[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [qemu-upstream-4.5-testing test] 36492: trouble: pass/preparing

flight 36492 qemu-upstream-4.5-testing running [real]

Failures and problems with tests :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 test-amd64-i386-xl-qemuu-win7-amd64  2 hosts-allocate    running [st=running!]
 test-amd64-i386-qemut-rhel6hvm-amd  2 hosts-allocate     running [st=running!]
 test-amd64-i386-xl-qemut-debianhvm-amd64 2 hosts-allocate running [st=running!]
 test-amd64-i386-freebsd10-amd64  2 hosts-allocate        running [st=running!]
 test-amd64-amd64-xl-qemut-debianhvm-amd64 2 hosts-allocate running 
 test-amd64-amd64-xl-pcipt-intel  2 hosts-allocate        running [st=running!]
 test-amd64-i386-libvirt       2 hosts-allocate           running [st=running!]
 test-amd64-amd64-xl-pvh-amd   2 hosts-allocate           running [st=running!]
 test-armhf-armhf-xl-multivcpu  2 hosts-allocate          running [st=running!]
 test-amd64-amd64-xl-sedf      2 hosts-allocate           running [st=running!]
 test-amd64-amd64-xl-sedf-pin  2 hosts-allocate           running [st=running!]
 test-amd64-amd64-xl-credit2   2 hosts-allocate           running [st=running!]
 test-amd64-amd64-xl-qemut-win7-amd64  2 hosts-allocate   running [st=running!]
 test-armhf-armhf-xl           2 hosts-allocate           running [st=running!]
 test-armhf-armhf-xl-credit2   2 hosts-allocate           running [st=running!]
 test-amd64-amd64-xl-qemuu-debianhvm-amd64 2 hosts-allocate running 
 test-amd64-amd64-xl-multivcpu  2 hosts-allocate          running [st=running!]
 test-amd64-i386-xl-qemuu-ovmf-amd64  2 hosts-allocate    running [st=running!]
 test-amd64-i386-pair          2 hosts-allocate           running [st=running!]
 test-amd64-amd64-libvirt      2 hosts-allocate           running [st=running!]
 test-amd64-amd64-xl-qemuu-win7-amd64  2 hosts-allocate   running [st=running!]
 test-amd64-i386-qemuu-rhel6hvm-amd  2 hosts-allocate     running [st=running!]
 test-amd64-i386-xl-winxpsp3   2 hosts-allocate           running [st=running!]
 test-armhf-armhf-xl-midway    2 hosts-allocate           running [st=running!]
 test-amd64-i386-rhel6hvm-amd  2 hosts-allocate           running [st=running!]
 test-armhf-armhf-xl-sedf-pin  2 hosts-allocate           running [st=running!]
 test-amd64-amd64-xl           2 hosts-allocate           running [st=running!]
 test-amd64-i386-rhel6hvm-intel  2 hosts-allocate         running [st=running!]
 test-amd64-i386-xl-qemut-winxpsp3  2 hosts-allocate      running [st=running!]
 test-amd64-i386-freebsd10-i386  2 hosts-allocate         running [st=running!]
 test-amd64-amd64-xl-winxpsp3  2 hosts-allocate           running [st=running!]
 test-amd64-i386-xl-qemut-winxpsp3-vcpus1 2 hosts-allocate running [st=running!]
 test-amd64-i386-xl-qemut-win7-amd64  2 hosts-allocate    running [st=running!]
 test-amd64-i386-xl-qemuu-winxpsp3  2 hosts-allocate      running [st=running!]
 test-amd64-amd64-xl-qemut-winxpsp3  2 hosts-allocate     running [st=running!]
 test-amd64-amd64-xl-win7-amd64  2 hosts-allocate         running [st=running!]
 test-armhf-armhf-libvirt      2 hosts-allocate           running [st=running!]
 test-amd64-amd64-pair         2 hosts-allocate           running [st=running!]
 test-amd64-i386-xl            2 hosts-allocate           running [st=running!]
 test-amd64-i386-qemuu-rhel6hvm-intel  2 hosts-allocate   running [st=running!]
 test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 2 hosts-allocate running [st=running!]
 test-amd64-amd64-xl-qemuu-ovmf-amd64  2 hosts-allocate   running [st=running!]
 test-amd64-i386-xl-win7-amd64  2 hosts-allocate          running [st=running!]
 test-amd64-amd64-xl-pvh-intel  2 hosts-allocate          running [st=running!]
 test-armhf-armhf-xl-sedf      2 hosts-allocate           running [st=running!]
 test-amd64-i386-qemut-rhel6hvm-intel  2 hosts-allocate   running [st=running!]
 test-amd64-i386-xl-qemuu-debianhvm-amd64 2 hosts-allocate running [st=running!]
 test-amd64-i386-xl-winxpsp3-vcpus1  2 hosts-allocate     running [st=running!]
 test-amd64-amd64-xl-qemuu-winxpsp3  2 hosts-allocate     running [st=running!]

version targeted for testing:
 qemuu                0b8fb1ec3d666d1eb8bbff56c76c5e6daa2789e4
baseline version:
 qemuu                1ebb75b1fee779621b63e84fefa7b07354c43a99

People who touched revisions under test:
  Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Gonglei <arei.gonglei@xxxxxxxxxx>
  Juan Quintela <quintela@xxxxxxxxxx>
  Michael S. Tsirkin <mst@xxxxxxxxxx>
  Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Peter Maydell <peter.maydell@xxxxxxxxxx>
  Petr Matousek <pmatouse@xxxxxxxxxx>
  Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

 build-amd64                                                  pass    
 build-armhf                                                  pass    
 build-i386                                                   pass    
 build-amd64-libvirt                                          pass    
 build-armhf-libvirt                                          pass    
 build-i386-libvirt                                           pass    
 build-amd64-pvops                                            pass    
 build-armhf-pvops                                            pass    
 build-i386-pvops                                             pass    
 test-amd64-amd64-xl                                          preparing
 test-armhf-armhf-xl                                          preparing
 test-amd64-i386-xl                                           preparing
 test-amd64-amd64-xl-pvh-amd                                  preparing
 test-amd64-i386-rhel6hvm-amd                                 preparing
 test-amd64-i386-qemut-rhel6hvm-amd                           preparing
 test-amd64-i386-qemuu-rhel6hvm-amd                           preparing
 test-amd64-amd64-xl-qemut-debianhvm-amd64                    preparing
 test-amd64-i386-xl-qemut-debianhvm-amd64                     preparing
 test-amd64-amd64-xl-qemuu-debianhvm-amd64                    preparing
 test-amd64-i386-xl-qemuu-debianhvm-amd64                     preparing
 test-amd64-i386-freebsd10-amd64                              preparing
 test-amd64-amd64-xl-qemuu-ovmf-amd64                         preparing
 test-amd64-i386-xl-qemuu-ovmf-amd64                          preparing
 test-amd64-amd64-xl-qemut-win7-amd64                         preparing
 test-amd64-i386-xl-qemut-win7-amd64                          preparing
 test-amd64-amd64-xl-qemuu-win7-amd64                         preparing
 test-amd64-i386-xl-qemuu-win7-amd64                          preparing
 test-amd64-amd64-xl-win7-amd64                               preparing
 test-amd64-i386-xl-win7-amd64                                preparing
 test-amd64-amd64-xl-credit2                                  preparing
 test-armhf-armhf-xl-credit2                                  preparing
 test-amd64-i386-freebsd10-i386                               preparing
 test-amd64-amd64-xl-pcipt-intel                              preparing
 test-amd64-amd64-xl-pvh-intel                                preparing
 test-amd64-i386-rhel6hvm-intel                               preparing
 test-amd64-i386-qemut-rhel6hvm-intel                         preparing
 test-amd64-i386-qemuu-rhel6hvm-intel                         preparing
 test-amd64-amd64-libvirt                                     preparing
 test-armhf-armhf-libvirt                                     preparing
 test-amd64-i386-libvirt                                      preparing
 test-armhf-armhf-xl-midway                                   preparing
 test-amd64-amd64-xl-multivcpu                                preparing
 test-armhf-armhf-xl-multivcpu                                preparing
 test-amd64-amd64-pair                                        preparing
 test-amd64-i386-pair                                         preparing
 test-amd64-amd64-xl-sedf-pin                                 preparing
 test-armhf-armhf-xl-sedf-pin                                 preparing
 test-amd64-amd64-xl-sedf                                     preparing
 test-armhf-armhf-xl-sedf                                     preparing
 test-amd64-i386-xl-qemut-winxpsp3-vcpus1                     preparing
 test-amd64-i386-xl-qemuu-winxpsp3-vcpus1                     preparing
 test-amd64-i386-xl-winxpsp3-vcpus1                           preparing
 test-amd64-amd64-xl-qemut-winxpsp3                           preparing
 test-amd64-i386-xl-qemut-winxpsp3                            preparing
 test-amd64-amd64-xl-qemuu-winxpsp3                           preparing
 test-amd64-i386-xl-qemuu-winxpsp3                            preparing
 test-amd64-amd64-xl-winxpsp3                                 preparing
 test-amd64-i386-xl-winxpsp3                                  preparing

sg-report-flight on osstest.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images

Logs, config files, etc. are available at

Test harness code can be found at

broken test-amd64-i386-xl-qemuu-win7-amd64 hosts-allocate running
broken test-amd64-i386-qemut-rhel6hvm-amd hosts-allocate running
broken test-amd64-i386-xl-qemut-debianhvm-amd64 hosts-allocate running
broken test-amd64-i386-freebsd10-amd64 hosts-allocate running
broken test-amd64-amd64-xl-qemut-debianhvm-amd64 hosts-allocate running
broken test-amd64-amd64-xl-pcipt-intel hosts-allocate running
broken test-amd64-i386-libvirt hosts-allocate running
broken test-amd64-amd64-xl-pvh-amd hosts-allocate running
broken test-armhf-armhf-xl-multivcpu hosts-allocate running
broken test-amd64-amd64-xl-sedf hosts-allocate running
broken test-amd64-amd64-xl-sedf-pin hosts-allocate running
broken test-amd64-amd64-xl-credit2 hosts-allocate running
broken test-amd64-amd64-xl-qemut-win7-amd64 hosts-allocate running
broken test-armhf-armhf-xl hosts-allocate running
broken test-armhf-armhf-xl-credit2 hosts-allocate running
broken test-amd64-amd64-xl-qemuu-debianhvm-amd64 hosts-allocate running
broken test-amd64-amd64-xl-multivcpu hosts-allocate running
broken test-amd64-i386-xl-qemuu-ovmf-amd64 hosts-allocate running
broken test-amd64-i386-pair hosts-allocate running
broken test-amd64-amd64-libvirt hosts-allocate running
broken test-amd64-amd64-xl-qemuu-win7-amd64 hosts-allocate running
broken test-amd64-i386-qemuu-rhel6hvm-amd hosts-allocate running
broken test-amd64-i386-xl-winxpsp3 hosts-allocate running
broken test-armhf-armhf-xl-midway hosts-allocate running
broken test-amd64-i386-rhel6hvm-amd hosts-allocate running
broken test-armhf-armhf-xl-sedf-pin hosts-allocate running
broken test-amd64-amd64-xl hosts-allocate running
broken test-amd64-i386-rhel6hvm-intel hosts-allocate running
broken test-amd64-i386-xl-qemut-winxpsp3 hosts-allocate running
broken test-amd64-i386-freebsd10-i386 hosts-allocate running
broken test-amd64-amd64-xl-winxpsp3 hosts-allocate running
broken test-amd64-i386-xl-qemut-winxpsp3-vcpus1 hosts-allocate running
broken test-amd64-i386-xl-qemut-win7-amd64 hosts-allocate running
broken test-amd64-i386-xl-qemuu-winxpsp3 hosts-allocate running
broken test-amd64-amd64-xl-qemut-winxpsp3 hosts-allocate running
broken test-amd64-amd64-xl-win7-amd64 hosts-allocate running
broken test-armhf-armhf-libvirt hosts-allocate running
broken test-amd64-amd64-pair hosts-allocate running
broken test-amd64-i386-xl hosts-allocate running
broken test-amd64-i386-qemuu-rhel6hvm-intel hosts-allocate running
broken test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 hosts-allocate running
broken test-amd64-amd64-xl-qemuu-ovmf-amd64 hosts-allocate running
broken test-amd64-i386-xl-win7-amd64 hosts-allocate running
broken test-amd64-amd64-xl-pvh-intel hosts-allocate running
broken test-armhf-armhf-xl-sedf hosts-allocate running
broken test-amd64-i386-qemut-rhel6hvm-intel hosts-allocate running
broken test-amd64-i386-xl-qemuu-debianhvm-amd64 hosts-allocate running
broken test-amd64-i386-xl-winxpsp3-vcpus1 hosts-allocate running
broken test-amd64-amd64-xl-qemuu-winxpsp3 hosts-allocate running

Not pushing.

commit 0b8fb1ec3d666d1eb8bbff56c76c5e6daa2789e4
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed Nov 19 13:27:28 2014 +0100

    cirrus: don't overflow CirrusVGAState->cirrus_bltbuf
    This is CVE-2014-8106.
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

commit f49151814120538bac6c6f12109968544027cc20
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed Nov 19 11:37:42 2014 +0100

    cirrus: fix blit region check
     * Doesn't check pitches correctly in case it is negative.
     * Doesn't check width at all.
    Turn macro into functions while being at it, also factor out the check
    for one region which we then can simply call twice for src + dst.
    This is CVE-2014-8106.
    Reported-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

commit 99aa8a7e0a05cec2eb7562ab7107b27c6b042b08
Author: Petr Matousek <pmatouse@xxxxxxxxxx>
Date:   Mon Oct 27 12:41:44 2014 +0100

    vnc: sanitize bits_per_pixel from the client
    bits_per_pixel that are less than 8 could result in accessing
    non-initialized buffers later in the code due to the expectation
    that bytes_per_pixel value that is used to initialize these buffers is
    never zero.
    To fix this check that bits_per_pixel from the client is one of the
    values that the rfb protocol specification allows.
    This is CVE-2014-7815.
    Signed-off-by: Petr Matousek <pmatouse@xxxxxxxxxx>
    [ kraxel: apply codestyle fix ]
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

commit 94d09f22b790648493038f964d2fc171b26f52f5
Author: Gonglei <arei.gonglei@xxxxxxxxxx>
Date:   Wed Aug 20 13:52:30 2014 +0800

    pcihp: fix possible array out of bounds
    Prevent out-of-bounds array access on
    Signed-off-by: Gonglei <arei.gonglei@xxxxxxxxxx>
    Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xxxxxxxxxx>
    Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
    Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
    Cc: qemu-stable@xxxxxxxxxx
    Reviewed-by: Marcel Apfelbaum <marcel@xxxxxxxxxx>

commit 07fcd79289717c076b39d36ec666653422ee0646
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Mon Oct 6 11:42:34 2014 +0200

    vmware-vga: CVE-2014-3689: turn off hw accel
    Quick & easy stopgap for CVE-2014-3689:  We just compile out the
    hardware acceleration functions which lack sanity checks.  Thankfully
    we have capability bits for them (SVGA_CAP_RECT_COPY and
    SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
    Subsequent patches will add the missing checks and re-enable the
    hardware acceleration emulation.
    Cc: qemu-stable@xxxxxxxxxx
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Reviewed-by: Don Koch <dkoch@xxxxxxxxxxx>

commit 979e4eaa94f9d9be285183e65a8d70522848cb91
Author: Petr Matousek <pmatouse@xxxxxxxxxx>
Date:   Thu Sep 18 08:35:37 2014 +0200

    slirp: udp: fix NULL pointer dereference because of uninitialized socket
    When guest sends udp packet with source port and source addr 0,
    uninitialized socket is picked up when looking for matching and already
    created udp sockets, and later passed to sosendto() where NULL pointer
    dereference is hit during so->slirp->vnetwork_mask.s_addr access.
    Fix this by checking that the socket is not just a socket stub.
    This is CVE-2014-3640.
    Signed-off-by: Petr Matousek <pmatouse@xxxxxxxxxx>
    Reported-by: Xavier Mehrenberger <xavier.mehrenberger@xxxxxxxxxx>
    Reported-by: Stephane Duverger <stephane.duverger@xxxxxxxx>
    Reviewed-by: Jan Kiszka <jan.kiszka@xxxxxxxxxxx>
    Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
    Reviewed-by: Michael Tokarev <mjt@xxxxxxxxxx>
    Message-id: 20140918063537.GX9321@xxxxxxxxxxxxxxxxxxxxxxxxxx
    Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

commit 5c3402816aaddb15156c69df73c54abe4e1c76aa
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed Sep 3 15:50:08 2014 +0200

    spice: make sure we don't overflow ssd->buf
    Related spice-only bug.  We have a fixed 16 MB buffer here, being
    presented to the spice-server as qxl video memory in case spice is
    used with a non-qxl card.  It's also used with qxl in vga mode.
    When using display resolutions requiring more than 16 MB of memory we
    are going to overflow that buffer.  In theory the guest can write,
    indirectly via spice-server.  The spice-server clears the memory after
    setting a new video mode though, triggering a segfault in the overflow
    case, so qemu crashes before the guest has a chance to do something
    Fix that by switching to dynamic allocation for the buffer.
    Cc: qemu-stable@xxxxxxxxxx
    Cc: secalert@xxxxxxxxxx
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>

commit 7154fba0e51ec985ef621965d1b7120ad424fcbf
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Tue Aug 26 15:35:23 2014 +0200

    vbe: rework sanity checks
    Plug a bunch of holes in the bochs dispi interface parameter checking.
    Add a function doing verification on all registers.  Call that
    unconditionally on every register write.  That way we should catch
    everything, even changing one register affecting the valid range of
    another register.
    Some of the holes have been added by commit
    e9c6149f6ae6873f14a12eea554925b6aa4c4dec.  Before that commit the
    maximum possible framebuffer (VBE_DISPI_MAX_XRES * VBE_DISPI_MAX_YRES *
    32 bpp) has been smaller than the qemu vga memory (8MB) and the checking
    Some of the holes have been there forever, such as
    lacking any verification.
    Security impact:
    (1) Guest can make the ui (gtk/vnc/...) use memory rages outside the vga
    frame buffer as source  ->  host memory leak.  Memory isn't leaked to
    the guest but to the vnc client though.
    (2) Qemu will segfault in case the memory range happens to include
    unmapped areas  ->  Guest can DoS itself.
    The guest can not modify host memory, so I don't think this can be used
    by the guest to escape.
    Cc: qemu-stable@xxxxxxxxxx
    Cc: secalert@xxxxxxxxxx
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

commit bedbc31c141f712716ddc8933bd0a52abd0b1c8a
Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
Date:   Tue May 13 12:33:16 2014 +0300

    usb: fix up post load checks
    Correct post load checks:
    1. dev->setup_len == sizeof(dev->data_buf)
        seems fine, no need to fail migration
    2. When state is DATA, passing index > len
       will cause memcpy with negative length,
       resulting in heap overflow
    First of the issues was reported by dgilbert.
    Reported-by: "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>
    Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
    Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

commit c2757fed63ffa97bbf72c11983f22176227e9df0
Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date:   Fri Jul 4 11:43:49 2014 +0200

    virtio-pci: fix MSI memory region use after free
    After memory region QOMification QEMU is stricter in detecting
    wrong usage of the memory region API.  Here it detected a
    memory_region_destroy done before the corresponding
    memory_region_del_subregion; the memory_region_destroy is
    done by msix_uninit_exclusive_bar, the memory_region_del_subregion
    is done by the PCI core's pci_unregister_io_regions before
    pc->exit is called.
    The problem was introduced by
    commit 06a1307379fcd6c551185ad87679cd7ed896b9ea
        virtio-pci: add device_unplugged callback
    As noted in that commit log, virtio device kick callbacks need to be
    stopped before generic virtio is cleaned up. This is because these are
    notifications from pci proxy to the generic virtio device so they need
    to be stopped in the unplug call before the virtio device is unrealized.
    However interrupts are notifications from the virtio device to
    the pci proxy so they need to stay around while the device
    is realized.
    The memory API misuse caused an assertion when hot-unplugging virtio
    devices.  Using the API correctly fixes the assertion.
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
    Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.