Bug 1001536

Summary: some memory leaks in libvirt client
Product: Red Hat Enterprise Linux 6 Reporter: Hao Liu <hliu>
Component: libvirtAssignee: Ján Tomko <jtomko>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: acathrow, dyuan, hliu, jdenemar, jtomko, lsu, mzhan, zhwang
Target Milestone: rcKeywords: Upstream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1001957 (view as bug list) Environment:
Last Closed: 2014-04-04 21:27:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1001957    

Description Hao Liu 2013-08-27 09:00:35 UTC 
Description of problem:
Found some memory leaks in libvirt client. I'll append more in comments if I find more.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 6.5 Beta
libvirt-0.10.2-23.el6.x86_64
kernel-2.6.32-414.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.398.el6.x86_64

How reproducible:
always

Steps to Reproduce:

(a) Memory leak when virsh edit fails many time.
this happen in all virsh edit command such as pool-edit, net-edit, iface-edit, etc.

1. use virsh edit the domain while checking memory leak
# valgrind -v --leak-check=full virsh edit foo

2. change something to invalid value, such as
change
  <name>foo</name>
to
  <name>bar</name>

3. save and quit editor, choose yes when asked for try again.

4. leave the value invalid, and save quit again, choose no.

valgrind output:
==22174== 1,891 bytes in 1 blocks are definitely lost in loss record 78 of 85
==22174==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==22174==    by 0x6C0FF5D: xdr_string (xdr.c:709)
==22174==    by 0x4F62A8D: xdr_remote_nonnull_string (remote_protocol.c:31)
==22174==    by 0x4F63858: xdr_remote_domain_get_xml_desc_ret (remote_protocol.c:1543)
==22174==    by 0x4F7B00B: virNetMessageDecodePayload (virnetmessage.c:389)
==22174==    by 0x4F6D38C: virNetClientProgramCall (virnetclientprogram.c:382)
==22174==    by 0x4F4716D: callWithFD (remote_driver.c:5556)
==22174==    by 0x4F471EB: call (remote_driver.c:5577)
==22174==    by 0x4F5158F: remoteDomainGetXMLDesc (remote_client_bodies.h:976)
==22174==    by 0x4F27BFD: virDomainGetXMLDesc (libvirt.c:4378)
==22174==    by 0x418968: cmdEdit (virsh-edit.c:105)
==22174==    by 0x40D240: vshCommandRun (virsh.c:1652)
==22174==
==22174== 8,193 bytes in 1 blocks are definitely lost in loss record 83 of 85
==22174==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==22174==    by 0x4C27B62: realloc (vg_replace_malloc.c:662)
==22174==    by 0x4E884CB: virReallocN (memory.c:160)
==22174==    by 0x4E97B29: virFileReadLimFD (util.c:404)
==22174==    by 0x4E97C97: virFileReadAll (util.c:465)
==22174==    by 0x40DEE0: vshEditReadBackFile (virsh.c:753)
==22174==    by 0x41893C: cmdEdit (virsh-edit.c:89)
==22174==    by 0x40D240: vshCommandRun (virsh.c:1652)
==22174==    by 0x410B4A: main (virsh.c:3093)
==22174==
==22174== LEAK SUMMARY:
==22174==    definitely lost: 10,084 bytes in 2 blocks

(b) virsh with log option cause memory leak.
# valgrind -v --leak-check=full virsh -l log something_cause_log_message

valgrind output:
==30440== 7,700 bytes in 7 blocks are definitely lost in loss record 82 of 90
==30440==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==30440==    by 0x4C27B62: realloc (vg_replace_malloc.c:662)
==30440==    by 0x4E884CB: virReallocN (memory.c:160)
==30440==    by 0x4E75666: virBufferGrow (buf.c:129)
==30440==    by 0x4E75BC3: virBufferVasprintf (buf.c:322)
==30440==    by 0x4E75D17: virBufferAsprintf (buf.c:295)
==30440==    by 0x40CB4B: vshOutputLogFile (virsh.c:2349)
==30440==    by 0x40C449: vshError (virsh.c:2174)
==30440==    by 0x40F059: vshCommandParse (virsh.c:1824)
==30440==    by 0x410914: main (virsh.c:2014)
==30440==
==30440== LEAK SUMMARY:
==30440==    definitely lost: 7,700 bytes in 7 blocks

==31698== 2 errors in context 1 of 2:
==31698== Syscall param ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ points to uninitialised byte(s)
==31698==    at 0x6190D4D: ??? (syscall-template.S:82)
==31698==    by 0x38F1815BF7: readline (readline.c:342)
==31698==    by 0x4108C5: main (virsh.c:2610)
==31698==  Address 0x7ff000062 is on thread 1's stack
==31698==  Uninitialised value was created by a stack allocation
==31698==    at 0x409E30: ??? (in /usr/bin/virsh)

(c) run virsh secret-list when no secret exist
# valgrind -v --leak-check=full virsh secret-list

valgrind output:
==11230== 8 bytes in 1 blocks are definitely lost in loss record 4 of 82
==11230==    at 0x4C2677B: calloc (vg_replace_malloc.c:593)
==11230==    by 0x4E8845B: virAllocN (memory.c:128)
==11230==    by 0x4F5B2E2: remoteConnectListAllSecrets (remote_driver.c:3038)
==11230==    by 0x4F0D3F5: virConnectListAllSecrets (libvirt.c:14883)
==11230==    by 0x42DF49: cmdSecretList (virsh-secret.c:348)
==11230==    by 0x40D240: vshCommandRun (virsh.c:1652)
==11230==    by 0x410B4A: main (virsh.c:3093)
==11230==
==11230== LEAK SUMMARY:
==11230==    definitely lost: 8 bytes in 1 blocks

(d) run virsh pool-list with --details option
# valgrind -v --leak-check=full virsh pool-list --details

valgrind output:
==31299== 43 bytes in 1 blocks are definitely lost in loss record 50 of 83
==31299==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==31299==    by 0x6BFA137: __vasprintf_chk (vasprintf_chk.c:82)
==31299==    by 0x4E955B3: virVasprintf (stdio2.h:199)
==31299==    by 0x4E95657: virAsprintf (util.c:2029)
==31299==    by 0x42B7A5: cmdPoolList (virsh-pool.c:1129)
==31299==    by 0x40D240: vshCommandRun (virsh.c:1652)
==31299==    by 0x410B4A: main (virsh.c:3093)
==31299==
==31299== LEAK SUMMARY:
==31299==    definitely lost: 43 bytes in 1 blocks

(e) run virsh nodedev-list with invalid --cap option
# valgrind -v --leak-check=full virsh nodedev-list --cap something_invalid

valgrind output:
==4851== 18 bytes in 1 blocks are definitely lost in loss record 20 of 84
==4851==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==4851==    by 0x6B790C1: strdup (strdup.c:43)
==4851==    by 0x40EB40: _vshStrdup (virsh.c:129)
==4851==    by 0x40FC68: vshStringToArray (virsh.c:182)
==4851==    by 0x429060: cmdNodeListDevices (virsh-nodedev.c:358)
==4851==    by 0x40D240: vshCommandRun (virsh.c:1652)
==4851==    by 0x410B4A: main (virsh.c:3093)
==4851==
==4851== LEAK SUMMARY:
==4851==    definitely lost: 18 bytes in 1 blocks
Comment 2 Ján Tomko 2013-08-27 10:14:55 UTC 
a) should be fixed upstream by
commit 1e3a252974c8e5c650f1d84dc2b167f0ae8cee3c
Author:     Ján Tomko <jtomko>
AuthorDate: 2013-06-25 15:10:27 +0200

    virsh: edit: don't leak XML string on reedit or redefine

The rest needs to be fixed upstream as well.
Comment 3 Ján Tomko 2013-08-27 13:07:47 UTC 
Upstream patches for leaks b) to e):
https://www.redhat.com/archives/libvir-list/2013-August/msg01372.html
Comment 4 Ján Tomko 2013-08-28 07:02:08 UTC 
Leaks b) to e) are now fixed upstream:
commit 14d5328681448267dfc0812948fa2c6ec4dfa7d4
Author:     Ján Tomko <jtomko>
AuthorDate: 2013-08-27 13:47:57 +0200
Commit:     Ján Tomko <jtomko>
CommitDate: 2013-08-28 08:05:56 +0200

    virsh: free the caps list properly if one of them is invalid
    
    VIR_FREE(caps) is not enough to free an array allocated
    by vshStringToArray.
    
    ==17== 4 bytes in 1 blocks are definitely lost in loss record 4 of 728
    ==17==    by 0x4EFFC44: virStrdup (virstring.c:554)
    ==17==    by 0x128B10: _vshStrdup (virsh.c:125)
    ==17==    by 0x129164: vshStringToArray (virsh.c:218)
    ==17==    by 0x157BB3: cmdNodeListDevices (virsh-nodedev.c:409)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1001536

commit 785ff34bf884a721544ea531c000e8a140e485fa
Author:     Ján Tomko <jtomko>
AuthorDate: 2013-08-27 13:34:09 +0200
Commit:     Ján Tomko <jtomko>
CommitDate: 2013-08-28 08:05:56 +0200

    virsh: free the formatting string when listing pool details
    
    ==23== 41 bytes in 1 blocks are definitely lost in loss record 626 of 727
    ==23==    by 0x4F0099F: virAsprintfInternal (virstring.c:358)
    ==23==    by 0x15D2C9: cmdPoolList (virsh-pool.c:1268)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1001536

commit f733eac058b373822708d3ec889dd80e281fa7e1
Author:     Ján Tomko <jtomko>
AuthorDate: 2013-08-27 13:27:50 +0200
Commit:     Ján Tomko <jtomko>
CommitDate: 2013-08-28 08:05:56 +0200

    virsh: free the list from ListAll APIs even for 0 items
    
    virsh secret-list leak when no secrets are defined:
    
    ==27== 8 bytes in 1 blocks are definitely lost in loss record 6 of 726
    ==27==    by 0x4E941DD: virAllocN (viralloc.c:183)
    ==27==    by 0x5037F1A: remoteConnectListAllSecrets (remote_driver.c:3076)
    ==27==    by 0x5004EC6: virConnectListAllSecrets (libvirt.c:16298)
    ==27==    by 0x15F813: vshSecretListCollect (virsh-secret.c:397)
    ==27==    by 0x15F0E1: cmdSecretList (virsh-secret.c:532)
    
    And so do some other *-list commands.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1001536

commit 66d124b45472addc10d286ca291aa5411fcb381f
Author:     Ján Tomko <jtomko>
AuthorDate: 2013-08-27 13:07:27 +0200
Commit:     Ján Tomko <jtomko>
CommitDate: 2013-08-28 08:05:56 +0200

    virsh: free messages after logging them to a file
    
    The messages were only freed on error.
    
    ==12== 1,100 bytes in 1 blocks are definitely lost in loss record 698 of 729
    ==12==    by 0x4E98C22: virBufferAsprintf (virbuffer.c:294)
    ==12==    by 0x12C950: vshOutputLogFile (virsh.c:2440)
    ==12==    by 0x12880B: vshError (virsh.c:2254)
    ==12==    by 0x131957: vshCommandOptDomainBy (virsh-domain.c:109)
    ==12==    by 0x14253E: cmdStart (virsh-domain.c:3333)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1001536

git describe: v1.1.1-245-g14d5328
Comment 8 zhenfeng wang 2013-11-04 08:13:26 UTC 
hi Jan
I met the following mem leak while i start the guest under the valgrind, will these mem leak be fixed in this bug ? please help check it. thanks

pkg info
libvirt-0.10.2-29.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.415.el6.x86_64
kernel-2.6.32-425.el6.x86_64

steps
1.In terminal 1 run the following command:
#service libvirtd stop
# valgrind --leak-check=full libvirtd

2.In termianl2 start a guest 
#virsh start rhelguest1
Domain rhelguest1 started

3.Check the mem leak in terminal 1
valgrind output:
==17370== 968 bytes in 1 blocks are definitely lost in loss record 1,419 of 1,580
==17370==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==17370==    by 0x389F6A4254: xmlGetGlobalState (in /usr/lib64/libxml2.so.2.7.6)
==17370==    by 0x389F6A3394: __xmlGenericError (in /usr/lib64/libxml2.so.2.7.6)
==17370==    by 0x389F6E7956: xmlRelaxNGNewParserCtxt (in /usr/lib64/libxml2.so.2.7.6)
==17370==    by 0x3897607C8C: ??? (in /usr/lib64/libnetcf.so.1.4.0)
==17370==    by 0x38976049E5: ncf_init (in /usr/lib64/libnetcf.so.1.4.0)
==17370==    by 0x4F4F48: interfaceOpenInterface (interface_backend_netcf.c:141)
==17370==    by 0x4F11ECC: do_open (libvirt.c:1212)
==17370==    by 0x4F12B5A: virConnectOpen (libvirt.c:1333)
==17370==    by 0x440C77: remoteDispatchOpenHelper (remote.c:758)
==17370==    by 0x4F614A1: virNetServerProgramDispatch (virnetserverprogram.c:431)
==17370==    by 0x4F633AD: virNetServerProcessMsg (virnetserver.c:170)

==17370== 80 bytes in 1 blocks are definitely lost in loss record 932 of 1,580
==17370==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==17370==    by 0x4E791ED: virAlloc (memory.c:100)
==17370==    by 0x4E90A87: virLastErrorObject (virterror.c:204)
==17370==    by 0x4E913C8: virResetLastError (virterror.c:355)
==17370==    by 0x4F12B4E: virConnectOpen (libvirt.c:1332)
==17370==    by 0x440C77: remoteDispatchOpenHelper (remote.c:758)
==17370==    by 0x4F614A1: virNetServerProgramDispatch (virnetserverprogram.c:431)
==17370==    by 0x4F633AD: virNetServerProcessMsg (virnetserver.c:170)
==17370==    by 0x4F63A4B: virNetServerHandleJob (virnetserver.c:191)
==17370==    by 0x4E83DEB: virThreadPoolWorker (threadpool.c:144)
==17370==    by 0x4E836D8: virThreadHelper (threads-pthread.c:161)
==17370==    by 0x38952079D0: start_thread (in /lib64/libpthread-2.12.so)
==17370== 
==17370== 80 bytes in 1 blocks are definitely lost in loss record 933 of 1,580
==17370==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==17370==    by 0x4E791ED: virAlloc (memory.c:100)
==17370==    by 0x4E90A87: virLastErrorObject (virterror.c:204)
==17370==    by 0x4E913C8: virResetLastError (virterror.c:355)
==17370==    by 0x4F11759: virConnectGetURI (libvirt.c:1702)
==17370==    by 0x437372: remoteDispatchGetURIHelper (remote_dispatch.h:7317)
==17370==    by 0x4F614A1: virNetServerProgramDispatch (virnetserverprogram.c:431)
==17370==    by 0x4F633AD: virNetServerProcessMsg (virnetserver.c:170)
==17370==    by 0x4F63A4B: virNetServerHandleJob (virnetserver.c:191)
==17370==    by 0x4E83DEB: virThreadPoolWorker (threadpool.c:144)
==17370==    by 0x4E836D8: virThreadHelper (threads-pthread.c:161)
==17370==    by 0x38952079D0: start_thread (in /lib64/libpthread-2.12.so)
==17370== 
==17370== 80 bytes in 1 blocks are definitely lost in loss record 934 of 1,580
==17370==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==17370==    by 0x4E791ED: virAlloc (memory.c:100)
==17370==    by 0x4E90A87: virLastErrorObject (virterror.c:204)
==17370==    by 0x4E913C8: virResetLastError (virterror.c:355)
==17370==    by 0x4F0CB92: virDomainLookupByName (libvirt.c:2119)
==17370==    by 0x43EF9D: remoteDispatchDomainLookupByNameHelper (remote_dispatch.h:3105)
==17370==    by 0x4F614A1: virNetServerProgramDispatch (virnetserverprogram.c:431)
==17370==    by 0x4F633AD: virNetServerProcessMsg (virnetserver.c:170)
==17370==    by 0x4F63A4B: virNetServerHandleJob (virnetserver.c:191)
==17370==    by 0x4E83DEB: virThreadPoolWorker (threadpool.c:144)
==17370==    by 0x4E836D8: virThreadHelper (threads-pthread.c:161)
==17370==    by 0x38952079D0: start_thread (in /lib64/libpthread-2.12.so)

==17370== LEAK SUMMARY:
==17370==    definitely lost: 1,208 bytes in 4 blocks

For more details ,you can check this
Comment 9 Ján Tomko 2013-11-04 09:35:13 UTC 
Hi,

this bug is about leaks in virsh. None of the daemon leaks you show will be fixed, as they seem to be false positives.
Comment 12 RHEL Program Management 2014-04-04 21:27:11 UTC 
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.