If the bitmap can't be used for whatever reason, we skip putting down the reference. Fix that.
In practice, this means that if you attempt to gracefully exit QEMU after a backup command being rejected, bdrv_close_all will fail and tell you some unpleasant things via assert(). Reported-by: aihua liang <ali...@redhat.com> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1703916 Signed-off-by: John Snow <js...@redhat.com> --- blockdev.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/blockdev.c b/blockdev.c index 79fbac8450..278ecdd122 100644 --- a/blockdev.c +++ b/blockdev.c @@ -3525,8 +3525,7 @@ static BlockJob *do_drive_backup(DriveBackup *backup, JobTxn *txn, if (set_backing_hd) { bdrv_set_backing_hd(target_bs, source, &local_err); if (local_err) { - bdrv_unref(target_bs); - goto out; + goto unref; } } @@ -3534,11 +3533,10 @@ static BlockJob *do_drive_backup(DriveBackup *backup, JobTxn *txn, bmap = bdrv_find_dirty_bitmap(bs, backup->bitmap); if (!bmap) { error_setg(errp, "Bitmap '%s' could not be found", backup->bitmap); - bdrv_unref(target_bs); - goto out; + goto unref; } if (bdrv_dirty_bitmap_check(bmap, BDRV_BITMAP_DEFAULT, errp)) { - goto out; + goto unref; } } if (!backup->auto_finalize) { @@ -3552,12 +3550,12 @@ static BlockJob *do_drive_backup(DriveBackup *backup, JobTxn *txn, backup->sync, bmap, backup->compress, backup->on_source_error, backup->on_target_error, job_flags, NULL, NULL, txn, &local_err); - bdrv_unref(target_bs); if (local_err != NULL) { error_propagate(errp, local_err); - goto out; } +unref: + bdrv_unref(target_bs); out: aio_context_release(aio_context); return job; -- 2.20.1
