summary refs log tree commit diff stats
path: root/results/classifier/accel-gemma3:12b/vmm/1890395
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/accel-gemma3:12b/vmm/1890395')
-rw-r--r--results/classifier/accel-gemma3:12b/vmm/1890395137
1 files changed, 137 insertions, 0 deletions
diff --git a/results/classifier/accel-gemma3:12b/vmm/1890395 b/results/classifier/accel-gemma3:12b/vmm/1890395
new file mode 100644
index 000000000..5cfd7449e
--- /dev/null
+++ b/results/classifier/accel-gemma3:12b/vmm/1890395
@@ -0,0 +1,137 @@
+
+qmp/hmp: crash if client closes socket too early
+
+Qemu crashes on qmp/hmp command if client closes connection before reading the whole response from the socket.
+
+Reproducer:
+
+1. Start arbitrary vm via qemu
+2. Send e.g. hmp command 'info mem'
+3. Abort before whole response came back
+
+
+Stack Trace:
+
+Stack trace of thread 6493:
+#0  0x0000559902fd2d30 object_get_class (qemu-system-x86_64)
+#1  0x0000559903071020 qio_channel_create_watch (qemu-system-x86_64)
+#2  0x000055990305f437 qemu_chr_fe_add_watch (qemu-system-x86_64)
+#3  0x0000559902f7340d monitor_flush_locked (qemu-system-x86_64)
+#4  0x0000559902f7360e monitor_flush_locked (qemu-system-x86_64)
+#5  0x0000559902f74342 qmp_send_response (qemu-system-x86_64)
+#6  0x0000559902f74409 monitor_qmp_respond (qemu-system-x86_64)
+#7  0x0000559902f74bc0 monitor_qmp_bh_dispatcher (qemu-system-x86_64)
+#8  0x00005599030c37be aio_bh_call (qemu-system-x86_64)
+#9  0x00005599030c6dd0 aio_dispatch (qemu-system-x86_64)
+#10 0x00005599030c369e aio_ctx_dispatch (qemu-system-x86_64)
+#11 0x00007f5b6d37f417 g_main_context_dispatch (libglib-2.0.so.0)
+#12 0x00005599030c5e0a glib_pollfds_poll (qemu-system-x86_64)
+#13 0x0000559902dd75df main_loop (qemu-system-x86_64)
+#14 0x0000559902c59f49 main (qemu-system-x86_64)
+#15 0x00007f5b6bfeab97 __libc_start_main (libc.so.6)
+#16 0x0000559902c5d38a _start (qemu-system-x86_64)
+
+#0  0x0000559902fd2d30 in object_get_class (obj=obj@entry=0x0) at ./qom/object.c:909
+#1  0x0000559903071020 in qio_channel_create_watch (ioc=0x0, condition=(G_IO_OUT | G_IO_HUP)) at ./io/channel.c:281
+        klass = <optimized out>
+        __func__ = "qio_channel_create_watch"
+        ret = <optimized out>
+#2  0x000055990305f437 in qemu_chr_fe_add_watch (be=be@entry=0x559905a7f460, cond=cond@entry=(G_IO_OUT | G_IO_HUP), func=func@entry=0x559902f734b0 <monitor_unblocked>, user_data=user_data@entry=0x559905a7f460) at ./chardev/char-fe.c:367
+        s = 0x5599055782c0
+        src = <optimized out>
+        tag = <optimized out>
+        __func__ = "qemu_chr_fe_add_watch"
+#3  0x0000559902f7340d in monitor_flush_locked (mon=mon@entry=0x559905a7f460) at ./monitor/monitor.c:140
+        rc = 219264
+        len = 3865832
+        buf = 0x7f5afc00e480 "{\"return\": \"ffff9eb480000000-ffff9eb480099000 ", '0' <repeats 11 times>, "99000 -rw\\r\\nffff9eb480099000-ffff9eb48009b000 ", '0' <repeats 12 times>, "2000 -r-\\r\\nffff9eb48009b000-ffff9eb486800000 0000000006765000 -rw\\r\\nffff9eb4868000"...
+#4  0x0000559902f7360e in monitor_flush_locked (mon=0x559905a7f460) at ./monitor/monitor.c:160
+        i = 3865830
+        c = <optimized out>
+#5  0x0000559902f7360e in monitor_puts (mon=mon@entry=0x559905a7f460, str=0x7f5aa1eda010 "{\"return\": \"ffff9eb480000000-ffff9eb480099000 ", '0' <repeats 11 times>, "99000 -rw\\r\\nffff9eb480099000-ffff9eb48009b000 ", '0' <repeats 12 times>, "2000 -r-\\r\\nffff9eb48009b000-ffff9eb486800000 0000000006765000 -rw\\r\\nffff9eb4868000"...) at ./monitor/monitor.c:167
+        i = 3865830
+        c = <optimized out>
+#6  0x0000559902f74342 in qmp_send_response (mon=0x559905a7f460, rsp=<optimized out>) at ./monitor/qmp.c:119
+        data = <optimized out>
+        json = 0x559906c88380
+#7  0x0000559902f74409 in monitor_qmp_respond (rsp=0x559905bbf740, mon=0x559905a7f460) at ./monitor/qmp.c:132
+        old_mon = <optimized out>
+        rsp = 0x559905bbf740
+        error = <optimized out>
+#8  0x0000559902f74409 in monitor_qmp_dispatch (mon=0x559905a7f460, req=<optimized out>) at ./monitor/qmp.c:161
+        old_mon = <optimized out>
+        rsp = 0x559905bbf740
+        error = <optimized out>
+#9  0x0000559902f74bc0 in monitor_qmp_bh_dispatcher (data=<optimized out>) at ./monitor/qmp.c:234
+        id = <optimized out>
+        rsp = <optimized out>
+        need_resume = true
+        mon = 0x559905a7f460
+        __PRETTY_FUNCTION__ = "monitor_qmp_bh_dispatcher"
+#10 0x00005599030c37be in aio_bh_call (bh=0x559905571b40) at ./util/async.c:89
+        bh = 0x559905571b40
+        bhp = <optimized out>
+        next = 0x5599055718f0
+        ret = 1
+        deleted = false
+#11 0x00005599030c37be in aio_bh_poll (ctx=ctx@entry=0x5599055706f0) at ./util/async.c:117
+        bh = 0x559905571b40
+        bhp = <optimized out>
+        next = 0x5599055718f0
+        ret = 1
+        deleted = false
+#12 0x00005599030c6dd0 in aio_dispatch (ctx=0x5599055706f0) at ./util/aio-posix.c:459
+#13 0x00005599030c369e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ./util/async.c:260
+        ctx = <optimized out>
+#14 0x00007f5b6d37f417 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
+#15 0x00005599030c5e0a in glib_pollfds_poll () at ./util/main-loop.c:219
+        context = 0x559905652420
+        pfds = <optimized out>
+        context = 0x559905652420
+        ret = 1
+        mlpoll = {state = 0, timeout = 4294967295, pollfds = 0x559905651800}
+#16 0x00005599030c5e0a in os_host_main_loop_wait (timeout=14451267) at ./util/main-loop.c:242
+        context = 0x559905652420
+        ret = 1
+        mlpoll = {state = 0, timeout = 4294967295, pollfds = 0x559905651800}
+#17 0x00005599030c5e0a in main_loop_wait (nonblocking=<optimized out>) at ./util/main-loop.c:518
+        mlpoll = {state = 0, timeout = 4294967295, pollfds = 0x559905651800}
+#18 0x0000559902dd75df in main_loop () at ./vl.c:1810
+#19 0x0000559902c59f49 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ./vl.c:4466
+        i = <optimized out>
+        snapshot = 0
+        linux_boot = <optimized out>
+        initrd_filename = 0x0
+        kernel_filename = <optimized out>
+        kernel_cmdline = <optimized out>
+        boot_order = 0x55990318bc94 "cad"
+        boot_once = <optimized out>
+        ds = <optimized out>
+        opts = <optimized out>
+        icount_opts = <optimized out>
+        accel_opts = 0x0
+        olist = <optimized out>
+        optind = 100
+        optarg = 0x7ffe0ca05e74 "timestamp=on"
+        loadvm = 0x0
+        cpu_option = 0x7ffe0ca05d42 "SandyBridge-IBRS,-kvm_steal_time,+pcid,+ssbd,+spec-ctrl,+md-clear"
+        vga_model = 0x0
+        qtest_chrdev = 0x0
+        qtest_log = 0x0
+        incoming = 0x0
+        userconfig = <optimized out>
+        nographic = false
+        display_remote = <optimized out>
+        log_mask = <optimized out>
+        log_file = 0x0
+        trace_file = <optimized out>
+        maxram_size = <optimized out>
+        ram_slots = 0
+        vmstate_dump_file = 0x0
+        main_loop_err = 0x0
+        err = 0x0
+        list_data_dirs = false
+        dirs = <optimized out>
+        bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffe0ca03540}
+        plugin_list = {tqh_first = 0x0, tqh_circ = {tql_next = 0x0, tql_prev = 0x7ffe0ca03550}}
+        __func__ = "main"
\ No newline at end of file