summary refs log tree commit diff stats
path: root/results/classifier/gemma3:12b/network/1878250
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/gemma3:12b/network/1878250')
-rw-r--r--results/classifier/gemma3:12b/network/187825042
1 files changed, 42 insertions, 0 deletions
diff --git a/results/classifier/gemma3:12b/network/1878250 b/results/classifier/gemma3:12b/network/1878250
new file mode 100644
index 000000000..aad258655
--- /dev/null
+++ b/results/classifier/gemma3:12b/network/1878250
@@ -0,0 +1,42 @@
+
+Assertion failure in iov_from_buf_full through the e1000e
+
+Hello,
+While fuzzing, I found an input that triggers an assertion failure in
+iov_from_buf_full through the e1000e:
+
+size_t iov_from_buf_full(const struct iovec *, unsigned int, size_t, const void *, size_t): Assertion `offset == 0' failed.
+
+
+#3  0x00007ffff6866092 in __GI___assert_fail (assertion=0x5555570c74c0 <str> "offset == 0", file=0x5555570c7500 <str> "/home/alxndr/Development/qemu/util/iov.c", line=0x28, function=0x5555570c7560 <__PRETTY_FUNCTION__.iov_from_buf_full> "size_t iov_from_buf_full(const struct iovec *, unsigned int, size_t, const void *, size_t)") at assert.c:101
+#4  0x0000555556c5fa5e in iov_from_buf_full (iov=<optimized out>, iov_cnt=<optimized out>, offset=<optimized out>, buf=buf@entry=0x7fffffffbb60, bytes=<optimized out>, bytes@entry=0x2) at /home/alxndr/Development/qemu/util/iov.c:40
+#5  0x00005555565f585e in iov_from_buf (iov=0x7fffffffb830, iov_cnt=0xffffb830, offset=0x0, buf=0x7fffffffbb60, bytes=0x2) at /home/alxndr/Development/qemu/include/qemu/iov.h:49
+#6  0x00005555565f585e in net_tx_pkt_update_ip_checksums (pkt=<optimized out>) at /home/alxndr/Development/qemu/hw/net/net_tx_pkt.c:139
+#7  0x0000555556621f9c in e1000e_setup_tx_offloads (core=0x7fffeeb754e0, tx=0x7fffeeb95748) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:638
+#8  0x0000555556621f9c in e1000e_tx_pkt_send (core=0x7fffeeb754e0, tx=0x7fffeeb95748, queue_index=<optimized out>) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:658
+#9  0x0000555556621f9c in e1000e_process_tx_desc (core=0x7fffeeb754e0, tx=0x7fffeeb95748, dp=<optimized out>, queue_index=<optimized out>) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:743
+#10 0x0000555556621f9c in e1000e_start_xmit (core=<optimized out>, txr=<optimized out>) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:934
+#11 0x000055555661edb1 in e1000e_set_tdt (core=0x7fffffffb830, index=0xe06, val=0x563) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:2451
+#12 0x000055555660f2cd in e1000e_core_write (core=<optimized out>, addr=<optimized out>, val=<optimized out>, size=<optimized out>) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:3261
+#13 0x00005555560028d7 in memory_region_write_accessor (mr=<optimized out>, addr=<optimized out>, value=<optimized out>, size=<optimized out>, shift=<optimized out>, mask=<optimized out>, attrs=...) at /home/alxndr/Development/qemu/memory.c:483
+
+I can reproduce it in qemu 5.0 using:
+
+cat << EOF | ~/Development/qemu/build/i386-softmmu/qemu-system-i386 -M pc-q35-5.0 -nographic -qtest stdio -monitor none -serial none
+outl 0xcf8 0x80001010
+outl 0xcfc 0xe1020000
+outl 0xcf8 0x80001014
+outl 0xcf8 0x80001004
+outw 0xcfc 0x7
+outl 0xcf8 0x800010a2
+write 0xe10207e8 0x14 0x00002d05225f3f5f5e00000200000000250013ff
+write 0x200006a 0xc 0x08004500feffffff02007b06
+write 0xe1020098 0x3a2 0x000006ffdf054e411b0002e10000000006ffe1054e411b0002e10000000006ffe3054e411b0002e10000000006ffe5054e411b0002e10000000006ffe7054e411b0002e10000000006ffe9054e411b0002e10000000006ffeb054e411b0002e10000000006ffed054e411b0002e10000000006ffef054e411b0002e10000000006fff1054e411b0002e10000000006fff3054e411b0002e10000000006fff5054e411b0002e10000000006fff7054e411b0002e10000000006fff9054e411b0002e10000000006fffb054e411b0002e10000000006fffd054e411b0002e10000000006ffff054e411b0002e10000000006ff01054e411b0002e10000000006ff03054e411b0002e10000000006ff05054e411b0002e10000000006ff07054e411b0002e10000000006ff09054e411b0002e10000000006ff0b054e411b0002e10000000006ff0d054e411b0002e10000000006ff0f054e411b0002e10000000006ff11054e411b0002e10000000006ff13054e411b0002e10000000006ff15054e411b0002e10000000006ff17054e411b0002e10000000006ff19054e411b0002e10000000006ff1b054e411b0002e10000000006ff1d054e411b0002e10000000006ff1f054e411b0002e10000000006ff21054e411b0002e10000000006ff23054e411b0002e10000000006ff25054e411b0002e10000000006ff27054e411b0002e10000000006ff29054e411b0002e10000000006ff2b054e411b0002e10000000006ff2d054e411b0002e10000000006ff2f054e411b0002e10000000006ff31054e411b0002e10000000006ff33054e411b0002e10000000006ff35054e411b0002e10000000006ff37054e411b0002e10000000006ff39054e411b0002e10000000006ff3b054e411b0002e10000000006ff3d054e411b0002e10000000006ff3f054e411b0002e10000000006ff41054e411b0002e10000000006ff43054e411b0002e10000000006ff45054e411b0002e10000000006ff47054e411b0002e10000000006ff49054e411b0002e10000000006ff4b054e411b0002e10000000006ff4d054e411b0002e10000000006ff4f054e411b0002e10000000006ff51054e411b0002e10000000006ff53054e411b0002e10000000006ff55054e411b0002e10000000006ff57054e411b0002e10000000006ff59054e411b0002e10000000006ff5b054e411b0002e10000000006ff5d054e411b0002e10000000006ff5f054e411b0002e10000000006ff61054e411b0002e10000000006ff6305
+EOF
+
+I also attached the traces to this launchpad report, in case the formatting is broken:
+
+qemu-system-i386 -M pc-q35-5.0 -nographic -qtest stdio -monitor none -serial none < attachment
+
+Please let me know if I can provide any further info.
+-Alex
\ No newline at end of file