From: Peter Xu <peterx@redhat.com>
To: "Zhijian Li (Fujitsu)" <lizhijian@fujitsu.com>
Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Yu Zhang" <yu.zhang@ionos.com>,
"Het Gala" <het.gala@nutanix.com>,
qemu-devel <qemu-devel@nongnu.org>,
"Fabiano Rosas" <farosas@suse.de>,
"Jinpu Wang" <jinpu.wang@ionos.com>,
"Alexei Pastuchov" <alexei.pastuchov@ionos.com>,
"Elmar Gerdes" <elmar.gerdes@ionos.com>
Subject: Re: Problem with migration/rdma
Date: Thu, 7 Mar 2024 11:36:48 +0800 [thread overview]
Message-ID: <Zek2UFoAyVrC7yh6@x1n> (raw)
In-Reply-To: <a0d9e2c2-3687-4b7d-8fac-887ce262c38a@fujitsu.com>
On Thu, Mar 07, 2024 at 02:41:37AM +0000, Zhijian Li (Fujitsu) via wrote:
> Yu,
>
>
> On 07/03/2024 00:30, Philippe Mathieu-Daudé wrote:
> > Cc'ing RDMA migration reviewers/maintainers:
> >
> > $ ./scripts/get_maintainer.pl -f migration/rdma.c
> > Li Zhijian <lizhijian@fujitsu.com> (reviewer:RDMA Migration)
> > Peter Xu <peterx@redhat.com> (maintainer:Migration)
> > Fabiano Rosas <farosas@suse.de> (maintainer:Migration)
> >
> > On 5/3/24 22:32, Yu Zhang wrote:
> >> Hello Het and all,
> >>
> >> while I was testing qemu-8.2, I saw a lot of our migration test cases failed.
> >> After debugging the commits of the 8.2 branch, I saw the issue and mad a diff:
> >>
> >> diff --git a/migration/rdma.c b/migration/rdma.c
> >> index 6a29e53daf..f10d56f556 100644
> >> --- a/migration/rdma.c
> >> +++ b/migration/rdma.c
> >> @@ -3353,9 +3353,9 @@ static int qemu_rdma_accept(RDMAContext *rdma)
> >> goto err_rdma_dest_wait;
> >> }
> >>
> >> - isock->host = rdma->host;
> >> + isock->host = g_strdup_printf("%s", rdma->host);
> >> isock->port = g_strdup_printf("%d", rdma->port);
>
>
> Thanks for your analysis.
>
> It will be great if you send this as a patch.
>
>
> isock is defined as a _autoptr VVV
> 3333 _autoptr(InetSocketAddress) isock = g_new0(InetSocketAddress, 1);
>
> I'm surprised that it seems the auto free scheme will free the member of isock as well
> see below valrind log. That will cause a double free.
Right, all the QAPI-free is a deep one. Thanks for checking this up,
Zhijian.
Yu, would you please send a formal patch (better before this week ends) so
that I can include it for the last pull for 9.0 soft-freeze (March 12th)?
As 8.2 affected, please also attach proper tags:
Cc: qemu-stable <qemu-stable@nongnu.org>
Fixes: 3fa9642ff7 ("migration: convert rdma backend to accept MigrateAddress")
>
> ==809138== Invalid free() / delete / delete[] / realloc()
> ==809138== at 0x483A9F5: free (vg_replace_malloc.c:538)
> ==809138== by 0x598F70C: g_free (in /usr/lib64/libglib-2.0.so.0.6600.8)
> ==809138== by 0x79B6AD: qemu_rdma_cleanup (rdma.c:2432)
> ==809138== by 0x79CEE6: qio_channel_rdma_close_rcu (rdma.c:3108)
> ==809138== by 0xC2E339: call_rcu_thread (rcu.c:301)
> ==809138== by 0xC2116A: qemu_thread_start (qemu-thread-posix.c:541)
> ==809138== by 0x72683F8: ??? (in /usr/lib64/libpthread-2.32.so)
> ==809138== by 0x73824C2: clone (in /usr/lib64/libc-2.32.so)
> ==809138== Address 0x13daa070 is 0 bytes inside a block of size 14 free'd
> ==809138== at 0x483A9F5: free (vg_replace_malloc.c:538)
> ==809138== by 0x598F70C: g_free (in /usr/lib64/libglib-2.0.so.0.6600.8)
> ==809138== by 0xC058CF: qapi_dealloc_type_str (qapi-dealloc-visitor.c:68)
> ==809138== by 0xC09EF3: visit_type_str (qapi-visit-core.c:349)
> ==809138== by 0xBDDECC: visit_type_InetSocketAddressBase_members (qapi-visit-sockets.c:29)
> ==809138== by 0xBDE055: visit_type_InetSocketAddress_members (qapi-visit-sockets.c:67)
> ==809138== by 0xBDE30D: visit_type_InetSocketAddress (qapi-visit-sockets.c:119)
> ==809138== by 0xBDDB38: qapi_free_InetSocketAddress (qapi-types-sockets.c:51)
> ==809138== by 0x792351: glib_autoptr_clear_InetSocketAddress (qapi-types-sockets.h:109)
> ==809138== by 0x79236F: glib_autoptr_cleanup_InetSocketAddress (qapi-types-sockets.h:109)
> ==809138== by 0x79D956: qemu_rdma_accept (rdma.c:3341)
> ==809138== by 0x79F05A: rdma_accept_incoming_migration (rdma.c:4041)
> ==809138== Block was alloc'd at
> ==809138== at 0x4839809: malloc (vg_replace_malloc.c:307)
> ==809138== by 0x5992BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
> ==809138== by 0x59A7FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8)
> ==809138== by 0x79C2A8: qemu_rdma_data_init (rdma.c:2731)
> ==809138== by 0x79F183: rdma_start_incoming_migration (rdma.c:4081)
> ==809138== by 0x76F200: qemu_start_incoming_migration (migration.c:581)
> ==809138== by 0x77193A: qmp_migrate_incoming (migration.c:1735)
> ==809138== by 0x74B3D3: qmp_x_exit_preconfig (vl.c:2718)
> ==809138== by 0x74DB6F: qemu_init (vl.c:3753)
> ==809138== by 0xA14F3F: main (main.c:47)
--
Peter Xu
next prev parent reply other threads:[~2024-03-07 3:42 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-05 21:32 Yu Zhang
2024-03-06 16:30 ` Problem with migration/rdma Philippe Mathieu-Daudé
2024-03-07 2:41 ` Zhijian Li (Fujitsu) via
2024-03-07 3:36 ` Peter Xu [this message]
2024-03-08 6:27 ` Yu Zhang
2024-03-08 6:55 ` Peter Xu
2024-03-08 7:03 ` Zhijian Li (Fujitsu) via
2024-03-08 7:14 ` Peter Xu
[not found] ` <CAOQbQt0+UbfZNPrticjLD4X+S2KR4r+yWPATnhEhTRuxbwvGiQ@mail.gmail.com>
[not found] ` <CAHEcVy78iCXVGmwr-2snpFwOyCxv3wxYrYJonK6nZF9UfbX_bw@mail.gmail.com>
2024-03-11 11:14 ` Yu Zhang
2024-03-11 14:30 ` Het Gala
2024-03-11 14:46 ` Peter Xu
2024-03-11 14:53 ` Het Gala
2024-03-11 15:16 ` Yu Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zek2UFoAyVrC7yh6@x1n \
--to=peterx@redhat.com \
--cc=alexei.pastuchov@ionos.com \
--cc=elmar.gerdes@ionos.com \
--cc=farosas@suse.de \
--cc=het.gala@nutanix.com \
--cc=jinpu.wang@ionos.com \
--cc=lizhijian@fujitsu.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=yu.zhang@ionos.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).