summary refs log tree commit diff stats
path: root/results/classifier/118/user-level-x86/2274
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/user-level-x86/2274')
-rw-r--r--results/classifier/118/user-level-x86/2274103
1 files changed, 103 insertions, 0 deletions
diff --git a/results/classifier/118/user-level-x86/2274 b/results/classifier/118/user-level-x86/2274
new file mode 100644
index 000000000..8fc869389
--- /dev/null
+++ b/results/classifier/118/user-level-x86/2274
@@ -0,0 +1,103 @@
+x86: 0.965
+graphic: 0.884
+user-level: 0.802
+device: 0.734
+performance: 0.730
+ppc: 0.658
+kernel: 0.638
+semantic: 0.620
+debug: 0.591
+hypervisor: 0.582
+PID: 0.558
+architecture: 0.558
+peripherals: 0.540
+boot: 0.534
+vnc: 0.528
+mistranslation: 0.467
+network: 0.464
+arm: 0.437
+socket: 0.436
+TCG: 0.360
+files: 0.349
+VMM: 0.346
+risc-v: 0.344
+permissions: 0.341
+register: 0.335
+virtual: 0.313
+KVM: 0.296
+i386: 0.271
+assembly: 0.250
+--------------------
+x86: 0.984
+hypervisor: 0.640
+kernel: 0.610
+virtual: 0.560
+debug: 0.542
+performance: 0.124
+assembly: 0.119
+files: 0.061
+PID: 0.049
+register: 0.045
+TCG: 0.041
+KVM: 0.038
+semantic: 0.027
+device: 0.027
+user-level: 0.011
+VMM: 0.011
+architecture: 0.010
+network: 0.007
+socket: 0.006
+boot: 0.004
+ppc: 0.003
+graphic: 0.002
+risc-v: 0.002
+peripherals: 0.002
+permissions: 0.002
+vnc: 0.001
+mistranslation: 0.001
+i386: 0.000
+arm: 0.000
+
+Assertion failuer in cryptodev_builtin_close_session()
+Description of problem:
+In the function _cryptodev_builtin_close_session(),_ an assertation happened:
+
+```
+qemu-fuzz-x86_64: qemu/backends/cryptodev-builtin.c:430: int cryptodev_builtin_close_session(CryptoDevBackend *, uint64_t, uint32_t, CryptoDevCompletionFunc, void *): Assertion `session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]' failed.
+==1256139== ERROR: libFuzzer: deadly signal
+    #9 0x71acb8c2871a in __assert_fail_base assert/./assert/assert.c:92:3
+    #10 0x71acb8c39e95 in __assert_fail assert/./assert/assert.c:101:3
+    #11 0x5af7f624b12b in cryptodev_builtin_close_session qemu/backends/cryptodev-builtin.c:430:5
+    #12 0x5af7f60b2860 in virtio_crypto_handle_close_session qemu/hw/virtio/virtio-crypto.c:262:12
+    #13 0x5af7f60b2860 in virtio_crypto_handle_ctrl qemu/hw/virtio/virtio-crypto.c:423:19
+```
+
+The user could send an invalid session_id to trigger this assertion.
+Steps to reproduce:
+Here's a simple PoC:
+
+```
+cat << EOF | qemu-system-x86_64 -display none\
+ -machine accel=qtest -m 512M -machine q35 -nodefaults -object \
+cryptodev-backend-builtin,id=cryptodev0 -device \
+virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 -qtest stdio
+outl 0xcf8 0x80000804
+outw 0xcfc 0x06
+outl 0xcf8 0x80000820
+outl 0xcfc 0xe0008000
+write 0x10800e 0x1 0x01
+write 0xe0008016 0x1 0x01
+write 0xe0008020 0x4 0x00801000
+write 0xe0008028 0x4 0x00c01000
+write 0xe000801c 0x1 0x01
+write 0x110000 0x1 0x05
+write 0x110001 0x1 0x04
+write 0x108002 0x1 0x11
+write 0x108008 0x1 0x48
+write 0x10800c 0x1 0x01
+write 0x108018 0x1 0x10
+write 0x10801c 0x1 0x02
+write 0x10c002 0x1 0x01
+write 0xe000b005 0x1 0x00
+EOF
+```