summary refs log tree commit diff stats
path: root/results/classifier/118/review/1915539
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/review/1915539')
-rw-r--r--results/classifier/118/review/1915539167
1 files changed, 167 insertions, 0 deletions
diff --git a/results/classifier/118/review/1915539 b/results/classifier/118/review/1915539
new file mode 100644
index 000000000..021508e34
--- /dev/null
+++ b/results/classifier/118/review/1915539
@@ -0,0 +1,167 @@
+risc-v: 0.888
+KVM: 0.879
+hypervisor: 0.877
+i386: 0.875
+TCG: 0.869
+VMM: 0.860
+peripherals: 0.853
+vnc: 0.842
+mistranslation: 0.818
+ppc: 0.809
+x86: 0.806
+user-level: 0.694
+semantic: 0.569
+PID: 0.552
+virtual: 0.551
+graphic: 0.550
+device: 0.545
+permissions: 0.545
+register: 0.533
+debug: 0.517
+arm: 0.502
+performance: 0.447
+architecture: 0.424
+boot: 0.421
+network: 0.416
+assembly: 0.415
+socket: 0.415
+files: 0.409
+kernel: 0.407
+--------------------
+i386: 0.999
+x86: 0.985
+debug: 0.858
+virtual: 0.789
+kernel: 0.711
+assembly: 0.705
+hypervisor: 0.428
+device: 0.222
+peripherals: 0.218
+files: 0.147
+TCG: 0.128
+performance: 0.124
+architecture: 0.095
+user-level: 0.075
+register: 0.061
+boot: 0.054
+VMM: 0.051
+KVM: 0.050
+risc-v: 0.043
+PID: 0.041
+semantic: 0.028
+ppc: 0.020
+socket: 0.007
+network: 0.006
+permissions: 0.006
+graphic: 0.005
+vnc: 0.003
+mistranslation: 0.003
+arm: 0.001
+
+Null-ptr dereference on AHCICmdHdr in ahci_pio_transfer
+
+== Reproducer ==
+
+cat << EOF | ./qemu-system-i386 -display none \
+-m 512M -machine q35 -nodefaults \
+-drive file=null-co://,if=none,format=raw,id=disk0 \
+-device ide-hd,drive=disk0 -machine accel=qtest -qtest stdio
+outl 0xcf8 0x8000fa24
+outl 0xcfc 0xe0000000
+outl 0xcf8 0x8000fa04
+outw 0xcfc 0x06
+write 0x10a 0x1 0x02
+write 0xe0000398 0x1 0x01
+write 0x20000 0x1 0x27
+write 0x20001 0x1 0x80
+write 0x20002 0x1 0x20
+write 0x20005 0x1 0x02
+write 0xe00003b8 0x2 0x0101
+write 0xe0000004 0x1 0x01
+write 0x2bb 0x1 0x00
+write 0x2bf 0x1 0x00
+write 0x2cf 0x1 0x00
+write 0x2db 0x1 0x00
+write 0x2df 0x1 0x00
+write 0x2ed 0x1 0x00
+write 0x2ef 0x1 0x00
+write 0x2fb 0x1 0x00
+write 0x2ff 0x1 0x00
+write 0x31f 0x1 0x00
+write 0x32b 0x1 0x00
+write 0x32f 0x1 0x00
+write 0x337 0x1 0x00
+write 0x33f 0x1 0x00
+write 0x347 0x1 0x00
+write 0x357 0x1 0x00
+write 0x35f 0x1 0x00
+write 0x36b 0x1 0x00
+write 0x36f 0x1 0x00
+write 0x377 0x1 0x00
+write 0x37f 0x1 0x00
+write 0x397 0x1 0x00
+write 0x39f 0x1 0x00
+write 0x3ab 0x1 0x00
+write 0x3af 0x1 0x00
+write 0x3b7 0x1 0x00
+write 0x3bf 0x1 0x00
+write 0x3c7 0x1 0x00
+write 0x3d7 0x1 0x00
+write 0x3df 0x1 0x00
+write 0x3eb 0x1 0x00
+write 0x3ef 0x1 0x00
+write 0x3f7 0x1 0x00
+write 0x3ff 0x1 0x00
+write 0xe0000394 0x1 0x00
+write 0xe0000398 0x1 0x01
+EOF
+
+== Stack Trace ==
+../hw/ide/ahci.c:1349:46: runtime error: member access within null pointer of
+type 'AHCICmdHdr' (aka 'struct AHCICmdHdr') SUMMARY:
+UndefinedBehaviorSanitizer: undefined-behavior ../hw/ide/ahci.c:1349:46 in
+../hw/ide/ahci.c:1349:46: runtime error: load of null pointer of type
+'uint16_t' (aka 'unsigned short')
+SUMMARY: UndefinedBehaviorSanitizer:
+undefined-behavior ../hw/ide/ahci.c:1349:46 in AddressSanitizer:DEADLYSIGNAL
+=================================================================
+==238806==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
+0x555787d414c9 bp 0x7fffe1bb41a0 sp 0x7fffe1bb3fe0 T0)
+==238806==The signal is caused by a READ memory access.
+==238806==Hint: address points to the zero page.
+#0 0x555787d414c9 in ahci_pio_transfer build/../hw/ide/ahci.c:1349:46
+#1 0x5557886089d6 in ide_transfer_start_norecurse build/../hw/ide/core.c:553:5
+#2 0x555788638945 in ide_transfer_start build/../hw/ide/core.c:560:9
+#3 0x555788638945 in ide_sector_read_cb build/../hw/ide/core.c:761:5
+#4 0x55578860c989 in ide_buffered_readv_cb build/../hw/ide/core.c:656:9
+#5 0x5557898999d6 in blk_aio_complete build/../block/block-backend.c:1412:9
+#6 0x555789db8d26 in aio_bh_poll build/../util/async.c:164:13
+#7 0x555789d80704 in aio_dispatch build/../util/aio-posix.c:381:5
+#8 0x555789dbd94c in aio_ctx_dispatch build/../util/async.c:306:5
+#9 0x7f6dcedcfbaa in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51baa)
+#10 0x555789dc3763 in glib_pollfds_poll build/../util/main-loop.c:232:9
+#11 0x555789dc3763 in os_host_main_loop_wait build/../util/main-loop.c:255:5
+#12 0x555789dc3763 in main_loop_wait build/../util/main-loop.c:531:11
+#13 0x555789206a49 in qemu_main_loop build/../softmmu/runstate.c:722:9
+#14 0x555787d052ed in main build/../softmmu/main.c:50:5
+#15 0x7f6dcd84ecc9 in __libc_start_main csu/../csu/libc-start.c:308:16
+#16 0x555787c5b619 in _start (system-i386+0x2a13619)
+
+AddressSanitizer can not provide additional info.
+SUMMARY: AddressSanitizer: SEGV build/../hw/ide/ahci.c:1349:46 in ahci_pio_transfer
+==238806==ABORTING
+
+OSS-Fuzz link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30861
+
+Confirmed. Please migrate to gitlab and assign me.
+
+--js
+
+
+This is an automated cleanup. This bug report has been moved to QEMU's
+new bug tracker on gitlab.com and thus gets marked as 'expired' now.
+Please continue with the discussion here:
+
+ https://gitlab.com/qemu-project/qemu/-/issues/341
+
+