ot;,
> > -.description = "Fuzz the virtio-scsi virtual queues,
> > forking"
> > +.description = "Fuzz the virtio-scsi virtual queues,
> > forking "
> > "for each fuzz run (also fuzzes the virtio flags)",
> > .pre_vm_init = &counter_shm_init,
> > .pre_fuzz = &virtio_scsi_pre_fuzz,
> >
>
> Uh I thought we had fixed these already :/
>
> Reviewed-by: Philippe Mathieu-Daudé
Same..
Reviewed-by: Alexander Bulekov
Reviewed-by: Alexander Bulekov
If rcu.h should be explicitly included, should any of these other files
that reference the rcu but do not explicitly #include qemu/rcu.h also
get such includes?
util/qht.c
166:struct rcu_head rcu;
migration/savevm.c
1822:rcu_register_thread();
util/log.c
On 200623 1514, Stefan Hajnoczi wrote:
> On Thu, Jun 11, 2020 at 01:56:51AM -0400, Alexander Bulekov wrote:
> > Signed-off-by: Alexander Bulekov
> > ---
> > exec.c| 17 -
> > include/exec/memory.h | 8
silence them to avoid that they spoil the output of
> the tests.
>
> Unfortunately, we can not use the qtest_enabled() wrapper in this case,
> since the qtest accelerator itself is not initialized. Thus we have to
> test for the qtest_chrdev variable instead.
>
> Signed-off-
Here is a qtest reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 -nographic -M q35,accel=qtest
-qtest stdio -drive
if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw -device
lsi53c895a,id=scsi0 -device
scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0 -monitor
Here's a qtest reproducer for this:
cat << EOF | ./i386-softmmu/qemu-system-i386 -M q35,accel=qtest -qtest null
-nographic -vga qxl -qtest stdio -nodefaults
outl 0xcf8 0x8804
outb 0xcfc 0xff
outl 0xcf8 0x8819
outl 0xcfc 0x87caff7a
outb 0x86 0x23
EOF
--
You received this bug notification
Here's a qtest reproducer
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-M pc,accel=qtest -qtest null -nographic -vga qxl -qtest stdio -nodefaults \
-drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \
-drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw \
Here's a qtest reproducer:
./i386-softmmu/qemu-system-i386 -M pc,accel=qtest \
-qtest null -nographic -vga qxl -qtest stdio \
-drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \
-drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw \
-device ide-cd,drive=dri
Public bug reported:
Hello,
Here is a QTest Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
-qtest null -nographic -vga qxl -qtest stdio -nodefaults\
-drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
-drive if=none,id=drive1,file=null-co://,fi
Public bug reported:
Hello,
Here is a reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
-qtest null -nographic -vga qxl -qtest stdio -nodefaults\
-drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
-drive if=none,id=drive1,file=null-co://,file.read
On 200712 2025, Alexander Bulekov wrote:
> Public bug reported:
>
> Hello,
> Here is a reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
> -qtest null -nographic -vga qxl -qtest stdio -nodefaults\
> -drive if=none,id=drive0,file=null-co://
On 200713 1241, Stefan Hajnoczi wrote:
> On Thu, Jul 09, 2020 at 07:48:55PM -0400, Alexander Bulekov wrote:
> > On 200623 1514, Stefan Hajnoczi wrote:
> > > On Thu, Jun 11, 2020 at 01:56:51AM -0400, Alexander Bulekov wrote:
> > > > Signed-off-by: Alexander Buleko
g>
> ---
Reviewed-by: Alexander Bulekov
> hw/sd/sd.c | 24
> 1 file changed, 16 insertions(+), 8 deletions(-)
>
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index 5ab945dade..0f048358ab 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -1175,8 +1175,
gchar *str pointer. Since we did not try to free the cmdline,
we have a leak for any targets that do not simply return string
literals. Clean up this mess by forcing fuzz-targets to return
a GString, that we can free.
Signed-off-by: Alexander Bulekov
---
tests/qtest/fuzz/fuzz.c| 13
ersonally, don't think
they are redundant.
A couple notes below, and I haven't been able to test on my own fork of
qemu on gitlab, yet due to some pipeline errors, but otherwise
Reviewed-by: Alexander Bulekov
> ---
> .gitlab-ci.yml | 20 +++-
> 1 file change
-fuzz/build.sh script.
The strange way of finding fuzzer binaries stems from the method used by
oss-fuzz:
https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-runner/targets_list
Signed-off-by: Alexander Bulekov
---
Similar to Thomas' patch:
> Note: This patch needs two
y on e1000e tx loopback into e1000e MMIO. Since Li's
patch adds a TX bh, it seems to mitigate such types of issues.
Sorry about any confusion.
-Alex
> > Reported-by: Alexander Bulekov
> > Signed-off-by: Prasad J Pandit
> > ---
> > hw/net/net_tx_pkt.c | 10
On 200717 0740, Thomas Huth wrote:
> On 16/07/2020 18.33, Alexander Bulekov wrote:
> > This tries to build and run the fuzzers with the same build-script used
> > by oss-fuzz. This doesn't guarantee that the builds on oss-fuzz will
> > also succeed, since oss-fuzz pro
On 200717 0951, Thomas Huth wrote:
> On 17/07/2020 07.40, Thomas Huth wrote:
> > On 16/07/2020 18.33, Alexander Bulekov wrote:
> >> This tries to build and run the fuzzers with the same build-script used
> >> by oss-fuzz. This doesn't guarantee that the builds on
We freed the string containing the final datadir path, but did not free
the path to the executable's directory that we get from
g_path_get_dirname(). Fix that.
Reported-by: Thomas Huth
Signed-off-by: Alexander Bulekov
---
I ran it with Thomas' fixed build-oss-fuzz job:
https://
On 200717 1847, Thomas Huth wrote:
> On 17/07/2020 18.35, Alexander Bulekov wrote:
> > We freed the string containing the final datadir path, but did not free
> > the path to the executable's directory that we get from
> > g_path_get_dirname(). Fix that.
> &g
I ran this through my minimization script to remove the extraneous qtest
commands:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-M pc-q35-5.0 -no-shutdown -M q35 -device megasas \
-device scsi-cd,drive=null0 \
-blockdev driver=null-co,read-zeroes=on,node-name=null0 \
-nographic -qtest stdio -mon
On 200720 0754, P J P wrote:
> +-- On Fri, 17 Jul 2020, Li Qiang wrote --+
> | P J P 于2020年7月17日周五 下午5:09写道:
> | > @Alex, would it be possible to share the reproduces on the upstream bug
> | > LP#1886362?
> |
> | Maybe you mean the reproducer of your patch?
>
> Yes.
>
> | If you or Alex could
On 200720 1946, Li Qiang wrote:
>
> This seems is the same issue as LP#1886362 .
> Look at the free path.
> Here the 'e1000e_write_to_rx_buffers' trigger DMA and then go to
> address space dispatch. So the DMA is not RAM but a MMIO range.
> Then we go to another send path, and in that we frees the
d-by: Alexander Bulekov
Thank you
> ---
> MAINTAINERS | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 030faf0249..6118fd0b60 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -2445,9 +2445,11 @@ M: Alexander Bulekov
&
On 200721 1444, Peter Maydell wrote:
> On Tue, 21 Jul 2020 at 14:21, Jason Wang wrote:
> > On 2020/7/21 下午8:31, Peter Maydell wrote:
> > > On Wed, 15 Jul 2020 at 09:36, Jason Wang wrote:
> > >> I think the point is to make DMA to MMIO work as real hardware.
> > > I wouldn't care to give a 100% gu
uot;-qtest" sets the log fd to stderr. If we want to disable
qtest logs, we can just add -qtest-log none.
Signed-off-by: Alexander Bulekov
---
tests/qtest/fuzz/fuzz.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
i
d-off-by: Alexander Bulekov
---
include/exec/memory.h | 15 +++
softmmu/memory.c | 13 +
2 files changed, 28 insertions(+)
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 307e527835..2ec3b597f1 100644
--- a/include/exec/memory.h
+++ b/include/exec/mem
by a magic seaparator, which should be easy for the fuzzer to
guess. Without ASan, the separator can be specified as a "dictionary
value" using the -dict argument (see libFuzzer documentation).
Signed-off-by: Alexander Bulekov
---
tests/qtest/fuzz/Makefile.include | 1 +
tests/qtest
;s name. In the
future should probably commit to one approach (wrapper binary or
argv0-based target selection).
Signed-off-by: Alexander Bulekov
---
scripts/oss-fuzz/target.c | 40 +++
1 file changed, 40 insertions(+)
create mode 100644 scripts/oss-fuzz/target.
: Alexander Bulekov
---
scripts/oss-fuzz/build_general_fuzzers.py | 62 +++
1 file changed, 62 insertions(+)
create mode 100755 scripts/oss-fuzz/build_general_fuzzers.py
diff --git a/scripts/oss-fuzz/build_general_fuzzers.py
b/scripts/oss-fuzz/build_general_fuzzers.py
new file
We should be careful to not call any functions besides fuzz_dma_read_cb.
Without --enable-fuzzing, fuzz_dma_read_cb is an empty inlined function.
Signed-off-by: Alexander Bulekov
---
I'd appreciate another set of eyes on this. Basically, we only care about
DMA reads to RAM. This is why I a
fuzz a particular device's PCI configuration space,
Signed-off-by: Alexander Bulekov
---
tests/qtest/fuzz/general_fuzz.c | 114
1 file changed, 114 insertions(+)
diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c
index fd92c
Build general-fuzzer wrappers for each configuration defined in
general_fuzzer_configs.yml and move the actual general-fuzzer to a
subdirectory, so oss-fuzz doesn't treat it as a standalone fuzzer.
Signed-off-by: Alexander Bulekov
---
scripts/oss-fuzz/build.sh | 8 +++-
1 file chang
.
Signed-off-by: Alexander Bulekov
---
.../oss-fuzz/reorder_fuzzer_qtest_trace.py| 94 +++
1 file changed, 94 insertions(+)
create mode 100755 scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py
diff --git a/scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py
b/scripts/oss-fuzz
Each of these entries is built into a wrapper binary that sets the
needed environment variables and executes the general virtual-device
fuzzer. In the future, we will need additional fields, such as arch=arm,
timeout_per_testcase=0, reset=reboot, etc...
Signed-off-by: Alexander Bulekov
specified using add_dma_pattern and clear_dma_patterns operations.
Signed-off-by: Alexander Bulekov
---
tests/qtest/fuzz/general_fuzz.c | 177
1 file changed, 177 insertions(+)
diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c
index
-by: Alexander Bulekov
---
I know its hard to make sense of this patch and the previous one without
a real example, but I didn't want to delay sending this set. I'll try to
find and old crash (maybe for one of the e1000e bugs) and show exactly
how I go from binary libFuzzer blob to qtest
tps://bugs.launchpad.net/bugs/1879223
https://bugs.launchpad.net/bugs/1879227
https://bugs.launchpad.net/bugs/1879531
https://bugs.launchpad.net/bugs/1880355
https://bugs.launchpad.net/bugs/1880539
https://bugs.launchpad.net/bugs/1884693
https://bugs.launchpad.net/bugs/1886362
https://bugs.launchpad.net/bugs/1887303
ht
Public bug reported:
Hello,
Here is a reproducer (build with --enable-sanitizers):
cat << EOF | ./i386-softmmu/qemu-system-i386 -nographic -M pc -nodefaults -m
512M -device virtio-vga -qtest stdio
outl 0xcf8 0x80001018
outl 0xcfc 0xe080
outl 0xcf8 0x80001020
outl 0xcf8 0x80001004
outw 0xcfc 0
CC-ing virtio-gpu Maintainers.
On 200723 0455, Alexander Bulekov wrote:
> Public bug reported:
>
> Hello,
> Here is a reproducer (build with --enable-sanitizers):
> cat << EOF | ./i386-softmmu/qemu-system-i386 -nographic -M pc -nodefaults -m
> 512M -device virtio-vga -
On 200723 1351, Li Qiang wrote:
> Alexander Bulekov <1888...@bugs.launchpad.net> 于2020年7月23日周四 下午1:02写道:
> >
> > Public bug reported:
> >
> > Hello,
> > Here is a reproducer (build with --enable-sanitizers):
> > cat << EOF | ./i386-softmmu/qemu-sy
Public bug reported:
Fair warning: this might be specific to QTest (specifically its
clock_step) command. This reproducer only works with -accel qtest. Build
with --enable-sanitizers to exit once we hit 1G RSS.
export ASAN_OPTIONS=hard_rss_limit_mb=1000
cat << EOF | ./i386-softmmu/qemu-system-i3
On 200722 2339, Alexander Bulekov wrote:
> This is a generic fuzzer designed to fuzz a virtual device's
> MemoryRegions, as long as they exist within the Memory or Port IO (if it
> exists) AddressSpaces. The fuzzer's input is interpreted into a sequence
> of qtest commands (
I sent a reproducer for the to the list some time ago, but never created
a Launchpad bug...
https://www.mail-archive.com/qemu-devel@nongnu.org/msg701930.html
Anyways.. I can confirm that I can't reproduce the issue with these
patches.
Minimized Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-
Public bug reported:
Hello,
Here are some QTest reproducers for crashes on ARM Highbank that all seem to be
related to the gic device.
Reproducer 1:
cat << EOF | ./arm-softmmu/qemu-system-arm -machine highbank \
-nographic -monitor none -serial none -qtest stdio
writel 0xfff11f00 0x8405f559
writ
On 200730 1531, Philippe Mathieu-Daudé wrote:
> Why put all these bugs in the same ticket?
Thought they might have a similar root cause, though that is evidently
wrong..
> For reproducer #2:
>
> writeq 0xfff11f00 0x613a650f0fda6555 does:
>
> gic_dist_write dist write at 0x0f00 size 4: 0x0fd
On 200730 1550, Peter Maydell wrote:
> I haven't looked at reproducer #1, but is it a fuzzer-specific variant
> of LP:1602247 (trying to read the "for this CPU" registers from
> something other than a CPU doesn't work) ?
That was my initial suspicion as well, but it looks like the SEGV
happens her
Hi Gerd,
Strange... After applying your patch, I re-ran the reproducer, but
I still see the same crash.
-Alex
On 200803 0856, Gerd Hoffmann wrote:
> Hi,
>
> > > The ASAN trace:
> > > ==29798==ERROR: AddressSanitizer: heap-use-after-free on address
> > > 0x60d050e8 at pc 0x560629814761 bp 0
Public bug reported:
Hello,
This reproducer causes vmxnet3 to malloc 0xff030 bytes
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001004
outw 0xcfc 0x7
w
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001004
outw 0xcfc 0x7
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xcf8 0x80001083
write 0x0 0x1 0xe1
write 0x
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001010
outl 0xcfc 0xe000
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001001
outl 0xcfc 0x3fff3ff
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001004
outw 0xcfc 0x7
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0
Hi,
I applied this patch, but I can still trigger a segfault and heap
overread through artist_reg_write -> fill_window. I dont know if these
problems are related to what this patch fixes. If not, let me know and
I can create a separate launchpad report for these.
-Alex
(1) Segfault:
cat << EOF |
On 200803 1336, Alexander Bulekov wrote:
> Hi,
> I applied this patch, but I can still trigger a segfault and heap
> overread through artist_reg_write -> fill_window. I dont know if these
> problems are related to what this patch fixes. If not, let me know and
> I can create a
On 200803 1432, Alexander Bulekov wrote:
> On 200803 1336, Alexander Bulekov wrote:
> > Hi,
> > I applied this patch, but I can still trigger a segfault and heap
> > overread through artist_reg_write -> fill_window. I dont know if these
> > problems are related to
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./hppa-softmmu/qemu-system-hppa -m 64 -display none \
-qtest stdio -accel qtest
writeq 0xf8100802 0xff5c651b7c5c
writeq 0xf8100afb 0x25e
EOF
AddressSanitizer:DEADLYSIGNAL
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./hppa-softmmu/qemu-system-hppa -m 64 -display none \
-qtest stdio -accel qtest
writeq 0xf810049f 0x85
writew 0xf8118001 0x14
writeq 0xf81005fb 0x5c6418001832
EOF
AddressSanitizer:DEADLYSIGNAL
==
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./hppa-softmmu/qemu-system-hppa -m 64 -display none \
-qtest stdio -accel qtest
writew 0xf8118001 0x105a
readq 0xf900f8ff
EOF
=
==20118==ERROR: AddressSanitizer: SEGV on unknown a
Hi Helge,
I applied this series and it fixes most of the problems I saw before.
I still see a few crashes - I made issues for them on launchpad:
https://bugs.launchpad.net/qemu/+bug/1890310
https://bugs.launchpad.net/qemu/+bug/1890311
https://bugs.launchpad.net/qemu/+bug/1890312
Thanks!
-Alex
On
Hi Helge, Sven,
I think this patch introduces an issue:
cat << EOF | ./hppa-softmmu/qemu-system-hppa -m 64 -display none \
-qtest stdio -accel qtest
writeq 0xf810049f 0x7ed7087fff0d
writew 0xf8118001 0x30fb
writew 0xf8118000 0x5bfb
writeq 0xf81005fb 0xd8d8d8d83d83d6
EOF
AddressSanitizer:DEADL
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001001
outl 0xcfc 0x6574c1ff
outl 0xcf8 0x8000100e
outl 0xcfc
On 200804 2320, Helge Deller wrote:
> Hi Alexander,
>
> * Alexander Bulekov :
> > I applied this series and it fixes most of the problems I saw before.
> > I still see a few crashes - I made issues for them on launchpad:
> > https://bugs.launchpad.net/
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xc001
outl 0xcf8 0x80001014
outl 0xcf8 0x80
failure for me, so maybe there was already a fix..
-Alex
On 200805 0116, Alexander Bulekov wrote:
> Public bug reported:
>
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -devi
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./hppa-softmmu/qemu-system-hppa -m 64 -display none \
-qtest stdio -accel qtest
writeq 0xf810049f 0x
writew 0xf8118001 0xff7c
writew 0xf8118000 0x8300
writeq 0xf81005fb 0x5c18006400189e
EOF
SUMMARY: UndefinedBehaviorSanitizer:
On 200804 1801, Alexander Bulekov wrote:
> On 200804 2320, Helge Deller wrote:
> > Hi Alexander,
> >
> > * Alexander Bulekov :
> > > I applied this series and it fixes most of the problems I saw before.
> > > I still see a few crashes - I made is
There's one more slightly further in the same function - line 1231
https://github.com/hdeller/qemu-
hppa/blob/1e5391948f977932d17526c491d262a3cd99a690/hw/display/artist.c#L1231
cat << EOF | ./hppa-softmmu/qemu-system-hppa -m 64 -display none \
-qtest stdio -accel qtest
writeq 0xf8118005 0x1e7c50ff
** Changed in: qemu
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890370
Title:
Segfault in artist vram_bit_write
Status in QEMU:
Invalid
Bug description:
Hello
On 200805 2244, Helge Deller wrote:
> Hello Alexander,
>
> * Alexander Bulekov :
> > On 200804 2320, Helge Deller wrote:
> > > * Alexander Bulekov :
> > > > I applied this series and it fixes most of the problems I saw before.
> > > > I sti
Thank you, Paolo. I haven't gone through all the other messages yet, so
maybe I missed some insights that would help with this.
Some notes as I try to build qemu-fuzz-i386.
* Needed to do git submodule update --init. IIRC this used to happen
automatically for stuff like slirp. I will need to upd
On 200809 0717, Helge Deller wrote:
> Hello Alexander,
>
> On 06.08.20 17:46, Alexander Bulekov wrote:
> > On 200805 2244, Helge Deller wrote:
> >> * Alexander Bulekov :
> >>> On 200804 2320, Helge Deller wrote:
> >>>> * Alexander Bulekov :
>
On 200809 2151, Helge Deller wrote:
> On 09.08.20 21:38, Helge Deller wrote:
> > On 09.08.20 19:17, Alexander Bulekov wrote:
> >> On 200809 0717, Helge Deller wrote:
> >>> The current tree at
> >>> https://github.com/hdeller/qemu-hppa/commits/target-hpp
On 200810 2139, Paolo Bonzini wrote:
> On 10/08/20 21:01, Daniele Buono wrote:
> > So I'm thinking of adding a check in configure. If gold is the linker,
> > automatically create (somehow, still working on it) the full link script
> > by obtaining the default bfd script and add the required parts.
Attaching a QTest reproducer.
./i386-softmmu/qemu-system-i386 -device nec-usb-xhci -trace usb\* \
-device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio < repro
Close to the crash:
21000@1597111713.5
Here's a QTest reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device nec-usb-xhci -trace usb\* \
-device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001014
outl 0xcfc 0x
master. Since its not related to this patch, and
I can't think of anything else to test, for the fuzzing changes to this
patch:
Reviewed-by: Alexander Bulekov
Thanks!
-Alex
On 200810 1908, Paolo Bonzini wrote:
> Signed-off-by: Marc-André Lureau
> Signed-off-by: Paolo Bonzini
> ---
On 200810 1907, Paolo Bonzini wrote:
> Signed-off-by: Paolo Bonzini
For the fuzzing changes in this patch:
Reviewed-by: Alexander Bulekov
-Alex
> ---
> meson.build | 3 +
> tests/Makefile.include | 47 +---
> te
On 200811 1825, Philippe Mathieu-Daudé wrote:
> On 8/11/20 6:20 PM, Philippe Mathieu-Daudé wrote:
> > On 8/10/20 7:08 PM, Paolo Bonzini wrote:
> >> Move the create-config logic to meson.build; create a
> >> configuration_data object and let meson handle the
> >> quoting and output.
> >>
> >> Signed
On 200811 1916, Paolo Bonzini wrote:
> On 11/08/20 19:12, Alexander Bulekov wrote:
> > On 200811 1825, Philippe Mathieu-Daudé wrote:
> >> On 8/11/20 6:20 PM, Philippe Mathieu-Daudé wrote:
> >>> On 8/10/20 7:08 PM, Paolo Bonzini wrote:
> >>>> Move the
Here's a QTest reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device nec-usb-xhci -trace usb\* \
-device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001016
outl 0xcfc 0x
Here's a qtest reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device nec-usb-xhci -trace usb\* \
-device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001016
outl 0xcfc 0x
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci \
-trace usb\* -device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001016
o
For completeness sake, the same issue can lead to a write when the pid
is USB_TOKEN_IN:
cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci \
-trace usb\* -device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults
Public bug reported:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci \
-trace usb\* -device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001010
o
On 200813 0024, Li Qiang wrote:
> Alexander Bulekov <1891...@bugs.launchpad.net> 于2020年8月13日周四 上午12:21写道:
> >
> > Public bug reported:
> >
> > Hello,
> > Reproducer:
> >
> > cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci
I don't think this is a qtest-specific error:
cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
o/4 0xcf8 0x8400f841
o/4 0xcfc 0xaa215d6d
o/4 0x6d30 0x2ef8ffbe
o/1 0xb2 0x20
EOF
...
Segmentation fault
--
You received this bug notification because you are a member of qem
On 200629 2000, Alex Bennée wrote:
>
> Alexander Bulekov <1878...@bugs.launchpad.net> writes:
>
> > I don't think this is a qtest-specific error:
> > cat << EOF| qemu-system-i386 -M q35 -nographic -serial none -monitor stdio
> > o/4 0xcf8 0x8400
0x55fa639431e9 in qemu_init /tmp/qemu/softmmu/vl.c:3878
#10 0x55fa6335c1b8 in main /tmp/qemu/softmmu/main.c:48
#11 0x7f9d2cf06e0a in __libc_start_main ../csu/libc-start.c:308
#12 0x55fa6335f8e9 in _start (/tmp/qemu/build/i386-softmmu/qemu-system-i386)
Signed-off-by: Alexander Bulekov
---
I
On 200701 0749, Paolo Bonzini wrote:
> On 01/07/20 03:58, Alexander Bulekov wrote:
> > fix a leak detected when building with --enable-sanitizers:
> > ./i386-softmmu/qemu-system-i386
> > Upon exit:
> > ==13576==ERROR: LeakSanitizer: detected memory leaks
> >
>
#9 0x55fa639431e9 in qemu_init /tmp/qemu/softmmu/vl.c:3878
#10 0x55fa6335c1b8 in main /tmp/qemu/softmmu/main.c:48
#11 0x7f9d2cf06e0a in __libc_start_main ../csu/libc-start.c:308
#12 0x55fa6335f8e9 in _start (/tmp/qemu/build/i386-softmmu/qemu-system-i386)
Signed-off-by: Alexander Bulekov
x5676aae1 "/1 0xb2 0x20") at monitor/hmp.c:1082
> #13 0x55c99e02 in monitor_command_cb (opaque=0x567621b0,
> cmdline=0x5676aae0 "o/1 0xb2 0x20", readline_opaque=0x0) at
> monitor/hmp.c:47
> ^
> HMP command from mon
On 200120 0055, Bulekov, Alexander wrote:
> +if test "$fuzzing" = "yes" ; then
> + if test "$have_fuzzer" = "yes"; then
> +FUZZ_LDFLAGS=" -fsanitize=address,fuzzer"
> +FUZZ_CFLAGS=" -fsanitize=address,fuzzer"
> +CFLAGS=" -fsanitize=address,fuzzer"
This will fail when build standard qe
/qemu/+bug/1919035
> Signed-off-by: Mark Cave-Ayland
> ---
> hw/scsi/esp.c | 22 ++
> 1 file changed, 14 insertions(+), 8 deletions(-)
Tested-by: Alexander Bulekov
>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1910723
> Buglink: https://bugs.launchpad.net/qemu/+bug/1909247
> Signed-off-by: Mark Cave-Ayland
> ---
> hw/scsi/esp.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Tested-by: Alexander Bulekov
> diff --git a/hw/scsi/e
; hw/scsi/esp.c | 28
> 1 file changed, 16 insertions(+), 12 deletions(-)
>
Tested-by: Alexander Bulekov
ion) command will attempt to reference the NULL pointer causing a
> segfault.
>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1910723
> Buglink: https://bugs.launchpad.net/qemu/+bug/1909247
> Signed-off-by: Mark Cave-Ayland
> ---
Tested-by: Alexander Bulekov
On 210317 2302, Mark Cave-Ayland wrote:
> Use the autogenerated fuzzer test cases as the basis for a set of am53c974
> regression tests.
>
> Signed-off-by: Mark Cave-Ayland
> ---
Reviewed-by: Alexander Bulekov
Thanks
0
outb 0x3f5 0x0
outb 0x3f5 0x01
outw 0x3f1 0x0500
outb 0x3f5 0x00
EOF
Signed-off-by: Alexander Bulekov
---
Might be useful for reproducing/regression testing
tests/qtest/fuzz-test.c | 54 +
1 file changed, 54 insertions(+)
diff --git a/tests/qtest/fuzz-te
301 - 400 of 1121 matches
Mail list logo
