[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] virtio-scsi: remove unused argument to virtio_s
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [PATCH] virtio-scsi: remove unused argument to virtio_scsi_common_realize |
|
Date: |
Mon, 22 Jul 2019 10:42:54 +0100 |
|
User-agent: |
Mutt/1.12.0 (2019-05-25) |
On Thu, Jul 18, 2019 at 07:00:37AM +0200, Philippe Mathieu-Daudé wrote:
> Cc'ing qemu-block@
>
> On 7/18/19 5:25 AM, address@hidden wrote:
> > Patchew URL: https://patchew.org/QEMU/address@hidden/
> [...]> time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu
> J=14 NETWORK=1
> [...]
> > PASS 18 test-bdrv-drain /bdrv-drain/iothread/drain_all
> > =================================================================
> > ==8106==ERROR: AddressSanitizer: heap-use-after-free on address
> > 0x61200002c7f0 at pc 0x5622ea95c8b6 bp 0x7f174fdb8680 sp 0x7f174fdb8678
> > WRITE of size 1 at 0x61200002c7f0 thread T9
> > ==8108==WARNING: ASan doesn't fully support makecontext/swapcontext
> > functions and may produce false positives in some cases!
> > #0 0x5622ea95c8b5 in aio_notify /tmp/qemu-test/src/util/async.c:351:9
The 1-byte write is probably atomic_mb_set(&ctx->notified, true) on a
freed AioContext:
000000000073b580 <aio_notify>:
73b580: 0f ae f0 mfence
73b583: 8b 87 98 00 00 00 mov 0x98(%rdi),%eax
73b589: 85 c0 test %eax,%eax
73b58b: 75 03 jne 73b590 <aio_notify+0x10>
73b58d: c3 retq
73b58e: 66 90 xchg %ax,%ax
73b590: 53 push %rbx
73b591: 48 89 fb mov %rdi,%rbx
73b594: 48 8d bf ac 00 00 00 lea 0xac(%rdi),%rdi
73b59b: e8 40 40 00 00 callq 73f5e0 <event_notifier_set>
73b5a0: b8 01 00 00 00 mov $0x1,%eax
***
73b5a5: 86 83 a8 00 00 00 xchg %al,0xa8(%rbx)
***
73b5ab: 5b pop %rbx
73b5ac: c3 retq
I'll take a closer look and try to reproduce this.
Stefan
signature.asc
Description: PGP signature