Cc'ing Marc-André,
On 7/2/19 8:15 AM, no-re...@patchew.org wrote:
> Patchew URL: https://patchew.org/QEMU/20190702001301.4768-1-phi...@redhat.com/
>
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> make docker-image-fedora V=1 NETWORK=1
> time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
> === TEST SCRIPT END ===
I am not sure how the error reported is related to this series:
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
tests/test-bdrv-drain -m=quick -k --tap < /dev/null |
./scripts/tap-driver.pl --test-name="test-bdrv-drain"
==8090==WARNING: ASan doesn't fully support makecontext/swapcontext
functions and may produce false positives in some cases!
PASS 1 test-bdrv-drain /bdrv-drain/nested
PASS 2 test-bdrv-drain /bdrv-drain/multiparent
PASS 3 test-bdrv-drain /bdrv-drain/set_aio_context
PASS 4 test-bdrv-drain /bdrv-drain/driver-cb/drain_all
PASS 5 test-bdrv-drain /bdrv-drain/driver-cb/drain
PASS 6 test-bdrv-drain /bdrv-drain/driver-cb/drain_subtree
PASS 7 test-bdrv-drain /bdrv-drain/driver-cb/co/drain_all
PASS 8 test-bdrv-drain /bdrv-drain/driver-cb/co/drain
PASS 9 test-bdrv-drain /bdrv-drain/driver-cb/co/drain_subtree
PASS 10 test-bdrv-drain /bdrv-drain/quiesce/drain_all
PASS 11 test-bdrv-drain /bdrv-drain/quiesce/drain
PASS 12 test-bdrv-drain /bdrv-drain/quiesce/drain_subtree
PASS 13 test-bdrv-drain /bdrv-drain/quiesce/co/drain_all
PASS 14 test-bdrv-drain /bdrv-drain/quiesce/co/drain
PASS 15 test-bdrv-drain /bdrv-drain/quiesce/co/drain_subtree
PASS 16 test-bdrv-drain /bdrv-drain/graph-change/drain_subtree
PASS 17 test-bdrv-drain /bdrv-drain/graph-change/drain_all
=================================================================
==8090==ERROR: AddressSanitizer: heap-use-after-free on address
0x61200002c1f0 at pc 0x559638e7e006 bp 0x7f974eab8680 sp 0x7f974eab8678
WRITE of size 1 at 0x61200002c1f0 thread T5
PASS 3 ahci-test /x86_64/ahci/pci_enable
#0 0x559638e7e005 in aio_notify /tmp/qemu-test/src/util/async.c:351:9
#1 0x559638e7fc3b in qemu_bh_schedule
/tmp/qemu-test/src/util/async.c:167:9
#2 0x559638e82e40 in aio_co_schedule
/tmp/qemu-test/src/util/async.c:464:5
#3 0x559638e83109 in aio_co_enter /tmp/qemu-test/src/util/async.c:483:9
#4 0x559638e8308d in aio_co_wake /tmp/qemu-test/src/util/async.c:477:5
#5 0x55963876b3d4 in co_reenter_bh
/tmp/qemu-test/src/tests/test-bdrv-drain.c:63:5
#6 0x559638e7e8aa in aio_bh_call /tmp/qemu-test/src/util/async.c:89:5
#7 0x559638e7efc2 in aio_bh_poll /tmp/qemu-test/src/util/async.c:117:13
#8 0x559638ea4a73 in aio_poll /tmp/qemu-test/src/util/aio-posix.c:728:17
#9 0x559638d48628 in iothread_run
/tmp/qemu-test/src/tests/iothread.c:51:9
#10 0x559638eb8612 in qemu_thread_start
/tmp/qemu-test/src/util/qemu-thread-posix.c:502:9
#11 0x7f976074a5a1 in start_thread (/lib64/libpthread.so.0+0x85a1)
#12 0x7f9760657022 in __GI___clone (/lib64/libc.so.6+0xfb022)
0x61200002c1f0 is located 176 bytes inside of 312-byte region
[0x61200002c140,0x61200002c278)
freed by thread T0 here:
#0 0x55963872475f in free
(/tmp/qemu-test/build/tests/test-bdrv-drain+0x53375f)
#1 0x7f9760bc5d8c in g_free (/lib64/libglib-2.0.so.0+0x55d8c)
previously allocated by thread T4 here:
#0 0x559638724d9e in calloc
(/tmp/qemu-test/build/tests/test-bdrv-drain+0x533d9e)
#1 0x7f9760bc5cf0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x55cf0)
Thread T5 created by T0 here:
#0 0x559638659f16 in __interceptor_pthread_create
(/tmp/qemu-test/build/tests/test-bdrv-drain+0x468f16)
#1 0x559638eb7f19 in qemu_thread_create
/tmp/qemu-test/src/util/qemu-thread-posix.c:539:11
#2 0x559638d47cce in iothread_new
/tmp/qemu-test/src/tests/iothread.c:75:5
#3 0x55963876c412 in test_iothread_common
/tmp/qemu-test/src/tests/test-bdrv-drain.c:664:19
#4 0x55963876724e in test_iothread_drain_all
/tmp/qemu-test/src/tests/test-bdrv-drain.c:758:5
#5 0x7f9760be7f9d (/lib64/libglib-2.0.so.0+0x77f9d)
Thread T4 created by T0 here:
#0 0x559638659f16 in __interceptor_pthread_create
(/tmp/qemu-test/build/tests/test-bdrv-drain+0x468f16)
#1 0x559638eb7f19 in qemu_thread_create
/tmp/qemu-test/src/util/qemu-thread-posix.c:539:11
#2 0x559638d47cce in iothread_new
/tmp/qemu-test/src/tests/iothread.c:75:5
#3 0x55963876c406 in test_iothread_common
/tmp/qemu-test/src/tests/test-bdrv-drain.c:663:19
#4 0x55963876724e in test_iothread_drain_all
/tmp/qemu-test/src/tests/test-bdrv-drain.c:758:5
#5 0x7f9760be7f9d (/lib64/libglib-2.0.so.0+0x77f9d)
SUMMARY: AddressSanitizer: heap-use-after-free
/tmp/qemu-test/src/util/async.c:351:9 in aio_notify
Shadow bytes around the buggy address:
0x0c247fffd7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fffd7f0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c247fffd800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c247fffd810: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c247fffd820: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c247fffd830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
0x0c247fffd840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c247fffd850: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c247fffd860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fffd870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
0x0c247fffd880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==8090==ABORTING
ERROR - too few tests run (expected 39, got 17)
make: *** [/tmp/qemu-test/src/tests/Makefile.include:899: check-unit]
Error 1
make: *** Waiting for unfinished jobs....
