<html><body> The stack trace is as follows: Program received signal SIGABRT, Aborted. 0x00000035ad830265 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00000035ad830265 in raise () from /lib64/libc.so.6 #1 0x00000035ad831d10 in abort () from /lib64/libc.so.6 #2 0x00000035ad86a84b in __libc_message () from /lib64/libc.so.6 #3 0x00000035ad8722ef in _int_free () from /lib64/libc.so.6 #4 0x00000035ad87273b in free () from /lib64/libc.so.6 #5 0x0000000000406771 in vshDeinit (ctl=0x7fffd35d35e0) at virsh.c:8244 #6 0x00000000004069a5 in vshError (ctl=0x7fffd35d35e0, doexit=<value optimized out>, format=0x414f66 "%s") at virsh.c:7861 #7 0x00000000004067c4 in vshDeinit (ctl=0x7fffd35d35e0) at virsh.c:8248 #8 0x000000000041335e in main (argc=3, argv=0x7fffd35d3748) at virsh.c:8493 I am trying to run libvirt-0.7.1-0.1.git3ef2e05.fc12.src.rpm on RHEL5.4. vshDeinit gets called twice, so ctl->name is freed twice. How about this patch then? (See attached file: 0001-Fix-possible-double-free.patch) -- Mark You must be the change you wish to see in the world. -- Mahatma Gandhi Worrying is praying for that you do not wish to happen. <img width="16" height="16" src="cid:2__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt="Inactive hide details for Chris Lalancette <clalance@redhat.com>">Chris Lalancette <clalance@redhat.com> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr valign="top"><td style="background-image:url(cid:3__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com); background-repeat: no-repeat; " width="40%"> <ul> <ul> <ul> <ul>Chris Lalancette <clalance@redhat.com> 09/16/2009 06:30 AM</ul> </ul> </ul> </ul> </td><td width="60%"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr valign="top"><td width="1%"><img width="58" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""> <div align="right">To</div></td><td width="100%"><img width="1" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""> Mark Hamzy/Austin/IBM@IBMUS</td></tr> <tr valign="top"><td width="1%"><img width="58" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""> <div align="right">cc</div></td><td width="100%"><img width="1" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""> libvir-list@redhat.com</td></tr> <tr valign="top"><td width="1%"><img width="58" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""> <div align="right">Subject</div></td><td width="100%"><img width="1" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""> Re: [libvirt] PATCH] Stop double free</td></tr> </table> <table border="0" cellspacing="0" cellpadding="0"> <tr valign="top"><td width="58"><img width="1" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""></td><td width="336"><img width="1" height="1" src="cid:4__=09BBFCA8DFCB86978f9e8a93df938@us.ibm.com" border="0" alt=""></td></tr> </table> </td></tr> </table> <tt>Mark Hamzy wrote: > diff --git a/src/virsh.c b/src/virsh.c > index 4825f1c..5fc6c8f 100644 > --- a/src/virsh.c > +++ b/src/virsh.c > @@ -8201,7 +8201,7 @@ vshError(vshControl *ctl, int doexit, const char > *format, ...) > fputc('\n', stderr); > > if (doexit) { > - if (ctl) > + if (ctl && ctl->conn) > vshDeinit(ctl); > exit(EXIT_FAILURE); > } I don't think this patch is right. vshDeinit() already has a check for ctl->conn, and if you put it higher up in the call chain like this, you'll leak the ctl->name memory and the ctrl->log_fd file descriptors. Do you have a stack trace with line numbers in it (i.e. debugging information)? Also, what version of libvirt are you using? That might shed a bit more light on what the problem is. -- Chris Lalancette </tt> </body></html>