summary refs log tree commit diff stats
path: root/results/classifier/108/other/244
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--results/classifier/108/other/24416
-rw-r--r--results/classifier/108/other/2440127
-rw-r--r--results/classifier/108/other/2441115
-rw-r--r--results/classifier/108/other/2442162
-rw-r--r--results/classifier/108/other/244416
-rw-r--r--results/classifier/108/other/2445102
-rw-r--r--results/classifier/108/other/244861
7 files changed, 599 insertions, 0 deletions
diff --git a/results/classifier/108/other/244 b/results/classifier/108/other/244
new file mode 100644
index 000000000..09a448aa0
--- /dev/null
+++ b/results/classifier/108/other/244
@@ -0,0 +1,16 @@
+other: 0.869
+device: 0.771
+semantic: 0.751
+performance: 0.673
+graphic: 0.460
+network: 0.376
+permissions: 0.237
+socket: 0.193
+files: 0.152
+vnc: 0.151
+debug: 0.148
+boot: 0.122
+PID: 0.037
+KVM: 0.016
+
+MIPS MT dvpe does not regard VPEConf0.MVP
diff --git a/results/classifier/108/other/2440 b/results/classifier/108/other/2440
new file mode 100644
index 000000000..70ed3d210
--- /dev/null
+++ b/results/classifier/108/other/2440
@@ -0,0 +1,127 @@
+other: 0.823
+vnc: 0.785
+KVM: 0.776
+graphic: 0.774
+semantic: 0.757
+device: 0.755
+performance: 0.742
+permissions: 0.738
+debug: 0.727
+network: 0.702
+socket: 0.688
+PID: 0.687
+boot: 0.646
+files: 0.619
+
+virtio-net: Use-After-Free during unrealization of virtio-net
+Description of problem:
+When hotplugging `virtio-net` device, mishandling of `failover` option may leads to use-after-free.
+More specifically, if we try to hotplug virtio-net device with `failover=on` and other invalid option (e.g. `rx_queue_size=0`), the device listner callback is registered but not unregistered before being freed, leading to UAF.
+Steps to reproduce:
+```sh
+cat <<EOF | qemu-system-i386 -M q35 -nodefaults -chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
+device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
+device_add virtio-net,failover=on,bus=br1,id=dev0
+quit
+EOF
+```
+
+If above command is not working, let me know so that I provide more information.
+Additional information:
+The following log leveals bug location:
+
+```sh
+$ cat <<EOF | qemu-system-i386 -M q35 -nodefaults -chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
+device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
+device_add virtio-net,failover=on,bus=br1,id=dev0
+quit
+EOF
+==836681==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
+QEMU 8.1.93 monitor - type 'help' for more information
+VNC server running on 127.0.0.1:5900
+(qemu) device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
+Error: Invalid rx_queue_size (= 0), must be a power of 2 between 256 and 1024.
+(qemu) device_add virtio-net,failover=on,bus=br1,id=dev0
+=================================================================
+==836681==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e00000ab58 at pc 0x5577bbb8fe22 bp 0x7ffeb03fca50 sp 0x7ffeb03fca48
+READ of size 8 at 0x62e00000ab58 thread T0
+    #0 0x5577bbb8fe21 in qdev_should_hide_device /home/XXX/qemu/build/../hw/core/qdev.c:233:23
+    #1 0x5577bb14aac4 in qdev_device_add_from_qdict /home/XXX/qemu/build/../system/qdev-monitor.c:662:9
+    #2 0x5577bb14c364 in qdev_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:738:11
+    #3 0x5577bb14d6eb in qmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:860:11
+    #4 0x5577bb14e11d in hmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:968:5
+    #5 0x5577bb29aef4 in handle_hmp_command_exec /home/XXX/qemu/build/../monitor/hmp.c:1106:9
+    #6 0x5577bb298fa3 in handle_hmp_command /home/XXX/qemu/build/../monitor/hmp.c:1158:9
+    #7 0x5577bb2949ee in monitor_command_cb /home/XXX/qemu/build/../monitor/hmp.c:47:5
+    #8 0x5577bc2b0c3a in readline_handle_byte /home/XXX/qemu/build/../util/readline.c:419:13
+    #9 0x5577bb29d261 in monitor_read /home/XXX/qemu/build/../monitor/hmp.c:1390:13
+    #10 0x5577bbfda644 in fd_chr_read /home/XXX/qemu/build/../chardev/char-fd.c:72:9
+    #11 0x7f53d36e5c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #12 0x5577bc2536db in glib_pollfds_poll /home/XXX/qemu/build/../util/main-loop.c:290:9
+    #13 0x5577bc2536db in os_host_main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:313:5
+    #14 0x5577bc2536db in main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:592:11
+    #15 0x5577bb15dd06 in qemu_main_loop /home/XXX/qemu/build/../system/runstate.c:782:9
+    #16 0x5577bbb81115 in qemu_default_main /home/XXX/qemu/build/../system/main.c:37:14
+    #17 0x7f53d2c3fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
+    #18 0x7f53d2c3fe3f in __libc_start_main csu/../csu/libc-start.c:392:3
+    #19 0x5577ba4c3584 in _start (/usr/local/bin/qemu-system-i386+0x1ada584) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
+
+0x62e00000ab58 is located 42840 bytes inside of 43008-byte region [0x62e000000400,0x62e00000ac00)
+freed by thread T1 here:
+    #0 0x5577ba546122 in __interceptor_free (/usr/local/bin/qemu-system-i386+0x1b5d122) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
+    #1 0x5577bbba5135 in object_finalize /home/XXX/qemu/build/../qom/object.c:714:9
+    #2 0x5577bbba5135 in object_unref /home/XXX/qemu/build/../qom/object.c:1217:9
+    #3 0x5577bbb91ac3 in bus_free_bus_child /home/XXX/qemu/build/../hw/core/qdev.c:55:5
+
+previously allocated by thread T0 here:
+    #0 0x5577ba5463ce in malloc (/usr/local/bin/qemu-system-i386+0x1b5d3ce) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
+    #1 0x7f53d36ee738 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #2 0x5577bb14c364 in qdev_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:738:11
+    #3 0x5577bb29aef4 in handle_hmp_command_exec /home/XXX/qemu/build/../monitor/hmp.c:1106:9
+    #4 0x5577bb298fa3 in handle_hmp_command /home/XXX/qemu/build/../monitor/hmp.c:1158:9
+    #5 0x5577bb2949ee in monitor_command_cb /home/XXX/qemu/build/../monitor/hmp.c:47:5
+
+Thread T1 created by T0 here:
+    #0 0x5577ba52f84c in pthread_create (/usr/local/bin/qemu-system-i386+0x1b4684c) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
+    #1 0x5577bc1fcc24 in qemu_thread_create /home/XXX/qemu/build/../util/qemu-thread-posix.c:581:11
+    #2 0x5577bc229970 in rcu_init_complete /home/XXX/qemu/build/../util/rcu.c:415:5
+    #3 0x5577bc229970 in rcu_init /home/XXX/qemu/build/../util/rcu.c:471:5
+    #4 0x7f53d2c3feba in call_init csu/../csu/libc-start.c:145:3
+    #5 0x7f53d2c3feba in __libc_start_main csu/../csu/libc-start.c:379:5
+
+SUMMARY: AddressSanitizer: heap-use-after-free /home/XXX/qemu/build/../hw/core/qdev.c:233:23 in qdev_should_hide_device
+Shadow bytes around the buggy address:
+  0x0c5c7fff9510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+  0x0c5c7fff9520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+  0x0c5c7fff9530: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+  0x0c5c7fff9540: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+  0x0c5c7fff9550: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+=>0x0c5c7fff9560: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
+  0x0c5c7fff9570: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+  0x0c5c7fff9580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c5c7fff9590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c5c7fff95a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c5c7fff95b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+Shadow byte legend (one shadow byte represents 8 application bytes):
+  Addressable:           00
+  Partially addressable: 01 02 03 04 05 06 07
+  Heap left redzone:       fa
+  Freed heap region:       fd
+  Stack left redzone:      f1
+  Stack mid redzone:       f2
+  Stack right redzone:     f3
+  Stack after return:      f5
+  Stack use after scope:   f8
+  Global redzone:          f9
+  Global init order:       f6
+  Poisoned by user:        f7
+  Container overflow:      fc
+  Array cookie:            ac
+  Intra object redzone:    bb
+  ASan internal:           fe
+  Left alloca redzone:     ca
+  Right alloca redzone:    cb
+==836681==ABORTING
+```
+
+#
diff --git a/results/classifier/108/other/2441 b/results/classifier/108/other/2441
new file mode 100644
index 000000000..fdac93838
--- /dev/null
+++ b/results/classifier/108/other/2441
@@ -0,0 +1,115 @@
+other: 0.828
+performance: 0.735
+semantic: 0.725
+permissions: 0.721
+device: 0.721
+vnc: 0.720
+debug: 0.718
+graphic: 0.713
+KVM: 0.691
+PID: 0.690
+files: 0.685
+boot: 0.654
+network: 0.648
+socket: 0.645
+
+virtio-net: memory leak when hotplugging virtio-net
+Description of problem:
+When invalid option for virtio-net device is provided during hotplug, allocated string is not freed, leading to memory leak.
+Steps to reproduce:
+```sh
+cat <<EOF | qemu-system-i386 -M q35 -nodefaults \
+-chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
+device_add virtio-net,rx_queue_size=0,bus=br1,id=dev0
+quit
+EOF
+```
+
+If above command is not working, let me know so that I provide more information.
+Additional information:
+There is LeakSanitizer log:
+
+```sh
+$ cat <<EOF | LSAN_OPTIONS=fast_unwind_on_malloc=0 qemu-system-i386 -M q35 -nodefaults \
+-chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
+device_add virtio-net,rx_queue_size=0,bus=br1,id=dev0
+quit
+EOF
+==831633==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
+QEMU 8.1.93 monitor - type 'help' for more information
+VNC server running on 127.0.0.1:5900
+(qemu) device_add virtio-net,rx_queue_size=0,bus=br1,id=dev0
+Error: Invalid rx_queue_size (= 0), must be a power of 2 between 256 and 1024.
+(qemu) quit
+
+=================================================================
+==831633==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 15 byte(s) in 1 object(s) allocated from:
+    #0 0x55c1ac66b3ce in malloc (/usr/local/bin/qemu-system-i386+0x1b5d3ce) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
+    #1 0x7f45c1695738 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #2 0x7f45c16aa583 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73583) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #3 0x55c1ad943dd4 in virtio_net_set_netclient_name /home/XXX/qemu/build/../hw/net/virtio-net.c:3445:25
+    #4 0x55c1adace541 in virtio_net_pci_realize /home/XXX/qemu/build/../hw/virtio/virtio-net-pci.c:62:5
+    #5 0x55c1ad13ec00 in virtio_pci_realize /home/XXX/qemu/build/../hw/virtio/virtio-pci.c:2228:9
+    #6 0x55c1acdec557 in pci_qdev_realize /home/XXX/qemu/build/../hw/pci/pci.c:2117:9
+    #7 0x55c1adcb9484 in device_set_realized /home/XXX/qemu/build/../hw/core/qdev.c:510:13
+    #8 0x55c1adcd6278 in property_set_bool /home/XXX/qemu/build/../qom/object.c:2305:5
+    #9 0x55c1adcd1443 in object_property_set /home/XXX/qemu/build/../qom/object.c:1435:5
+    #10 0x55c1adcdd15c in object_property_set_qobject /home/XXX/qemu/build/../qom/qom-qobject.c:28:10
+    #11 0x55c1adcd1d11 in object_property_set_bool /home/XXX/qemu/build/../qom/object.c:1504:15
+    #12 0x55c1ad27021a in qdev_device_add_from_qdict /home/XXX/qemu/build/../system/qdev-monitor.c:719:10
+    #13 0x55c1ad271364 in qdev_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:738:11
+    #14 0x55c1ad2726eb in qmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:860:11
+    #15 0x55c1ad27311d in hmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:968:5
+    #16 0x55c1ad3bfef4 in handle_hmp_command_exec /home/XXX/qemu/build/../monitor/hmp.c:1106:9
+    #17 0x55c1ad3bdfa3 in handle_hmp_command /home/XXX/qemu/build/../monitor/hmp.c:1158:9
+    #18 0x55c1ad3b99ee in monitor_command_cb /home/XXX/qemu/build/../monitor/hmp.c:47:5
+    #19 0x55c1ae3d5c3a in readline_handle_byte /home/XXX/qemu/build/../util/readline.c:419:13
+    #20 0x55c1ad3c2261 in monitor_read /home/XXX/qemu/build/../monitor/hmp.c:1390:13
+    #21 0x55c1ae0ff644 in fd_chr_read /home/XXX/qemu/build/../chardev/char-fd.c:72:9
+    #22 0x7f45c168cc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #23 0x55c1ae3786db in glib_pollfds_poll /home/XXX/qemu/build/../util/main-loop.c:290:9
+    #24 0x55c1ae3786db in os_host_main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:313:5
+    #25 0x55c1ae3786db in main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:592:11
+    #26 0x55c1ad282d06 in qemu_main_loop /home/XXX/qemu/build/../system/runstate.c:782:9
+    #27 0x55c1adca6115 in qemu_default_main /home/XXX/qemu/build/../system/main.c:37:14
+    #28 0x7f45c0bd0d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
+    #29 0x7f45c0bd0e3f in __libc_start_main csu/../csu/libc-start.c:392:3
+
+Direct leak of 5 byte(s) in 1 object(s) allocated from:
+    #0 0x55c1ac66b3ce in malloc (/usr/local/bin/qemu-system-i386+0x1b5d3ce) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
+    #1 0x7f45c1695738 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #2 0x7f45c16aa583 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73583) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #3 0x55c1ad943da2 in virtio_net_set_netclient_name /home/XXX/qemu/build/../hw/net/virtio-net.c:3444:25
+    #4 0x55c1adace541 in virtio_net_pci_realize /home/XXX/qemu/build/../hw/virtio/virtio-net-pci.c:62:5
+    #5 0x55c1ad13ec00 in virtio_pci_realize /home/XXX/qemu/build/../hw/virtio/virtio-pci.c:2228:9
+    #6 0x55c1acdec557 in pci_qdev_realize /home/XXX/qemu/build/../hw/pci/pci.c:2117:9
+    #7 0x55c1adcb9484 in device_set_realized /home/XXX/qemu/build/../hw/core/qdev.c:510:13
+    #8 0x55c1adcd6278 in property_set_bool /home/XXX/qemu/build/../qom/object.c:2305:5
+    #9 0x55c1adcd1443 in object_property_set /home/XXX/qemu/build/../qom/object.c:1435:5
+    #10 0x55c1adcdd15c in object_property_set_qobject /home/XXX/qemu/build/../qom/qom-qobject.c:28:10
+    #11 0x55c1adcd1d11 in object_property_set_bool /home/XXX/qemu/build/../qom/object.c:1504:15
+    #12 0x55c1ad27021a in qdev_device_add_from_qdict /home/XXX/qemu/build/../system/qdev-monitor.c:719:10
+    #13 0x55c1ad271364 in qdev_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:738:11
+    #14 0x55c1ad2726eb in qmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:860:11
+    #15 0x55c1ad27311d in hmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:968:5
+    #16 0x55c1ad3bfef4 in handle_hmp_command_exec /home/XXX/qemu/build/../monitor/hmp.c:1106:9
+    #17 0x55c1ad3bdfa3 in handle_hmp_command /home/XXX/qemu/build/../monitor/hmp.c:1158:9
+    #18 0x55c1ad3b99ee in monitor_command_cb /home/XXX/qemu/build/../monitor/hmp.c:47:5
+    #19 0x55c1ae3d5c3a in readline_handle_byte /home/XXX/qemu/build/../util/readline.c:419:13
+    #20 0x55c1ad3c2261 in monitor_read /home/XXX/qemu/build/../monitor/hmp.c:1390:13
+    #21 0x55c1ae0ff644 in fd_chr_read /home/XXX/qemu/build/../chardev/char-fd.c:72:9
+    #22 0x7f45c168cc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
+    #23 0x55c1ae3786db in glib_pollfds_poll /home/XXX/qemu/build/../util/main-loop.c:290:9
+    #24 0x55c1ae3786db in os_host_main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:313:5
+    #25 0x55c1ae3786db in main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:592:11
+    #26 0x55c1ad282d06 in qemu_main_loop /home/XXX/qemu/build/../system/runstate.c:782:9
+    #27 0x55c1adca6115 in qemu_default_main /home/XXX/qemu/build/../system/main.c:37:14
+    #28 0x7f45c0bd0d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
+    #29 0x7f45c0bd0e3f in __libc_start_main csu/../csu/libc-start.c:392:3
+
+SUMMARY: AddressSanitizer: 20 byte(s) leaked in 2 allocation(s).
+```
+
+#
diff --git a/results/classifier/108/other/2442 b/results/classifier/108/other/2442
new file mode 100644
index 000000000..ae895bece
--- /dev/null
+++ b/results/classifier/108/other/2442
@@ -0,0 +1,162 @@
+other: 0.963
+permissions: 0.937
+network: 0.925
+graphic: 0.924
+debug: 0.921
+semantic: 0.891
+device: 0.881
+boot: 0.873
+performance: 0.870
+socket: 0.856
+KVM: 0.835
+vnc: 0.824
+PID: 0.820
+files: 0.774
+
+kvm-unit-tests ept failed
+Description of problem:
+On the Sierra Forest and Emerald Rapids platform, the ept test in kvm-unit-tests failed on the latest QEMU.
+
+QEMU first bad commit is 0b2757412cb1d1947d7e2c1fe14985f1e72bba32.
+
+This bad commit also caused other errors, such as:
+
+1.kvm-unit-tests vmx_pf_invvpid_test
+
+Test suite: vmx_pf_invvpid_test
+
+Host skipping test: INVVPID ADDR unsupported
+
+filter = vmx_pf_invvpid_test, test = vmx_pf_vpid_test
+
+filter = vmx_pf_invvpid_test, test = vmx_exception_test
+
+SUMMARY: 0 tests
+
+SKIP vmx_pf_invvpid_test (0 tests)
+
+2.kvm-unit-tests vmx_pf_no_vpid_test
+
+Test suite: vmx_pf_no_vpid_test
+
+run
+
+x86/vmx_tests.c:10568: assert failed: false: Unexpected exit to L1, exit_reason: VMX_CR (0x1c)
+        STACK: 40717c 4072a3 402039 403f11 4001bd
+
+FAIL vmx_pf_no_vpid_test
+
+3.kvm-unit-tests vmx:
+
+Test suite: vmx_controls_test
+
+FAIL: Clear primary processor-based controls bit 15: vmlaunch fails
+
+FAIL: Clear primary processor-based controls bit 16: vmlaunch fails
+
+Test suite: vmx_mtf_test
+
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000025 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0010'0101 - 37
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_MTF, got VMX_CR.
+        STACK: 406faa 407478 407911 402039 403f11 4001bd
+
+4.Failed to boot L2 guest on L1 windows guest, host does not support "Intel EPT" hardware assisted MMU virtualization.
+Steps to reproduce:
+1.git clone https://gitlab.com/kvm-unit-tests/kvm-unit-tests.git
+
+2.cd kvm-unit-tests; ./configure
+
+3.make standalone
+
+4.rmmod kvm_intel
+
+5.modprobe kvm_intel nested=Y allow_smaller_maxphyaddr=Y
+
+6.cd tests; ./ept
+Additional information:
+...
+Test suite: ept_access_test_paddr_not_present_ad_disabled
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416cf2 416f68 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_not_present_ad_enabled
+
+Test suite: ept_access_test_paddr_not_present_ad_enabled
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416cf2 416f09 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_read_only_ad_disabled
+
+Test suite: ept_access_test_paddr_read_only_ad_disabled
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416cf2 417150 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_read_only_ad_enabled
+
+Test suite: ept_access_test_paddr_read_only_ad_enabled
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416cf2 416e14 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_read_write
+
+Test suite: ept_access_test_paddr_read_write
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416fb1 4170fb 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_read_write_execute
+
+Test suite: ept_access_test_paddr_read_write_execute
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416fb1 4170b0 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_read_execute_ad_disabled
+
+Test suite: ept_access_test_paddr_read_execute_ad_disabled
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416cf2 416fde 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_read_execute_ad_enabled
+
+Test suite: ept_access_test_paddr_read_execute_ad_enabled
+FAIL: x86/vmx_tests.c:2164: Assertion failed: (expected) == (actual)
+        LHS: 0x0000000000000012 - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'0010 - 18
+        RHS: 0x000000000000001c - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0001'1100 - 28
+Expected VMX_VMCALL, got VMX_CR.
+        STACK: 406faa 40730c 416905 416cf2 416d1f 402039 403f11 4001bd
+filter = ept_access*, test = ept_access_test_paddr_not_present_page_fault
+
+Test suite: ept_access_test_paddr_not_present_page_fault
+filter = ept_access*, test = ept_access_test_force_2m_page
+
+Test suite: ept_access_test_force_2m_page
+filter = ept_access*, test = atomic_switch_max_msrs_test
+filter = ept_access*, test = atomic_switch_overflow_msrs_test
+filter = ept_access*, test = rdtsc_vmexit_diff_test
+filter = ept_access*, test = vmx_mtf_test
+filter = ept_access*, test = vmx_mtf_pdpte_test
+filter = ept_access*, test = vmx_pf_exception_test
+filter = ept_access*, test = vmx_pf_exception_forced_emulation_test
+filter = ept_access*, test = vmx_pf_no_vpid_test
+filter = ept_access*, test = vmx_pf_invvpid_test
+filter = ept_access*, test = vmx_pf_vpid_test
+filter = ept_access*, test = vmx_exception_test
+SUMMARY: 5824 tests, 8 unexpected failures
+FAIL ept (5824 tests, 8 unexpected failures)
+
+[error.log](/uploads/407a04df83bae220bca6fad3c9bba9ff/error.log)
diff --git a/results/classifier/108/other/2444 b/results/classifier/108/other/2444
new file mode 100644
index 000000000..df2e67019
--- /dev/null
+++ b/results/classifier/108/other/2444
@@ -0,0 +1,16 @@
+socket: 0.870
+device: 0.720
+network: 0.682
+performance: 0.675
+graphic: 0.509
+other: 0.478
+debug: 0.453
+semantic: 0.443
+vnc: 0.428
+boot: 0.344
+files: 0.277
+permissions: 0.268
+KVM: 0.127
+PID: 0.125
+
+Use of vulnerable function 'strcpy' at can_socketcan.c:213. This function is unsafe.
diff --git a/results/classifier/108/other/2445 b/results/classifier/108/other/2445
new file mode 100644
index 000000000..e376a2ed8
--- /dev/null
+++ b/results/classifier/108/other/2445
@@ -0,0 +1,102 @@
+KVM: 0.617
+graphic: 0.548
+vnc: 0.523
+other: 0.495
+permissions: 0.485
+device: 0.448
+semantic: 0.431
+performance: 0.415
+PID: 0.410
+boot: 0.403
+network: 0.386
+debug: 0.380
+socket: 0.368
+files: 0.345
+
+virtio-pci: the number of irq routes keeps increasing and qemu abort
+Description of problem:
+
+Steps to reproduce:
+1. Start a virtual machine and add a virtio-scsi controller for vm, E.g:
+
+   `<controller type='scsi' model='virtio-scsi' index='1'/>`
+2. write rand value and rand address in port IO address space of virtio-scsi device in the guest, E.g:
+
+   ```
+   int main(){
+       iopl(3);
+       srand(10001);
+       unsigned port_base = 0xc000;
+       unsigned port_space_size = 32;
+       time_t now;
+       struct tm *tm_struct;
+       int i;
+   
+       for (i=0;i<100000000;i++){
+           outb(rand()&0xff,port_base+rand()%port_space_size);
+           outw(rand()&0xffff,port_base+rand()%port_space_size);
+           outl(rand(),port_base+rand()%port_space_size);
+       }
+       return 0;
+   }
+   ```
+
+   or write some special value:
+
+   ```
+   int main(){
+       iopl(3);
+       srand(10001);
+       unsigned port_base = 0xc000;
+       unsigned port_space_size = 32;
+       int i;
+   
+       for (i=0;i<100000000;i++){
+           outw(13170, port_base + 18); // DRIVER
+           outw(16, port_base + 20);    // config_vector = 16
+           outw(34244, port_base + 18); // DRIVE OK
+           outw(29, port_base + 20);    // config_vector = 65535
+           outw(5817, port_base + 18);  // not DRIVE OK
+           usleep(1000);
+       }
+       return 0;
+   }
+   ```
+3. the number of irq routes will keep increasing and qemu process on the host will abort
+Additional information:
+stack infomation after qemu process aborts:
+
+```
+#0  0x00007f3cd38500ff in  () at /usr/lib64/libc.so.6
+#1  0x00007f3cd3803d06 in raise () at /usr/lib64/libc.so.6
+#2  0x00007f3cd37ef1f7 in abort () at /usr/lib64/libc.so.6
+#3  0x0000563055c54d68 in kvm_irqchip_commit_routes (s=0x563058b24bc0) at ../accel/kvm/kvm-all.c:1872
+#4  kvm_irqchip_commit_routes (s=0x563058b24bc0) at ../accel/kvm/kvm-all.c:1855
+#5  0x0000563055a1c242 in kvm_irqchip_commit_route_changes (c=0x7f3ccaffc040) at /Images/syg/code/openEuler/qemu/include/sysemu/kvm.h:470
+#6  kvm_virtio_pci_vq_vector_use (vector=18, proxy=0x563059b7f320) at ../hw/virtio/virtio-pci.c:875
+#7  kvm_virtio_pci_vector_use_one (proxy=proxy@entry=0x563059b7f320, queue_no=queue_no@entry=17) at ../hw/virtio/virtio-pci.c:948
+#8  0x0000563055a1d718 in kvm_virtio_pci_vector_vq_use (nvqs=18, proxy=0x563059b7f320) at ../hw/virtio/virtio-pci.c:1010
+#9  virtio_pci_set_guest_notifiers (d=0x563059b7f320, nvqs=18, assign=<optimized out>) at ../hw/virtio/virtio-pci.c:1373
+#10 0x00005630559cb5f9 in virtio_scsi_dataplane_start (vdev=0x563059b876f0) at ../hw/scsi/virtio-scsi-dataplane.c:116
+#11 0x0000563055a194f2 in virtio_bus_start_ioeventfd (bus=bus@entry=0x563059b87670) at ../hw/virtio/virtio-bus.c:236
+#12 0x0000563055a1c9f2 in virtio_pci_start_ioeventfd (proxy=0x563059b7f320) at ../hw/virtio/virtio-pci.c:375
+#13 virtio_ioport_write (val=34244, addr=18, opaque=0x563059b7f320) at ../hw/virtio/virtio-pci.c:471
+#14 virtio_pci_config_write (opaque=0x563059b7f320, addr=18, val=<optimized out>, size=<optimized out>) at ../hw/virtio/virtio-pci.c:617
+#15 0x0000563055bfb3af in memory_region_write_accessor (mr=mr@entry=0x563059b7fd50, addr=18, value=value@entry=0x7f3ccaffc2c8, size=size@entry=2, shift=<optimized out>, mask=mask@entry=65535, attrs=...)
+    at ../system/memory.c:497
+#16 0x0000563055bfc05e in access_with_adjusted_size (addr=addr@entry=18, value=value@entry=0x7f3ccaffc2c8, size=size@entry=2, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=
+    0x563055bfb330 <memory_region_write_accessor>, mr=0x563059b7fd50, attrs=...) at ../system/memory.c:573
+#17 0x0000563055bfd074 in memory_region_dispatch_write (mr=0x563059b7fd50, addr=18, data=<optimized out>, op=<optimized out>, attrs=attrs@entry=...) at ../system/memory.c:1528
+#18 0x0000563055c040f4 in flatview_write_continue
+    (fv=fv@entry=0x7f3aa40198b0, addr=addr@entry=49170, attrs=attrs@entry=..., ptr=ptr@entry=0x7f3cd0002000, len=len@entry=2, addr1=<optimized out>, l=<optimized out>, mr=<optimized out>)
+    at /Images/syg/code/openEuler/qemu/include/qemu/host-utils.h:238
+#19 0x0000563055c043e0 in flatview_write (fv=0x7f3aa40198b0, addr=addr@entry=49170, attrs=attrs@entry=..., buf=buf@entry=0x7f3cd0002000, len=len@entry=2) at ../system/physmem.c:2799
+#20 0x0000563055c07c48 in address_space_write (len=2, buf=0x7f3cd0002000, attrs=..., addr=49170, as=0x563056cc8fe0 <address_space_io>) at ../system/physmem.c:2906
+#21 address_space_rw (as=0x563056cc8fe0 <address_space_io>, addr=addr@entry=49170, attrs=attrs@entry=..., buf=0x7f3cd0002000, len=len@entry=2, is_write=is_write@entry=true) at ../system/physmem.c:2916
+#22 0x0000563055c58663 in kvm_handle_io (count=1, size=2, direction=<optimized out>, data=<optimized out>, attrs=..., port=49170) at ../accel/kvm/kvm-all.c:2670
+#23 kvm_cpu_exec (cpu=cpu@entry=0x563058ee2a40) at ../accel/kvm/kvm-all.c:2943
+#24 0x0000563055c59965 in kvm_vcpu_thread_fn (arg=0x563058ee2a40) at ../accel/kvm/kvm-accel-ops.c:51
+#25 0x0000563055ddb9df in qemu_thread_start (args=0x563058eecaa0) at ../util/qemu-thread-posix.c:541
+#26 0x00007f3cd384e51a in  () at /usr/lib64/libc.so.6
+#27 0x00007f3cd38d0e00 in  () at /usr/lib64/libc.so.6
+```
diff --git a/results/classifier/108/other/2448 b/results/classifier/108/other/2448
new file mode 100644
index 000000000..73199466d
--- /dev/null
+++ b/results/classifier/108/other/2448
@@ -0,0 +1,61 @@
+debug: 0.781
+graphic: 0.773
+other: 0.763
+PID: 0.749
+device: 0.730
+vnc: 0.728
+permissions: 0.728
+performance: 0.725
+semantic: 0.721
+boot: 0.684
+socket: 0.668
+files: 0.654
+network: 0.648
+KVM: 0.505
+
+linux-user as binfmt_misc fails to recognize AT_EXECFD if it's 0 and leaves it open as stdin
+Description of problem:
+When a `*-linux-user` is used as binfmt_misc, and...
+
+- The `O` (i.e. open-binary) flag is set
+- File descriptor 0 is closed when running the executable
+
+FD 0 is opened to point at the executable and passed as `AT_EXECFD`, which QEMU fails to recognize and leaves open before handing control over to the executable, leading to the program to think stdin is opened for reading its own executable.
+
+Some use cases rely on closed stdin to behave correctly. For example, this problem causes the `tests/tail/follow-stdin.sh` and `tests/tac/tac-2-nonseekable.sh` tests in GNU coreutils to fail. In any case, having the executable itself be stdin is definitely incorrect and quite surprising behavior.
+Steps to reproduce:
+1. Set up qemu-riscv64 as binfmt_misc with `qemu-binfmt-conf.sh`, with the `--credential` flag (which enables open-binary)
+2. Get a coreutils built for riscv64 (Let's say it can be found in `riscv64-coreutils/bin`)
+3. Run it with something like `riscv64-coreutils/bin/cat <&- | xxd | head` (`xxd | head` to catch the binary output)
+
+The correct behavior is (You can see by running the native `cat <&-`):
+
+```
+cat: -: Bad file descriptor
+cat: closing standard input: Bad file descriptor
+```
+
+Instead, the executable `cat` itself is dumped to stdout.
+
+Perhaps slightly more clear is `riscv64-coreutils/bin/ls -l /proc/self/fd <&-` which shows fd 0 unexpectedly pointing to the coreutils executable.
+Additional information:
+I'm interested in writing a patch to fix this issue but I'm uncertain how to proceed. This is what I've found so far:
+
+In `linux-user/main.c` if (effectively) `getauxval(AT_EXECFD)` is 0 it's treated as nonexistent. (https://gitlab.com/qemu-project/qemu/-/blob/0d9f1016d43302108d33d1268304a06cc3fb2021/linux-user/main.c#L758-765)
+
+```c
+    execfd = qemu_getauxval(AT_EXECFD);
+    if (execfd == 0) {
+        execfd = open(exec_path, O_RDONLY);
+        if (execfd < 0) {
+            printf("Error while loading %s: %s\n", exec_path, strerror(errno));
+            _exit(EXIT_FAILURE);
+        }
+    }
+```
+
+However as we've seen `getauxval(AT_EXECFD)` can have 0 as a valid value.
+
+`qemu_getauxval` in `util/getauxval.c` implements several strategies to get the auxv, but doesn't currently give a way to distinguish not found and 0. FreeBSD `elf_aux_info` has `EINVAL` and `ENOENT` error codes but it's ignored here. On Linux, glibc sets `errno` to `ENOENT` to distinguish the two cases but only on glibc >= 2.19. Musl's `getauxval` has always had setting `errno` to `ENOENT`.
+
+Once we add a proper "`AT_EXECFD` doesn't exist" check this will no longer be a problem since (IIUC) `execfd` will eventually be closed after loading. How should we add "not found" support to `qemu_getauxval`? Is just simply relying on libc's `getauxval` setting `errno` okay?