diff options
Diffstat (limited to 'results/classifier/118/review/2265')
| -rw-r--r-- | results/classifier/118/review/2265 | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/results/classifier/118/review/2265 b/results/classifier/118/review/2265 new file mode 100644 index 000000000..35172295b --- /dev/null +++ b/results/classifier/118/review/2265 @@ -0,0 +1,108 @@ +risc-v: 0.908 +user-level: 0.897 +peripherals: 0.875 +permissions: 0.853 +VMM: 0.849 +hypervisor: 0.845 +KVM: 0.840 +ppc: 0.834 +vnc: 0.831 +x86: 0.831 +mistranslation: 0.827 +TCG: 0.814 +graphic: 0.798 +register: 0.785 +architecture: 0.763 +virtual: 0.760 +performance: 0.755 +debug: 0.750 +arm: 0.743 +files: 0.739 +semantic: 0.729 +device: 0.720 +socket: 0.718 +i386: 0.714 +assembly: 0.707 +network: 0.702 +boot: 0.695 +kernel: 0.664 +PID: 0.636 +-------------------- +x86: 0.992 +debug: 0.965 +hypervisor: 0.772 +user-level: 0.353 +assembly: 0.352 +kernel: 0.230 +TCG: 0.103 +PID: 0.062 +performance: 0.058 +register: 0.045 +files: 0.044 +virtual: 0.016 +semantic: 0.012 +VMM: 0.011 +architecture: 0.007 +device: 0.005 +boot: 0.004 +network: 0.004 +risc-v: 0.003 +KVM: 0.003 +peripherals: 0.003 +graphic: 0.002 +permissions: 0.002 +socket: 0.002 +ppc: 0.001 +vnc: 0.001 +mistranslation: 0.001 +arm: 0.000 +i386: 0.000 + +qemu-system-x86_64 crash creating snapshot +Description of problem: +I'm facing a crash in qemu-system-x86_64.\ +I crash because bs->children.lh_first is null and QLIST_NEXT try dereference the pointer. It triggers a SIGSEGV\ +The manner to reproduce is too complex to give on gitlab and the version is not recent. (I reproduce also with 7.1)\ + +here is the stack: + +(gdb) p bs->children\ +$1 = {lh_first = 0x0}\ +(gdb)\ +(gdb) p child\ +$2 = (BdrvChild *) 0x0\ +(gdb)\ + if (bs->implicit) {\ + /* For implicit nodes, just copy everything from the single child */\ + child = QLIST_FIRST(&bs->children);\ +----->> assert(QLIST_NEXT(child, next) == NULL);\ + pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),\ + + +#0 bdrv_refresh_filename (bs=0x562927927000) at ../qemu-6.2.0/block.c:7525\ +#1 0x000056292527dd97 in bdrv_block_device_info (blk=blk@entry=0x0, bs=bs@entry=0x562927927000, flat=flat@entry=true, errp=errp@entry=0x7ffcef7e8318) at ../qemu-6.2.0/block/qapi.c:58\ +#2 0x00005629252470c0 in bdrv_named_nodes_list (flat=true, errp=errp@entry=0x7ffcef7e8318) at ../qemu-6.2.0/block.c:5863\ +#3 0x000056292523da7e in qmp_query_named_block_nodes (has_flat=<optimized out>, flat=<optimized out>, errp=errp@entry=0x7ffcef7e8318) at ../qemu-6.2.0/blockdev.c:2935\ +#4 0x0000562925301ebd in qmp_marshal_query_named_block_nodes (args=<optimized out>, ret=0x7fc833c83e88, errp=0x7fc833c83e80) at qapi/qapi-commands-block-core.c:423\ +#5 0x0000562925344129 in do_qmp_dispatch_bh (opaque=0x7fc833c83e90) at ../qemu-6.2.0/qapi/qmp-dispatch.c:129 +#6 0x000056292535ecf5 in aio_bh_call (bh=0x5629295ab560) at ../qemu-6.2.0/util/async.c:141\ +#7 aio_bh_poll (ctx=ctx@entry=0x5629276c93e0) at ../qemu-6.2.0/util/async.c:169\ +#8 0x000056292534cf9e in aio_dispatch (ctx=0x5629276c93e0) at ../qemu-6.2.0/util/aio-posix.c:381\ +#9 0x000056292535eb9e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../qemu-6.2.0/util/async.c:311\ +#10 0x00007fc8351cafee in g_match_info_fetch_pos () from /lib/x86_64-linux-gnu/libglib-2.0.so.0\ +#11 0x00007fc800000000 in ?? ()\ +#12 0x000003a05cb8b408 in ?? ()\ +#13 0x0000000000000000 in ?? ()\ + +The case lh_first = 0x0 seems to be common, but never when bs->implicit is true. bs->implicit seems to be switch to true by another thread.\ +Because the qemu version and the system are too old, I'm not expecting a patch, I'm just requesting an opinion.\ + +I fixed the problem by just doing:\ +child = QLIST_FIRST(&bs->children);\ +if (bs->implicit && (child != NULL)) {\ + assert(QLIST_NEXT(child, next) == NULL);\ + ....\ +}\ +I don't have the qemu knowledge to evaluate it and consequences.\ +Is there anyone who have any idea ?\ +Thank you very much.\ |