[libvirt] RHBZ 1013045: Crash on xen domain startup: * Error in `/usr/sbin/libvirtd': free(): invalid next size (fast): 0x00007f82c8003210 *

Wed Oct 23 17:46:14 UTC 2013

Hi all,

I posted this bug (https://bugzilla.redhat.com/show_bug.cgi?id=1013045)
to the Redhat Bugzilla a while ago, and the only response has been to
post a note to this list about the bug.

Summary below, but it looks like a pretty clear use-after-free or
something. The full details are attached to the bug report.

Thanks,

    J

--
Description of problem:
When starting a Xen domain with libvirt + libxl, it crashes after
creating the domain.  The domain is left in a paused state, and works
fine if manually unpaused with xl unpause. virt-manager never shows the
domain as running.

[...]

Steps to Reproduce:
1. Open virt-manager
2. Connect to localhost (xen)
3. Start a domain

Actual results:
Domain is created in a paused state, virt-manager shows errors about
losing connection to the daemon. Logs show libvirtd crashed.

Expected results:
Domain creation.

Additional info:
Sep 27 09:08:30 saboo libvirtd[24880]: *** Error in
`/usr/sbin/libvirtd': free(): invalid next size (fast):
0x00007f82c8003210 ***
Sep 27 09:08:30 saboo libvirtd[24880]: ======= Backtrace: =========
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libc.so.6(+0x365b27d0e8)[0x7f82f5a7a0e8]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libvirt.so.0(virFree+0x1a)[0x7f82f8f07d5a]
Sep 27 09:08:30 saboo libvirtd[24880]:
/usr/lib64/libvirt/connection-driver/libvirt_driver_libxl.so(+0x14b6c)[0x7f82e032bb6c]
Sep 27 09:08:30 saboo libvirtd[24880]:
/usr/lib64/libvirt/connection-driver/libvirt_driver_libxl.so(+0x154d4)[0x7f82e032c4d4]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libvirt.so.0(virDomainCreate+0xf7)[0x7f82f8fdb6b7]
Sep 27 09:08:30 saboo libvirtd[24880]:
/usr/sbin/libvirtd(+0x350c7)[0x7f82f9a1a0c7]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libvirt.so.0(virNetServerProgramDispatch+0x3ba)[0x7f82f90314aa]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libvirt.so.0(+0x3a33f822d8)[0x7f82f902c2d8]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libvirt.so.0(+0x3a33ea0c15)[0x7f82f8f4ac15]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libvirt.so.0(+0x3a33ea0691)[0x7f82f8f4a691]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libpthread.so.0(+0x365ba07c53)[0x7f82f61ccc53]
Sep 27 09:08:30 saboo libvirtd[24880]:
/lib64/libc.so.6(clone+0x6d)[0x7f82f5af2d3d]

[libvirt] RHBZ 1013045: Crash on xen domain startup: *** Error in `/usr/sbin/libvirtd': free(): invalid next size (fast): 0x00007f82c8003210 ***

[libvirt] RHBZ 1013045: Crash on xen domain startup: * Error in `/usr/sbin/libvirtd': free(): invalid next size (fast): 0x00007f82c8003210 *