From 72e4e1a105071400fcb7567ca3ee633bff89e873 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Wed, 25 Mar 2015 08:56:07 +0100 Subject: [PATCH] rpc: Don't unref identity object while callbacks still can be executed While this thread is cleaning up the client and connection objects: #2 virFileReadAll (path=0x7f28780012b0 "/proc/1319/stat", maxlen=maxlen@entry=1024, buf=buf@entry=0x7f289c60fc40) at util/virfile.c:1287 #3 0x00007f28adbb1539 in virProcessGetStartTime (pid=, timestamp=timestamp@entry=0x7f289c60fc98) at util/virprocess.c:838 #4 0x00007f28adb91981 in virIdentityGetSystem () at util/viridentity.c:151 #5 0x00007f28ae73f17c in remoteClientFreeFunc (data=) at remote.c:1131 #6 0x00007f28adcb7f33 in virNetServerClientDispose (obj=0x7f28aecad180) at rpc/virnetserverclient.c:858 #7 0x00007f28adba8eeb in virObjectUnref (anyobj=) at util/virobject.c:265 #8 0x00007f28ae74ad05 in virNetServerHandleJob (jobOpaque=, opaque=0x7f28aec93ff0) at rpc/virnetserver.c:205 #9 0x00007f28adbbef4e in virThreadPoolWorker (opaque=opaque@entry=0x7f28aec88030) at util/virthreadpool.c:145 In stack frame #6 the client->identity object got unref'd, but the code that removes the event callbacks in frame #5 did not run yet as we are trying to obtain the system identity (frames #4, #3, #2). In other thead: #0 virObjectUnref (anyobj=anyobj@entry=0x7f288c162c60) at util/virobject.c:264 klass = 0xdeadbeef obj = 0x7f288c162c60 #1 0x00007f28ae71c709 in remoteRelayDomainEventCheckACL (client=, conn=, dom=dom@entry=0x7f28aecaafc0) at remote.c:164 #2 0x00007f28ae71fc83 in remoteRelayDomainEventTrayChange (conn=, dom=0x7f28aecaafc0, ... ) at remote.c:717 #3 0x00007f28adc04e53 in virDomainEventDispatchDefaultFunc (conn=0x7f287c0009a0, event=0x7f28aecab1a0, ...) at conf/domain_event.c:1455 #4 0x00007f28adc03831 in virObjectEventStateDispatchCallbacks (callbacks=, ....) at conf/object_event.c:724 #5 virObjectEventStateQueueDispatch (callbacks=0x7f288c083730, queue=0x7fff51f90030, state=0x7f288c18da20) at conf/object_event.c:738 #6 virObjectEventStateFlush (state=0x7f288c18da20) at conf/object_event.c:816 #7 virObjectEventTimer (timer=, opaque=0x7f288c18da20) at conf/object_event.c:562 #8 0x00007f28adb859cd in virEventPollDispatchTimeouts () at util/vireventpoll.c:459 Frame #0 is unrefing an invalid identity object while frame #2 hints that the client is still dispatching the event. For untrimmed backtrace see the bugzilla attachment. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1203030 (cherry picked from commit a98129c0ee52b6a8fdd39988a6d090057f149ae9) --- src/rpc/virnetserverclient.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index b2a4fdf775..541055f7b8 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -850,12 +850,12 @@ void virNetServerClientDispose(void *obj) PROBE(RPC_SERVER_CLIENT_DISPOSE, "client=%p", client); - virObjectUnref(client->identity); - if (client->privateData && client->privateDataFreeFunc) client->privateDataFreeFunc(client->privateData); + virObjectUnref(client->identity); + #if WITH_SASL virObjectUnref(client->sasl); #endif