We're calling qemu_sem_post() in threads other than the multifd channel and the migration thread. This is vulnerable to a race with multifd_save_cleanup() which calls qemu_sem_destroy(). If we attempt to destroy the semaphore mutex with the lock taken, the code asserts.
We're hitting this in the current master and we've had reports of this in the past already: [PATCH] migrate/multifd: fix coredump when the multifd thread cleanup https://lore.kernel.org/r/20230621081826.3203053-1-zhangjiangu...@huawei.com Fabiano Rosas (2): migration: Report error in incoming migration migration/multifd: Move semaphore release into main thread migration/migration.c | 11 ++++++++++- migration/multifd.c | 29 +++++++++++------------------ 2 files changed, 21 insertions(+), 19 deletions(-) -- 2.35.3
