summary refs log tree commit diff stats
path: root/results/classifier/accel-gemma3:12b/kvm/1892761
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/accel-gemma3:12b/kvm/1892761')
-rw-r--r--results/classifier/accel-gemma3:12b/kvm/189276111
1 files changed, 11 insertions, 0 deletions
diff --git a/results/classifier/accel-gemma3:12b/kvm/1892761 b/results/classifier/accel-gemma3:12b/kvm/1892761
new file mode 100644
index 000000000..ece5485a4
--- /dev/null
+++ b/results/classifier/accel-gemma3:12b/kvm/1892761
@@ -0,0 +1,11 @@
+
+Heap-use-after-free through double-fetch in ehci
+
+Hello,
+I don't have a qtest reproducer for this crash because it involves a DMA double-fetch, and I don't think we can reproduce those with qtest.
+
+Instead, I attached the pseudo-qtest trace produced by the fuzzer, along with some trace events.
+The lines annotated with [DMA] are write commands that were triggered by a callback from a DMA read by the device. The lines annotated with [DOUBLE-FETCH] are DMA accesses that hit the same address more than once (possible double-fetches).
+
+I am still thinking of nicer ways of presenting this trace and providing a reproducer.
+-Alex
\ No newline at end of file