT_TYPE_MMIO_WRITE, 0xfd4ac000 +0x50, 1,4 +INFO: A corpus is not provided, starting from an empty corpus +#2 INITED cov: 3 ft: 4 corp: 1/1b exec/s: 0 rss: 489Mb +Running: crash-8b178268936b24c569a421d702ef5b6d911c99e7 +aarch64: xlnx_dp_change_graphic_fmt: unsupported graphic format 2304 +==20455== ERROR: libFuzzer: deadly signal + #0 0x56492f51f10e in __sanitizer_print_stack_trace /root/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3 + #1 0x56492f46dd81 in fuzzer::PrintStackTrace() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:38 + #2 0x56492f446cb6 in fuzzer::Fuzzer::CrashCallback() (.part.0) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:236:18 + #3 0x56492f446d82 in fuzzer::Fuzzer::CrashCallback() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:208:1 + #4 0x56492f446d82 in fuzzer::Fuzzer::StaticCrashSignalCallback() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:207:19 + #5 0x7f7a315a641f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) + #6 0x7f7a313b800a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3 + #7 0x7f7a313b800a in raise /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3 + #8 0x7f7a31397858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7 + #9 0x56492f54f65a in __wrap_abort /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/less_crashes_wrappers.c:24:12 + #10 0x56492fe7e0d7 in xlnx_dp_change_graphic_fmt /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:644:9 + #11 0x56492fe7be58 in xlnx_dp_avbufm_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:1046:9 + #12 0x5649330fa313 in memory_region_write_accessor /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:492:5 + #13 0x5649330f9c51 in access_with_adjusted_size /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:554:18 + #14 0x5649330f8576 in memory_region_dispatch_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:1514:16 + #15 0x56493318672e in flatview_write_continue /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2825:23 + #16 0x56493317486b in flatview_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2867:12 + #17 0x564933174328 in address_space_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2963:18 + #18 0x56492f55f0cb in qemu_writel /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1088:5 + #19 0x56492f55d544 in dispatch_mmio_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1229:28 + #20 0x56493414264f in videzzo_dispatch_event /root/videzzo/videzzo.c:1122:5 + #21 0x5649341399cb in __videzzo_execute_one_input /root/videzzo/videzzo.c:272:9 + #22 0x5649341398a0 in videzzo_execute_one_input /root/videzzo/videzzo.c:313:9 + #23 0x56492f56610c in videzzo_qemu /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1504:12 + #24 0x564934146f32 in LLVMFuzzerTestOneInput /root/videzzo/videzzo.c:1891:18 + #25 0x56492f447826 in fuzzer::Fuzzer::ExecuteCallback(unsigned char*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:594:17 + #26 0x56492f42a454 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:21 + #27 0x56492f4353fe in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char*, unsigned long)) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:885:19 + #28 0x56492f4219e6 in main /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:30 + #29 0x7f7a31399082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 + #30 0x56492f421a3d in _start (/root/videzzo/videzzo_qemu/out-san/qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp+0x3291a3d) + +NOTE: libFuzzer has rudimentary signal handlers. + Combine libFuzzer with AddressSanitizer or similar for better crash reports. +SUMMARY: libFuzzer: deadly signal +MS: 0 ; base unit: 0000000000000000000000000000000000000000 +0x0,0xc,0x1c,0xb0,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x4,0x2,0x48,0x40,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0xa,0x20,0xa1,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0xe,0x8,0xc0,0x4a,0xfd,0x0,0x0,0x0,0x0,0x2,0x0,0x0,0x0,0x0,0x8,0x0,0x0,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x4,0x2,0x3e,0xc6,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0xc,0x78,0xb1,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x1,0x9,0x4,0x2,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0xc2,0x1b,0xe,0x7b,0x0,0x0,0x0,0x0,0x1,0xb,0x84,0xa1,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0xd8,0x1f,0x9a,0x30,0x0,0x0,0x0,0x0,0x0,0x8,0x70,0x0,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x1,0x9,0xec,0x2,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x50,0x62,0xd6,0x13,0x0,0x0,0x0,0x0,0x0,0xa,0x18,0xa0,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x1,0xd,0x0,0xb0,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x98,0xe9,0xf6,0xc,0x0,0x0,0x0,0x0, +\x00\x0c\x1c\xb0J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\x04\x02H@\x01\x00\x00\x00\x00\x00\x00\x0a \xa1J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\x00\x0e\x08\xc0J\xfd\x00\x00\x00\x00\x02\x00\x00\x00\x00\x08\x00\x00J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\x04\x02>\xc6\x01\x00\x00\x00\x00\x00\x00\x0cx\xb1J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\x01\x09\x04\x02J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\xc2\x1b\x0e{\x00\x00\x00\x00\x01\x0b\x84\xa1J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\xd8\x1f\x9a0\x00\x00\x00\x00\x00\x08p\x00J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\x01\x09\xec\x02J\xfd\x00\x00\x00\x00\x04\x00\x00\x00Pb\xd6\x13\x00\x00\x00\x00\x00\x0a\x18\xa0J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\x01\x0d\x00\xb0J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\x98\xe9\xf6\x0c\x00\x00\x00\x00 +``` diff --git a/results/classifier/108/other/1416 b/results/classifier/108/other/1416 new file mode 100644 index 000000000..7b16431cd --- /dev/null +++ b/results/classifier/108/other/1416 @@ -0,0 +1,20 @@ +device: 0.851 +network: 0.824 +graphic: 0.801 +socket: 0.649 +other: 0.641 +vnc: 0.553 +files: 0.472 +semantic: 0.439 +PID: 0.403 +performance: 0.380 +boot: 0.362 +debug: 0.355 +permissions: 0.137 +KVM: 0.049 + +MTE tags are applied at page granularity (4K) instead of tag granularity (16) +Description of problem: +After upgrading to QEMU v7.2.0 from v7.1.0, when executing stg/ldg instructions on any address, QEMU behaves as if the instruction was executed on the page base of said address. + +I believe this was introduced in b8967ddf393aaf35fdbc07b4cb538a40f8b6fe37 (@rth7680), since in that commit `ptr_paddr` is changed to be calculated based on `CPUTLBEntryFull::phys_addr`, which contains the page base address, while beforehand it was calculated based on `host` which does have the page offset applied. diff --git a/results/classifier/108/other/1416246 b/results/classifier/108/other/1416246 new file mode 100644 index 000000000..d26bb6020 --- /dev/null +++ b/results/classifier/108/other/1416246 @@ -0,0 +1,70 @@ +graphic: 0.790 +device: 0.703 +debug: 0.700 +performance: 0.665 +semantic: 0.654 +network: 0.556 +PID: 0.535 +files: 0.452 +KVM: 0.429 +socket: 0.377 +other: 0.350 +permissions: 0.350 +vnc: 0.306 +boot: 0.222 + +create guest fail when compile qemu with parameter "--disable-gtk" + +Environment: +------------ +Host OS (ia32/ia32e/IA64):ia32e +Guest OS (ia32/ia32e/IA64):ia32e +Guest OS Type (Linux/Windows):Linux +kvm.git Commit:8fff5e374a2f6047d1bb52288af7da119bc75765 +qemu.kvm Commit:16017c48547960539fcadb1f91d252124f442482 +Host Kernel Version:3.19.0-rc3 +Hardware:Ivytown_EP, Haswell_EP + + +Bug detailed description: +-------------------------- +compile the qemu with disable gtk, the create guest , the guest create fail + +note: +1.qemu.git: 699eae17b841e6784dc3864bf357e26bff1e9dfe +when compile the qemu with enable gtk or disable gtk, the guest create pass + +2. this should be a qemu bug +kvm.git + qemu.git = result +8fff5e37 + 16017c48 = bad +8fff5e37 + 699eae17 = good + +Reproduce steps: +---------------- +1. git clone git://vt-sync/qemu.git qemu.git +2. cd qemu.git +3. ./configure --target-list=x86_64-softmmu --disable-sdl --disable-gtk +4. make -j16 +5. ./x86_64-softmmu/qemu-system-x86_64 -enable-kvm -m 4G -smp 2 -net none /root/rhel6u5.qcow + +Current result: +---------------- +create gust fail when compile qemu with disable gtk + +Expected result: +---------------- +create guest pass when compile qemu with disable or enable gtk + +Basic root-causing log: +---------------------- +[root@vt-ivt2 qemu.git]# ./x86_64-softmmu/qemu-system-x86_64 -enable-kvm -m 4G -smp 2 -net none /root/rhel6u5-1.qcow +qemu-system-x86_64: Invalid parameter 'to' +Segmentation fault (core dumped) + +some dmesg message: +qemu-system-x86[96364]: segfault at 24 ip 00007fe6d9636a69 sp 00007fffc03cf970 error 4 in qemu-system-x86_64[7fe6d9330000+4ba000] + +Triaging old bug tickets... can you still reproduce this issue with the latest version of QEMU? Or could we close this ticket nowadays? + +[Expired for QEMU because there has been no activity for 60 days.] + diff --git a/results/classifier/108/other/1416988 b/results/classifier/108/other/1416988 new file mode 100644 index 000000000..33b0a565c --- /dev/null +++ b/results/classifier/108/other/1416988 @@ -0,0 +1,50 @@ +graphic: 0.895 +performance: 0.839 +semantic: 0.752 +device: 0.724 +debug: 0.626 +files: 0.597 +PID: 0.587 +network: 0.564 +vnc: 0.555 +socket: 0.542 +other: 0.412 +permissions: 0.403 +boot: 0.298 +KVM: 0.188 + +Wrong signal handling in qemu-aarch64. + +Running GCC 5.0 testsuite under qemu-aarch64, I noticed that tests connected with stack unwinding fail with: + +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +or run into infinite loop. + +Here is one example: + +$ /home/max/build/gcc-aarch64/gcc/xgcc -B/home/max/build/gcc-aarch64/gcc/ /home/max/src/toolchain/gcc/gcc/testsuite/gcc.dg/cleanup-11.c -fexceptions -fnon-call-exceptions -O2 -lm -o ./cleanup-11.exe + +$ qemu-aarch64 -L /home/max/install/aarch64/aarch64-linux/sys-root/ -R 0 -/cleanup-11.exe +qemu: uncaught target signal 11 (Segmentation fault) - core dumped. + +Actually, this caused by ABI incompatibility between Linux Kernel (trunk) and qemu-aarch64. In fact, size of siginfo structure in Linux and target_siginfo structure in qemu-aarch64 differ: + +sizeof (struct target_siginfo) = 136 // QEMU +sizeof (struct siginfo) = 128 // Linux Kernel + + +This caused by wrong TARGET_SI_PAD_SIZE defined in linux-user/syscall_defs.h: + +#define TARGET_SI_PAD_SIZE ((TARGET_SI_MAX_SIZE/sizeof(int)) - 3) + +In Kernel respective value is: + +#define SI_PAD_SIZE ((SI_MAX_SIZE - __ARCH_SI_PREAMBLE_SIZE) / sizeof(int)) +............................................. +#define __ARCH_SI_PREAMBLE_SIZE (4 * sizeof(int)) // for Aarch64 + +Trivial fix, changing TARGET_SI_PAD_SIZE to right value, is attached. + + + diff --git a/results/classifier/108/other/1418 b/results/classifier/108/other/1418 new file mode 100644 index 000000000..256fbd918 --- /dev/null +++ b/results/classifier/108/other/1418 @@ -0,0 +1,102 @@ +other: 0.897 +permissions: 0.852 +device: 0.831 +semantic: 0.810 +debug: 0.805 +PID: 0.802 +vnc: 0.797 +performance: 0.792 +graphic: 0.781 +socket: 0.770 +files: 0.762 +network: 0.758 +KVM: 0.739 +boot: 0.702 + +Underflow in xlnx_dp_aux_pop_tx_fifo() +Description of problem: +Pop from s->tx_fifo but s->tx_fifo has zero element. +Steps to reproduce: +``` +export QEMU=/path/to/qemu-system-aarch64 + +cat << EOF | $QEMU \ +-machine xlnx-zcu102 -monitor none -serial none \ +-display none -nodefaults -qtest stdio +writel 0xfd4a0100 0x19c4406f +EOF +``` +Additional information: +``` ++ DEFAULT_INPUT_MAXSIZE=10000000 ++ ./qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp -max_len=10000000 -detect_leaks=0 ./crash-c15714102f0b894dea5c22f38852311567380926.minimized +==14660==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! +INFO: found LLVMFuzzerCustomMutator (0x55db5cf9b840). Disabling -len_control by default. +INFO: Running with entropic power schedule (0xFF, 100). +INFO: Seed: 1977030529 +INFO: Loaded 1 modules (618603 inline 8-bit counters): 618603 [0x55db600fa000, 0x55db6019106b), +INFO: Loaded 1 PC tables (618603 PCs): 618603 [0x55db5f788d60,0x55db600f9410), +./qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp: Running 1 inputs 1 time(s) each. +INFO: Reading pre_seed_input if any ... +INFO: Executing pre_seed_input if any ... +Matching objects by name , *.core*, *.v_blend*, *.av_buffer_manager*, *.audio* +This process will fuzz the following MemoryRegions: + * xlnx.v-dp.core[0] (size 3b0) + * xlnx.v-dp.v_blend[0] (size 1e0) + * xlnx.v-dp.audio[0] (size 50) + * xlnx.v-dp.av_buffer_manager[0] (size 238) +This process will fuzz through the following interfaces: + * clock_step, EVENT_TYPE_CLOCK_STEP, 0xffffffff +0xffffffff, 255,255 + * xlnx.v-dp.core, EVENT_TYPE_MMIO_READ, 0xfd4a0000 +0x3b0, 4,4 + * xlnx.v-dp.core, EVENT_TYPE_MMIO_WRITE, 0xfd4a0000 +0x3b0, 4,4 + * xlnx.v-dp.v_blend, EVENT_TYPE_MMIO_READ, 0xfd4aa000 +0x1e0, 4,4 + * xlnx.v-dp.v_blend, EVENT_TYPE_MMIO_WRITE, 0xfd4aa000 +0x1e0, 4,4 + * xlnx.v-dp.av_buffer_manager, EVENT_TYPE_MMIO_READ, 0xfd4ab000 +0x238, 4,4 + * xlnx.v-dp.av_buffer_manager, EVENT_TYPE_MMIO_WRITE, 0xfd4ab000 +0x238, 4,4 + * xlnx.v-dp.audio, EVENT_TYPE_MMIO_READ, 0xfd4ac000 +0x50, 1,4 + * xlnx.v-dp.audio, EVENT_TYPE_MMIO_WRITE, 0xfd4ac000 +0x50, 1,4 +INFO: A corpus is not provided, starting from an empty corpus +#2 INITED cov: 3 ft: 4 corp: 1/1b exec/s: 0 rss: 488Mb +Running: ./crash-c15714102f0b894dea5c22f38852311567380926.minimized +aarch64: xlnx_dp_aux_pop_tx_fifo: TX_FIFO underflow +==14660== ERROR: libFuzzer: deadly signal + #0 0x55db5837410e in __sanitizer_print_stack_trace /root/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3 + #1 0x55db582c2d81 in fuzzer::PrintStackTrace() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:38 + #2 0x55db5829bcb6 in fuzzer::Fuzzer::CrashCallback() (.part.0) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:236:18 + #3 0x55db5829bd82 in fuzzer::Fuzzer::CrashCallback() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:208:1 + #4 0x55db5829bd82 in fuzzer::Fuzzer::StaticCrashSignalCallback() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:207:19 + #5 0x7f98a612541f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) + #6 0x7f98a5f3700a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3 + #7 0x7f98a5f3700a in raise /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3 + #8 0x7f98a5f16858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7 + #9 0x55db583a465a in __wrap_abort /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/less_crashes_wrappers.c:24:12 + #10 0x55db58cce4d8 in xlnx_dp_aux_pop_tx_fifo /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:476:9 + #11 0x55db58cc9ee7 in xlnx_dp_aux_set_command /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:524:22 + #12 0x55db58cc6a92 in xlnx_dp_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:800:9 + #13 0x55db5bf4eec3 in memory_region_write_accessor /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:492:5 + #14 0x55db5bf4e801 in access_with_adjusted_size /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:554:18 + #15 0x55db5bf4d126 in memory_region_dispatch_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:1514:16 + #16 0x55db5bfdb2de in flatview_write_continue /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2825:23 + #17 0x55db5bfc941b in flatview_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2867:12 + #18 0x55db5bfc8ed8 in address_space_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2963:18 + #19 0x55db583b40cb in qemu_writel /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1088:5 + #20 0x55db583b2544 in dispatch_mmio_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1229:28 + #21 0x55db5cf971ff in videzzo_dispatch_event /root/videzzo/videzzo.c:1122:5 + #22 0x55db5cf8e57b in __videzzo_execute_one_input /root/videzzo/videzzo.c:272:9 + #23 0x55db5cf8e450 in videzzo_execute_one_input /root/videzzo/videzzo.c:313:9 + #24 0x55db583bb10c in videzzo_qemu /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1504:12 + #25 0x55db5cf9bae2 in LLVMFuzzerTestOneInput /root/videzzo/videzzo.c:1891:18 + #26 0x55db5829c826 in fuzzer::Fuzzer::ExecuteCallback(unsigned char*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:594:17 + #27 0x55db5827f454 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:21 + #28 0x55db5828a3fe in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char*, unsigned long)) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:885:19 + #29 0x55db582769e6 in main /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:30 + #30 0x7f98a5f18082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 + #31 0x55db58276a3d in _start (/root/bugs/metadata/xlnx_dp-06/qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp+0x3291a3d) + +NOTE: libFuzzer has rudimentary signal handlers. + Combine libFuzzer with AddressSanitizer or similar for better crash reports. +SUMMARY: libFuzzer: deadly signal +MS: 0 ; base unit: 0000000000000000000000000000000000000000 +0x1,0x9,0x0,0x1,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0x6f,0x40,0xc4,0x19,0x0,0x0,0x0,0x0, +\x01\x09\x00\x01J\xfd\x00\x00\x00\x00\x04\x00\x00\x00o@\xc4\x19\x00\x00\x00\x00 +``` diff --git a/results/classifier/108/other/1419 b/results/classifier/108/other/1419 new file mode 100644 index 000000000..113783d9e --- /dev/null +++ b/results/classifier/108/other/1419 @@ -0,0 +1,107 @@ +graphic: 0.912 +other: 0.903 +performance: 0.877 +semantic: 0.866 +debug: 0.854 +device: 0.824 +permissions: 0.824 +network: 0.815 +vnc: 0.803 +KVM: 0.800 +PID: 0.795 +boot: 0.723 +socket: 0.706 +files: 0.640 + +Overflow in xlnx_dp_aux_push_rx_fifo() +Description of problem: +Pushing stuff into s->rx_fifo many times make s->rx_fifo overflow. +Steps to reproduce: +``` +export QEMU=/path/to/qemu-system-aarch64 + +cat << EOF | $QEMU \ +-machine xlnx-zcu102 -monitor none -serial none \ +-display none -nodefaults -qtest stdio +writel 0xfd4a0100 0x7fb141e6 +writel 0xfd4a0100 0x7fb141e6 +writel 0xfd4a0100 0x7fb141e6 +EOF +``` +Additional information: +``` +root@3728b1f90dbd:~/bugs/metadata/xlnx_dp-03# bash -x xlnx_dp-03.videzzo ++ DEFAULT_INPUT_MAXSIZE=10000000 ++ ./qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp -max_len=10000000 -detect_leaks=0 poc-qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp-crash-a6a2bd23ff0408dd50652670fdcdf9f5ceaab95d.minimized +==767==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! +INFO: found LLVMFuzzerCustomMutator (0x55d36d8b3870). Disabling -len_control by default. +INFO: Running with entropic power schedule (0xFF, 100). +INFO: Seed: 1781001818 +INFO: Loaded 1 modules (618604 inline 8-bit counters): 618604 [0x55d370a12000, 0x55d370aa906c), +INFO: Loaded 1 PC tables (618604 PCs): 618604 [0x55d3700a0ce0,0x55d370a113a0), +./qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp: Running 1 inputs 1 time(s) each. +INFO: Reading pre_seed_input if any ... +INFO: Executing pre_seed_input if any ... +Matching objects by name , *.core*, *.v_blend*, *.av_buffer_manager*, *.audio* +This process will fuzz the following MemoryRegions: + * xlnx.v-dp.core[0] (size 3b0) + * xlnx.v-dp.v_blend[0] (size 1e0) + * xlnx.v-dp.audio[0] (size 50) + * xlnx.v-dp.av_buffer_manager[0] (size 238) +This process will fuzz through the following interfaces: + * clock_step, EVENT_TYPE_CLOCK_STEP, 0xffffffff +0xffffffff, 255,255 + * xlnx.v-dp.core, EVENT_TYPE_MMIO_READ, 0xfd4a0000 +0x3b0, 4,4 + * xlnx.v-dp.core, EVENT_TYPE_MMIO_WRITE, 0xfd4a0000 +0x3b0, 4,4 + * xlnx.v-dp.v_blend, EVENT_TYPE_MMIO_READ, 0xfd4aa000 +0x1e0, 4,4 + * xlnx.v-dp.v_blend, EVENT_TYPE_MMIO_WRITE, 0xfd4aa000 +0x1e0, 4,4 + * xlnx.v-dp.av_buffer_manager, EVENT_TYPE_MMIO_READ, 0xfd4ab000 +0x238, 4,4 + * xlnx.v-dp.av_buffer_manager, EVENT_TYPE_MMIO_WRITE, 0xfd4ab000 +0x238, 4,4 + * xlnx.v-dp.audio, EVENT_TYPE_MMIO_READ, 0xfd4ac000 +0x50, 1,4 + * xlnx.v-dp.audio, EVENT_TYPE_MMIO_WRITE, 0xfd4ac000 +0x50, 1,4 +INFO: A corpus is not provided, starting from an empty corpus +#2 INITED cov: 3 ft: 4 corp: 1/1b exec/s: 0 rss: 492Mb +Running: poc-qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp-crash-a6a2bd23ff0408dd50652670fdcdf9f5ceaab95d.minimized +qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp: ../util/fifo8.c:43: void fifo8_push_all(Fifo8 *, const uint8_t *, uint32_t): Assertion `fifo->num + num <= fifo->capacity' failed. +==767== ERROR: libFuzzer: deadly signal + #0 0x55d368c8c10e in __sanitizer_print_stack_trace /root/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3 + #1 0x55d368bdad81 in fuzzer::PrintStackTrace() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:38 + #2 0x55d368bb3cb6 in fuzzer::Fuzzer::CrashCallback() (.part.0) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:236:18 + #3 0x55d368bb3d82 in fuzzer::Fuzzer::CrashCallback() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:208:1 + #4 0x55d368bb3d82 in fuzzer::Fuzzer::StaticCrashSignalCallback() /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:207:19 + #5 0x7f9897d8741f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) + #6 0x7f9897b9900a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3 + #7 0x7f9897b9900a in raise /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3 + #8 0x7f9897b78858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7 + #9 0x7f9897b78728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3 + #10 0x7f9897b89fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3 + #11 0x55d36d56bff3 in fifo8_push_all /root/videzzo/videzzo_qemu/qemu/build-san-6/../util/fifo8.c:43:5 + #12 0x55d3695e64d3 in xlnx_dp_aux_push_rx_fifo /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:436:5 + #13 0x55d3695e1e9a in xlnx_dp_aux_set_command /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:513:13 + #14 0x55d3695dea92 in xlnx_dp_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../hw/display/xlnx_dp.c:805:9 + #15 0x55d36c866ef3 in memory_region_write_accessor /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:492:5 + #16 0x55d36c866831 in access_with_adjusted_size /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:554:18 + #17 0x55d36c865156 in memory_region_dispatch_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/memory.c:1514:16 + #18 0x55d36c8f330e in flatview_write_continue /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2825:23 + #19 0x55d36c8e144b in flatview_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2867:12 + #20 0x55d36c8e0f08 in address_space_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../softmmu/physmem.c:2963:18 + #21 0x55d368ccc0cb in qemu_writel /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1088:5 + #22 0x55d368cca544 in dispatch_mmio_write /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1229:28 + #23 0x55d36d8af22f in videzzo_dispatch_event /root/videzzo/videzzo.c:1122:5 + #24 0x55d36d8a65ab in __videzzo_execute_one_input /root/videzzo/videzzo.c:272:9 + #25 0x55d36d8a6480 in videzzo_execute_one_input /root/videzzo/videzzo.c:313:9 + #26 0x55d368cd310c in videzzo_qemu /root/videzzo/videzzo_qemu/qemu/build-san-6/../tests/qtest/videzzo/videzzo_qemu.c:1504:12 + #27 0x55d36d8b3b12 in LLVMFuzzerTestOneInput /root/videzzo/videzzo.c:1891:18 + #28 0x55d368bb4826 in fuzzer::Fuzzer::ExecuteCallback(unsigned char*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:594:17 + #29 0x55d368b97454 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:21 + #30 0x55d368ba23fe in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char*, unsigned long)) /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:885:19 + #31 0x55d368b8e9e6 in main /root/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:30 + #32 0x7f9897b7a082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 + #33 0x55d368b8ea3d in _start (/root/bugs/metadata/xlnx_dp-03/qemu-videzzo-aarch64-target-videzzo-fuzz-xlnx-dp+0x3291a3d) + +NOTE: libFuzzer has rudimentary signal handlers. + Combine libFuzzer with AddressSanitizer or similar for better crash reports. +SUMMARY: libFuzzer: deadly signal +MS: 0 ; base unit: 0000000000000000000000000000000000000000 +0x1,0x9,0x0,0x1,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0xe6,0x41,0xb1,0x7f,0x0,0x0,0x0,0x0,0x1,0x9,0x0,0x1,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0xe6,0x41,0xb1,0x7f,0x0,0x0,0x0,0x0,0x1,0x9,0x0,0x1,0x4a,0xfd,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x0,0xe6,0x41,0xb1,0x7f,0x0,0x0,0x0,0x0, +\x01\x09\x00\x01J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\xe6A\xb1\x7f\x00\x00\x00\x00\x01\x09\x00\x01J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\xe6A\xb1\x7f\x00\x00\x00\x00\x01\x09\x00\x01J\xfd\x00\x00\x00\x00\x04\x00\x00\x00\xe6A\xb1\x7f\x00\x00\x00\x00 +``` |