On 23.02.2013 00:09, Eric Blake wrote:
> On a machine without json headers, I was seeing random segfaults
> from qemumonitorjsontest (about 90% of the runs on my particular
> machine).  The segfault was inside virClassIsDerivedFrom, which
> points to a case of a race leading to unreferencing a stale
> pointer to an object that had already been freed.  I also noticed
> that if I got the segfault, I was seeing messages such as:
> 
> 2013-02-22 16:12:37.504+0000: 19833: error : virNetSocketWriteWire:1361 : 
> Cannot write data: Bad file descriptor
> 
> which is also evidence of deferencing a stale pointer.  I traced it
> to a race where qemuMonitorTestIO could execute late, after the
> main thread had already called qemuMonitorTestFree and called
> virNetSocketClose(test->client) but not clearing it out to NULL.
> Sure enough, after test->client has been closed, fd is -1, which
> causes an attempt to write to the socket to fail, which in turn
> triggers the error code of qemuMonitorTestIO that tries to re-close
> test->client.
> 
> * tests/qemumonitortestutils.c (qemuMonitorTestIO): Don't attempt
> to free client again if test already quit.
> ---
>  tests/qemumonitortestutils.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tests/qemumonitortestutils.c b/tests/qemumonitortestutils.c
> index 1ed42ce..979623a 100644
> --- a/tests/qemumonitortestutils.c
> +++ b/tests/qemumonitortestutils.c
> @@ -214,6 +214,10 @@ static void qemuMonitorTestIO(virNetSocketPtr sock,
>      bool err = false;
> 
>      virMutexLock(&test->lock);
> +    if (test->quit) {
> +        virMutexUnlock(&test->lock);
> +        return;
> +    }
>      if (events & VIR_EVENT_HANDLE_WRITABLE) {
>          ssize_t ret;
>          if ((ret = virNetSocketWrite(sock,
> 

ACK

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to