* [PULL 0/2] Update slirp (+ debug test-serial)
@ 2020-07-28 14:31 Marc-André Lureau
2020-07-28 14:31 ` [PULL 1/2] test-char: abort on serial test error Marc-André Lureau
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Marc-André Lureau @ 2020-07-28 14:31 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Marc-André Lureau
The following changes since commit 264991512193ee50e27d43e66f832d5041cf3b28:
Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-07-27' into staging (2020-07-28 14:38:17 +0100)
are available in the Git repository at:
https://github.com/elmarco/qemu.git tags/slirp-pull-request
for you to fetch changes up to 9c15f57891af7c2cb3baf2d66a1b1f3f87a665ba:
slirp: update to latest stable-4.2 branch (2020-07-28 18:27:59 +0400)
----------------------------------------------------------------
slirp: update to latest stable-4.2 branch
----------------------------------------------------------------
Marc-André Lureau (2):
test-char: abort on serial test error
slirp: update to latest stable-4.2 branch
tests/test-char.c | 2 +-
slirp | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
2.28.0.rc2.1.g3d20111cbd
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PULL 1/2] test-char: abort on serial test error
2020-07-28 14:31 [PULL 0/2] Update slirp (+ debug test-serial) Marc-André Lureau
@ 2020-07-28 14:31 ` Marc-André Lureau
2020-12-13 22:51 ` Philippe Mathieu-Daudé
2020-07-28 14:31 ` [PULL 2/2] slirp: update to latest stable-4.2 branch Marc-André Lureau
2020-07-28 19:42 ` [PULL 0/2] Update slirp (+ debug test-serial) Peter Maydell
2 siblings, 1 reply; 7+ messages in thread
From: Marc-André Lureau @ 2020-07-28 14:31 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Marc-André Lureau
We are having issues debugging and bisecting this issue that happen
mostly on patchew. Let's make it abort where it failed to gather some
new informations.
Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
tests/test-char.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test-char.c b/tests/test-char.c
index 614bdac2df..d35cc839bc 100644
--- a/tests/test-char.c
+++ b/tests/test-char.c
@@ -1200,7 +1200,7 @@ static void char_serial_test(void)
/* test tty alias */
qemu_opt_set(opts, "backend", "tty", &error_abort);
- chr = qemu_chr_new_from_opts(opts, NULL, NULL);
+ chr = qemu_chr_new_from_opts(opts, NULL, &error_abort);
g_assert_nonnull(chr);
object_unparent(OBJECT(chr));
--
2.28.0.rc2.1.g3d20111cbd
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PULL 2/2] slirp: update to latest stable-4.2 branch
2020-07-28 14:31 [PULL 0/2] Update slirp (+ debug test-serial) Marc-André Lureau
2020-07-28 14:31 ` [PULL 1/2] test-char: abort on serial test error Marc-André Lureau
@ 2020-07-28 14:31 ` Marc-André Lureau
2020-07-28 19:42 ` [PULL 0/2] Update slirp (+ debug test-serial) Peter Maydell
2 siblings, 0 replies; 7+ messages in thread
From: Marc-André Lureau @ 2020-07-28 14:31 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Marc-André Lureau
Dr. David Alan Gilbert (1):
ip_stripoptions use memmove
Jindrich Novy (4):
Fix possible infinite loops and use-after-free
Use secure string copy to avoid overflow
Be sure to initialize sockaddr structure
Check lseek() for failure
Marc-André Lureau (2):
util: do not silently truncate
Merge branch 'stable-4.2' into 'stable-4.2'
Philippe Mathieu-Daudé (3):
Fix win32 builds by using the SLIRP_PACKED definition
Fix constness warnings
Remove unnecessary break
Ralf Haferkamp (2):
Drop bogus IPv6 messages
Fix MTU check
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
slirp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/slirp b/slirp
index 2faae0f778..ce94eba204 160000
--- a/slirp
+++ b/slirp
@@ -1 +1 @@
-Subproject commit 2faae0f778f818fadc873308f983289df697eb93
+Subproject commit ce94eba2042d52a0ba3d9e252ebce86715e94275
--
2.28.0.rc2.1.g3d20111cbd
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PULL 0/2] Update slirp (+ debug test-serial)
2020-07-28 14:31 [PULL 0/2] Update slirp (+ debug test-serial) Marc-André Lureau
2020-07-28 14:31 ` [PULL 1/2] test-char: abort on serial test error Marc-André Lureau
2020-07-28 14:31 ` [PULL 2/2] slirp: update to latest stable-4.2 branch Marc-André Lureau
@ 2020-07-28 19:42 ` Peter Maydell
2 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2020-07-28 19:42 UTC (permalink / raw)
To: Marc-André Lureau; +Cc: QEMU Developers
On Tue, 28 Jul 2020 at 15:31, Marc-André Lureau
<marcandre.lureau@redhat.com> wrote:
>
> The following changes since commit 264991512193ee50e27d43e66f832d5041cf3b28:
>
> Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-07-27' into staging (2020-07-28 14:38:17 +0100)
>
> are available in the Git repository at:
>
> https://github.com/elmarco/qemu.git tags/slirp-pull-request
>
> for you to fetch changes up to 9c15f57891af7c2cb3baf2d66a1b1f3f87a665ba:
>
> slirp: update to latest stable-4.2 branch (2020-07-28 18:27:59 +0400)
>
> ----------------------------------------------------------------
> slirp: update to latest stable-4.2 branch
>
> ----------------------------------------------------------------
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PULL 1/2] test-char: abort on serial test error
2020-07-28 14:31 ` [PULL 1/2] test-char: abort on serial test error Marc-André Lureau
@ 2020-12-13 22:51 ` Philippe Mathieu-Daudé
2020-12-15 19:29 ` Eduardo Habkost
0 siblings, 1 reply; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-12-13 22:51 UTC (permalink / raw)
To: Marc-André Lureau, qemu-devel
Cc: peter.maydell, Eduardo Habkost, Paolo Bonzini
On 7/28/20 4:31 PM, Marc-André Lureau wrote:
> We are having issues debugging and bisecting this issue that happen
> mostly on patchew. Let's make it abort where it failed to gather some
> new informations.
"good" news, this started to fail on Gitlab (centos7):
Running test test-char
Unexpected error in object_property_try_add() at ../qom/object.c:1220:
attempt to add duplicate property 'serial-id' to object (type 'container')
ERROR test-char - too few tests run (expected 38, got 9)
make: *** [run-test-86] Error 1
https://gitlab.com/philmd/qemu/-/jobs/908114388
https://gitlab.com/philmd/qemu/-/jobs/908114389
https://gitlab.com/philmd/qemu/-/jobs/908114390
>
> Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> tests/test-char.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tests/test-char.c b/tests/test-char.c
> index 614bdac2df..d35cc839bc 100644
> --- a/tests/test-char.c
> +++ b/tests/test-char.c
> @@ -1200,7 +1200,7 @@ static void char_serial_test(void)
>
> /* test tty alias */
> qemu_opt_set(opts, "backend", "tty", &error_abort);
> - chr = qemu_chr_new_from_opts(opts, NULL, NULL);
> + chr = qemu_chr_new_from_opts(opts, NULL, &error_abort);
> g_assert_nonnull(chr);
> object_unparent(OBJECT(chr));
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PULL 1/2] test-char: abort on serial test error
2020-12-13 22:51 ` Philippe Mathieu-Daudé
@ 2020-12-15 19:29 ` Eduardo Habkost
2020-12-15 21:23 ` Eduardo Habkost
0 siblings, 1 reply; 7+ messages in thread
From: Eduardo Habkost @ 2020-12-15 19:29 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Marc-André Lureau, Paolo Bonzini, qemu-devel, peter.maydell
On Sun, Dec 13, 2020 at 11:51:05PM +0100, Philippe Mathieu-Daudé wrote:
> On 7/28/20 4:31 PM, Marc-André Lureau wrote:
> > We are having issues debugging and bisecting this issue that happen
> > mostly on patchew. Let's make it abort where it failed to gather some
> > new informations.
>
> "good" news, this started to fail on Gitlab (centos7):
>
> Running test test-char
> Unexpected error in object_property_try_add() at ../qom/object.c:1220:
> attempt to add duplicate property 'serial-id' to object (type 'container')
> ERROR test-char - too few tests run (expected 38, got 9)
> make: *** [run-test-86] Error 1
>
> https://gitlab.com/philmd/qemu/-/jobs/908114388
> https://gitlab.com/philmd/qemu/-/jobs/908114389
> https://gitlab.com/philmd/qemu/-/jobs/908114390
Do we have any clue what could be causing this? After looking at
the code, it smells like memory corruption.
At first, I thought it could be due to the multi-threaded test
cases, but the test binary seems to be crashing before the
multi-threaded test cases have an opportunity to run.
>
> >
> > Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> > tests/test-char.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/tests/test-char.c b/tests/test-char.c
> > index 614bdac2df..d35cc839bc 100644
> > --- a/tests/test-char.c
> > +++ b/tests/test-char.c
> > @@ -1200,7 +1200,7 @@ static void char_serial_test(void)
> >
> > /* test tty alias */
> > qemu_opt_set(opts, "backend", "tty", &error_abort);
> > - chr = qemu_chr_new_from_opts(opts, NULL, NULL);
> > + chr = qemu_chr_new_from_opts(opts, NULL, &error_abort);
> > g_assert_nonnull(chr);
> > object_unparent(OBJECT(chr));
> >
> >
>
>
--
Eduardo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PULL 1/2] test-char: abort on serial test error
2020-12-15 19:29 ` Eduardo Habkost
@ 2020-12-15 21:23 ` Eduardo Habkost
0 siblings, 0 replies; 7+ messages in thread
From: Eduardo Habkost @ 2020-12-15 21:23 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: peter.maydell, Marc-André Lureau, qemu-devel, Paolo Bonzini
On Tue, Dec 15, 2020 at 02:29:22PM -0500, Eduardo Habkost wrote:
> On Sun, Dec 13, 2020 at 11:51:05PM +0100, Philippe Mathieu-Daudé wrote:
> > On 7/28/20 4:31 PM, Marc-André Lureau wrote:
> > > We are having issues debugging and bisecting this issue that happen
> > > mostly on patchew. Let's make it abort where it failed to gather some
> > > new informations.
> >
> > "good" news, this started to fail on Gitlab (centos7):
> >
> > Running test test-char
> > Unexpected error in object_property_try_add() at ../qom/object.c:1220:
> > attempt to add duplicate property 'serial-id' to object (type 'container')
> > ERROR test-char - too few tests run (expected 38, got 9)
> > make: *** [run-test-86] Error 1
> >
> > https://gitlab.com/philmd/qemu/-/jobs/908114388
> > https://gitlab.com/philmd/qemu/-/jobs/908114389
> > https://gitlab.com/philmd/qemu/-/jobs/908114390
>
> Do we have any clue what could be causing this? After looking at
> the code, it smells like memory corruption.
>
> At first, I thought it could be due to the multi-threaded test
> cases, but the test binary seems to be crashing before the
> multi-threaded test cases have an opportunity to run.
I think I know what's happening:
- char_file_test_internal() creates chr using qemu_chardev_new().
- qemu_chardev_new() automatically assigns ID, adds
chardev to the QOM tree.
- char_file_test_internal() does _not_ own the reference
to the created object.
- char_file_test_internal() incorrectly calls object_unref().
- object is freed but, but /containers now has a dangling
pointer.
- char_serial_test() creates a chardev with ID "serial-id", and
it ends up being allocated at the same address as the old
object.
- char_serial_test() correctly calls object_unparent().
- object_property_del_child() looks for the right child property
in the hashtable, finds the dangling pointer with the same
address, removes the wrong property, leaves a dangling
"serial-id" property.
- New object is created by char_serial_test() with ID "serial-id".
- object_property_try_add_child() will fail because of the
dangling "serial-id" property.
The bug in char_file_test_internal() was detected using the
following patch.
I believe the bug was introduced by commit 1e419ee68fa5
("chardev: generate an internal id when none given") because it
changed the reference ownership semantics of
qemu_chardev_new(NULL, ...).
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
diff --git a/qom/object.c b/qom/object.c
index f2ae6e6b2a..5cfed6d7c6 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -685,6 +685,7 @@ static void object_finalize(void *data)
object_deinit(obj, ti);
g_assert(obj->ref == 0);
+ g_assert(obj->parent == NULL);
if (obj->free) {
obj->free(obj);
}
--
Eduardo
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-12-15 21:25 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-28 14:31 [PULL 0/2] Update slirp (+ debug test-serial) Marc-André Lureau
2020-07-28 14:31 ` [PULL 1/2] test-char: abort on serial test error Marc-André Lureau
2020-12-13 22:51 ` Philippe Mathieu-Daudé
2020-12-15 19:29 ` Eduardo Habkost
2020-12-15 21:23 ` Eduardo Habkost
2020-07-28 14:31 ` [PULL 2/2] slirp: update to latest stable-4.2 branch Marc-André Lureau
2020-07-28 19:42 ` [PULL 0/2] Update slirp (+ debug test-serial) Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.