On 23.02.2013 00:09, Eric Blake wrote:
> On a machine without json headers, I was seeing random segfaults
> from qemumonitorjsontest (about 90% of the runs on my particular
> machine). The segfault was inside virClassIsDerivedFrom, which
> points to a case of a race leading to unreferencing a stale
> pointer to an object that had already been freed. I also noticed
> that if I got the segfault, I was seeing messages such as:
>
> 2013-02-22 16:12:37.504+0000: 19833: error : virNetSocketWriteWire:1361 :
> Cannot write data: Bad file descriptor
>
> which is also evidence of deferencing a stale pointer. I traced it
> to a race where qemuMonitorTestIO could execute late, after the
> main thread had already called qemuMonitorTestFree and called
> virNetSocketClose(test->client) but not clearing it out to NULL.
> Sure enough, after test->client has been closed, fd is -1, which
> causes an attempt to write to the socket to fail, which in turn
> triggers the error code of qemuMonitorTestIO that tries to re-close
> test->client.
>
> * tests/qemumonitortestutils.c (qemuMonitorTestIO): Don't attempt
> to free client again if test already quit.
> ---
> tests/qemumonitortestutils.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tests/qemumonitortestutils.c b/tests/qemumonitortestutils.c
> index 1ed42ce..979623a 100644
> --- a/tests/qemumonitortestutils.c
> +++ b/tests/qemumonitortestutils.c
> @@ -214,6 +214,10 @@ static void qemuMonitorTestIO(virNetSocketPtr sock,
> bool err = false;
>
> virMutexLock(&test->lock);
> + if (test->quit) {
> + virMutexUnlock(&test->lock);
> + return;
> + }
> if (events & VIR_EVENT_HANDLE_WRITABLE) {
> ssize_t ret;
> if ((ret = virNetSocketWrite(sock,
>
ACK
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
