On Tue, Mar 20, 2018 at 11:25 AM +0100, Marc Hartmayer <mhartmay@linux.vnet.ibm.com> wrote:
Hi,
there is a race condition between 'qemuDomainCreate' and 'qemuDomainDestroy' causing a NULL pointer segmentation fault when accessing priv->monConfig. The race condition can be easily reproduced using gdb.
(gdb) set non-stop on # set breakpoint on line 'mon = qemuMonitorOpen(vm, …)' (gdb) b qemu_process.c:1799 # Actually, this second breakpoint is optional but it’s good to see where priv->monConfig is set to NULL # set breakpoint on line priv->monConfig = NULL; (gdb) b qemu_process.c:6589 (gdb) run # continue all threads - just for the case we hit a breakpoint already (gdb) c -a
Now start a domain (that is using QEMU)
$ virsh start domain
The first breakpoint will be hit. Now run in a second shell
$ virsh destroy domain
The second breakpoint will be hit. Continue the thread where the second breakpoint was hit (for this example this is thread 4)
(gdb) thread apply 4 continue
Now continue the thread where the first breakpoint was hit.
=> Segmentation fault because of a NULL pointer dereference at config->value
Since I'm not very familiar with that part of the code, I wanted to ask for your advice.
Thanks in advance.
Beste Grüße / Kind regards Marc Hartmayer
IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
Any ideas? --- Beste Grüße / Kind regards Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294