From: Paolo Bonzini <pbonz...@redhat.com> The AIO dispatch loop will call QLIST_REMOVE and g_free even if there are other pending calls to qemu_aio_wait outside the current one.
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Bharata B Rao <bhar...@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kw...@redhat.com> --- aio.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/aio.c b/aio.c index 99b8b72..c738a4e 100644 --- a/aio.c +++ b/aio.c @@ -159,14 +159,14 @@ bool qemu_aio_wait(void) /* if we have any readable fds, dispatch event */ if (ret > 0) { - walking_handlers++; - /* we have to walk very carefully in case * qemu_aio_set_fd_handler is called while we're walking */ node = QLIST_FIRST(&aio_handlers); while (node) { AioHandler *tmp; + walking_handlers++; + if (!node->deleted && FD_ISSET(node->fd, &rdfds) && node->io_read) { @@ -181,13 +181,13 @@ bool qemu_aio_wait(void) tmp = node; node = QLIST_NEXT(node, node); - if (tmp->deleted) { + walking_handlers--; + + if (!walking_handlers && tmp->deleted) { QLIST_REMOVE(tmp, node); g_free(tmp); } } - - walking_handlers--; } return true; -- 1.7.6.5