On Tue, Mar 10, 2009 at 11:21:01AM +0100, Daniel Veillard wrote: > On Tue, Mar 10, 2009 at 10:16:26AM +0100, Daniel Veillard wrote: > > > Starting install... > > > *** glibc detected *** /usr/bin/python: free(): invalid next size (fast): > > > > Yes I'm seeing this too on 0.6.1 on RHEL-5.3, I'm trying to chase it > > down, it's a bit hard to find out where the memory corruption occurs. > > > > > I've memtested the memory and its fine. If i use a file as the target (instead > > > of a block device) it also works: > > > > > > virt-install -n test -r 512 --vnc --file=/tmp/test-os --file-size=2 -- > > > location=ftp://mirrors/centos/5/os/i386 > > > > yes I get the crash with a file based target too. > > I'm investigating ... > > I guess I nailed it down, it's something we introduced when converting > memory allocation, and since the block getting allocated includes both > char * and char we failed to allocate enough space for the leading > char * array. > With this patch I was able to create a new guest and have it load > with virt-install (but just in serial concole, graphics didn't work > for some reason), it disapeared from the domain list too after being > restarted at the end of the installation, so there is more stuff to > be fixed on RHEL/Centos Xen, but that one seems solved, Ahhh, wow that was confusing :-) I didn't notice the one allocation covered the string array, and the strings themselves ! Probably worth a comment on the funtion that the strings should not be freed separately ACK > Index: src/xend_internal.c > =================================================================== > RCS file: /data/cvs/libxen/src/xend_internal.c,v > retrieving revision 1.251 > diff -u -r1.251 xend_internal.c > --- src/xend_internal.c 13 Feb 2009 18:23:23 -0000 1.251 > +++ src/xend_internal.c 10 Mar 2009 10:00:28 -0000 > @@ -904,7 +904,15 @@ > count++; > } > > - if (VIR_ALLOC_N(ptr, count + 1 + extra) < 0) > + /* > + * We can'tuse the normal allocation routines as we are mixing > + * an array of char * at the beginning followed by an array of char > + * ret points to the NULL terminated array of char * > + * ptr points to the current string after that array but in the same > + * allocated block > + */ > + if (virAlloc((void *)&ptr, > + (count + 1) * sizeof(char *) + extra * sizeof(char)) < 0) > goto error; > > ret = (char **) ptr; Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list