This is similar to bdc4c4c5e372756a5ba3fb3a61e585b02f0dd7f4 (qmp blockdev-backup). The cor_filter_bs was added to the blockjob as the main BDS (by passing it to block_job_create), so bdrv_cor_filter_drop doesn't actually remove it from global_bdrv_states.
This can cause races with qmp query-named-block nodes as described in #3149. As in bdc4c4c, there is no function to remove just the cor_filter_bs from the job, so drop all the job's nodes as they are no longer needed. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3149 Buglink: https://bugs.launchpad.net/bugs/2126951 Signed-off-by: Wesley Hershberger <[email protected]> --- This patch fixes the issue described in Gitlab #3149. Please see the bug for additional context & reproducer for the issue. I'm happy to discuss alternative approaches or resubmit as needed. `make check-block` passes locally. A review would be greatly appreciated as a customer's production is impacted. First-time patch mailer so please pardon any mistakes. --- block/stream.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/block/stream.c b/block/stream.c index c0616b69e259bf5a9b146dadd9dbac62bfaa9f23..1733abd8f96d7847701f54a7a55d3284387b8582 100644 --- a/block/stream.c +++ b/block/stream.c @@ -132,6 +132,12 @@ static void stream_clean(Job *job) { StreamBlockJob *s = container_of(job, StreamBlockJob, common.job); + /* + * The job still holds a reference to cor_filter_bs; drop all bdrv to + * ensure that it is unref-ed + */ + block_job_remove_all_bdrv(&s->common); + if (s->cor_filter_bs) { bdrv_cor_filter_drop(s->cor_filter_bs); s->cor_filter_bs = NULL; --- base-commit: 3a2d5612a7422732b648b46d4b934e2e54622fd6 change-id: 20251020-fix-3149-f01ae62fa53c Best regards, -- Wesley Hershberger <[email protected]>
