summary refs log tree commit diff stats
path: root/results/classifier/118/all/1890160
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/all/1890160')
-rw-r--r--results/classifier/118/all/1890160135
1 files changed, 135 insertions, 0 deletions
diff --git a/results/classifier/118/all/1890160 b/results/classifier/118/all/1890160
new file mode 100644
index 000000000..2e571fb98
--- /dev/null
+++ b/results/classifier/118/all/1890160
@@ -0,0 +1,135 @@
+peripherals: 0.950
+risc-v: 0.948
+hypervisor: 0.946
+device: 0.946
+vnc: 0.939
+virtual: 0.937
+arm: 0.931
+ppc: 0.931
+i386: 0.930
+VMM: 0.927
+mistranslation: 0.927
+boot: 0.926
+user-level: 0.923
+KVM: 0.921
+register: 0.919
+debug: 0.917
+permissions: 0.917
+TCG: 0.916
+graphic: 0.914
+files: 0.911
+semantic: 0.909
+socket: 0.907
+architecture: 0.906
+performance: 0.904
+assembly: 0.898
+kernel: 0.897
+x86: 0.895
+network: 0.893
+PID: 0.890
+
+Abort in vmxnet3_validate_queues
+
+Hello,
+Reproducer:
+
+cat << EOF | ./i386-softmmu/qemu-system-i386 \
+-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
+outl 0xcf8 0x80001014
+outl 0xcfc 0xe0001000
+outl 0xcf8 0x80001018
+outl 0xcf8 0x80001004
+outw 0xcfc 0x7
+write 0x0 0x1 0xe1
+write 0x1 0x1 0xfe
+write 0x2 0x1 0xbe
+write 0x3 0x1 0xba
+write 0x3e 0x1 0xe1
+writeq 0xe0001020 0xef0bff5ecafe0000
+EOF
+
+==============================================================
+qemu: hardware error: Bad TX queues number: 225
+
+    #6 0x7f04b89d455a in abort /build/glibc-GwnBeO/glibc-2.30/stdlib/abort.c:79:7
+    #7 0x558f5be89b67 in hw_error /home/alxndr/Development/qemu/general-fuzz/softmmu/cpus.c:927:5
+    #8 0x558f5d3c3968 in vmxnet3_validate_queues /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1388:9
+    #9 0x558f5d3bb716 in vmxnet3_activate_device /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1449:5
+    #10 0x558f5d3b6fba in vmxnet3_handle_command /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1576:9
+    #11 0x558f5d3b410f in vmxnet3_io_bar1_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1772:9
+    #12 0x558f5bec4193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
+    #13 0x558f5bec3637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
+    #14 0x558f5bec1256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
+
+-Alex
+
+Cc'ing Dmitry as he doesn't have lauchpad account :/
+
+On 8/3/20 4:37 PM, Alexander Bulekov wrote:
+> Public bug reported:
+> 
+> Hello,
+> Reproducer:
+> 
+> cat << EOF | ./i386-softmmu/qemu-system-i386 \
+> -device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
+> outl 0xcf8 0x80001014
+> outl 0xcfc 0xe0001000
+> outl 0xcf8 0x80001018
+> outl 0xcf8 0x80001004
+> outw 0xcfc 0x7
+> write 0x0 0x1 0xe1
+> write 0x1 0x1 0xfe
+> write 0x2 0x1 0xbe
+> write 0x3 0x1 0xba
+> write 0x3e 0x1 0xe1
+
+struct Vmxnet3_MiscConf {
+    struct Vmxnet3_DriverInfo driverInfo;
+    __le64        uptFeatures;
+    __le64        ddPA;         /* driver data PA */
+    __le64        queueDescPA;  /* queue descriptor table PA */
+    __le32        ddLen;        /* driver data len */
+    __le32        queueDescLen; /* queue desc. table len in bytes */
+    __le32        mtu;
+    __le16        maxNumRxSG;
+    u8        numTxQueues;
+   ^^^
+     \_________ @0x3e = 0xe1 = 225 queues (max is 8).
+
+    u8        numRxQueues;
+    __le32        reserved[4];
+
+> writeq 0xe0001020 0xef0bff5ecafe0000
+> EOF
+> 
+> ==============================================================
+> qemu: hardware error: Bad TX queues number: 225
+> 
+>     #6 0x7f04b89d455a in abort /build/glibc-GwnBeO/glibc-2.30/stdlib/abort.c:79:7
+>     #7 0x558f5be89b67 in hw_error /home/alxndr/Development/qemu/general-fuzz/softmmu/cpus.c:927:5
+>     #8 0x558f5d3c3968 in vmxnet3_validate_queues /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1388:9
+>     #9 0x558f5d3bb716 in vmxnet3_activate_device /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1449:5
+>     #10 0x558f5d3b6fba in vmxnet3_handle_command /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1576:9
+>     #11 0x558f5d3b410f in vmxnet3_io_bar1_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1772:9
+>     #12 0x558f5bec4193 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
+>     #13 0x558f5bec3637 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
+>     #14 0x558f5bec1256 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
+> 
+> -Alex
+> 
+> ** Affects: qemu
+>      Importance: Undecided
+>          Status: New
+> 
+
+
+
+Still reproduces with the current version of QEMU. Marking as "Confirmed"
+
+Suggested fix:
+https://<email address hidden>/
+
+Fixed here:
+https://gitlab.com/qemu-project/qemu/-/commit/9010b0c7a9a097590e183
+