[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1840865] Re: qemu crashes when doing iotest on virtio-9p filesystem
From: |
Thomas Huth |
Subject: |
[Bug 1840865] Re: qemu crashes when doing iotest on virtio-9p filesystem |
Date: |
Wed, 05 May 2021 14:28:39 -0000 |
This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/181
** Changed in: qemu
Status: New => Expired
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #181
https://gitlab.com/qemu-project/qemu/-/issues/181
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1840865
Title:
qemu crashes when doing iotest on virtio-9p filesystem
Status in QEMU:
Expired
Bug description:
Qemu crashes when doing avocado-vt test on virtio-9p filesystem.
This bug can be reproduced running
https://github.com/autotest/tp-qemu/blob/master/qemu/tests/9p.py with the
latest qemu-4.0.0.
The crash stack goes like:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 v9fs_mark_fids_unreclaim (pdu=pdu@entry=0xaaab00046868,
path=path@entry=0xffff851e2fa8)
at hw/9pfs/9p.c:505
#1 0x0000aaaae3585acc in v9fs_unlinkat (opaque=0xaaab00046868) at
hw/9pfs/9p.c:2590
#2 0x0000aaaae3811c10 in coroutine_trampoline (i0=<optimized out>,
i1=<optimized out>)
at util/coroutine-ucontext.c:116
#3 0x0000ffffa13ddb20 in ?? () from /lib64/libc.so.6
Backtrace stopped: not enough registers or memory available to unwind further
A segment fault is triggered at hw/9pfs/9p.c line 505
for (fidp = s->fid_list; fidp; fidp = fidp->next) {
if (fidp->path.size != path->size) { # fidp is invalid
continue;
}
(gdb) p path
$10 = (V9fsPath *) 0xffff851e2fa8
(gdb) p *path
$11 = {size = 21, data = 0xaaaafed6f420 "./9p_test/p2a1/d0/f1"}
(gdb) p *fidp
Cannot access memory at address 0x101010101010101
(gdb) p *pdu
$12 = {size = 19, tag = 54, id = 76 'L', cancelled = 0 '\000', complete =
{entries = {
sqh_first = 0x0, sqh_last = 0xaaab00046870}}, s = 0xaaab000454b8, next
= {
le_next = 0xaaab000467c0, le_prev = 0xaaab00046f88}, idx = 88}
(gdb)
Address Sanitizer shows error and saying that there is a heap-use-
after-free on *fidp*.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1840865/+subscriptions
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug 1840865] Re: qemu crashes when doing iotest on virtio-9p filesystem,
Thomas Huth <=