On Wed, 17 Sept 2025 at 18:51, Richard Henderson
<[email protected]> wrote:
>
> On 9/16/25 18:43, Richard Henderson wrote:
> > I don't understand why, but this causes failure on s390x host for hppa
> > guest:
> >
> > https://gitlab.com/qemu-project/qemu/-/jobs/11379271029
> >
> > ...
> > # Testing device 'elroy-pcihost'
> > Broken pipe
> > ../alt/tests/qtest/libqtest.c:208: kill_qemu() detected QEMU death from
> > signal 11
> > (Segmentation fault) (core dumped)
> > Aborted (core dumped)
> >
> > Even more bizzarely, the failure bisects to
> >
> > Author: Nicolin Chen <[email protected]>
> > Date: Fri Aug 29 09:25:27 2025 +0100
> >
> > hw/arm/virt: Add an SMMU_IO_LEN macro
> >
> > This is useful as the subsequent support for new SMMUv3 dev will also
> > use the same.
> >
> > which makes no sense at all. But it's repeatable, so...
>
> Ho hum. It appears to be flaky. I now see it without this patch set at all:
>
> https://gitlab.com/qemu-project/qemu/-/jobs/11391070227
asan reports a heap-use-after-free in the dino PCI controller
when running the device-introspect-test, which may be relevant.
The subtest the segfault happens on is half a dozen or so
devices after the dino-pci one, so it's plausible that heap
corruption leads to the subsequent crash.
I'll investigate the use-after-free...
==1771223==ERROR: AddressSanitizer: heap-use-after-free on address
0x527000018f80 at pc 0x5b4b9d3369b5 bp 0x7ffd01929980 sp
0x7ffd01929978
WRITE of size 8 at 0x527000018f80 thread T0
#0 0x5b4b9d3369b4 in pci_host_bus_register
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:608:5
#1 0x5b4b9d321566 in pci_root_bus_internal_init
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:677:5
#2 0x5b4b9d3215e0 in pci_root_bus_new
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:706:5
#3 0x5b4b9d321fe5 in pci_register_root_bus
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:751:11
#4 0x5b4b9d390521 in dino_pcihost_init
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci-host/dino.c:473:16
-- PMM
