This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 994657 - libvirtd gets segmentation violation trying to access recently freed virDomainDefPtr
libvirtd gets segmentation violation trying to access recently freed virDomai...
Status: CLOSED NEXTRELEASE
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Libvirt Maintainers
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-07 13:42 EDT by John Schmaus
Modified: 2013-08-07 16:18 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-07 16:18:12 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Schmaus 2013-08-07 13:42:47 EDT
Description of problem:
When trying to create a domain (using virt-install or virt-manager), libvirtd gets a segmentation violation and exits.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. run:
virt-install --name centos64 --ram 1024 -s 20 -f /dev/VolGroup00/lv_centos64 --location http://centralcity2.dr.avaya.com/centos64 --network bridge=avpublic
2.
3.

Actual results:
command exits with an exception: unexpected end of file while reading libvirtd's socket that was closed when libvirtd died from SIGSEGV.


Expected results:
libvirtd continues to create the domain and virt-install proceeds normally.


Additional info:
Here is the call sequence:
xenUnifiedDomainCreateXML -->
    def = virDomainDefParseString -->
        virDomainDefParse(def) -->
            virDomainDefParseNode(def) -->
                virDomainDefParseXML(def)
                return
            return
        return
    return
... call some other XML routines ...
xenDaemonCreateXML(def) -->
    virDomainDefFree(def)
    return
virGetDomain(def) <-- def is no longer usable and we get SIGSEGV
virDomainDefFree(def)

I fixed this by not calling virDomainDefFree inside xenDaemonCreateXML:

    - We will call virDomainDefFree from xenUnifiedDomainCreateXML after xenDaemonCraeteXML returns, anyway.
    - We are passing def to virGetDomain and aren't done with it yet.  This is where the SIGSEGV happens.
Comment 1 Eric Blake 2013-08-07 13:56:51 EDT
Can you post your patch upstream to libvir-list@redhat.com?
Comment 2 Eric Blake 2013-08-07 16:18:12 EDT
Already patched upstream for the upcoming 1.1.2 with this:

commit 9d0557b9655fe4a3f31af2e1cc2f33de8acfaa7d
Author: Stefan Bader <stefan.bader@canonical.com>
Date:   Wed Jul 31 11:59:21 2013 +0200

    xen: Avoid double free of virDomainDef in xenDaemonCreateXML
    
    The virDomainDef is allocated by the caller and also used after
    calling to xenDaemonCreateXML. So it must not get freed by the
    callee.
    
    Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Note You need to log in before you can comment on or make changes to this bug.