On 02/28/2013 07:19 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
When the auto-destroy callback runs it is supposed to return
NULL if the virDomainObjPtr is no longer valid. It was not
doing this for transient guests, so we tried to virObjectUnlock
a mutex which had been freed. This often led to a crash.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/qemu/qemu_process.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index db95d6e..1b9eede 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4629,8 +4629,10 @@ qemuProcessAutoDestroy(virQEMUDriverPtr driver,
if (!qemuDomainObjEndJob(driver, dom))
dom = NULL;
- if (dom && !dom->persistent)
+ if (dom && !dom->persistent) {
qemuDomainRemoveInactive(driver, dom);
+ dom = NULL;
+ }
if (event)
qemuDomainEventQueue(driver, event);
ACK. That looks correct (qemuDomainRemoveInactive requires that there be
no other references to the domain, and most other calls to it are
followed by setting the domain ptr to NULL), and just as important it
fixes the crash that I was seeing running Daniel's multi-threaded
transient domain torture program.