summary refs log tree commit diff stats
path: root/results/classifier/118/hypervisor/1883729
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/hypervisor/1883729')
-rw-r--r--results/classifier/118/hypervisor/1883729428
1 files changed, 0 insertions, 428 deletions
diff --git a/results/classifier/118/hypervisor/1883729 b/results/classifier/118/hypervisor/1883729
deleted file mode 100644
index a25ac7187..000000000
--- a/results/classifier/118/hypervisor/1883729
+++ /dev/null
@@ -1,428 +0,0 @@
-hypervisor: 0.804
-graphic: 0.726
-vnc: 0.687
-register: 0.679
-TCG: 0.678
-virtual: 0.670
-x86: 0.661
-KVM: 0.632
-risc-v: 0.630
-VMM: 0.629
-peripherals: 0.626
-user-level: 0.604
-device: 0.581
-mistranslation: 0.569
-arm: 0.568
-i386: 0.549
-ppc: 0.541
-performance: 0.536
-semantic: 0.524
-debug: 0.513
-permissions: 0.482
-assembly: 0.478
-architecture: 0.471
-network: 0.465
-files: 0.463
-boot: 0.461
-PID: 0.455
-socket: 0.452
-kernel: 0.413
-
-xhci_find_stream: Assertion `streamid != 0' failed.
-
-To reproduce run the QEMU with the following command line:
-```
-qemu-system-x86_64 -cdrom hypertrash_os_bios_crash.iso -nographic -m 100 -enable-kvm -device virtio-gpu-pci -device nec-usb-xhci -device usb-audio
-```
-
-QEMU Version:
-```
-# qemu-5.0.0
-$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
-$ x86_64-softmmu/qemu-system-x86_64 --version
-QEMU emulator version 5.0.0
-Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
-```
-
-
-
-Attaching a QTest reproducer.
-./i386-softmmu/qemu-system-i386 -device nec-usb-xhci -trace usb\* \
--device usb-audio -device usb-storage,drive=mydrive \
--drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
--nodefaults -nographic -qtest stdio < repro
-
-
-Close to the crash:
-21000@1597111713.503068:usb_xhci_slot_configure slotid 58
-21000@1597111713.503074:usb_xhci_ep_disable slotid 58, epid 2
-21000@1597111713.503077:usb_xhci_ep_enable slotid 58, epid 2
-21000@1597111713.503085:usb_xhci_ep_disable slotid 58, epid 6
-21000@1597111713.503088:usb_xhci_ep_enable slotid 58, epid 6
-21000@1597111713.503092:usb_xhci_ep_disable slotid 58, epid 24
-21000@1597111713.503095:usb_xhci_ep_enable slotid 58, epid 24
-21000@1597111713.503099:usb_xhci_ep_disable slotid 58, epid 25
-21000@1597111713.503102:usb_xhci_ep_enable slotid 58, epid 25
-21000@1597111713.503106:usb_xhci_ep_disable slotid 58, epid 29
-21000@1597111713.503109:usb_xhci_ep_enable slotid 58, epid 29
-21000@1597111713.503113:usb_xhci_ep_disable slotid 58, epid 30
-21000@1597111713.503116:usb_xhci_ep_enable slotid 58, epid 30
-21000@1597111713.503121:usb_xhci_fetch_trb addr 0x0000000000000b20, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
-21000@1597111713.503127:usb_xhci_slot_enable slotid 59
-21000@1597111713.503130:usb_xhci_fetch_trb addr 0x0000000000000b30, CR_SET_TR_DEQUEUE, p 0x0000000000000000, s 0x00000000, c 0x00004300
-21000@1597111713.503135:usb_xhci_fetch_trb addr 0x0000000000000b40, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
-21000@1597111713.503140:usb_xhci_slot_enable slotid 60
-21000@1597111713.503143:usb_xhci_fetch_trb addr 0x0000000000000b50, CR_EVALUATE_CONTEXT, p 0x0000000000000000, s 0x00000000, c 0x00003600
-21000@1597111713.503149:usb_xhci_fetch_trb addr 0x0000000000000b60, CR_STOP_ENDPOINT, p 0x0000000000000000, s 0x00000000, c 0x3afd3c00
-21000@1597111713.503154:usb_xhci_ep_stop slotid 58, epid 29
-21000@1597111713.503159:usb_xhci_ep_state slotid 58, epid 29, running -> stopped
-21000@1597111713.503163:usb_xhci_fetch_trb addr 0x0000000000000b70, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
-21000@1597111713.503168:usb_xhci_slot_enable slotid 61
-21000@1597111713.503171:usb_xhci_fetch_trb addr 0x0000000000000b80, CR_SET_TR_DEQUEUE, p 0x0000000000000000, s 0x00000000, c 0x3afd4300
-21000@1597111713.503177:usb_xhci_ep_set_dequeue slotid 58, epid 29, streamid 0, ptr 0x0000000000000000
-qemu-system-i386: hw/usb/hcd-xhci.c:1016: XHCIStreamContext *xhci_find_stream(XHCIEPContext *, unsigned int, uint32_t *): Assertion `streamid != 0' failed.
-Aborted
-
-
-Can you still reproduce this assertion with the latest version 6.0 of QEMU? ... I cannot trigger it here, so I assume this issue has been fixed?
-
-I don't think it is fixed yet.. This is https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28571#c4
-
-Bash Reproducer:
-./qemu-system-i386 -display none -machine accel=qtest, -m 512M \
--machine q35 -nodefaults -drive \
-file=null-co://,if=none,format=raw,id=disk0 -device qemu-xhci,id=xhci \
--device usb-tablet,bus=xhci.0 -device usb-bot -device \
-usb-storage,drive=disk0 -chardev null,id=cd0 -chardev null,id=cd1 \
--device usb-braille,chardev=cd0 -device usb-ccid -device usb-ccid \
--device usb-kbd -device usb-mouse -device usb-serial,chardev=cd1 -device\
- usb-tablet -device usb-wacom-tablet -device usb-audio -qtest /dev/null \
--qtest stdio < attachment
-
-Testcase:
-/*
- * Autogenerated Fuzzer Test Case
- *
- * Copyright (c) 2021 <name of author>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- */
-
-#include "qemu/osdep.h"
-
-#include "libqos/libqtest.h"
-
-static void test_fuzz(void)
-{
-    QTestState *s = qtest_init(
-        "-display none , -m 512M -machine q35 -nodefaults -drive "
-        "file=null-co://,if=none,format=raw,id=disk0 -device qemu-xhci,id=xhci -device "
-        "usb-tablet,bus=xhci.0 -device usb-bot -device usb-storage,drive=disk0 -chardev "
-        "null,id=cd0 -chardev null,id=cd1 -device usb-braille,chardev=cd0 -device "
-        "usb-ccid -device usb-ccid -device usb-kbd -device usb-mouse -device "
-        "usb-serial,chardev=cd1 -device usb-tablet -device usb-wacom-tablet -device "
-        "usb-audio -qtest /dev/null");
-    qtest_outl(s, 0xcf8, 0x80000816);
-    qtest_outl(s, 0xcfc, 0xffff);
-    qtest_outl(s, 0xcf8, 0x80000803);
-    qtest_outl(s, 0xcfc, 0x0600);
-    qtest_outl(s, 0xcf8, 0x80000810);
-    qtest_outl(s, 0xcfc, 0x2e654000);
-    qtest_writel(s, 0xffff00002e654040, 0xffffff05);
-    qtest_bufwrite(s, 0x4d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x5d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x7d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x8d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x9d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xad, "\x04", 0x1);
-    qtest_bufwrite(s, 0xbd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xcd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xdd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xed, "\x04", 0x1);
-    qtest_bufwrite(s, 0xfd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x10d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x11d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x12d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x13d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x14d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x15d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x16d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x17d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x18d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x19d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x1ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x1bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x1cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x1dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x1ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x1fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x20d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x21d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x22d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x23d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x24d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x25d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x26d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x27d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x28d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x29d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x2ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x2bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x2cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x2dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x2ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x2fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x30d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x31d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x32d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x33d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x34d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x35d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x36d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x37d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x38d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x39d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x3ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x3bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x3cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x3dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x3ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x3fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x40d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x41d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x42d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x43d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x44d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x45d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x46d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x47d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x48d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x49d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x4ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x4bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x4cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x4dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x4ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x4fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x50d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x51d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x52d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x53d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x54d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x55d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x56d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x57d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x58d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x59d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x5ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x5bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x5cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x5dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x5ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x5fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x60d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x61d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x62d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x63d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x64d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x65d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x66d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x67d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x68d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x69d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x70d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x71d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x72d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x73d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x74d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x75d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x76d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x77d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x78d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x79d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x7ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x7bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x7cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x7dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x7ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x7fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x80d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x81d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x82d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x83d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x84d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x85d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x86d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x87d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x88d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x89d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x8ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x8bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x8cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x8dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x8ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x8fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x90d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x91d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x92d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x93d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x94d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x95d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x96d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x97d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x98d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x99d, "\x04", 0x1);
-    qtest_bufwrite(s, 0x9ad, "\x04", 0x1);
-    qtest_bufwrite(s, 0x9bd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x9cd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x9dd, "\x04", 0x1);
-    qtest_bufwrite(s, 0x9ed, "\x04", 0x1);
-    qtest_bufwrite(s, 0x9fd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa0d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa1d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa2d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa3d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa4d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa5d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa6d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa7d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa8d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xa9d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xaad, "\x04", 0x1);
-    qtest_bufwrite(s, 0xabd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xacd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xadd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xaed, "\x04", 0x1);
-    qtest_bufwrite(s, 0xafd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb0d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb1d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb2d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb3d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb4d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb5d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb6d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb7d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb8d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xb9d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xbad, "\x04", 0x1);
-    qtest_bufwrite(s, 0xbbd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xbcd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xbdd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xbed, "\x04", 0x1);
-    qtest_bufwrite(s, 0xbfd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc0d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc1d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc2d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc3d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc4d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc5d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc6d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc7d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc8d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xc9d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xcad, "\x04", 0x1);
-    qtest_bufwrite(s, 0xcbd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xccd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xcdd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xced, "\x04", 0x1);
-    qtest_bufwrite(s, 0xcfd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd0d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd1d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd2d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd3d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd4d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd5d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd6d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd7d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd8d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xd9d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xdad, "\x04", 0x1);
-    qtest_bufwrite(s, 0xdbd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xdcd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xddd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xded, "\x04", 0x1);
-    qtest_bufwrite(s, 0xdfd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe0d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe1d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe2d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe3d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe4d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe5d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe6d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe7d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe8d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xe9d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xead, "\x04", 0x1);
-    qtest_bufwrite(s, 0xebd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xecd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xedd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xeed, "\x04", 0x1);
-    qtest_bufwrite(s, 0xefd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf0d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf1d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf2d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf3d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf4d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf5d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf6d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf7d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf8d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xf9d, "\x04", 0x1);
-    qtest_bufwrite(s, 0xfad, "\x04", 0x1);
-    qtest_bufwrite(s, 0xfbd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xfcd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xfdd, "\x04", 0x1);
-    qtest_bufwrite(s, 0xfed, "\x24", 0x1);
-    qtest_bufwrite(s, 0xffd, "\x24", 0x1);
-    qtest_bufwrite(s, 0x100d, "\x24", 0x1);
-    qtest_bufwrite(s, 0x101d, "\x24", 0x1);
-    qtest_bufwrite(s, 0x102d, "\x24", 0x1);
-    qtest_bufwrite(s, 0x1041, "\x6d", 0x1);
-    qtest_bufwrite(s, 0x104d, "\x2c", 0x1);
-    qtest_bufwrite(s, 0x104f, "\x05", 0x1);
-    qtest_writel(s, 0xffff00002e656000, 0x0);
-    qtest_writel(s, 0xffff00002e656000, 0x0);
-    qtest_writel(s, 0xffff00002e656000, 0x0);
-    qtest_writel(s, 0xffff00002e656000, 0x0);
-    qtest_bufwrite(s, 0x6d04, "\x03", 0x1);
-    qtest_bufwrite(s, 0x6d26, "\x04", 0x1);
-    qtest_bufwrite(s, 0x6d41, "\x04", 0x1);
-    qtest_writel(s, 0xffff00002e656000, 0x0);
-    qtest_writel(s, 0xffff00002e656000, 0x0);
-    qtest_bufwrite(s, 0xffff00002e656014, "\x01\x00\x00\x00", 0x4);
-    qtest_quit(s);
-}
-int main(int argc, char **argv)
-{
-    const char *arch = qtest_get_arch();
-
-    g_test_init(&argc, &argv, NULL);
-
-    if (strcmp(arch, "i386") == 0) {
-        qtest_add_func("fuzz/test_fuzz", test_fuzz);
-    }
-
-    return g_test_run();
-}
-
-
-
-
-Ok, with the new attachment from comment #5, I can also reporoduce the bug again. It does not reproduce with the attachments from comment #1 or #2 anymore, so this now seems to be a different way to run into this assert. Anyway, setting the status back to Confirmed since it is reproducible again.
-
-
-This is an automated cleanup. This bug report has been moved to QEMU's
-new bug tracker on gitlab.com and thus gets marked as 'expired' now.
-Please continue with the discussion here:
-
- https://gitlab.com/qemu-project/qemu/-/issues/273
-
-