On a machine without json headers, I was seeing random segfaults
from qemumonitorjsontest (about 90% of the runs on my particular
machine). The segfault was inside virClassIsDerivedFrom, which
points to a case of a race leading to unreferencing a stale
pointer to an object that had already been freed. I also noticed
that if I got the segfault, I was seeing messages such as:
2013-02-22 16:12:37.504+0000: 19833: error : virNetSocketWriteWire:1361 : Cannot write data: Bad file descriptor
which is also evidence of deferencing a stale pointer. I traced it
to a race where qemuMonitorTestIO could execute late, after the
main thread had already called qemuMonitorTestFree and called
virNetSocketClose(test->client) but not clearing it out to NULL.
Sure enough, after test->client has been closed, fd is -1, which
causes an attempt to write to the socket to fail, which in turn
triggers the error code of qemuMonitorTestIO that tries to re-close
test->client.
* tests/qemumonitortestutils.c (qemuMonitorTestIO): Don't attempt
to free client again if test already quit.
---
tests/qemumonitortestutils.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/qemumonitortestutils.c b/tests/qemumonitortestutils.c
index 1ed42ce..979623a 100644
--- a/tests/qemumonitortestutils.c
+++ b/tests/qemumonitortestutils.c
@@ -214,6 +214,10 @@ static void qemuMonitorTestIO(virNetSocketPtr sock,
bool err = false;
virMutexLock(&test->lock);
+ if (test->quit) {
+ virMutexUnlock(&test->lock);
+ return;
+ }
if (events & VIR_EVENT_HANDLE_WRITABLE) {
ssize_t ret;
if ((ret = virNetSocketWrite(sock,
--
1.8.1.2
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list