I'm trying to track down: https://bugzilla.redhat.com/show_bug.cgi?id=810613 I *think* this is a libvirt bug, but I can only reproduce it on one machine, not on another machine that has a virtually identical setup. Anyway, something is confusing me about libvirt. In this commit: ---------------------------------------------------------------------- commit 74c75671331d284e1f777f9692b72e9737520bf0 Author: Michal Privoznik <mprivozn@xxxxxxxxxx> Date: Thu Aug 18 10:44:08 2011 +0200 daemon: initialize GnuTLS When spice_tls is set but listen_tls is not, we don't initialize GnuTLS library. So any later gnutls call (e.g. during migration, where we initialize a certificate) will access uninitialized GnuTLS internal structs and throws an error. Although, we might now initialize GnuTLS twice, it is safe according to the documentation: This function can be called many times, but will only do something the first time. This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit with respect to written above. ---------------------------------------------------------------------- ... a pair of functions called virNetTLSInit & virNetTLSDeinit are introduced, which would appear to do the right thing, calling first gnutls_global_init, then gnutls_global_deinit. This looks correct to me. However the above commit is later amended by this commit: ---------------------------------------------------------------------- commit eaddec976ef06457fee4a4ce86b8c7ee906183b7 Author: Michal Privoznik <mprivozn@xxxxxxxxxx> Date: Wed Aug 24 16:16:45 2011 +0200 daemon: Move TLS initialization to virInitialize My previous patch 74c75671331d284e1f777f9692b72e9737520bf0 introduced a regression by removing TLS initialization from client. ---------------------------------------------------------------------- which removes virNetTLSDeinit. This appears to be a mistake, or at least I can't see the logical reason for it, and according to the gnutls docs, it would introduce a memory leak looking exactly like the one I am chasing down. The current code mentions virNetTLSDeinit only in a comment, and never calls gnutls_global_deinit. Any ideas? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://et.redhat.com/~rjones/virt-top -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list