Skip to content

qemu tests/unit/test-vmstate crashes in g_tree_foreach

Host environment

  • Operating system: Fedora Rawhide
  • OS/kernel version: 6.2.0-0.rc7.20230206gitd2d11f342b17.50.fc38.x86_64
  • Architecture: x86_64
  • QEMU flavor: (qemu test)
  • QEMU version: git @ commit 3db629f0
  • QEMU command line: (see below)

Description of problem

qemu test suite crashes with the latest Fedora Rawhide. Downstream issue: https://bugzilla.redhat.com/show_bug.cgi?id=2173639

Steps to reproduce

  1. Compile and test qemu from source as normal.
214/658 qemu:unit / test-vmstate                                                  ERROR           0.22s   killed by signal 11 SIGSEGV
317/658 qemu:qtest+qtest-i386 / qtest-i386/rtl8139-test                           ERROR           0.28s   2 subtests passed
588/658 qemu:qtest+qtest-x86_64 / qtest-x86_64/rtl8139-test                       ERROR           0.45s   2 subtests passed

The stack trace from the test is:

#0  g_tree_foreach (user_data=0x7fffa23ccbc0, func=0x55a834fe3770 <diff_tree>, 
    tree=<optimized out>) at ../glib/gtree.c:1132
#1  g_tree_foreach (tree=<optimized out>, func=0x55a834fe3770 <diff_tree>, 
    user_data=0x7fffa23ccbc0) at ../glib/gtree.c:1117
#2  0x000055a834fe382c in compare_trees (tree1=0x55a836723bf0, 
    tree2=0x55a836723f50, 
    function=function@entry=0x55a834fe3570 <match_interval_mapping_node>)
    at ../tests/unit/test-vmstate.c:1085
#3  0x000055a834fee265 in diff_domain (d2=0x55a836709310, d1=0x55a836708fd0)
    at ../tests/unit/test-vmstate.c:1093
#4  test_gtree_load_domain () at ../tests/unit/test-vmstate.c:1138
#5  0x00007f0eef39d32e in test_case_run (tc=0x55a836724150)
    at ../glib/gtestutils.c:3108
#6  g_test_run_suite_internal (suite=suite@entry=0x55a8367056e0, 
    path=path@entry=0x0) at ../glib/gtestutils.c:3203
#7  0x00007f0eef39cf03 in g_test_run_suite_internal (
    suite=suite@entry=0x55a836705090, path=path@entry=0x0)
    at ../glib/gtestutils.c:3222
#8  0x00007f0eef39cf03 in g_test_run_suite_internal (
    suite=suite@entry=0x55a8366ff670, path=path@entry=0x0)
    at ../glib/gtestutils.c:3222
#9  0x00007f0eef39cf03 in g_test_run_suite_internal (
    suite=suite@entry=0x55a836700140, path=path@entry=0x0)
#10 0x00007f0eef39d8c2 in g_test_run_suite (suite=0x55a836700140)
    at ../glib/gtestutils.c:3302
#11 0x00007f0eef397c40 in g_test_run () at ../glib/gtestutils.c:2409
#12 g_test_run () at ../glib/gtestutils.c:2396
#13 0x000055a834fe2645 in main (argc=<optimized out>, argv=<optimized out>)
    at ../tests/unit/test-vmstate.c:1523

This can also be reproduced in gdb using a command similar to:

$ MALLOC_PERTURB_=175 G_TEST_SRCDIR=/home/rjones/d/qemu/tests/unit G_TEST_BUILDDIR=/home/rjones/d/qemu/build/tests/unit gdb --args /home/rjones/d/qemu/build/tests/unit/test-vmstate --tap -k
...
(gdb) run
Thread 1 "test-vmstate" received signal SIGSEGV, Segmentation fault.
g_tree_foreach (user_data=0x7fffffffd3e0, func=0x555555568770 <diff_tree>, tree=<optimized out>) at ../glib/gtree.c:1132
1132	      if ((*func) (node->key, node->value, user_data))
(gdb) bt
#0  g_tree_foreach (user_data=0x7fffffffd3e0, func=0x555555568770 <diff_tree>, 
    tree=<optimized out>) at ../glib/gtree.c:1132
#1  g_tree_foreach (tree=<optimized out>, func=0x555555568770 <diff_tree>, 
    user_data=0x7fffffffd3e0) at ../glib/gtree.c:1117
#2  0x000055555556882c in compare_trees (tree1=0x5555555ccdb0, 
    tree2=0x5555555cd110, 
    function=function@entry=0x555555568570 <match_interval_mapping_node>)
    at ../tests/unit/test-vmstate.c:1085
#3  0x0000555555573265 in diff_domain (d2=0x5555555b3310, d1=0x5555555b2fd0)
    at ../tests/unit/test-vmstate.c:1093
#4  test_gtree_load_domain () at ../tests/unit/test-vmstate.c:1138
#5  0x00007ffff7eb132e in test_case_run (tc=0x5555555cd310)
    at ../glib/gtestutils.c:3108
#6  g_test_run_suite_internal (suite=suite@entry=0x5555555af6e0, 
    path=path@entry=0x0) at ../glib/gtestutils.c:3203
#7  0x00007ffff7eb0f03 in g_test_run_suite_internal (
    suite=suite@entry=0x5555555af090, path=path@entry=0x0)
    at ../glib/gtestutils.c:3222
#8  0x00007ffff7eb0f03 in g_test_run_suite_internal (
    suite=suite@entry=0x5555555a9670, path=path@entry=0x0)
    at ../glib/gtestutils.c:3222
#9  0x00007ffff7eb0f03 in g_test_run_suite_internal (
    suite=suite@entry=0x5555555aa140, path=path@entry=0x0)
    at ../glib/gtestutils.c:3222
#10 0x00007ffff7eb18c2 in g_test_run_suite (suite=0x5555555aa140)
    at ../glib/gtestutils.c:3302
#11 0x00007ffff7eabc40 in g_test_run () at ../glib/gtestutils.c:2409
#12 g_test_run () at ../glib/gtestutils.c:2396
#13 0x0000555555567645 in main (argc=<optimized out>, argv=<optimized out>)
    at ../tests/unit/test-vmstate.c:1523

Unfortunately so much is "optimized out" that it's hard to tell what's going wrong.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information