This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 994657 - libvirtd gets segmentation violation trying to access recently freed virDomainDefPtr
libvirtd gets segmentation violation trying to access recently freed virDomai...
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Libvirt Maintainers
Depends On:
  Show dependency treegraph
Reported: 2013-08-07 13:42 EDT by John Schmaus
Modified: 2013-08-07 16:18 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-07 16:18:12 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Schmaus 2013-08-07 13:42:47 EDT
Description of problem:
When trying to create a domain (using virt-install or virt-manager), libvirtd gets a segmentation violation and exits.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run:
virt-install --name centos64 --ram 1024 -s 20 -f /dev/VolGroup00/lv_centos64 --location --network bridge=avpublic

Actual results:
command exits with an exception: unexpected end of file while reading libvirtd's socket that was closed when libvirtd died from SIGSEGV.

Expected results:
libvirtd continues to create the domain and virt-install proceeds normally.

Additional info:
Here is the call sequence:
xenUnifiedDomainCreateXML -->
    def = virDomainDefParseString -->
        virDomainDefParse(def) -->
            virDomainDefParseNode(def) -->
... call some other XML routines ...
xenDaemonCreateXML(def) -->
virGetDomain(def) <-- def is no longer usable and we get SIGSEGV

I fixed this by not calling virDomainDefFree inside xenDaemonCreateXML:

    - We will call virDomainDefFree from xenUnifiedDomainCreateXML after xenDaemonCraeteXML returns, anyway.
    - We are passing def to virGetDomain and aren't done with it yet.  This is where the SIGSEGV happens.
Comment 1 Eric Blake 2013-08-07 13:56:51 EDT
Can you post your patch upstream to
Comment 2 Eric Blake 2013-08-07 16:18:12 EDT
Already patched upstream for the upcoming 1.1.2 with this:

commit 9d0557b9655fe4a3f31af2e1cc2f33de8acfaa7d
Author: Stefan Bader <>
Date:   Wed Jul 31 11:59:21 2013 +0200

    xen: Avoid double free of virDomainDef in xenDaemonCreateXML
    The virDomainDef is allocated by the caller and also used after
    calling to xenDaemonCreateXML. So it must not get freed by the
    Signed-off-by: Stefan Bader <>

Note You need to log in before you can comment on or make changes to this bug.