On Mon, Sep 19, 2022 at 09:24:47 +0200, Peter Krempa wrote:
On Fri, Sep 16, 2022 at 13:30:07 +0100, Daniel P. Berrangé wrote:
> On Mon, Sep 05, 2022 at 03:57:03PM +0200, Kristina Hanicova wrote:
[...]
A proper fix will be to not rely on stolen pointers though as doing
this
is too fragile in other cases.
Additional invalid read when valgrinding virtqemud:
==3172795== Invalid read of size 8
==3172795== at 0x4A68B7F: virDomainObjResetAsyncJob (virdomainjob.c:185)
==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224)
==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240)
==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865)
==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323)
==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3)
==3172795== by 0x49966DF: virObjectUnref (virobject.c:377)
==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992)
==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033)
==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062)
==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234)
==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234)
==3172795== Address 0x10a63208 is 56 bytes inside a block of size 2,936 free'd
==3172795== at 0x484A6AF: realloc (vg_replace_malloc.c:1437)
==3172795== by 0x4E8E4CF: g_realloc (in /usr/lib64/libglib-2.0.so.0.7200.3)
==3172795== by 0x4914E0A: virReallocN (viralloc.c:52)
==3172795== by 0x4968F25: virJSONValueArrayAppend (virjson.c:748)
==3172795== by 0x496A45D: virJSONParserInsertValue (virjson.c:1479)
==3172795== by 0x496AA4A: virJSONParserHandleStartMap (virjson.c:1589)
==3172795== by 0x592E50E: ??? (in /usr/lib64/libyajl.so.2.1.0)
==3172795== by 0x496B01C: virJSONValueFromString (virjson.c:1705)
==3172795== by 0xC16804F: qemuMonitorJSONIOProcessLine (qemu_monitor_json.c:191)
==3172795== by 0xC168452: qemuMonitorJSONIOProcess (qemu_monitor_json.c:243)
==3172795== by 0xC15772E: qemuMonitorIOProcess (qemu_monitor.c:280)
==3172795== by 0xC158031: qemuMonitorIO (qemu_monitor.c:495)
==3172795== Block was alloc'd at
==3172795== at 0x484A6AF: realloc (vg_replace_malloc.c:1437)
==3172795== by 0x4E8E4CF: g_realloc (in /usr/lib64/libglib-2.0.so.0.7200.3)
==3172795== by 0x4914E0A: virReallocN (viralloc.c:52)
==3172795== by 0x4968F25: virJSONValueArrayAppend (virjson.c:748)
==3172795== by 0x496A45D: virJSONParserInsertValue (virjson.c:1479)
==3172795== by 0x496AA4A: virJSONParserHandleStartMap (virjson.c:1589)
==3172795== by 0x592E50E: ??? (in /usr/lib64/libyajl.so.2.1.0)
==3172795== by 0x496B01C: virJSONValueFromString (virjson.c:1705)
==3172795== by 0xC16804F: qemuMonitorJSONIOProcessLine (qemu_monitor_json.c:191)
==3172795== by 0xC168452: qemuMonitorJSONIOProcess (qemu_monitor_json.c:243)
==3172795== by 0xC15772E: qemuMonitorIOProcess (qemu_monitor.c:280)
==3172795== by 0xC158031: qemuMonitorIO (qemu_monitor.c:495)
==3172795==
==3172795== Jump to the invalid address stated on the next line
==3172795== at 0x11C94710: ???
==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224)
==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240)
==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865)
==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323)
==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3)
==3172795== by 0x49966DF: virObjectUnref (virobject.c:377)
==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992)
==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033)
==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062)
==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234)
==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234)
==3172795== Address 0x11c94710 is 0 bytes inside a block of size 24 free'd
==3172795== at 0x48480E4: free (vg_replace_malloc.c:872)
==3172795== by 0x4E8AB8C: g_free (in /usr/lib64/libglib-2.0.so.0.7200.3)
==3172795== by 0x496824D: virJSONValueFree (virjson.c:407)
==3172795== by 0x49681F7: virJSONValueFree (virjson.c:393)
==3172795== by 0x49681AA: virJSONValueFree (virjson.c:387)
==3172795== by 0xC167B20: glib_autoptr_clear_virJSONValue (virjson.h:291)
==3172795== by 0xC167B3D: glib_autoptr_cleanup_virJSONValue (virjson.h:291)
==3172795== by 0xC17A348: qemuMonitorJSONGetObjectTypes (qemu_monitor_json.c:5336)
==3172795== by 0xC1635D3: qemuMonitorGetObjectTypes (qemu_monitor.c:3327)
==3172795== by 0xC07DA3C: virQEMUCapsProbeQMPObjectTypes (qemu_capabilities.c:2596)
==3172795== by 0xC085BCF: virQEMUCapsInitQMPMonitor (qemu_capabilities.c:5374)
==3172795== by 0xC08601D: virQEMUCapsInitQMPSingle (qemu_capabilities.c:5468)
==3172795== Block was alloc'd at
==3172795== at 0x484A464: calloc (vg_replace_malloc.c:1328)
==3172795== by 0x4E8E3A0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.7200.3)
==3172795== by 0x49684BA: virJSONValueNewObject (virjson.c:535)
==3172795== by 0x496A9E7: virJSONParserHandleStartMap (virjson.c:1584)
==3172795== by 0x592E50E: ??? (in /usr/lib64/libyajl.so.2.1.0)
==3172795== by 0x496B01C: virJSONValueFromString (virjson.c:1705)
==3172795== by 0xC16804F: qemuMonitorJSONIOProcessLine (qemu_monitor_json.c:191)
==3172795== by 0xC168452: qemuMonitorJSONIOProcess (qemu_monitor_json.c:243)
==3172795== by 0xC15772E: qemuMonitorIOProcess (qemu_monitor.c:280)
==3172795== by 0xC158031: qemuMonitorIO (qemu_monitor.c:495)
==3172795== by 0x5069CFA: ??? (in /usr/lib64/libgio-2.0.so.0.7200.3)
==3172795== by 0x4E88FAE: g_main_context_dispatch (in
/usr/lib64/libglib-2.0.so.0.7200.3)
==3172795==
and:
==3172795== Invalid read of size 1
==3172795== at 0x11C94710: ???
==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224)
==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240)
==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865)
==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323)
==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3)
==3172795== by 0x49966DF: virObjectUnref (virobject.c:377)
==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992)
==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033)
==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062)
==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234)
==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234)
==3172795== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==3172795==
==3172795==
==3172795== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==3172795== Access not within mapped region at address 0x0
==3172795== at 0x11C94710: ???
==3172795== by 0x4A68CF8: virDomainObjClearJob (virdomainjob.c:224)
==3172795== by 0x4A68E2B: virDomainJobObjFree (virdomainjob.c:240)
==3172795== by 0x49FA7F1: virDomainObjDispose (domain_conf.c:3865)
==3172795== by 0x49965E6: vir_object_finalize (virobject.c:323)
==3172795== by 0x4F93D31: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.7200.3)
==3172795== by 0x49966DF: virObjectUnref (virobject.c:377)
==3172795== by 0x49FACCF: virDomainObjEndAPI (domain_conf.c:3992)
==3172795== by 0xC1A2AFA: qemuProcessQMPStop (qemu_process.c:9033)
==3172795== by 0xC1A2BD3: qemuProcessQMPFree (qemu_process.c:9062)
==3172795== by 0xC07AB21: glib_autoptr_clear_qemuProcessQMP (qemu_process.h:234)
==3172795== by 0xC07AB3E: glib_autoptr_cleanup_qemuProcessQMP (qemu_process.h:234)