This nested job is canceled by the first ExitMonitor call (even though it was not created by the corresponding EnterMonitor call), and again in qemuMigrationPrepareAny if qemuProcessStart failed. This can lead to a crash if the vm object was disposed of before calling qemuDomainRemoveInactive: 0 ..62bc in virClassIsDerivedFrom (klass=0xdeadbeef, parent=0x7ffce4cdd270) at util/virobject.c:166 1 ..6666 in virObjectIsClass at util/virobject.c:362 2 ..66b4 in virObjectLock at util/virobject.c:314 3 ..477e in virDomainObjListRemove at conf/domain_conf.c:2359 4 ..7a64 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2087 5 ..956c in qemuMigrationPrepareAny at qemu/qemu_migration.c:2469 This was added by commit e4e2822, exposed by 5a4c237 and c7ac251. https://bugzilla.redhat.com/show_bug.cgi?id=1018267 --- src/qemu/qemu_migration.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index e87ea85..ef6f1c5 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -2358,10 +2358,6 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver, goto endjob; } - if (qemuDomainObjBeginNestedJob(driver, vm, - QEMU_ASYNC_JOB_MIGRATION_IN) < 0) - goto endjob; - /* Start the QEMU daemon, with the same command-line arguments plus * -incoming $migrateFrom */ @@ -2370,8 +2366,6 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver, VIR_QEMU_PROCESS_START_PAUSED | VIR_QEMU_PROCESS_START_AUTODESTROY) < 0) { virDomainAuditStart(vm, "migrated", false); - if (!qemuDomainObjEndJob(driver, vm)) - vm = NULL; goto endjob; } @@ -2474,7 +2468,7 @@ stop: qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED, 0); endjob: - if (vm && !qemuMigrationJobFinish(driver, vm)) { + if (!qemuMigrationJobFinish(driver, vm)) { vm = NULL; } goto cleanup; -- 1.8.3.2