summary refs log tree commit diff stats
path: root/results/classifier/gemma3:12b/network/1863
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/gemma3:12b/network/1863')
-rw-r--r--results/classifier/gemma3:12b/network/186373
1 files changed, 73 insertions, 0 deletions
diff --git a/results/classifier/gemma3:12b/network/1863 b/results/classifier/gemma3:12b/network/1863
new file mode 100644
index 000000000..8252774eb
--- /dev/null
+++ b/results/classifier/gemma3:12b/network/1863
@@ -0,0 +1,73 @@
+
+Assertion `core->delayed_causes == 0` failed in hw/net/e1000e_core.c:353 during fuzzing
+Description of problem:
+Got an assertion failure `core->delayed_causes == 0` when fuzzing e1000e.
+Steps to reproduce:
+Minimized reproducer for the error:
+
+```plaintext
+cat << EOF | ./qemu-system-x86_64 -display none -machine accel=qtest, -m 512M -M q35 \
+-nodefaults -device e1000e,netdev=net0 -netdev user,id=net0 -qtest \
+/dev/null -qtest stdio
+outl 0xcf8 0x80000810
+outl 0xcfc 0xe0000000
+outl 0xcf8 0x80000804
+outw 0xcfc 0x06
+write 0xe000042a 0x2 0x0241
+write 0xe0000402 0x2 0x0200
+write 0x400b 0x1 0x88
+write 0xe0000438 0x4 0x01040000
+outl 0xcf8 0x800008a3
+outb 0xcfc 0x80
+EOF
+```
+Additional information:
+The crash report triggered by the reproducer is:
+
+```plaintext
+qemu-fuzz-x86_64: /../hw/net/e1000e_core.c:353: uint32_t e1000e_intmgr_collect_delayed_causes(E1000ECore *): Assertion `core->delayed_causes == 0' failed.
+==2036033== ERROR: libFuzzer: deadly signal
+    #0 0x5606ff6c555e in __sanitizer_print_stack_trace ../../../llvm-project-15.0.0.src/compiler-rt/lib/asan/asan_stack.cpp:87:3
+    #1 0x5606ff607bb1 in fuzzer::PrintStackTrace() ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:38
+    #2 0x5606ff5e2486 in fuzzer::Fuzzer::CrashCallback() (.part.0) ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:18
+    #3 0x5606ff5e254d in fuzzer::Fuzzer::CrashCallback() ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:205:1
+    #4 0x5606ff5e254d in fuzzer::Fuzzer::StaticCrashSignalCallback() ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:204:19
+    #5 0x7f7490e4e41f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
+    #6 0x7f7490c4200a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
+    #7 0x7f7490c4200a in raise /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
+    #8 0x7f7490c21858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
+    #9 0x7f7490c21728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
+    #10 0x7f7490c32fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
+    #11 0x5606ffd20c33 in e1000e_intmgr_collect_delayed_causes ../hw/net/e1000e_core.c:353:9
+    #12 0x5606ffd20c33 in e1000e_set_interrupt_cause ../hw/net/e1000e_core.c:2203:12
+    #13 0x5606ffd1bd1b in e1000e_receive_internal ../hw/net/e1000e_core.c:1751:9
+    #14 0x56070055a58a in qemu_deliver_packet_iov ../net/net.c:820:15
+    #15 0x56070055e215 in qemu_net_queue_deliver ../net/queue.c:164:11
+    #16 0x56070055f9ca in qemu_net_queue_flush ../net/queue.c:286:15
+    #17 0x56070054f5c8 in qemu_flush_or_purge_queued_packets ../net/net.c:681:9
+    #18 0x5606ffd14ff5 in e1000e_start_recv ../hw/net/e1000e_core.c:983:9
+    #19 0x5606ffd3c33b in e1000e_set_rx_control ../hw/net/e1000e_core.c:1959:9
+    #20 0x5606ffd20fe8 in e1000e_core_write ../hw/net/e1000e_core.c:3306:9
+    #21 0x560700caeb43 in memory_region_write_accessor ../softmmu/memory.c:493:5
+    #22 0x560700cae2ca in access_with_adjusted_size ../softmmu/memory.c:569:18
+    #23 0x560700cad670 in memory_region_dispatch_write ../softmmu/memory.c
+    #24 0x560700cf7d6f in flatview_write_continue ../softmmu/physmem.c:2677:23
+    #25 0x560700cef213 in flatview_write ../softmmu/physmem.c:2719:12
+    #26 0x560700ceef27 in address_space_write ../softmmu/physmem.c:2815:18
+    #27 0x560700420b2f in qtest_process_command ../softmmu/qtest.c:558:13
+    #28 0x56070041ecfb in qtest_process_inbuf ../softmmu/qtest.c:810:9
+    #29 0x56070041eb19 in qtest_server_inproc_recv ../softmmu/qtest.c:941:9
+    #30 0x56070126a792 in qtest_sendf ../tests/qtest/libqtest.c:607:5
+    #31 0x56070126ae9e in qtest_write ../tests/qtest/libqtest.c:1072:5
+    #32 0x56070126ae9e in qtest_writel ../tests/qtest/libqtest.c:1088:5
+    #33 0x5606ff7058cb in __wrap_qtest_writel ../tests/qtest/fuzz/qtest_wrappers.c:180:9
+    #34 0x5606ff70d5f2 in op_write ../tests/qtest/fuzz/generic_fuzz.c:485:13
+    #35 0x5606ff70bd2f in generic_fuzz ../tests/qtest/fuzz/generic_fuzz.c:666:13
+    #36 0x5606ff7008e7 in LLVMFuzzerTestOneInput ../tests/qtest/fuzz/fuzz.c:158:5
+    #37 0x5606ff5e2d08 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:612:15
+    #38 0x5606ff5c6124 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:21
+    #39 0x5606ff5d2b0a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:19
+    #40 0x5606ff5bd8d6 in main ../../../llvm-project-15.0.0.src/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:30
+    #41 0x7f7490c23082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
+    #42 0x5606ff5bd95d in _start (./qemu-fuzz-x86_64+0x1ef595d)
+```