On Mon, Sep 19, 2022 at 09:24:47 +0200, Peter Krempa wrote: > On Fri, Sep 16, 2022 at 13:30:07 +0100, Daniel P. Berrangé wrote: > > On Mon, Sep 05, 2022 at 03:57:03PM +0200, Kristina Hanicova wrote: [...] > A proper fix will be to not rely on stolen pointers though as doing this > is too fragile in other cases. Additional invalid read when valgrinding virtqemud: ==3172795== Invalid read of size 8 ==3172795== at 0x4A68B7F: virDomainObjResetAsyncJob (virdomainjob.c:185) ==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224) ==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240) ==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865) ==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323) ==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3) ==3172795== by 0x49966DF: virObjectUnref (virobject.c:377) ==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992) ==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033) ==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062) ==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234) ==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234) ==3172795== Address 0x10a63208 is 56 bytes inside a block of size 2,936 free'd ==3172795== at 0x484A6AF: realloc (vg_replace_malloc.c:1437) ==3172795== by 0x4E8E4CF: g_realloc (in /usr/lib64/libglib-2.0.so.0.7200.3) ==3172795== by 0x4914E0A: virReallocN (viralloc.c:52) ==3172795== by 0x4968F25: virJSONValueArrayAppend (virjson.c:748) ==3172795== by 0x496A45D: virJSONParserInsertValue (virjson.c:1479) ==3172795== by 0x496AA4A: virJSONParserHandleStartMap (virjson.c:1589) ==3172795== by 0x592E50E: ??? (in /usr/lib64/libyajl.so.2.1.0) ==3172795== by 0x496B01C: virJSONValueFromString (virjson.c:1705) ==3172795== by 0xC16804F: qemuMonitorJSONIOProcessLine (qemu_monitor_json.c:191) ==3172795== by 0xC168452: qemuMonitorJSONIOProcess (qemu_monitor_json.c:243) ==3172795== by 0xC15772E: qemuMonitorIOProcess (qemu_monitor.c:280) ==3172795== by 0xC158031: qemuMonitorIO (qemu_monitor.c:495) ==3172795== Block was alloc'd at ==3172795== at 0x484A6AF: realloc (vg_replace_malloc.c:1437) ==3172795== by 0x4E8E4CF: g_realloc (in /usr/lib64/libglib-2.0.so.0.7200.3) ==3172795== by 0x4914E0A: virReallocN (viralloc.c:52) ==3172795== by 0x4968F25: virJSONValueArrayAppend (virjson.c:748) ==3172795== by 0x496A45D: virJSONParserInsertValue (virjson.c:1479) ==3172795== by 0x496AA4A: virJSONParserHandleStartMap (virjson.c:1589) ==3172795== by 0x592E50E: ??? (in /usr/lib64/libyajl.so.2.1.0) ==3172795== by 0x496B01C: virJSONValueFromString (virjson.c:1705) ==3172795== by 0xC16804F: qemuMonitorJSONIOProcessLine (qemu_monitor_json.c:191) ==3172795== by 0xC168452: qemuMonitorJSONIOProcess (qemu_monitor_json.c:243) ==3172795== by 0xC15772E: qemuMonitorIOProcess (qemu_monitor.c:280) ==3172795== by 0xC158031: qemuMonitorIO (qemu_monitor.c:495) ==3172795== ==3172795== Jump to the invalid address stated on the next line ==3172795== at 0x11C94710: ??? ==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224) ==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240) ==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865) ==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323) ==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3) ==3172795== by 0x49966DF: virObjectUnref (virobject.c:377) ==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992) ==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033) ==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062) ==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234) ==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234) ==3172795== Address 0x11c94710 is 0 bytes inside a block of size 24 free'd ==3172795== at 0x48480E4: free (vg_replace_malloc.c:872) ==3172795== by 0x4E8AB8C: g_free (in /usr/lib64/libglib-2.0.so.0.7200.3) ==3172795== by 0x496824D: virJSONValueFree (virjson.c:407) ==3172795== by 0x49681F7: virJSONValueFree (virjson.c:393) ==3172795== by 0x49681AA: virJSONValueFree (virjson.c:387) ==3172795== by 0xC167B20: glib_autoptr_clear_virJSONValue (virjson.h:291) ==3172795== by 0xC167B3D: glib_autoptr_cleanup_virJSONValue (virjson.h:291) ==3172795== by 0xC17A348: qemuMonitorJSONGetObjectTypes (qemu_monitor_json.c:5336) ==3172795== by 0xC1635D3: qemuMonitorGetObjectTypes (qemu_monitor.c:3327) ==3172795== by 0xC07DA3C: virQEMUCapsProbeQMPObjectTypes (qemu_capabilities.c:2596) ==3172795== by 0xC085BCF: virQEMUCapsInitQMPMonitor (qemu_capabilities.c:5374) ==3172795== by 0xC08601D: virQEMUCapsInitQMPSingle (qemu_capabilities.c:5468) ==3172795== Block was alloc'd at ==3172795== at 0x484A464: calloc (vg_replace_malloc.c:1328) ==3172795== by 0x4E8E3A0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.7200.3) ==3172795== by 0x49684BA: virJSONValueNewObject (virjson.c:535) ==3172795== by 0x496A9E7: virJSONParserHandleStartMap (virjson.c:1584) ==3172795== by 0x592E50E: ??? (in /usr/lib64/libyajl.so.2.1.0) ==3172795== by 0x496B01C: virJSONValueFromString (virjson.c:1705) ==3172795== by 0xC16804F: qemuMonitorJSONIOProcessLine (qemu_monitor_json.c:191) ==3172795== by 0xC168452: qemuMonitorJSONIOProcess (qemu_monitor_json.c:243) ==3172795== by 0xC15772E: qemuMonitorIOProcess (qemu_monitor.c:280) ==3172795== by 0xC158031: qemuMonitorIO (qemu_monitor.c:495) ==3172795== by 0x5069CFA: ??? (in /usr/lib64/libgio-2.0.so.0.7200.3) ==3172795== by 0x4E88FAE: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7200.3) ==3172795== and: ==3172795== Invalid read of size 1 ==3172795== at 0x11C94710: ??? ==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224) ==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240) ==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865) ==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323) ==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3) ==3172795== by 0x49966DF: virObjectUnref (virobject.c:377) ==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992) ==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033) ==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062) ==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234) ==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234) ==3172795== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==3172795== ==3172795== ==3172795== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==3172795== Access not within mapped region at address 0x0 ==3172795== at 0x11C94710: ??? ==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224) ==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240) ==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865) ==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323) ==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3) ==3172795== by 0x49966DF: virObjectUnref (virobject.c:377) ==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992) ==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033) ==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062) ==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234) ==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234)
