[libvirt] Race condition between qemuDomainCreate and qemuDomainDestroy
Marc Hartmayer
mhartmay at linux.vnet.ibm.com
Tue Mar 20 10:25:06 UTC 2018
Hi,
there is a race condition between 'qemuDomainCreate' and
'qemuDomainDestroy' causing a NULL pointer segmentation fault when
accessing priv->monConfig. The race condition can be easily reproduced
using gdb.
(gdb) set non-stop on
# set breakpoint on line 'mon = qemuMonitorOpen(vm, …)'
(gdb) b qemu_process.c:1799
# Actually, this second breakpoint is optional but it’s good to see
where priv->monConfig is set to NULL
# set breakpoint on line priv->monConfig = NULL;
(gdb) b qemu_process.c:6589
(gdb) run
# continue all threads - just for the case we hit a breakpoint already
(gdb) c -a
Now start a domain (that is using QEMU)
$ virsh start domain
The first breakpoint will be hit. Now run in a second shell
$ virsh destroy domain
The second breakpoint will be hit. Continue the thread where the second
breakpoint was hit (for this example this is thread 4)
(gdb) thread apply 4 continue
Now continue the thread where the first breakpoint was hit.
=> Segmentation fault because of a NULL pointer dereference at
config->value
Since I'm not very familiar with that part of the code, I wanted to ask
for your advice.
Thanks in advance.
Beste Grüße / Kind regards
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list
mailing list