Public bug reported:
In case of multiple errors, it leads to a crash.
Typical back trace:
#0 <in libc> in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 <in libc> in __GI_abort () at abort.c:90
#2 <in libc> in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=<in
libc> "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:196
#3 <in libc> in malloc_printerr (action=3, str=<in libc> "double free or
corruption (out)", ptr=<optimized out>) at malloc.c:4902
#4 <in libc> in _int_free (av=<optimized out>, p=<in heap chunk>, have_lock=0)
at malloc.c:3758
#5 <in qemu binary> in error_free (err=<in heap chunk>) at util/error.c:166
#6 <in qemu binary> in do_delvm (mon=<in heap chunk>, qdict=<optimized out>)
at /home/qemudbg/src/qemu/savevm.c:1132
#7 <in qemu binary> in handle_user_command (mon=mon@entry=<in heap chunk>,
cmdline=<optimized out>) at /home/qemudbg/src/qemu/monitor.c:4167
#8 <in qemu binary> in monitor_command_cb (opaque=<in heap chunk>,
cmdline=<optimized out>, readline_opaque=<optimized out>) at
/home/qemudbg/src/qemu/monitor.c:4878
#9 <in qemu binary> in readline_handle_byte (rs=<in heap>, ch=<optimized out>)
at util/readline.c:371
#10 <in qemu binary> in monitor_read (opaque=<optimized out>, buf=<optimized
out>, size=<optimized out>) at /home/qemudbg/src/qemu/monitor.c:4861
#11 <in qemu binary> in qemu_chr_be_write (len=<optimized out>, buf=<in stack>
"\n\003", s=<in heap chunk>) at qemu-char.c:165
#12 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=<in heap
chunk>) at qemu-char.c:2487
#13 <in libglib> in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#14 <in qemu binary> in glib_pollfds_poll () at main-loop.c:190
#15 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235
#16 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484
#17 <in qemu binary> in main_loop () at vl.c:2051
#18 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at
vl.c:4507
** Affects: qemu
Importance: Undecided
Status: New
** Patch added: "0002-do_delvm-nullify-err-after-free.patch"
https://bugs.launchpad.net/bugs/1336194/+attachment/4142937/+files/0002-do_delvm-nullify-err-after-free.patch
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1336194
Title:
Errors reporting in do_delvm caused a crash
Status in QEMU:
New
Bug description:
In case of multiple errors, it leads to a crash.
Typical back trace:
#0 <in libc> in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 <in libc> in __GI_abort () at abort.c:90
#2 <in libc> in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=<in
libc> "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:196
#3 <in libc> in malloc_printerr (action=3, str=<in libc> "double free or
corruption (out)", ptr=<optimized out>) at malloc.c:4902
#4 <in libc> in _int_free (av=<optimized out>, p=<in heap chunk>,
have_lock=0) at malloc.c:3758
#5 <in qemu binary> in error_free (err=<in heap chunk>) at util/error.c:166
#6 <in qemu binary> in do_delvm (mon=<in heap chunk>, qdict=<optimized out>)
at /home/qemudbg/src/qemu/savevm.c:1132
#7 <in qemu binary> in handle_user_command (mon=mon@entry=<in heap chunk>,
cmdline=<optimized out>) at /home/qemudbg/src/qemu/monitor.c:4167
#8 <in qemu binary> in monitor_command_cb (opaque=<in heap chunk>,
cmdline=<optimized out>, readline_opaque=<optimized out>) at
/home/qemudbg/src/qemu/monitor.c:4878
#9 <in qemu binary> in readline_handle_byte (rs=<in heap>, ch=<optimized
out>) at util/readline.c:371
#10 <in qemu binary> in monitor_read (opaque=<optimized out>, buf=<optimized
out>, size=<optimized out>) at /home/qemudbg/src/qemu/monitor.c:4861
#11 <in qemu binary> in qemu_chr_be_write (len=<optimized out>, buf=<in
stack> "\n\003", s=<in heap chunk>) at qemu-char.c:165
#12 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=<in heap
chunk>) at qemu-char.c:2487
#13 <in libglib> in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#14 <in qemu binary> in glib_pollfds_poll () at main-loop.c:190
#15 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235
#16 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484
#17 <in qemu binary> in main_loop () at vl.c:2051
#18 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
at vl.c:4507
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1336194/+subscriptions
