From 9260319e7411ff8281700a532caa436f40120ec4 Mon Sep 17 00:00:00 2001
From: Christian Krinitsin <mail@krinitsin.com>
Date: Fri, 30 May 2025 16:52:07 +0200
Subject: gitlab scraper: download in toml and text format

---
 .../host_missing/accel_missing/2440.toml           | 120 ---------------------
 1 file changed, 120 deletions(-)
 delete mode 100644 gitlab/issues/target_missing/host_missing/accel_missing/2440.toml

(limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2440.toml')

diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2440.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2440.toml
deleted file mode 100644
index b58380bd8..000000000
--- a/gitlab/issues/target_missing/host_missing/accel_missing/2440.toml
+++ /dev/null
@@ -1,120 +0,0 @@
-id = 2440
-title = "virtio-net: Use-After-Free during unrealization of virtio-net"
-state = "opened"
-created_at = "2024-07-17T05:44:20.511Z"
-closed_at = "n/a"
-labels = ["device:virtio"]
-url = "https://gitlab.com/qemu-project/qemu/-/issues/2440"
-host-os = "Ubuntu"
-host-arch = "x86"
-qemu-version = "8.1.93"
-guest-os = "n/a"
-guest-arch = "n/a"
-description = """When hotplugging `virtio-net` device, mishandling of `failover` option may leads to use-after-free.
-More specifically, if we try to hotplug virtio-net device with `failover=on` and other invalid option (e.g. `rx_queue_size=0`), the device listner callback is registered but not unregistered before being freed, leading to UAF."""
-reproduce = """```sh
-cat <<EOF | qemu-system-i386 -M q35 -nodefaults -chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
-device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
-device_add virtio-net,failover=on,bus=br1,id=dev0
-quit
-EOF
-```
-
-If above command is not working, let me know so that I provide more information."""
-additional = """The following log leveals bug location:
-
-```sh
-$ cat <<EOF | qemu-system-i386 -M q35 -nodefaults -chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
-device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
-device_add virtio-net,failover=on,bus=br1,id=dev0
-quit
-EOF
-==836681==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
-QEMU 8.1.93 monitor - type 'help' for more information
-VNC server running on 127.0.0.1:5900
-(qemu) device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
-Error: Invalid rx_queue_size (= 0), must be a power of 2 between 256 and 1024.
-(qemu) device_add virtio-net,failover=on,bus=br1,id=dev0
-=================================================================
-==836681==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e00000ab58 at pc 0x5577bbb8fe22 bp 0x7ffeb03fca50 sp 0x7ffeb03fca48
-READ of size 8 at 0x62e00000ab58 thread T0
-    #0 0x5577bbb8fe21 in qdev_should_hide_device /home/XXX/qemu/build/../hw/core/qdev.c:233:23
-    #1 0x5577bb14aac4 in qdev_device_add_from_qdict /home/XXX/qemu/build/../system/qdev-monitor.c:662:9
-    #2 0x5577bb14c364 in qdev_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:738:11
-    #3 0x5577bb14d6eb in qmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:860:11
-    #4 0x5577bb14e11d in hmp_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:968:5
-    #5 0x5577bb29aef4 in handle_hmp_command_exec /home/XXX/qemu/build/../monitor/hmp.c:1106:9
-    #6 0x5577bb298fa3 in handle_hmp_command /home/XXX/qemu/build/../monitor/hmp.c:1158:9
-    #7 0x5577bb2949ee in monitor_command_cb /home/XXX/qemu/build/../monitor/hmp.c:47:5
-    #8 0x5577bc2b0c3a in readline_handle_byte /home/XXX/qemu/build/../util/readline.c:419:13
-    #9 0x5577bb29d261 in monitor_read /home/XXX/qemu/build/../monitor/hmp.c:1390:13
-    #10 0x5577bbfda644 in fd_chr_read /home/XXX/qemu/build/../chardev/char-fd.c:72:9
-    #11 0x7f53d36e5c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
-    #12 0x5577bc2536db in glib_pollfds_poll /home/XXX/qemu/build/../util/main-loop.c:290:9
-    #13 0x5577bc2536db in os_host_main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:313:5
-    #14 0x5577bc2536db in main_loop_wait /home/XXX/qemu/build/../util/main-loop.c:592:11
-    #15 0x5577bb15dd06 in qemu_main_loop /home/XXX/qemu/build/../system/runstate.c:782:9
-    #16 0x5577bbb81115 in qemu_default_main /home/XXX/qemu/build/../system/main.c:37:14
-    #17 0x7f53d2c3fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
-    #18 0x7f53d2c3fe3f in __libc_start_main csu/../csu/libc-start.c:392:3
-    #19 0x5577ba4c3584 in _start (/usr/local/bin/qemu-system-i386+0x1ada584) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
-
-0x62e00000ab58 is located 42840 bytes inside of 43008-byte region [0x62e000000400,0x62e00000ac00)
-freed by thread T1 here:
-    #0 0x5577ba546122 in __interceptor_free (/usr/local/bin/qemu-system-i386+0x1b5d122) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
-    #1 0x5577bbba5135 in object_finalize /home/XXX/qemu/build/../qom/object.c:714:9
-    #2 0x5577bbba5135 in object_unref /home/XXX/qemu/build/../qom/object.c:1217:9
-    #3 0x5577bbb91ac3 in bus_free_bus_child /home/XXX/qemu/build/../hw/core/qdev.c:55:5
-
-previously allocated by thread T0 here:
-    #0 0x5577ba5463ce in malloc (/usr/local/bin/qemu-system-i386+0x1b5d3ce) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
-    #1 0x7f53d36ee738 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
-    #2 0x5577bb14c364 in qdev_device_add /home/XXX/qemu/build/../system/qdev-monitor.c:738:11
-    #3 0x5577bb29aef4 in handle_hmp_command_exec /home/XXX/qemu/build/../monitor/hmp.c:1106:9
-    #4 0x5577bb298fa3 in handle_hmp_command /home/XXX/qemu/build/../monitor/hmp.c:1158:9
-    #5 0x5577bb2949ee in monitor_command_cb /home/XXX/qemu/build/../monitor/hmp.c:47:5
-
-Thread T1 created by T0 here:
-    #0 0x5577ba52f84c in pthread_create (/usr/local/bin/qemu-system-i386+0x1b4684c) (BuildId: c7ca543ea41d3478bc13cdf604d47805b990620e)
-    #1 0x5577bc1fcc24 in qemu_thread_create /home/XXX/qemu/build/../util/qemu-thread-posix.c:581:11
-    #2 0x5577bc229970 in rcu_init_complete /home/XXX/qemu/build/../util/rcu.c:415:5
-    #3 0x5577bc229970 in rcu_init /home/XXX/qemu/build/../util/rcu.c:471:5
-    #4 0x7f53d2c3feba in call_init csu/../csu/libc-start.c:145:3
-    #5 0x7f53d2c3feba in __libc_start_main csu/../csu/libc-start.c:379:5
-
-SUMMARY: AddressSanitizer: heap-use-after-free /home/XXX/qemu/build/../hw/core/qdev.c:233:23 in qdev_should_hide_device
-Shadow bytes around the buggy address:
-  0x0c5c7fff9510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
-  0x0c5c7fff9520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
-  0x0c5c7fff9530: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
-  0x0c5c7fff9540: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
-  0x0c5c7fff9550: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
-=>0x0c5c7fff9560: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
-  0x0c5c7fff9570: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
-  0x0c5c7fff9580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-  0x0c5c7fff9590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-  0x0c5c7fff95a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-  0x0c5c7fff95b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-Shadow byte legend (one shadow byte represents 8 application bytes):
-  Addressable:           00
-  Partially addressable: 01 02 03 04 05 06 07
-  Heap left redzone:       fa
-  Freed heap region:       fd
-  Stack left redzone:      f1
-  Stack mid redzone:       f2
-  Stack right redzone:     f3
-  Stack after return:      f5
-  Stack use after scope:   f8
-  Global redzone:          f9
-  Global init order:       f6
-  Poisoned by user:        f7
-  Container overflow:      fc
-  Array cookie:            ac
-  Intra object redzone:    bb
-  ASan internal:           fe
-  Left alloca redzone:     ca
-  Right alloca redzone:    cb
-==836681==ABORTING
-```
-
-#"""
-- 
cgit 1.4.1