On Tue, Jul 21, 2020 at 05:21:10PM +0800, Binfeng Wu wrote: > Causing a crash when virMediatedDeviceListFindIndex because of > some pointers in mgr->activeMediatedHostdevs become dangling > pointers if goto cleanup label in virMediatedDeviceListMarkDevices. > > Reproduction scenario: > 1. start vm1 with mdev1 > 2. start vm2 with mdev2, mdev1 (the order cannot be changed) > > Backtrace: > #0 0x0000ffffb8c36250 in strcmp > #1 0x0000ffffb9b80754 in virMediatedDeviceListFindIndex > #2 0x0000ffffb9b80870 in virMediatedDeviceListFind > #3 0x0000ffffb9c9e168 in virHostdevReAttachMediatedDevices > #4 0x0000ffff9949f724 in qemuHostdevReAttachMediatedDevices > #5 0x0000ffff9949f7f8 in qemuHostdevReAttachDomainDevices > #6 0x0000ffff994bcd70 in qemuProcessStop > #7 0x0000ffff994bf4e0 in qemuProcessStart Sorry for the delay, I got my hands on a machine to investigate. Good catch, it was a tricky one :). I reworded the commit message a bit to provide more detailed info about the bug and pushed. Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>
