summary refs log tree commit diff stats
path: root/results/classifier/108/other/1908062
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/108/other/1908062')
-rw-r--r--results/classifier/108/other/1908062172
1 files changed, 172 insertions, 0 deletions
diff --git a/results/classifier/108/other/1908062 b/results/classifier/108/other/1908062
new file mode 100644
index 000000000..5db342bdb
--- /dev/null
+++ b/results/classifier/108/other/1908062
@@ -0,0 +1,172 @@
+debug: 0.788
+graphic: 0.769
+permissions: 0.769
+socket: 0.743
+semantic: 0.741
+other: 0.723
+device: 0.710
+PID: 0.695
+performance: 0.660
+network: 0.603
+KVM: 0.601
+files: 0.589
+vnc: 0.577
+boot: 0.556
+
+qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again
+
+When I was fuzzing virtio-vga device of the latest QEMU (1758428, Dec 12, built with --enable-sanitizers --enable-fuzzing), an assertion failed in include/exec/memory_ldst_cached.h.inc. 
+
+--[ Reproducer
+
+cat << EOF | ./build/i386-softmmu/qemu-system-i386 -machine accel=qtest \
+-machine q35 -display none -nodefaults -device virtio-vga -qtest stdio
+outl 0xcf8 0x8000081c
+outb 0xcfc 0xc3
+outl 0xcf8 0x80000804
+outb 0xcfc 0x06
+write 0xc300001024 0x2 0x0040
+write 0xc300001028 0x1 0x5a
+write 0xc30000101c 0x1 0x01
+writel 0xc30000100c 0x20000000
+write 0xc300001016 0x3 0x80a080
+write 0xc300003002 0x1 0x80
+write 0x5c 0x1 0x10
+EOF
+
+--[ Output
+
+==35337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
+[I 1607946348.442865] OPENED
+[R +0.059305] outl 0xcf8 0x8000081c
+OK
+[S +0.059326] OK
+[R +0.059338] outb 0xcfc 0xc3
+OK
+[S +0.059355] OK
+[R +0.059363] outl 0xcf8 0x80000804
+OK
+[S +0.059369] OK
+[R +0.059381] outb 0xcfc 0x06
+OK
+[S +0.061094] OK
+[R +0.061107] write 0xc300001024 0x2 0x0040
+OK
+[S +0.061120] OK
+[R +0.061127] write 0xc300001028 0x1 0x5a
+OK
+[S +0.061135] OK
+[R +0.061142] write 0xc30000101c 0x1 0x01
+OK
+[S +0.061158] OK
+[R +0.061167] writel 0xc30000100c 0x20000000
+OK
+[S +0.061212] OK
+[R +0.061222] write 0xc300001016 0x3 0x80a080
+OK
+[S +0.061231] OK
+[R +0.061238] write 0xc300003002 0x1 0x80
+OK
+[S +0.061247] OK
+[R +0.061253] write 0x5c 0x1 0x10
+OK
+[S +0.061403] OK
+qemu-system-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
+
+--[ Environment
+
+Ubuntu 20.04.1 5.4.0-58-generic x86_64
+clang: 10.0.0-4ubuntu1
+glibc: 2.31-0ubuntu9.1
+libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
+
+--[ Note
+
+Alexander Bulekov found the same assertion failure on 2020-08-04, https://bugs.launchpad.net/qemu/+bug/1890333, and it had been fixed in commit 2d69eba5fe52045b2c8b0d04fd3806414352afc1.
+
+Fam Zheng found the same assertion failure on 2018-09-29, https://bugs.launchpad.net/qemu/+bug/1795148, and it had been fixed in commit db812c4073c77c8a64db8d6663b3416a587c7b4a.
+
+--[ Original Fuzzing output
+
+./build/qemu-fuzz-i386 --fuzz-target=generic-fuzz-virtio-vga ../fuzz/20201208/crash-da778083c63d2b24d8f7780383b2602a7a156352
+
+qemu-fuzz-i386: /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88: void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t, MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len - addr' failed.
+==37260== ERROR: libFuzzer: deadly signal
+    #0 0x56336c2ebc81 in __sanitizer_print_stack_trace (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x305dc81)
+    #1 0x56336c236dd8 in fuzzer::PrintStackTrace() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa8dd8)
+    #2 0x56336c21bf23 in fuzzer::Fuzzer::CrashCallback() (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8df23)
+    #3 0x7f3122f7b3bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
+    #4 0x7f3122d8c18a in __libc_signal_restore_set /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
+    #5 0x7f3122d8c18a in raise /build/glibc-ZN95T4/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
+    #6 0x7f3122d6b858 in abort /build/glibc-ZN95T4/glibc-2.31/stdlib/abort.c:79:7
+    #7 0x7f3122d6b728 in __assert_fail_base /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:92:3
+    #8 0x7f3122d7cf35 in __assert_fail /build/glibc-ZN95T4/glibc-2.31/assert/assert.c:101:3
+    #9 0x56336ec7c8ab in address_space_stw_le_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_cached.h.inc:88:5
+    #10 0x56336ec7b746 in stw_le_phys_cached /home/qiuhao/hack/qemu/include/exec/memory_ldst_phys.h.inc:121:5
+    #11 0x56336ec7acf8 in virtio_stw_phys_cached /home/qiuhao/hack/qemu/include/hw/virtio/virtio-access.h:196:9
+    #12 0x56336ec79f7b in vring_set_avail_event /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:429:5
+    #13 0x56336ec376f5 in virtqueue_split_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1452:9
+    #14 0x56336ec3131c in virtqueue_pop /home/qiuhao/hack/qemu/build/../hw/virtio/virtio.c:1695:16
+    #15 0x56336c57fa43 in virtio_gpu_handle_ctrl /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:877:11
+    #16 0x56336c57f6d9 in virtio_gpu_ctrl_bh /home/qiuhao/hack/qemu/build/../hw/display/virtio-gpu.c:898:5
+    #17 0x563370ad4952 in aio_bh_call /home/qiuhao/hack/qemu/build/../util/async.c:136:5
+    #18 0x563370ad6352 in aio_bh_poll /home/qiuhao/hack/qemu/build/../util/async.c:164:13
+    #19 0x563370a2773b in aio_dispatch /home/qiuhao/hack/qemu/build/../util/aio-posix.c:381:5
+    #20 0x563370adfd5e in aio_ctx_dispatch /home/qiuhao/hack/qemu/build/../util/async.c:306:5
+    #21 0x7f312319afbc in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51fbc)
+    #22 0x563370942137 in glib_pollfds_poll /home/qiuhao/hack/qemu/build/../util/main-loop.c:221:9
+    #23 0x56337093fa37 in os_host_main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:244:5
+    #24 0x56337093f387 in main_loop_wait /home/qiuhao/hack/qemu/build/../util/main-loop.c:520:11
+    #25 0x56336c33ec22 in flush_events /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:49:9
+    #26 0x56336c33311b in generic_fuzz /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/generic_fuzz.c:683:17
+    #27 0x56336c340699 in LLVMFuzzerTestOneInput /home/qiuhao/hack/qemu/build/../tests/qtest/fuzz/fuzz.c:151:5
+    #28 0x56336c21d5e1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f8f5e1)
+    #29 0x56336c208d52 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f7ad52)
+    #30 0x56336c20e806 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f80806)
+    #31 0x56336c2374c2 in main (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2fa94c2)
+    #32 0x7f3122d6d0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
+    #33 0x56336c1e341d in _start (/home/qiuhao/hack/qemu/build/qemu-fuzz-i386+0x2f5541d)
+
+NOTE: libFuzzer has rudimentary signal handlers.
+      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
+SUMMARY: libFuzzer: deadly signal
+
+
+The QEMU project is currently moving its bug tracking to another system.
+For this we need to know which bugs are still valid and which could be
+closed already. Thus we are setting the bug state to "Incomplete" now.
+
+If the bug has already been fixed in the latest upstream version of QEMU,
+then please close this ticket as "Fix released".
+
+If it is not fixed yet and you think that this bug report here is still
+valid, then you have two options:
+
+1) If you already have an account on gitlab.com, please open a new ticket
+for this problem in our new tracker here:
+
+    https://gitlab.com/qemu-project/qemu/-/issues
+
+and then close this ticket here on Launchpad (or let it expire auto-
+matically after 60 days). Please mention the URL of this bug ticket on
+Launchpad in the new ticket on GitLab.
+
+2) If you don't have an account on gitlab.com and don't intend to get
+one, but still would like to keep this ticket opened, then please switch
+the state back to "New" or "Confirmed" within the next 60 days (other-
+wise it will get closed as "Expired"). We will then eventually migrate
+the ticket automatically to the new system (but you won't be the reporter
+of the bug in the new system and thus you won't get notified on changes
+anymore).
+
+Thank you and sorry for the inconvenience.
+
+
+
+This is an automated cleanup. This bug report has been moved to QEMU's
+new bug tracker on gitlab.com and thus gets marked as 'expired' now.
+Please continue with the discussion here:
+
+ https://gitlab.com/qemu-project/qemu/-/issues/300
+
+