Re: [libvirt] Race condition between qemuDomainCreate and qemuDomainDestroy

Hi, there is a race condition between 'qemuDomainCreate' and 'qemuDomainDestroy' causing a NULL pointer segmentation fault when accessing priv->monConfig. The race condition can be easily reproduced using gdb. (gdb) set non-stop on # set breakpoint on line 'mon = qemuMonitorOpen(vm, …)' (gdb) b qemu_process.c:1799 # Actually, this second breakpoint is optional but it’s good to see where priv->monConfig is set to NULL # set breakpoint on line priv->monConfig = NULL; (gdb) b qemu_process.c:6589 (gdb) run # continue all threads - just for the case we hit a breakpoint already (gdb) c -a Now start a domain (that is using QEMU) $ virsh start domain The first breakpoint will be hit. Now run in a second shell $ virsh destroy domain The second breakpoint will be hit. Continue the thread where the second breakpoint was hit (for this example this is thread 4) (gdb) thread apply 4 continue Now continue the thread where the first breakpoint was hit. => Segmentation fault because of a NULL pointer dereference at config->value Since I'm not very familiar with that part of the code, I wanted to ask for your advice. Thanks in advance. Beste Grüße / Kind regards Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294