Bug 1011429

commit 8294aa0c1750dcb49d6345cd9bd97bf421580d8b
Author: Daniel P. Berrange <berrange>
Date:   Fri Sep 27 15:46:07 2013 +0100

    Fix crash in libvirtd when events are registered & ACLs active
    
    When a client disconnects from libvirtd, all event callbacks
    must be removed. This involves running the public API
    
      virConnectDomainEventDeregisterAny
    
    This code does not run in normal API dispatch context, so no
    identity was set. The result was that the access control drivers
    denied the attempt to deregister callbacks. The callbacks thus
    continued to trigger after the client was free'd causing fairly
    predictable use of free memory & a crash.
    
    This can be triggered by any client with readonly access when
    the ACL drivers are active.
    
    Signed-off-by: Daniel P. Berrange <berrange>

Verify this bug on libvirt-1.1.1-9.el7.x86_64, steps as following
1.enable the access_driver in libvirtd.conf
#cat /etc/libvirt/libvirtd.conf
access_drivers = [ "polkit" ]

2.prepare a normal guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 8     rhel7raw                         running
3.connect the guest with virt-viewer and disconnect it with ctrl+c
# virt-viewer rhel7raw
Gtk-Message: Failed to load module "pk-gtk-module"
Gtk-Message: Failed to load module "canberra-gtk-module"
GLib-GIO-Message: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.

(virt-viewer:14096): GSpice-WARNING **: PulseAudio context failed Connection refused

(virt-viewer:14096): GSpice-WARNING **: pa_context_connect() failed: Connection refused

(virt-viewer:14096): GSpice-WARNING **: Error connecting to session dbus: /bin/dbus-launch terminated abnormally without any error message

(virt-viewer:14096): GSpice-WARNING **: Warning no automount-inhibiting implementation available
^C

3.reconnect the guest with virt-viewer and disconnect it with ctl+c
# virt-viewer rhel7raw
Gtk-Message: Failed to load module "pk-gtk-module"
Gtk-Message: Failed to load module "canberra-gtk-module"
GLib-GIO-Message: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.

(virt-viewer:14096): GSpice-WARNING **: PulseAudio context failed Connection refused

(virt-viewer:14096): GSpice-WARNING **: pa_context_connect() failed: Connection refused

(virt-viewer:14096): GSpice-WARNING **: Error connecting to session dbus: /bin/dbus-launch terminated abnormally without any error message

(virt-viewer:14096): GSpice-WARNING **: Warning no automount-inhibiting implementation available
^C

4.destroy the guest
#virsh destroy rhel7raw
Domain rhel7raw destroyed

5.Check the libvirtd status
# ps aux|grep libvirtd
root      6777  0.1  0.0 1058292 18340 ?       Ssl  11:12   0:00 /usr/sbin/libvirtd
root      7451  0.0  0.0 112648   928 pts/0    S+   11:19   0:00 grep --color=auto libvirtd
[root@ibm-x3650m3-07 ~]# service libvirtd status
Redirecting to /bin/systemctl status  libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: active (running) since Thu 2013-10-17 11:12:38 CST; 6min ago
 Main PID: 6777 (libvirtd)
   CGroup: name=systemd:/system/libvirtd.service
           ├─1792 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default....
           └─6777 /usr/sbin/libvirtd

Since the libvirtd wasn't crashed and the guest can be destroyed correctly, so mark this bug verified

Fixed in 7.0 GA, closing.