Bug 727071

Summary: libvirtd crashes if client quits unexpectedly
Product: Red Hat Enterprise Linux 6 Reporter: Wen Congyang <wency>
Component: libvirtAssignee: Eric Blake <eblake>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: ajia, dallan, dyuan, mzhan, rwu, veillard, whuang, ydu
Target Milestone: rc   
Target Release: 6.2   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-0.9.4-0rc1.2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 11:18:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
libvirtd.log when the libvirtd crashed
none
error log in libvirtd.log none

Description Wen Congyang 2011-08-01 09:18:44 UTC 
Description of problem:
version: libvirt-0.9.4-0rc2


How reproducible:


Steps to Reproduce:
1. for ((i=0; i < 50; i++)); do virsh managedsave vm1 & done; killall virsh
  
Actual results:
libvirtd crashed


Expected results:
libvirtd is still running

Additional info:
The reason is that we free virNetServerClient when the refs is not 0.

I read the code under the directory src/rpc/, and find we have xxxRef(), but
we do not have xxxUnref(). And sometimes we free the data structure if ref is
not 0. We add an reference of the data structure, but sometimes we forget to
unref it.
Comment 2 Dave Allan 2011-08-01 10:20:07 UTC 
Eric, is this being discussed upstream?
Comment 3 Eric Blake 2011-08-01 13:52:10 UTC 
Upstream mention: https://www.redhat.com/archives/libvir-list/2011-August/msg00013.html
Comment 4 Wen Congyang 2011-08-01 13:57:49 UTC 
The reason is that:
In the function virNetServerClientClose(), we set client->sock to NULL while we
still use it.
Comment 5 Eric Blake 2011-08-01 20:01:02 UTC 
Patch proposed:
https://www.redhat.com/archives/libvir-list/2011-August/msg00047.html
Comment 7 dyuan 2011-08-02 07:57:12 UTC 
Reproduced this bug with libvirt-0.9.4-0rc2.el6 and verified pass with libvirt-0.9.4-0rc1.2.el6.
Comment 9 dyuan 2011-08-05 10:32:26 UTC 
Moved it to VERIFIED according to comment 7.
Comment 10 dyuan 2011-08-31 10:53:02 UTC 
Tested with libvirt-0.9.4-7.el6, the libvirtd crash with the step in bug description.
Re-check with libvirt-0.9.4-0rc1.2.el6, the libvirtd still crash.

Please ignore the comment 7 and comment 9, the libvirtd will crash in few seconds but not at once, seems I get the conclusion too hurriedly at that time.
Comment 11 dyuan 2011-08-31 10:54:25 UTC 
Created attachment 520791 [details]
libvirtd.log when the libvirtd crashed
Comment 12 Eric Blake 2011-09-20 19:48:55 UTC 
Can you retest with libvirt-0.9.4-12.el6?
Comment 13 yanbing du 2011-09-22 03:15:40 UTC 
Created attachment 524307 [details]
error log in libvirtd.log

Retest with libvirt-0.9.4-12.el6.x86_64, libvirtd will not crash, but there's some error messages logged in libvirtd.log.
Comment 14 Daniel Veillard 2011-09-30 02:44:04 UTC 
That sounds normal. Some of it seems to be because the max number of clients
(20) wasn't raised in libvirtd conf before the test. The cgroup messages
are completely unrelated to this bug.

The behaviour sounds normal, now, the bug is fixed IMHO,

Daniel
Comment 15 Min Zhan 2011-09-30 05:10:00 UTC 
Move it to VERIFIED per Comment 13 and Comment 14.
Comment 16 errata-xmlrpc 2011-12-06 11:18:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html