From: Zheng Chuan <zhengchuan(a)huawei.com&gt; In a case that libvirtd is killed when it has just started, the qemu_driver->xmlopt is freed in the main thread while qemuProcessReconnect still visits it, which resulting in null pointer accesses. Fix that by adding refcount of qemu_driver->xmlopt at the begining of qemuProcessReconnect. Signed-off-by: Zheng Chuan <zhengchuan(a)huawei.com&gt; --- src/qemu/qemu_process.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ec6ca14..ef3fe12 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -8009,6 +8009,7 @@ qemuProcessReconnect(void *opaque) virQEMUDriverPtr driver = data->driver; virDomainObjPtr obj = data->obj; qemuDomainObjPrivatePtr priv; + virDomainXMLOptionPtr xmlopt; qemuDomainJobObj oldjob; int state; int reason; @@ -8030,6 +8031,9 @@ qemuProcessReconnect(void *opaque) cfg = virQEMUDriverGetConfig(driver); priv = obj->privateData; + /* need xmlopt later to save status, do not free */ + xmlopt = virObjectRef(driver->xmlopt); + if (qemuDomainObjBeginJob(driver, obj, QEMU_JOB_MODIFY) < 0) goto error; jobStarted = true; @@ -8229,7 +8233,7 @@ qemuProcessReconnect(void *opaque) } /* update domain state XML with possibly updated state in virDomainObj */ - if (virDomainObjSave(obj, driver->xmlopt, cfg->stateDir) < 0) + if (virDomainObjSave(obj, xmlopt, cfg->stateDir) < 0) goto error; /* Run an hook to allow admins to do some magic */ @@ -8262,6 +8266,7 @@ qemuProcessReconnect(void *opaque) if (!virDomainObjIsActive(obj)) qemuDomainRemoveInactiveJob(driver, obj); } + virObjectUnref(xmlopt); virDomainObjEndAPI(&obj); virNWFilterUnlockFilterUpdates(); virIdentitySetCurrent(NULL); -- 1.8.3.1