From: Eduardo Habkost <ehabkost@redhat.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
qemu-devel@nongnu.org
Cc: "Daniel P. Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>
Subject: [PATCH 0/2] Fix test-char reference counting bug
Date: Tue, 15 Dec 2020 17:41:31 -0500 [thread overview]
Message-ID: <20201215224133.3545901-1-ehabkost@redhat.com> (raw)
This series addresses a bug that seems to be the cause of the
following crash, that is reported by Patchew and other CI systems
once in a while:
Running test test-char
Unexpected error in object_property_try_add() at ../qom/object.c:1220: attempt to add duplicate property 'serial-id' to object (type 'container')
ERROR test-char - too few tests run (expected 38, got 9)
make: *** [run-test-86] Error 1
This is what seems to be happening:
- char_file_test_internal() creates chr using qemu_chardev_new().
- qemu_chardev_new() automatically assigns ID, adds
chardev to the QOM tree.
- char_file_test_internal() does _not_ own the reference
to the created object.
- char_file_test_internal() incorrectly calls object_unref().
- object is freed but, but /containers now has a dangling
pointer.
- char_serial_test() creates a chardev with ID "serial-id", and
it ends up being allocated at the same address as the old
object.
- char_serial_test() correctly calls object_unparent().
- object_property_del_child() looks for the right child property
in the hashtable, finds the dangling pointer with the same
address, removes the wrong property, leaves a dangling
"serial-id" property.
- New object is created by char_serial_test() with ID "serial-id".
- object_property_try_add_child() will fail because of the
dangling "serial-id" property.
Eduardo Habkost (2):
test-char: Destroy chardev correctly at char_file_test_internal()
qom: Assert that objects being destroyed have no parent
qom/object.c | 1 +
tests/test-char.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
--
2.28.0
next reply other threads:[~2020-12-15 22:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-15 22:41 Eduardo Habkost [this message]
2020-12-15 22:41 ` [PATCH 1/2] test-char: Destroy chardev correctly at char_file_test_internal() Eduardo Habkost
2020-12-16 7:45 ` Marc-André Lureau
2020-12-16 16:50 ` Alex Bennée
2020-12-15 22:41 ` [PATCH 2/2] qom: Assert that objects being destroyed have no parent Eduardo Habkost
2020-12-16 7:53 ` Marc-André Lureau
2020-12-16 9:55 ` Daniel P. Berrangé
2020-12-16 13:31 ` Paolo Bonzini
2020-12-16 16:15 ` Alex Bennée
2020-12-16 16:52 ` Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201215224133.3545901-1-ehabkost@redhat.com \
--to=ehabkost@redhat.com \
--cc=berrange@redhat.com \
--cc=f4bug@amsat.org \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.