diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
| commit | dee4dcba78baf712cab403d47d9db319ab7f95d6 (patch) | |
| tree | 418478faf06786701a56268672f73d6b0b4eb239 /results/classifier/009/device/57195159 | |
| parent | 4d9e26c0333abd39bdbd039dcdb30ed429c475ba (diff) | |
| download | emulator-bug-study-dee4dcba78baf712cab403d47d9db319ab7f95d6.tar.gz emulator-bug-study-dee4dcba78baf712cab403d47d9db319ab7f95d6.zip | |
restructure results
Diffstat (limited to 'results/classifier/009/device/57195159')
| -rw-r--r-- | results/classifier/009/device/57195159 | 325 |
1 files changed, 0 insertions, 325 deletions
diff --git a/results/classifier/009/device/57195159 b/results/classifier/009/device/57195159 deleted file mode 100644 index f913074b..00000000 --- a/results/classifier/009/device/57195159 +++ /dev/null @@ -1,325 +0,0 @@ -device: 0.877 -other: 0.868 -graphic: 0.861 -permissions: 0.857 -performance: 0.855 -debug: 0.821 -semantic: 0.794 -boot: 0.781 -PID: 0.755 -KVM: 0.752 -socket: 0.750 -files: 0.697 -network: 0.687 -vnc: 0.626 - -[BUG Report] Got a use-after-free error while start arm64 VM with lots of pci controllers - -Hi, - -We got a use-after-free report in our Euler Robot Test, it is can be reproduced -quite easily, -It can be reproduced by start VM with lots of pci controller and virtio-scsi -devices. -You can find the full qemu log from attachment. -We have analyzed the log and got the rough process how it happened, but don't -know how to fix it. - -Could anyone help to fix it ? - -The key message shows bellow: -har device redirected to /dev/pts/1 (label charserial0) -==1517174==WARNING: ASan doesn't fully support makecontext/swapcontext -functions and may produce false positives in some cases! -================================================================= -==1517174==ERROR: AddressSanitizer: heap-use-after-free on address -0xfffc31a002a0 at pc 0xaaad73e1f668 bp 0xfffc319fddb0 sp 0xfffc319fddd0 -READ of size 8 at 0xfffc31a002a0 thread T1 - #0 0xaaad73e1f667 in memory_region_unref /home/qemu/memory.c:1771 - #1 0xaaad73e1f667 in flatview_destroy /home/qemu/memory.c:291 - #2 0xaaad74adc85b in call_rcu_thread util/rcu.c:283 - #3 0xaaad74ab31db in qemu_thread_start util/qemu-thread-posix.c:519 - #4 0xfffc3a1678bb (/lib64/libpthread.so.0+0x78bb) - #5 0xfffc3a0a616b (/lib64/libc.so.6+0xd616b) - -0xfffc31a002a0 is located 544 bytes inside of 1440-byte region -[0xfffc31a00080,0xfffc31a00620) -freed by thread T37 (CPU 0/KVM) here: - #0 0xfffc3c102e23 in free (/lib64/libasan.so.4+0xd2e23) - #1 0xfffc3bbc729f in g_free (/lib64/libglib-2.0.so.0+0x5729f) - #2 0xaaad745cce03 in pci_bridge_update_mappings hw/pci/pci_bridge.c:245 - #3 0xaaad745ccf33 in pci_bridge_write_config hw/pci/pci_bridge.c:271 - #4 0xaaad745ba867 in pci_bridge_dev_write_config -hw/pci-bridge/pci_bridge_dev.c:153 - #5 0xaaad745d6013 in pci_host_config_write_common hw/pci/pci_host.c:81 - #6 0xaaad73e2346f in memory_region_write_accessor /home/qemu/memory.c:483 - #7 0xaaad73e1d9ff in access_with_adjusted_size /home/qemu/memory.c:544 - #8 0xaaad73e28d1f in memory_region_dispatch_write /home/qemu/memory.c:1482 - #9 0xaaad73d7274f in flatview_write_continue /home/qemu/exec.c:3167 - #10 0xaaad73d72a53 in flatview_write /home/qemu/exec.c:3207 - #11 0xaaad73d7c8c3 in address_space_write /home/qemu/exec.c:3297 - #12 0xaaad73e5059b in kvm_cpu_exec /home/qemu/accel/kvm/kvm-all.c:2386 - #13 0xaaad73e07ac7 in qemu_kvm_cpu_thread_fn /home/qemu/cpus.c:1246 - #14 0xaaad74ab31db in qemu_thread_start util/qemu-thread-posix.c:519 - #15 0xfffc3a1678bb (/lib64/libpthread.so.0+0x78bb) - #16 0xfffc3a0a616b (/lib64/libc.so.6+0xd616b) - -previously allocated by thread T0 here: - #0 0xfffc3c1031cb in __interceptor_malloc (/lib64/libasan.so.4+0xd31cb) - #1 0xfffc3bbc7163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) - #2 0xaaad745ccb57 in pci_bridge_region_init hw/pci/pci_bridge.c:188 - #3 0xaaad745cd8cb in pci_bridge_initfn hw/pci/pci_bridge.c:385 - #4 0xaaad745baaf3 in pci_bridge_dev_realize -hw/pci-bridge/pci_bridge_dev.c:64 - #5 0xaaad745cacd7 in pci_qdev_realize hw/pci/pci.c:2095 - #6 0xaaad7439d9f7 in device_set_realized hw/core/qdev.c:865 - #7 0xaaad7485ed23 in property_set_bool qom/object.c:2102 - #8 0xaaad74868f4b in object_property_set_qobject qom/qom-qobject.c:26 - #9 0xaaad74863a43 in object_property_set_bool qom/object.c:1360 - #10 0xaaad742a53b7 in qdev_device_add /home/qemu/qdev-monitor.c:675 - #11 0xaaad742a9c7b in device_init_func /home/qemu/vl.c:2074 - #12 0xaaad74ad4d33 in qemu_opts_foreach util/qemu-option.c:1170 - #13 0xaaad73d60c17 in main /home/qemu/vl.c:4313 - #14 0xfffc39ff0b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) - #15 0xaaad73d6db33 -(/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x98db33) - -Thread T1 created by T0 here: - #0 0xfffc3c068f6f in __interceptor_pthread_create -(/lib64/libasan.so.4+0x38f6f) - #1 0xaaad74ab54ab in qemu_thread_create util/qemu-thread-posix.c:556 - #2 0xaaad74adc6a7 in rcu_init_complete util/rcu.c:326 - #3 0xaaad74bab2a7 in __libc_csu_init -(/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x17cb2a7) - #4 0xfffc39ff0b47 in __libc_start_main (/lib64/libc.so.6+0x20b47) - #5 0xaaad73d6db33 (/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x98db33) - -Thread T37 (CPU 0/KVM) created by T0 here: - #0 0xfffc3c068f6f in __interceptor_pthread_create -(/lib64/libasan.so.4+0x38f6f) - #1 0xaaad74ab54ab in qemu_thread_create util/qemu-thread-posix.c:556 - #2 0xaaad73e09b0f in qemu_dummy_start_vcpu /home/qemu/cpus.c:2045 - #3 0xaaad73e09b0f in qemu_init_vcpu /home/qemu/cpus.c:2077 - #4 0xaaad740d36b7 in arm_cpu_realizefn /home/qemu/target/arm/cpu.c:1712 - #5 0xaaad7439d9f7 in device_set_realized hw/core/qdev.c:865 - #6 0xaaad7485ed23 in property_set_bool qom/object.c:2102 - #7 0xaaad74868f4b in object_property_set_qobject qom/qom-qobject.c:26 - #8 0xaaad74863a43 in object_property_set_bool qom/object.c:1360 - #9 0xaaad73fe3e67 in machvirt_init /home/qemu/hw/arm/virt.c:1682 - #10 0xaaad743acfc7 in machine_run_board_init hw/core/machine.c:1077 - #11 0xaaad73d60b73 in main /home/qemu/vl.c:4292 - #12 0xfffc39ff0b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) - #13 0xaaad73d6db33 -(/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x98db33) - -SUMMARY: AddressSanitizer: heap-use-after-free /home/qemu/memory.c:1771 in -memory_region_unref - -Thanks -use-after-free-qemu.log -Description: -Text document - -Cc: address@hidden - -On 1/17/2020 4:18 PM, Pan Nengyuan wrote: -> -Hi, -> -> -We got a use-after-free report in our Euler Robot Test, it is can be -> -reproduced quite easily, -> -It can be reproduced by start VM with lots of pci controller and virtio-scsi -> -devices. -> -You can find the full qemu log from attachment. -> -We have analyzed the log and got the rough process how it happened, but don't -> -know how to fix it. -> -> -Could anyone help to fix it ? -> -> -The key message shows bellow: -> -har device redirected to /dev/pts/1 (label charserial0) -> -==1517174==WARNING: ASan doesn't fully support makecontext/swapcontext -> -functions and may produce false positives in some cases! -> -================================================================= -> -==1517174==ERROR: AddressSanitizer: heap-use-after-free on address -> -0xfffc31a002a0 at pc 0xaaad73e1f668 bp 0xfffc319fddb0 sp 0xfffc319fddd0 -> -READ of size 8 at 0xfffc31a002a0 thread T1 -> -#0 0xaaad73e1f667 in memory_region_unref /home/qemu/memory.c:1771 -> -#1 0xaaad73e1f667 in flatview_destroy /home/qemu/memory.c:291 -> -#2 0xaaad74adc85b in call_rcu_thread util/rcu.c:283 -> -#3 0xaaad74ab31db in qemu_thread_start util/qemu-thread-posix.c:519 -> -#4 0xfffc3a1678bb (/lib64/libpthread.so.0+0x78bb) -> -#5 0xfffc3a0a616b (/lib64/libc.so.6+0xd616b) -> -> -0xfffc31a002a0 is located 544 bytes inside of 1440-byte region -> -[0xfffc31a00080,0xfffc31a00620) -> -freed by thread T37 (CPU 0/KVM) here: -> -#0 0xfffc3c102e23 in free (/lib64/libasan.so.4+0xd2e23) -> -#1 0xfffc3bbc729f in g_free (/lib64/libglib-2.0.so.0+0x5729f) -> -#2 0xaaad745cce03 in pci_bridge_update_mappings hw/pci/pci_bridge.c:245 -> -#3 0xaaad745ccf33 in pci_bridge_write_config hw/pci/pci_bridge.c:271 -> -#4 0xaaad745ba867 in pci_bridge_dev_write_config -> -hw/pci-bridge/pci_bridge_dev.c:153 -> -#5 0xaaad745d6013 in pci_host_config_write_common hw/pci/pci_host.c:81 -> -#6 0xaaad73e2346f in memory_region_write_accessor /home/qemu/memory.c:483 -> -#7 0xaaad73e1d9ff in access_with_adjusted_size /home/qemu/memory.c:544 -> -#8 0xaaad73e28d1f in memory_region_dispatch_write /home/qemu/memory.c:1482 -> -#9 0xaaad73d7274f in flatview_write_continue /home/qemu/exec.c:3167 -> -#10 0xaaad73d72a53 in flatview_write /home/qemu/exec.c:3207 -> -#11 0xaaad73d7c8c3 in address_space_write /home/qemu/exec.c:3297 -> -#12 0xaaad73e5059b in kvm_cpu_exec /home/qemu/accel/kvm/kvm-all.c:2386 -> -#13 0xaaad73e07ac7 in qemu_kvm_cpu_thread_fn /home/qemu/cpus.c:1246 -> -#14 0xaaad74ab31db in qemu_thread_start util/qemu-thread-posix.c:519 -> -#15 0xfffc3a1678bb (/lib64/libpthread.so.0+0x78bb) -> -#16 0xfffc3a0a616b (/lib64/libc.so.6+0xd616b) -> -> -previously allocated by thread T0 here: -> -#0 0xfffc3c1031cb in __interceptor_malloc (/lib64/libasan.so.4+0xd31cb) -> -#1 0xfffc3bbc7163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) -> -#2 0xaaad745ccb57 in pci_bridge_region_init hw/pci/pci_bridge.c:188 -> -#3 0xaaad745cd8cb in pci_bridge_initfn hw/pci/pci_bridge.c:385 -> -#4 0xaaad745baaf3 in pci_bridge_dev_realize -> -hw/pci-bridge/pci_bridge_dev.c:64 -> -#5 0xaaad745cacd7 in pci_qdev_realize hw/pci/pci.c:2095 -> -#6 0xaaad7439d9f7 in device_set_realized hw/core/qdev.c:865 -> -#7 0xaaad7485ed23 in property_set_bool qom/object.c:2102 -> -#8 0xaaad74868f4b in object_property_set_qobject qom/qom-qobject.c:26 -> -#9 0xaaad74863a43 in object_property_set_bool qom/object.c:1360 -> -#10 0xaaad742a53b7 in qdev_device_add /home/qemu/qdev-monitor.c:675 -> -#11 0xaaad742a9c7b in device_init_func /home/qemu/vl.c:2074 -> -#12 0xaaad74ad4d33 in qemu_opts_foreach util/qemu-option.c:1170 -> -#13 0xaaad73d60c17 in main /home/qemu/vl.c:4313 -> -#14 0xfffc39ff0b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) -> -#15 0xaaad73d6db33 -> -(/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x98db33) -> -> -Thread T1 created by T0 here: -> -#0 0xfffc3c068f6f in __interceptor_pthread_create -> -(/lib64/libasan.so.4+0x38f6f) -> -#1 0xaaad74ab54ab in qemu_thread_create util/qemu-thread-posix.c:556 -> -#2 0xaaad74adc6a7 in rcu_init_complete util/rcu.c:326 -> -#3 0xaaad74bab2a7 in __libc_csu_init -> -(/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x17cb2a7) -> -#4 0xfffc39ff0b47 in __libc_start_main (/lib64/libc.so.6+0x20b47) -> -#5 0xaaad73d6db33 -> -(/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x98db33) -> -> -Thread T37 (CPU 0/KVM) created by T0 here: -> -#0 0xfffc3c068f6f in __interceptor_pthread_create -> -(/lib64/libasan.so.4+0x38f6f) -> -#1 0xaaad74ab54ab in qemu_thread_create util/qemu-thread-posix.c:556 -> -#2 0xaaad73e09b0f in qemu_dummy_start_vcpu /home/qemu/cpus.c:2045 -> -#3 0xaaad73e09b0f in qemu_init_vcpu /home/qemu/cpus.c:2077 -> -#4 0xaaad740d36b7 in arm_cpu_realizefn /home/qemu/target/arm/cpu.c:1712 -> -#5 0xaaad7439d9f7 in device_set_realized hw/core/qdev.c:865 -> -#6 0xaaad7485ed23 in property_set_bool qom/object.c:2102 -> -#7 0xaaad74868f4b in object_property_set_qobject qom/qom-qobject.c:26 -> -#8 0xaaad74863a43 in object_property_set_bool qom/object.c:1360 -> -#9 0xaaad73fe3e67 in machvirt_init /home/qemu/hw/arm/virt.c:1682 -> -#10 0xaaad743acfc7 in machine_run_board_init hw/core/machine.c:1077 -> -#11 0xaaad73d60b73 in main /home/qemu/vl.c:4292 -> -#12 0xfffc39ff0b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) -> -#13 0xaaad73d6db33 -> -(/home/qemu/aarch64-softmmu/qemu-system-aarch64+0x98db33) -> -> -SUMMARY: AddressSanitizer: heap-use-after-free /home/qemu/memory.c:1771 in -> -memory_region_unref -> -> -Thanks -> -use-after-free-qemu.log -Description: -Text document - |