In case of 0 filesystems *info is not set while according to virDomainGetFSInfo contract user should call free on it even in case of 0 filesystems. Thus we need to properly set it. NULL will be enough as free eats NULLs ok. --- src/qemu/qemu_agent.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index 1d677f7..c50f760 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1872,6 +1872,7 @@ qemuAgentGetFSInfo(qemuAgentPtr mon, virDomainFSInfoPtr **info, ndata = virJSONValueArraySize(data); if (!ndata) { ret = 0; + *info = NULL; goto cleanup; } if (VIR_ALLOC_N(info_ret, ndata) < 0) -- 1.8.3.1

qemuAgentNotifyEvent accesses monitor structure and is called on qemu reset/shutdown/suspend events under domain lock. Other monitor functions on the other hand take monitor lock and don't hold domain lock. Thus it is possible to have risky simultaneous access to the structure from 2 threads. Let's take monitor lock here to make access exclusive. --- John, I decided to formulate patch purpuse this way as I doubt we can have actual signalling race here becase shutdown/suspend functions first set await_event and then send message to agent which in turn causes the event that qemuAgentNotifyEvent handles. src/qemu/qemu_agent.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index c50f760..46cad53 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1248,6 +1248,8 @@ qemuAgentMakeStringsArray(const char **strings, unsigned int len) void qemuAgentNotifyEvent(qemuAgentPtr mon, qemuAgentEvent event) { + virObjectLock(mon); + VIR_DEBUG("mon=%p event=%d await_event=%d", mon, event, mon->await_event); if (mon->await_event == event) { mon->await_event = QEMU_AGENT_EVENT_NONE; @@ -1257,6 +1259,8 @@ void qemuAgentNotifyEvent(qemuAgentPtr mon, virCondSignal(&mon->notify); } } + + virObjectUnlock(mon); } VIR_ENUM_DECL(qemuAgentShutdownMode); -- 1.8.3.1