PID: 0.146 performance: 0.128 device: 0.104 semantic: 0.103 other: 0.093 files: 0.077 debug: 0.070 graphic: 0.060 permissions: 0.048 network: 0.046 socket: 0.042 vnc: 0.040 boot: 0.027 KVM: 0.016 debug: 0.849 performance: 0.033 PID: 0.021 files: 0.021 semantic: 0.017 other: 0.015 device: 0.009 KVM: 0.007 graphic: 0.006 network: 0.006 socket: 0.005 permissions: 0.004 boot: 0.004 vnc: 0.004 qemu crashes when doing iotest on virtio-9p filesystem Qemu crashes when doing avocado-vt test on virtio-9p filesystem. This bug can be reproduced running https://github.com/autotest/tp-qemu/blob/master/qemu/tests/9p.py. The crash stack goes like: Program terminated with signal SIGSEGV, Segmentation fault. #0 v9fs_mark_fids_unreclaim (pdu=pdu@entry=0xaaab00046868, path=path@entry=0xffff851e2fa8) at hw/9pfs/9p.c:505 #1 0x0000aaaae3585acc in v9fs_unlinkat (opaque=0xaaab00046868) at hw/9pfs/9p.c:2590 #2 0x0000aaaae3811c10 in coroutine_trampoline (i0=, i1=) at util/coroutine-ucontext.c:116 #3 0x0000ffffa13ddb20 in ?? () from /lib64/libc.so.6 Backtrace stopped: not enough registers or memory available to unwind further A segment fault is triggered at hw/9pfs/9p.c line 505 for (fidp = s->fid_list; fidp; fidp = fidp->next) { if (fidp->path.size != path->size) { # fidp is invalid continue; } (gdb) p path $10 = (V9fsPath *) 0xffff851e2fa8 (gdb) p *path $11 = {size = 21, data = 0xaaaafed6f420 "./9p_test/p2a1/d0/f1"} (gdb) p *fidp Cannot access memory at address 0x101010101010101 (gdb) p *pdu $12 = {size = 19, tag = 54, id = 76 'L', cancelled = 0 '\000', complete = {entries = { sqh_first = 0x0, sqh_last = 0xaaab00046870}}, s = 0xaaab000454b8, next = { le_next = 0xaaab000467c0, le_prev = 0xaaab00046f88}, idx = 88} (gdb) Address Sanitizer shows error and saying that there is a heap-use-after-free on *fidp*. This is an automated cleanup. This bug report has been moved to QEMU's new bug tracker on gitlab.com and thus gets marked as 'expired' now. Please continue with the discussion here: https://gitlab.com/qemu-project/qemu/-/issues/181