Bug 1878450

Summary:

libvirtd memory leak when reconnecting to guests

Product:

Red Hat Enterprise Linux Advanced Virtualization

Reporter:

yafu <yafu>

Component:

libvirt

Assignee:

Ján Tomko <jtomko>

Status:

CLOSED ERRATA

QA Contact:

yafu <yafu>

Severity:

low

Docs Contact:

Priority:

low

Version:

8.3

CC:

ddepaula, jdenemar, jtomko, virt-maint, yalzhang

Target Milestone:

Keywords:

Upstream

Target Release:

8.3

Hardware:

All

OS:

Unspecified

Whiteboard:

Fixed In Version:

libvirt-6.10.0-1.el8

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2021-05-25 06:43:34 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

6.8.0

Embargoed:

Attachments:

Description	Flags
vnc setup script	none

Description yafu 2020-09-13 03:01:18 UTC

Created attachment 1714661 [details]
vnc setup script

Created attachment 1714661 [details]
vnc setup script

Description of problem:
libvirtd memory leak if there is a guest with vnc_tls or spice_tls enabled

Version-Release number of selected component (if applicable):
libvirt-6.6.0-4.el8.x86_64

How reproducible:
100%

Steps to Reproduce:
1.enable vnc_tls in qemu.conf:
#cat /etc/libvirt/qemu.conf
...
vnc_tls = 1
vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
...

2.Setup vnc_tls env:
sh vnc_tls.sh

3.Prepare a guest with vnc graphic device:
#virsh edit vm1
...
<graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
...

4.Start guest:
#virsh start vm1

5.Start libvirtd with valgrind:
# systemctl stop libvirtd
# systemctl stop virtlogd
# virtlogd -d
# valgrind --leak-check=full --trace-children=no --child-silent-after-fork=yes libvirtd

6.Enter 'Ctrl+C' to interrupt the valgrind after libvirtd starting:
^C==83983== 
==83983== HEAP SUMMARY:
==83983==     in use at exit: 1,239,376 bytes in 13,529 blocks
==83983==   total heap usage: 326,244 allocs, 312,715 frees, 1,300,706,023 bytes allocated
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 596 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5A526: type_set_qdata_W (gtype.c:3719)
==83983==    by 0x8A5A526: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A3CA4E: _g_enum_types_init (genums.c:124)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 597 of 1,892
==83983==    at 0x4C30E48: malloc (vg_replace_malloc.c:306)
==83983==    by 0x4C33463: realloc (vg_replace_malloc.c:834)
==83983==    by 0x8CD125D: g_realloc (gmem.c:164)
==83983==    by 0x8A5A418: type_set_qdata_W (gtype.c:3733)
==83983==    by 0x8A5A418: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A3CA4E: _g_enum_types_init (genums.c:124)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 598 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5A526: type_set_qdata_W (gtype.c:3719)
==83983==    by 0x8A5A526: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A3CAB1: _g_enum_types_init (genums.c:131)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 599 of 1,892
==83983==    at 0x4C30E48: malloc (vg_replace_malloc.c:306)
==83983==    by 0x4C33463: realloc (vg_replace_malloc.c:834)
==83983==    by 0x8CD125D: g_realloc (gmem.c:164)
==83983==    by 0x8A5A418: type_set_qdata_W (gtype.c:3733)
==83983==    by 0x8A5A418: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A3CAB1: _g_enum_types_init (genums.c:131)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 600 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5A526: type_set_qdata_W (gtype.c:3719)
==83983==    by 0x8A5A526: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A46C2F: _g_param_type_init (gparam.c:137)
==83983==    by 0x8A362D1: gobject_init (gtype.c:4435)
==83983==    by 0x8A362D1: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 601 of 1,892
==83983==    at 0x4C30E48: malloc (vg_replace_malloc.c:306)
==83983==    by 0x4C33463: realloc (vg_replace_malloc.c:834)
==83983==    by 0x8CD125D: g_realloc (gmem.c:164)
==83983==    by 0x8A5A418: type_set_qdata_W (gtype.c:3733)
==83983==    by 0x8A5A418: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A46C2F: _g_param_type_init (gparam.c:137)
==83983==    by 0x8A362D1: gobject_init (gtype.c:4435)
==83983==    by 0x8A362D1: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 602 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5A526: type_set_qdata_W (gtype.c:3719)
==83983==    by 0x8A5A526: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A418A3: _g_object_type_init (gobject.c:393)
==83983==    by 0x8A362D6: gobject_init (gtype.c:4439)
==83983==    by 0x8A362D6: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are possibly lost in loss record 603 of 1,892
==83983==    at 0x4C30E48: malloc (vg_replace_malloc.c:306)
==83983==    by 0x4C33463: realloc (vg_replace_malloc.c:834)
==83983==    by 0x8CD125D: g_realloc (gmem.c:164)
==83983==    by 0x8A5A418: type_set_qdata_W (gtype.c:3733)
==83983==    by 0x8A5A418: type_add_flags_W (gtype.c:3784)
==83983==    by 0x8A5D7B8: g_type_register_fundamental (gtype.c:2659)
==83983==    by 0x8A418A3: _g_object_type_init (gobject.c:393)
==83983==    by 0x8A362D6: gobject_init (gtype.c:4439)
==83983==    by 0x8A362D6: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 16 bytes in 1 blocks are definitely lost in loss record 604 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x24C5C6E0: qemuJobAllocPrivate (qemu_domain.c:95)
==83983==    by 0x24C7A7A5: qemuDomainObjInitJob (qemu_domainjob.c:170)
==83983==    by 0x24C5B337: qemuDomainObjPrivateAlloc (qemu_domain.c:1656)
==83983==    by 0x54FA6E8: virDomainObjNew (domain_conf.c:3620)
==83983==    by 0x552FFB0: virDomainObjParseXML (domain_conf.c:22337)
==83983==    by 0x552FFB0: virDomainObjParseNode (domain_conf.c:22523)
==83983==    by 0x55309C1: virDomainObjParseFile (domain_conf.c:22537)
==83983==    by 0x55401CC: virDomainObjListLoadStatus (virdomainobjlist.c:549)
==83983==    by 0x55401CC: virDomainObjListLoadAllConfigs (virdomainobjlist.c:613)
==83983==    by 0x24D6D509: qemuStateInitialize (qemu_driver.c:948)
==83983==    by 0x57162CE: virStateInitialize (libvirt.c:654)
==83983==    by 0x140AC3: daemonRunStateInit (remote_daemon.c:598)
==83983== 
==83983== 24 bytes in 1 blocks are possibly lost in loss record 701 of 1,892
==83983==    at 0x4C33419: realloc (vg_replace_malloc.c:834)
==83983==    by 0x8CD125D: g_realloc (gmem.c:164)
==83983==    by 0x8A597D4: type_node_any_new_W (gtype.c:499)
==83983==    by 0x8A5DA1C: g_type_register_static (gtype.c:2763)
==83983==    by 0x8A3CB7B: g_enum_register_static (genums.c:215)
==83983==    by 0x8726F6A: g_socket_protocol_get_type (gioenumtypes.c:799)
==83983==    by 0x87042F8: g_socket_get_type (gsocket.c:278)
==83983==    by 0x8704FD3: g_socket_new_from_fd (gsocket.c:1292)
==83983==    by 0x24CFEA2A: qemuMonitorOpenInternal (qemu_monitor.c:706)
==83983==    by 0x24CFEA2A: qemuMonitorOpen (qemu_monitor.c:793)
==83983==    by 0x24CB7425: qemuConnectMonitor (qemu_process.c:1986)
==83983==    by 0x24CCE3AC: qemuProcessReconnect (qemu_process.c:8066)
==83983==    by 0x54753D2: virThreadHelper (virthread.c:233)
==83983== 
==83983== 32 bytes in 1 blocks are possibly lost in loss record 843 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5CABA: type_class_init_Wm (gtype.c:2131)
==83983==    by 0x8A5CABA: g_type_class_ref (gtype.c:2947)
==83983==    by 0x8A5CADF: g_type_class_ref (gtype.c:2939)
==83983==    by 0x8A4B317: g_param_spec_enum (gparamspecs.c:2080)
==83983==    by 0x8703DB0: g_socket_class_init (gsocket.c:897)
==83983==    by 0x8703DB0: g_socket_class_intern_init (gsocket.c:278)
==83983==    by 0x8A5C93A: type_class_init_Wm (gtype.c:2232)
==83983==    by 0x8A5C93A: g_type_class_ref (gtype.c:2947)
==83983==    by 0x8A431C1: g_object_new_valist (gobject.c:2074)
==83983==    by 0x86E968D: g_initable_new_valist (ginitable.c:244)
==83983==    by 0x86E974C: g_initable_new (ginitable.c:162)
==83983==    by 0x24CFEA2A: qemuMonitorOpenInternal (qemu_monitor.c:706)
==83983==    by 0x24CFEA2A: qemuMonitorOpen (qemu_monitor.c:793)
==83983==    by 0x24CB7425: qemuConnectMonitor (qemu_process.c:1986)
==83983== 
==83983== 40 bytes in 1 blocks are possibly lost in loss record 969 of 1,892
==83983==    at 0x4C33419: realloc (vg_replace_malloc.c:834)
==83983==    by 0x8CD125D: g_realloc (gmem.c:164)
==83983==    by 0x8A597D4: type_node_any_new_W (gtype.c:499)
==83983==    by 0x8A5DA1C: g_type_register_static (gtype.c:2763)
==83983==    by 0x8A5DB14: g_type_register_static_simple (gtype.c:2716)
==83983==    by 0x870438F: g_socket_get_type (gsocket.c:278)
==83983==    by 0x8704FD3: g_socket_new_from_fd (gsocket.c:1292)
==83983==    by 0x24CFEA2A: qemuMonitorOpenInternal (qemu_monitor.c:706)
==83983==    by 0x24CFEA2A: qemuMonitorOpen (qemu_monitor.c:793)
==83983==    by 0x24CB7425: qemuConnectMonitor (qemu_process.c:1986)
==83983==    by 0x24CCE3AC: qemuProcessReconnect (qemu_process.c:8066)
==83983==    by 0x54753D2: virThreadHelper (virthread.c:233)
==83983==    by 0x91A3149: start_thread (pthread_create.c:479)
==83983== 
==83983== 80 bytes in 1 blocks are possibly lost in loss record 1,353 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5CABA: type_class_init_Wm (gtype.c:2131)
==83983==    by 0x8A5CABA: g_type_class_ref (gtype.c:2947)
==83983==    by 0x8A5CADF: g_type_class_ref (gtype.c:2939)
==83983==    by 0x8A5E6C7: g_type_create_instance (gtype.c:1812)
==83983==    by 0x8A4724A: g_param_spec_internal (gparam.c:437)
==83983==    by 0x8A4B34A: g_param_spec_enum (gparamspecs.c:2084)
==83983==    by 0x8703DB0: g_socket_class_init (gsocket.c:897)
==83983==    by 0x8703DB0: g_socket_class_intern_init (gsocket.c:278)
==83983==    by 0x8A5C93A: type_class_init_Wm (gtype.c:2232)
==83983==    by 0x8A5C93A: g_type_class_ref (gtype.c:2947)
==83983==    by 0x8A431C1: g_object_new_valist (gobject.c:2074)
==83983==    by 0x86E968D: g_initable_new_valist (ginitable.c:244)
==83983==    by 0x86E974C: g_initable_new (ginitable.c:162)
==83983== 
==83983== 96 bytes in 1 blocks are possibly lost in loss record 1,452 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A59861: type_node_any_new_W (gtype.c:436)
==83983==    by 0x8A59A1A: type_node_fundamental_new_W (gtype.c:547)
==83983==    by 0x8A361EE: gobject_init (gtype.c:4401)
==83983==    by 0x8A361EE: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 96 bytes in 1 blocks are possibly lost in loss record 1,453 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A59861: type_node_any_new_W (gtype.c:436)
==83983==    by 0x8A59A1A: type_node_fundamental_new_W (gtype.c:547)
==83983==    by 0x8A5D7AA: g_type_register_fundamental (gtype.c:2658)
==83983==    by 0x8A3CA4E: _g_enum_types_init (genums.c:124)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 96 bytes in 1 blocks are possibly lost in loss record 1,454 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A59861: type_node_any_new_W (gtype.c:436)
==83983==    by 0x8A59A1A: type_node_fundamental_new_W (gtype.c:547)
==83983==    by 0x8A5D7AA: g_type_register_fundamental (gtype.c:2658)
==83983==    by 0x8A3CAB1: _g_enum_types_init (genums.c:131)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 96 bytes in 1 blocks are possibly lost in loss record 1,455 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A59861: type_node_any_new_W (gtype.c:436)
==83983==    by 0x8A59A1A: type_node_fundamental_new_W (gtype.c:547)
==83983==    by 0x8A5D7AA: g_type_register_fundamental (gtype.c:2658)
==83983==    by 0x8A46C2F: _g_param_type_init (gparam.c:137)
==83983==    by 0x8A362D1: gobject_init (gtype.c:4435)
==83983==    by 0x8A362D1: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 96 bytes in 1 blocks are possibly lost in loss record 1,456 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A59861: type_node_any_new_W (gtype.c:436)
==83983==    by 0x8A59A1A: type_node_fundamental_new_W (gtype.c:547)
==83983==    by 0x8A5D7AA: g_type_register_fundamental (gtype.c:2658)
==83983==    by 0x8A418A3: _g_object_type_init (gobject.c:393)
==83983==    by 0x8A362D6: gobject_init (gtype.c:4439)
==83983==    by 0x8A362D6: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 132 bytes in 1 blocks are possibly lost in loss record 1,592 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5AE84: type_data_make_W (gtype.c:1146)
==83983==    by 0x8A5D839: g_type_register_fundamental (gtype.c:2662)
==83983==    by 0x8A3CA4E: _g_enum_types_init (genums.c:124)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 132 bytes in 1 blocks are possibly lost in loss record 1,593 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5AE84: type_data_make_W (gtype.c:1146)
==83983==    by 0x8A5D839: g_type_register_fundamental (gtype.c:2662)
==83983==    by 0x8A3CAB1: _g_enum_types_init (genums.c:131)
==83983==    by 0x8A362C7: gobject_init (gtype.c:4427)
==83983==    by 0x8A362C7: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 148 bytes in 1 blocks are possibly lost in loss record 1,674 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5AC98: type_data_make_W (gtype.c:1116)
==83983==    by 0x8A5D839: g_type_register_fundamental (gtype.c:2662)
==83983==    by 0x8A46C2F: _g_param_type_init (gparam.c:137)
==83983==    by 0x8A362D1: gobject_init (gtype.c:4435)
==83983==    by 0x8A362D1: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 148 bytes in 1 blocks are possibly lost in loss record 1,675 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x8A5AC98: type_data_make_W (gtype.c:1116)
==83983==    by 0x8A5D839: g_type_register_fundamental (gtype.c:2662)
==83983==    by 0x8A418A3: _g_object_type_init (gobject.c:393)
==83983==    by 0x8A362D6: gobject_init (gtype.c:4439)
==83983==    by 0x8A362D6: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 184 bytes in 1 blocks are possibly lost in loss record 1,697 of 1,892
==83983==    at 0x4C33419: realloc (vg_replace_malloc.c:834)
==83983==    by 0x8CD125D: g_realloc (gmem.c:164)
==83983==    by 0x8A597D4: type_node_any_new_W (gtype.c:499)
==83983==    by 0x8A5DA1C: g_type_register_static (gtype.c:2763)
==83983==    by 0x8A48924: g_param_type_register_static (gparam.c:1427)
==83983==    by 0x8A4ADBA: _g_param_spec_types_init (gparamspecs.c:1611)
==83983==    by 0x8A362DB: gobject_init (gtype.c:4443)
==83983==    by 0x8A362DB: gobject_init_ctor (gtype.c:4488)
==83983==    by 0x400FFA9: call_init.part.0 (dl-init.c:72)
==83983==    by 0x40100A9: call_init (dl-init.c:118)
==83983==    by 0x40100A9: _dl_init (dl-init.c:119)
==83983==    by 0x40010B9: ??? (in /usr/lib64/ld-2.28.so)
==83983== 
==83983== 608 bytes in 1 blocks are possibly lost in loss record 1,831 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x4012421: allocate_dtv (dl-tls.c:286)
==83983==    by 0x4012DB1: _dl_allocate_tls (dl-tls.c:532)
==83983==    by 0x91A3DA2: allocate_stack (allocatestack.c:623)
==83983==    by 0x91A3DA2: pthread_create@@GLIBC_2.2.5 (pthread_create.c:662)
==83983==    by 0x54755B0: virThreadCreateFull (virthread.c:269)
==83983==    by 0x143E1B: daemonStateInit (remote_daemon.c:642)
==83983==    by 0x143E1B: main (remote_daemon.c:1174)
==83983== 
==83983== LEAK SUMMARY:
==83983==    definitely lost: 16 bytes in 1 blocks
==83983==    indirectly lost: 0 bytes in 0 blocks
==83983==      possibly lost: 2,136 bytes in 23 blocks
==83983==    still reachable: 1,220,168 bytes in 13,402 blocks
==83983==                       of which reachable via heuristic:
==83983==                         length64           : 144 bytes in 3 blocks
==83983==                         newarray           : 1,584 bytes in 19 blocks
==83983==         suppressed: 0 bytes in 0 blocks
==83983== Reachable blocks (those to which a pointer was found) are not shown.
==83983== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==83983== 
==83983== For lists of detected and suppressed errors, rerun with: -s
==83983== ERROR SUMMARY: 24 errors from 24 contexts (suppressed: 0 from 0)

Actual results:

Expected results:
No memory link.

Additional info:

Comment 1 Ján Tomko 2020-09-14 12:02:00 UTC

The interesting backtrace:
==83983== 16 bytes in 1 blocks are definitely lost in loss record 604 of 1,892
==83983==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==83983==    by 0x8CD11FD: g_malloc0 (gmem.c:129)
==83983==    by 0x24C5C6E0: qemuJobAllocPrivate (qemu_domain.c:95)
==83983==    by 0x24C7A7A5: qemuDomainObjInitJob (qemu_domainjob.c:170)
==83983==    by 0x24C5B337: qemuDomainObjPrivateAlloc (qemu_domain.c:1656)
==83983==    by 0x54FA6E8: virDomainObjNew (domain_conf.c:3620)
==83983==    by 0x552FFB0: virDomainObjParseXML (domain_conf.c:22337)
==83983==    by 0x552FFB0: virDomainObjParseNode (domain_conf.c:22523)
==83983==    by 0x55309C1: virDomainObjParseFile (domain_conf.c:22537)
==83983==    by 0x55401CC: virDomainObjListLoadStatus (virdomainobjlist.c:549)
==83983==    by 0x55401CC: virDomainObjListLoadAllConfigs (virdomainobjlist.c:613)
==83983==    by 0x24D6D509: qemuStateInitialize (qemu_driver.c:948)
==83983==    by 0x57162CE: virStateInitialize (libvirt.c:654)
==83983==    by 0x140AC3: daemonRunStateInit (remote_daemon.c:598)

This leak happens regardless of TLS setup and leaks ~16 bytes per running guest at libvirtd startup.

Note that you can use --suppressions to ignore the possible "g_type_register_static" leaks we do not care about:
https://gitlab.com/libvirt/libvirt/-/blob/master/tests/.valgrind.supp#L151

Comment 2 Ján Tomko 2020-09-14 12:03:46 UTC

Patches posted upstream:
https://www.redhat.com/archives/libvir-list/2020-September/msg00797.html

Comment 3 Ján Tomko 2020-09-14 16:17:27 UTC

Pushed upstream as:

commit af16e754cd4efc3ca1df2b2e725945be743e87f9
Author:     Ján Tomko <jtomko>
CommitDate: 2020-09-14 18:10:56 +0200

    qemuProcessReconnect: clear 'oldjob'
    
    After we started copying the privateData pointer in
    qemuDomainObjRestoreJob, we should also free them
    once we're done with them.
    
    Register the clear function and use g_auto.
    Also add a check for job->cb to qemuDomainObjClearJob,
    to prevent freeing an uninitialized job.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1878450
    
    Signed-off-by: Ján Tomko <jtomko>
    Fixes: aca37c3fb2e8d733c2788ca4b796c153ea7ce391

git describe: v6.7.0-200-gaf16e754cd

Comment 11 yafu 2020-12-23 08:20:10 UTC

Reproduced with libvirt-6.6.0-4.el8.x86_64.

Steps:
1.Start guest:
#virsh start vm1

2.Start libvirtd with valgrind:
# systemctl stop libvirtd
# systemctl stop virtlogd
# virtlogd -d
# valgrind --leak-check=full --suppressions=.valgrind.supp --trace-children=no --child-silent-after-fork=yes libvirtd

3.Enter 'Ctrl+C' to interrupt the valgrind after libvirtd starting:
^C==48839== 
==48839== HEAP SUMMARY:
==48839==     in use at exit: 1,205,195 bytes in 13,246 blocks
==48839==   total heap usage: 284,762 allocs, 271,516 frees, 1,293,122,529 bytes allocated
==48839== 
==48839== 16 bytes in 1 blocks are definitely lost in loss record 583 of 1,789
==48839==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==48839==    by 0x8CD32FD: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5600.4)
==48839==    by 0x277096E0: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839==    by 0x277277A5: qemuDomainObjInitJob (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839==    by 0x27708337: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839==    by 0x54FA6E8: virDomainObjNew (in /usr/lib64/libvirt.so.0.6006.0)
==48839==    by 0x552FFB0: virDomainObjParseNode (in /usr/lib64/libvirt.so.0.6006.0)
==48839==    by 0x55309C1: virDomainObjParseFile (in /usr/lib64/libvirt.so.0.6006.0)
==48839==    by 0x55401CC: virDomainObjListLoadAllConfigs (in /usr/lib64/libvirt.so.0.6006.0)
==48839==    by 0x2781A509: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839==    by 0x57162CE: virStateInitialize (in /usr/lib64/libvirt.so.0.6006.0)
==48839==    by 0x140AC3: ??? (in /usr/sbin/libvirtd)
==48839== 
==48839== 32 bytes in 1 blocks are possibly lost in loss record 795 of 1,789
==48839==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==48839==    by 0x8CD32FD: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5600.4)
==48839==    by 0x8A5EAFA: g_type_class_ref (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A5EB1F: g_type_class_ref (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A4D357: g_param_spec_enum (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8704DF0: ??? (in /usr/lib64/libgio-2.0.so.0.5600.4)
==48839==    by 0x8A5E97A: g_type_class_ref (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A45201: g_object_new_valist (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x86EA6BD: g_initable_new_valist (in /usr/lib64/libgio-2.0.so.0.5600.4)
==48839==    by 0x86EA77C: g_initable_new (in /usr/lib64/libgio-2.0.so.0.5600.4)
==48839==    by 0x277ABA2A: qemuMonitorOpen (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839==    by 0x27764425: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839== 
==48839== 80 bytes in 1 blocks are possibly lost in loss record 1,292 of 1,789
==48839==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==48839==    by 0x8CD32FD: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5600.4)
==48839==    by 0x8A5EAFA: g_type_class_ref (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A5EB1F: g_type_class_ref (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A60707: g_type_create_instance (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A4928A: g_param_spec_internal (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A4D38A: g_param_spec_enum (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8704DF0: ??? (in /usr/lib64/libgio-2.0.so.0.5600.4)
==48839==    by 0x8A5E97A: g_type_class_ref (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x8A45201: g_object_new_valist (in /usr/lib64/libgobject-2.0.so.0.5600.4)
==48839==    by 0x86EA6BD: g_initable_new_valist (in /usr/lib64/libgio-2.0.so.0.5600.4)
==48839==    by 0x86EA77C: g_initable_new (in /usr/lib64/libgio-2.0.so.0.5600.4)
==48839== 
==48839== 608 bytes in 1 blocks are possibly lost in loss record 1,736 of 1,789
==48839==    at 0x4C3321A: calloc (vg_replace_malloc.c:760)
==48839==    by 0x4012421: allocate_dtv (in /usr/lib64/ld-2.28.so)
==48839==    by 0x4012DB1: _dl_allocate_tls (in /usr/lib64/ld-2.28.so)
==48839==    by 0x91A5DA2: pthread_create@@GLIBC_2.2.5 (in /usr/lib64/libpthread-2.28.so)
==48839==    by 0x8D14723: ??? (in /usr/lib64/libglib-2.0.so.0.5600.4)
==48839==    by 0x8CF6156: ??? (in /usr/lib64/libglib-2.0.so.0.5600.4)
==48839==    by 0x53E514C: virEventThreadNew (in /usr/lib64/libvirt.so.0.6006.0)
==48839==    by 0x2770D609: qemuDomainObjStartWorker (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839==    by 0x2777B2DF: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so)
==48839==    by 0x54753D2: ??? (in /usr/lib64/libvirt.so.0.6006.0)
==48839==    by 0x91A5149: start_thread (in /usr/lib64/libpthread-2.28.so)
==48839==    by 0x98D5762: clone (in /usr/lib64/libc-2.28.so)
==48839== 
==48839== LEAK SUMMARY:
==48839==    definitely lost: 16 bytes in 1 blocks
==48839==    indirectly lost: 0 bytes in 0 blocks
==48839==      possibly lost: 720 bytes in 3 blocks
==48839==    still reachable: 997,112 bytes in 12,263 blocks
==48839==                       of which reachable via heuristic:
==48839==                         length64           : 144 bytes in 3 blocks
==48839==                         newarray           : 1,584 bytes in 19 blocks
==48839==         suppressed: 196,147 bytes in 915 blocks
==48839== Reachable blocks (those to which a pointer was found) are not shown.
==48839== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==48839== 
==48839== For lists of detected and suppressed errors, rerun with: -s
==48839== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 20 from 20)

Comment 12 yafu 2020-12-23 08:29:38 UTC

Verified with libvirt-daemon-6.10.0-1.module+el8.4.0+8898+a84e86e1.x86_64.

Test steps:
1.Start guest:
#virsh start vm1

2.Start libvirtd with valgrind:
# systemctl stop libvirtd
# systemctl stop virtlogd
# virtlogd -d
# valgrind --leak-check=full --suppressions=.valgrind.supp --trace-children=no --child-silent-after-fork=yes libvirtd

3.Enter 'Ctrl+C' to interrupt the valgrind after libvirtd starting:
...
==51860== LEAK SUMMARY:
==51860==    definitely lost: 0 bytes in 0 blocks
==51860==    indirectly lost: 0 bytes in 0 blocks
==51860==      possibly lost: 1,288 bytes in 5 blocks
==51860==    still reachable: 1,050,704 bytes in 13,033 blocks
==51860==                       of which reachable via heuristic:
==51860==                         length64           : 728 bytes in 14 blocks
==51860==                         newarray           : 1,728 bytes in 28 blocks
==51860==         suppressed: 196,219 bytes in 912 blocks
==51860== Reachable blocks (those to which a pointer was found) are not shown.
==51860== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==51860== 
==51860== For lists of detected and suppressed errors, rerun with: -s
==51860== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 21 from 21)

Comment 14 errata-xmlrpc 2021-05-25 06:43:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:2098