summary refs log tree commit diff stats
path: root/results/classifier/gemma3:12b/device/1884693
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/gemma3:12b/device/1884693')
-rw-r--r--results/classifier/gemma3:12b/device/188469356
1 files changed, 56 insertions, 0 deletions
diff --git a/results/classifier/gemma3:12b/device/1884693 b/results/classifier/gemma3:12b/device/1884693
new file mode 100644
index 000000000..92b47a53f
--- /dev/null
+++ b/results/classifier/gemma3:12b/device/1884693
@@ -0,0 +1,56 @@
+
+Assertion failure in address_space_unmap through ahci_map_clb_address
+
+Hello,
+Reproducer:
+cat << EOF | ./i386-softmmu/qemu-system-i386 -qtest stdio -monitor none -serial none -M pc-q35-5.0 -nographic
+outl 0xcf8 0x8000fa24
+outl 0xcfc 0xe1068000
+outl 0xcf8 0x8000fa04
+outw 0xcfc 0x7
+outl 0xcf8 0x8000fb20
+write 0xe1068304 0x1 0x21
+write 0xe1068318 0x1 0x21
+write 0xe1068384 0x1 0x21
+write 0xe1068398 0x2 0x21
+EOF
+
+Stack trace:
+#0 0x55bfabfe9ea0 in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
+#1 0x55bfabfc8ef9 in __sanitizer_print_stack_trace (build/i386-softmmu/qemu-fuzz-i386+0x7b7ef9)
+#2 0x55bfabfaf933 in fuzzer::PrintStackTrace() FuzzerUtil.cpp:210:5
+#3 0x7f88df76110f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1410f)
+#4 0x7f88df5a4760 in __libc_signal_restore_set /build/glibc-GwnBeO/glibc-2.30/signal/../sysdeps/unix/sysv/linux/internal-signals.h:84:10
+#5 0x7f88df5a4760 in raise /build/glibc-GwnBeO/glibc-2.30/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
+#6 0x7f88df58e55a in abort /build/glibc-GwnBeO/glibc-2.30/stdlib/abort.c:79:7
+#7 0x7f88df58e42e in __assert_fail_base /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:92:3
+#8 0x7f88df59d091 in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
+#9 0x55bfabff7182 in address_space_unmap exec.c:3602:9
+#10 0x55bfac4a452f in dma_memory_unmap include/sysemu/dma.h:148:5
+#11 0x55bfac4a452f in map_page hw/ide/ahci.c:254:9
+#12 0x55bfac4a1f98 in ahci_map_clb_address hw/ide/ahci.c:748:5
+#13 0x55bfac4a1f98 in ahci_cond_start_engines hw/ide/ahci.c:276:14
+#14 0x55bfac4a074e in ahci_port_write hw/ide/ahci.c:339:9
+#15 0x55bfac4a074e in ahci_mem_write hw/ide/ahci.c:513:9
+#16 0x55bfac0e0dc2 in memory_region_write_accessor memory.c:483:5
+#17 0x55bfac0e0bde in access_with_adjusted_size memory.c:544:18
+#18 0x55bfac0e0917 in memory_region_dispatch_write memory.c
+#19 0x55bfabffa4fd in flatview_write_continue exec.c:3146:23
+#20 0x55bfabff569b in flatview_write exec.c:3186:14
+#21 0x55bfabff569b in address_space_write exec.c:3280:18
+#22 0x55bfac8982a9 in op_write_pattern tests/qtest/fuzz/general_fuzz.c:407:5
+#23 0x55bfac897749 in general_fuzz tests/qtest/fuzz/general_fuzz.c:481:17
+#24 0x55bfac8930a2 in LLVMFuzzerTestOneInput tests/qtest/fuzz/fuzz.c:136:5
+#25 0x55bfabfb0e68 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) FuzzerLoop.cpp:558:15
+#26 0x55bfabfb0485 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) FuzzerLoop.cpp:470:3
+#27 0x55bfabfb18a1 in fuzzer::Fuzzer::MutateAndTestOne() FuzzerLoop.cpp:701:19
+#28 0x55bfabfb2305 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) FuzzerLoop.cpp:837:5
+#29 0x55bfabfa2018 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) FuzzerDriver.cpp:846:6
+#30 0x55bfabfb8722 in main FuzzerMain.cpp:19:10
+#31 0x7f88df58fe0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
+#32 0x55bfabf97869 in _start (build/i386-softmmu/qemu-fuzz-i386+0x786869)
+
+The same error can be triggered through  ahci_map_fis_address @ hw/ide/ahci.c:721:5
+Found with generic device fuzzer: https://<email address hidden>/
+
+Please let me know if I can provide any further info.
\ No newline at end of file