From nobody Tue Nov 18 09:21:34 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=outlook.com); dmarc=pass(p=none dis=none) header.from=outlook.com ARC-Seal: i=2; a=rsa-sha256; t=1608404436; cv=pass; d=zohomail.com; s=zohoarc; b=kSRTHuvprvNQ4SsHHIo/ETPIbDirPTon2UJIJQFldoeKn+ftvmW6l0XBjJ+Nx2Hq2ajceIDl4LDtvXLJZcOXDjhEaWEGY3v8dRGsIVvBlGPCNEav5UsRFf3BHb5ajvUSsw2THesEByN0F4+eDYrFyzssTyTAoUgeqquHcnMmzAo= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1608404436; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Md22MKEr96xc8yPL9OQe5UF0ttF2V88OlS/F08ekX6Y=; b=TQp4wtfqPviw/WZ/GXymD04AzVPXvCW/GFmH+/mYp/+GZmENb6NocLLXl/r99xwtWPV8jQYe2aaKb7BdEJevSEN+cNo3oM6wzgtubLqIeKS/nL+wNJeOTCOaEvODfcD3bsTtw8go4uP/6ABd//fU8pxeJ9919EUN3mqJzwDvgMg= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=outlook.com); dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1608404436141394.43027886813775; Sat, 19 Dec 2020 11:00:36 -0800 (PST) Received: from localhost ([::1]:60676 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kqhT0-0007Eu-UZ for importer@patchew.org; Sat, 19 Dec 2020 14:00:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35100) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kqhPP-0005i0-LX for qemu-devel@nongnu.org; Sat, 19 Dec 2020 13:56:51 -0500 Received: from mail-oln040092255040.outbound.protection.outlook.com ([40.92.255.40]:42752 helo=APC01-HK2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kqhPN-000533-DK for qemu-devel@nongnu.org; Sat, 19 Dec 2020 13:56:51 -0500 Received: from SG2APC01FT053.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebd::4d) by SG2APC01HT057.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebd::294) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.22; Sat, 19 Dec 2020 18:56:43 +0000 Received: from ME3P282MB1492.AUSP282.PROD.OUTLOOK.COM (10.152.250.58) by SG2APC01FT053.mail.protection.outlook.com (10.152.250.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.22 via Frontend Transport; Sat, 19 Dec 2020 18:56:43 +0000 Received: from ME3P282MB1492.AUSP282.PROD.OUTLOOK.COM ([fe80::d86c:2255:e334:54f7]) by ME3P282MB1492.AUSP282.PROD.OUTLOOK.COM ([fe80::d86c:2255:e334:54f7%5]) with mapi id 15.20.3676.025; Sat, 19 Dec 2020 18:56:43 +0000 Received: from pc (2001:250:fe01:130:1079:e2bc:42d3:a57e) by HK2PR03CA0046.apcprd03.prod.outlook.com (2603:1096:202:17::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.19 via Frontend Transport; Sat, 19 Dec 2020 18:56:42 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h2py5ssXlwYW/v+J8q9na0kZxyGzrhm5jdtD/GRdgb0QnlhBJAfzOxgeBgTJs2EhfX+vtBRuWSAa6ee1GyHikHAXZAxVGVvt4VfU/SrJNnxECfNw0y2QdkzMNVj0/76MmXtaQUaDGIRCsBY5vsiSzzR/8Qd2WQLuJDAq71+uLenK485kSYNjwJqyZ7J+LIz2CXQEdNX3lb223dRYMTh8EvjXoTZAXqbsyI0wi4qzUCSfvDXg7xzsK3MeaHsp69R5xDMOry1knQv6CQbei73O/1GzTzGUMOJNbgNY/CIBcCpzGCjr7JG3sFZkb/i6h3myoNK6OBJOIf4TFRAn+lyxjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Md22MKEr96xc8yPL9OQe5UF0ttF2V88OlS/F08ekX6Y=; b=MIPOV7VnlDEudG9TS4olyYBt+cOOB6npv9BL/09sN0NDQUWw4YTnhf+cD6hmNn3pYXXLra3O6CAo7gH6qBREmnF7pvgE8lhAvL6hOI3ENC4E3hcBsFkFmwIXv21+EnEzhAzHzweETE9fD5eJnWDQkvcU9Q0B71GgBQ6UrUHX0c93jiJ7tAluxLTpqR3vkcrN3FtRsMVn6S2PUZaGt/hVTbL4bRsQ9vlV4L62RvL6afqS3jDrKs3/kt5qUQMsk16U5kTOzZFjt0/i4Cr3YSHmxtlYDwCQ/L9gtxHfOd4SJjuhXvmZ2S8iwwqGtj84K2m/IFLn0AIsKvyhPz+9ekESQg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Md22MKEr96xc8yPL9OQe5UF0ttF2V88OlS/F08ekX6Y=; b=jo57fynt0XlYiM7JojEYReYRDRVUigIVZheNRrl4YJtKRfgPbjTpkFRVQxgsL6kTwV6Dfzcr3eRDosxaTVBaqKRRXzks7Tq4+XFRYas7ZfETZhZlsbPDmw4cfQ2VOPgK1i3HigvUaGrBezk3N0YzQCYjgd/FhxY23cFfGwjq6DHhnG/T5xemwkEs5jWBxSU4BCgNGixMcmfLgqlCFpgM3z7/HWlIp/RUrmrRVjChOMkGaHJ2EtQwqgQpT8bpHE+olA4j9nHphdMp3WivJD5piSoMEqH1UjOvX4jJrCgq5Em40VcxGux7sG6ha3ljpXKJC5s6NJhW1F35ANDeBegkIw== X-IncomingTopHeaderMarker: OriginalChecksum:40D016675D38349A92E9850C116998C115744606F41047D728EDAC9BA33D73A1; UpperCasedChecksum:A165AA084CEA924A0715052D70EDB61C8C313E7A33F0A2606822E0BF2C1CB8AF; SizeAsReceived:7655; Count:47 From: Qiuhao Li To: alxndr@bu.edu, qemu-devel@nongnu.org Subject: [PATCH 3/4] fuzz: setting bits in operand of out/write to zero Date: Sun, 20 Dec 2020 02:56:26 +0800 Message-ID: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Content-Transfer-Encoding: quoted-printable X-TMN: [wESVYiO0TFHioIepoU1gqzh5zN/QDEN0P9lzz4N8ui9jInR1ld5ciIJdNPCr1pg5] X-ClientProxiedBy: HK2PR03CA0046.apcprd03.prod.outlook.com (2603:1096:202:17::16) To ME3P282MB1492.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:a0::14) X-Microsoft-Original-Message-ID: <20201219185627.426615-3-Qiuhao.Li@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 79d19edd-842e-4ac8-c15e-08d8a44fd39b X-MS-TrafficTypeDiagnostic: SG2APC01HT057: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tfRHtcX5UuZE7Q9TMVeMz7ff5FSzELRk2hmCxt6ly3KlSqhnc+Zlkwz6mtIf1LQplQwxH54KwEjT8hUGzzKo07UIYTqmIpQorABFGYdoJs72NIhsW2GUOEFGU1AeO7+hUErDUA6pGDlgFHbaVT9ClNTjyRLZe4fwJtIOEKpe/arLb2HQ8jjpSwMyDEKUl9YhEqcHwd57AXy7JvoItIdRccBWn7wvGAvTHKKpUaSLcx+l/oD62xiaV5rd+60wgCKt X-MS-Exchange-AntiSpam-MessageData: F7+PBdmJL+GucIDDQLnwrfl/WsaVvE0Nt5+b42nhmoqLYrxCqz03GC/GCXwxyuOCk+Rd5TbyTOu+qGSywN0whbkXZDDRSGkaXplGniqfd+gIcbpcffNA6hAyy3XLe7dyvVVTh/lSQtkYdf8qnTT/cBRP4CEM+fNEKS4o6MjYK2NAPlpPGMq8L233yMEcW3Y6GC+ZWbcTVuLafe+GEu0SdA== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2020 18:56:43.1561 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-Network-Message-Id: 79d19edd-842e-4ac8-c15e-08d8a44fd39b X-MS-Exchange-CrossTenant-AuthSource: SG2APC01FT053.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2APC01HT057 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.92.255.40; envelope-from=Qiuhao.Li@outlook.com; helo=APC01-HK2-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: darren.kenny@oracle.com, bsd@redhat.com, thuth@redhat.com, stefanha@redhat.com, pbonzini@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @outlook.com) Content-Type: text/plain; charset="utf-8" Simplifying the crash cases by opportunistically setting bits in operands of out/write to zero may help to debug, since usually bit one means turn on or trigger a function while zero is the default turn-off setting. Tested Bug 1908062. Refined vs. Original result: outl 0xcf8 0x8000081c outl 0xcf8 0x8000081c outb 0xcfc 0xc3 outb 0xcfc 0xc3 outl 0xcf8 0x0 <-- outl 0xcf8 0x8000082f outl 0xcf8 0x80000804 outl 0xcf8 0x80000804 outl 0xcfc 0x10000006 <-- outl 0xcfc 0x9b2765be write 0xc300001024 0x2 0x10 <-- write 0xc300001024 0x2 0x0055 write 0xc300001028 0x1 0x5a write 0xc300001028 0x1 0x5a write 0xc30000101c 0x1 0x01 write 0xc30000101c 0x1 0x01 writel 0xc30000100c 0x2a6f6c63 writel 0xc30000100c 0x2a6f6c63 write 0xc300001018 0x1 0x80 <-- write 0xc300001018 0x1 0xa4 write 0x5c 0x1 0x10 <-- write 0x5c 0x1 0x19 write 0xc300003002 0x1 0x0 <-- write 0xc300003002 0x1 0x8a Signed-off-by: Qiuhao Li Reviewed-by: Alexander Bulekov --- scripts/oss-fuzz/minimize_qtest_trace.py | 42 +++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/scripts/oss-fuzz/minimize_qtest_trace.py b/scripts/oss-fuzz/mi= nimize_qtest_trace.py index 855c3bcb54..f3e88064c4 100755 --- a/scripts/oss-fuzz/minimize_qtest_trace.py +++ b/scripts/oss-fuzz/minimize_qtest_trace.py @@ -172,7 +172,47 @@ def minimize_trace(inpath, outpath): newtrace[i] =3D prior del newtrace[i+1] i +=3D 1 - check_if_trace_crashes(newtrace, outpath) + + assert(check_if_trace_crashes(newtrace, outpath)) + + TIMEOUT =3D (end-start)*2 # input is short now + + # try setting bits in operands of out/write to zero + i =3D 0 + while i < len(newtrace): + if (not newtrace[i].startswith("write ") and not + newtrace[i].startswith("out")): + i +=3D 1 + continue + # write ADDR SIZE DATA + # outx ADDR VALUE + print("\nzero setting bits: {}".format(newtrace[i])) + + prefix =3D " ".join(newtrace[i].split()[:-1]) + data =3D newtrace[i].split()[-1] + data_bin =3D bin(int(data, 16)) + data_bin_list =3D list(data_bin) + + for j in range(2, len(data_bin_list)): + prior =3D newtrace[i] + if (data_bin_list[j] =3D=3D '1'): + data_bin_list[j] =3D '0' + data_try =3D hex(int("".join(data_bin_list), 2)) + # It seems qtest only accect hex with one byte zero padding + if len(data_try) % 2 =3D=3D 1: + data_try =3D data_try[:2] + "0" + data_try[2:-1] + + newtrace[i] =3D "{prefix} {data_try}\n".format( + prefix=3Dprefix, + data_try=3Ddata_try) + + if not check_if_trace_crashes(newtrace, outpath): + data_bin_list[j] =3D '1' + newtrace[i] =3D prior + + i +=3D 1 + + assert(check_if_trace_crashes(newtrace, outpath)) =20 =20 if __name__ =3D=3D '__main__': --=20 2.25.1