Red Hat Bugzilla – Bug 1357346
libvirtd memory leak when guest has hostdev element
Last modified: 2016-11-03 14:49:05 EDT
Description of problem: As subject Version-Release number of selected component (if applicable): libvirt-2.0.0-2.el7.x86_64 How reproducible: 100% Steps to Reproduce: Prepare a guest with hostdev in xml: # virsh dumpxml 18564 ... <hostdev mode='subsystem' type='scsi' managed='no' rawio='yes'> <source> <adapter name='scsi_host8'/> <address bus='0' target='0' unit='1'/> </source> <address type='drive' controller='0' bus='0' target='4' unit='8'/> </hostdev> ... Stop libvirtd and start it with valgrind. Interrupt libvirtd (Ctrl+c) after it starts. # systemctl stop libvirtd # /usr/bin/valgrind --leak-check=full libvirtd ==9740== Memcheck, a memory error detector ==9740== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==9740== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==9740== Command: libvirtd ==9740== --9740-- WARNING: unhandled amd64-linux syscall: 324 --9740-- You may be able to write your own handler. --9740-- Read the file README_MISSING_SYSCALL_OR_IOCTL. --9740-- Nevertheless we consider this a bug. Please report --9740-- it at http://valgrind.org/support/bug_reports.html. ^C==9740== ==9740== HEAP SUMMARY: ==9740== in use at exit: 880,967 bytes in 11,309 blocks ==9740== total heap usage: 631,482 allocs, 620,173 frees, 1,097,143,847 bytes allocated ==9740== ==9740== 168 bytes in 7 blocks are definitely lost in loss record 500 of 633 ==9740== at 0x4C29975: calloc (vg_replace_malloc.c:711) ==9740== by 0x54B0A54: virAllocVar (viralloc.c:560) ==9740== by 0x54FF695: virObjectNew (virobject.c:193) ==9740== by 0x553B447: virDomainHostdevDefAlloc (domain_conf.c:2151) ==9740== by 0x553EB84: virDomainHostdevDefParseXML (domain_conf.c:12714) ==9740== by 0x55611E7: virDomainDefParseXML (domain_conf.c:17000) ==9740== by 0x5561F9F: virDomainDefParseNode (domain_conf.c:17475) ==9740== by 0x55620B7: virDomainDefParse (domain_conf.c:17422) ==9740== by 0x556B4C2: virDomainObjListLoadConfig (virdomainobjlist.c:465) ==9740== by 0x556B4C2: virDomainObjListLoadAllConfigs (virdomainobjlist.c:596) ==9740== by 0x31260303: qemuStateInitialize (qemu_driver.c:907) ==9740== by 0x55AB28E: virStateInitialize (libvirt.c:770) ==9740== by 0x12254A: daemonRunStateInit (libvirtd.c:959) ==9740== ==9740== LEAK SUMMARY: ==9740== definitely lost: 168 bytes in 7 blocks ==9740== indirectly lost: 0 bytes in 0 blocks ==9740== possibly lost: 0 bytes in 0 blocks ==9740== still reachable: 880,799 bytes in 11,302 blocks ==9740== suppressed: 0 bytes in 0 blocks ==9740== Reachable blocks (those to which a pointer was found) are not shown. ==9740== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==9740== ==9740== For counts of detected and suppressed errors, rerun with: -v ==9740== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Expected results: No memory leak
Verified on libvirt-2.0.0-4.el7.x86_64 Terminal one: [root@bootp-73-75-161 ~]# valgrind --leak-check=full --trace-children=no --child-silent-after-fork=yes libvirtd ==16561== Memcheck, a memory error detector ==16561== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==16561== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==16561== Command: libvirtd ==16561== Terminal two: # virsh start vm1 Domain vm1 started # virsh dumpxml vm1 | grep hostdev -A10 <hostdev mode='subsystem' type='scsi' managed='no' rawio='yes'> <source> <adapter name='scsi_host8'/> <address bus='0' target='0' unit='1'/> </source> <alias name='hostdev0'/> <address type='drive' controller='0' bus='0' target='4' unit='8'/> </hostdev> Terminal one: ==16561== Warning: noted but unhandled ioctl 0x89a2 with no size/direction hints. ==16561== This could cause spurious value errors to appear. ==16561== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. 2016-08-05 06:31:19.925+0000: 16566: info : libvirt version: 2.0.0, package: 4.el7 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2016-08-02-09:15:12, x86-034.build.eng.bos.redhat.com) 2016-08-05 06:31:19.925+0000: 16566: info : hostname: bootp-73-75-161.lab.eng.pek2.redhat.com 2016-08-05 06:31:19.925+0000: 16566: warning : qemuDomainObjTaint:3300 : Domain id=1 name='vm1' uuid=c4210bf2-a997-4f65-8c99-3d2e9ae2b833 is tainted: high-privileges ^C==16561== Conditional jump or move depends on uninitialised value(s) ==16561== at 0x7A538C6: ??? (in /usr/lib64/libselinux.so.1) ==16561== by 0x7A4FECB: selabel_close (in /usr/lib64/libselinux.so.1) ==16561== by 0x56A4B4B: ??? (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x56A0F92: ??? (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x550059A: virObjectUnref (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x569E9FE: ??? (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x56A0F92: ??? (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x550059A: virObjectUnref (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x1E690F3F: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so) ==16561== by 0x55AF14A: virStateCleanup (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x1206F7: ??? (in /usr/sbin/libvirtd) ==16561== by 0x82AEB34: (below main) (libc-start.c:274) ==16561== ==16561== ==16561== HEAP SUMMARY: ==16561== in use at exit: 805,603 bytes in 9,777 blocks ==16561== total heap usage: 151,765 allocs, 141,988 frees, 816,331,198 bytes allocated ==16561== ==16561== 62 bytes in 10 blocks are definitely lost in loss record 591 of 860 ==16561== at 0x4C27BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16561== by 0x8313889: strndup (strndup.c:45) ==16561== by 0x7A54752: ??? (in /usr/lib64/libselinux.so.1) ==16561== by 0x7A54B4C: ??? (in /usr/lib64/libselinux.so.1) ==16561== by 0x7A4FDE0: selabel_open (in /usr/lib64/libselinux.so.1) ==16561== by 0x56A4BFD: ??? (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x56A10BA: ??? (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x1E692868: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so) ==16561== by 0x55AEFEE: virStateInitialize (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x12254A: ??? (in /usr/sbin/libvirtd) ==16561== by 0x551CD31: ??? (in /usr/lib64/libvirt.so.0.2000.0) ==16561== by 0x8078DC4: start_thread (pthread_create.c:308) ==16561== ==16561== LEAK SUMMARY: ==16561== definitely lost: 62 bytes in 10 blocks ==16561== indirectly lost: 0 bytes in 0 blocks ==16561== possibly lost: 0 bytes in 0 blocks ==16561== still reachable: 805,541 bytes in 9,767 blocks ==16561== suppressed: 0 bytes in 0 blocks ==16561== Reachable blocks (those to which a pointer was found) are not shown. ==16561== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==16561== ==16561== For counts of detected and suppressed errors, rerun with: -v ==16561== Use --track-origins=yes to see where uninitialised values come from ==16561== ERROR SUMMARY: 26 errors from 2 contexts (suppressed: 0 from 0) ===== Although there is still mem leak, but not related to hostdev. And when start a vm without hostdev, seem errors reported. So close this bug as verified. And will open a new mem leak bug after confirmed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2577.html