Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1004610

Summary: qemu-kvm core dump when do "device_add cpu" via qmp
Product: Red Hat Enterprise Linux 7 Reporter: Xu Han <xuhan>
Component: qemu-kvmAssignee: Igor Mammedov <imammedo>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: medium    
Version: 7.0CC: drjones, flang, hhuang, imammedo, juzhang, michen, mrezanin, rbalakri, sluo, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: upstream qemu-1.7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-02 11:18:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xu Han 2013-09-05 03:25:11 UTC 
Description of problem:
"device_add cpu" via qmp, device_add hotplug a "cpu" character will cause qemu-kvm core dump via qmp or monitor.

e.g
{"execute":"device_add","arguments":{"driver":"cpu"}}
(qemu) device_add cpu

Version-Release number of selected component (if applicable):
qemu-kvm-1.5.3-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.# /usr/libexec/qemu-kvm -vnc :1 -qmp tcp:0:5555,server,nowait
2.{"execute":"device_add","arguments":{"driver":"cpu"}}
3.

Actual results:
ERROR:qom/object.c:309:object_initialize_with_type: assertion failed: (type->abstract == false)
Aborted (core dumped)
Program received signal SIGABRT, Aborted.


Expected results:
qemu-kvm should report error message like:
qmp:
{"error": {"class": "GenericError", "desc": "Parameter 'driver' expects device type"}}
monitor:
(qemu) device_add a
Parameter 'driver' expects device type


Additional info:
(gdb) bt
#0  0x00007ffff32e4999 in raise () from /lib64/libc.so.6
#1  0x00007ffff32e60a8 in abort () from /lib64/libc.so.6
#2  0x00007ffff7711bc6 in g_assertion_message () from /lib64/libglib-2.0.so.0
#3  0x00007ffff7711c24 in g_assertion_message_expr () from /lib64/libglib-2.0.so.0
#4  0x00005555556fc7f1 in object_initialize_with_type (data=0x555556509fe0, type=0x5555564c78a0) at qom/object.c:309
#5  0x00005555556fc93c in object_new_with_type (type=0x5555564c78a0) at qom/object.c:413
#6  0x00005555556fc9d5 in object_new (typename=typename@entry=0x555556509d50 "cpu") at qom/object.c:423
#7  0x00005555556e9725 in qdev_device_add (opts=opts@entry=0x555556509f50) at qdev-monitor.c:473
#8  0x00005555556e991d in do_device_add (mon=<optimized out>, qdict=<optimized out>, ret_data=<optimized out>)
    at qdev-monitor.c:609
#9  0x0000555555793d47 in qmp_call_cmd (cmd=<optimized out>, params=0x555556566ed0, mon=0x5555564d6ed0)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4507
#10 handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-1.5.3/monitor.c:4573
#11 0x000055555584c1d2 in json_message_process_token (lexer=0x5555564d6f80, token=0x555556509ac0, type=JSON_OPERATOR, 
    x=53, y=1) at qobject/json-streamer.c:87
#12 0x000055555585dcff in json_lexer_feed_char (lexer=lexer@entry=0x5555564d6f80, ch=<optimized out>, 
    flush=flush@entry=false) at qobject/json-lexer.c:303
#13 0x000055555585de16 in json_lexer_feed (lexer=0x5555564d6f80, buffer=<optimized out>, size=<optimized out>)
    at qobject/json-lexer.c:356
#14 0x000055555584c3d1 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, 
    size=<optimized out>) at qobject/json-streamer.c:110
#15 0x0000555555792893 in monitor_control_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4594
#16 0x00005555556ed451 in qemu_chr_be_write (len=<optimized out>, buf=0x7fffffffcfa0 "}²Bóÿ\177", s=0x5555564ce2a0)
    at qemu-char.c:167
#17 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x5555564ce2a0) at qemu-char.c:2511
#18 0x00007ffff76ede06 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#19 0x00005555556c577a in glib_pollfds_poll () at main-loop.c:187
#20 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:232
#21 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:464
#22 0x00005555555c5241 in main_loop () at vl.c:2060
#23 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4451
Comment 4 Igor Mammedov 2014-08-28 13:00:42 UTC 
'device_add cpu' support is not complete upstream yet and shouldn't be used with any cpus yet. So it's unsupported in rhel7.0.

Lets retest it with 7.1 where is should be fixed by:
2fa4e56d8 qdev-monitor: Fix crash when device_add is called with abstract driver

which went into upstream QEMU 1.7
Comment 5 langfang 2014-12-01 08:09:12 UTC 
Hi,Igor
   Now the BUG is ON_QA, could you please add the fixed version for this bug?

best regards
fang lang
Comment 6 Igor Mammedov 2014-12-01 10:20:56 UTC 
(In reply to langfang from comment #5)
> Hi,Igor
>    Now the BUG is ON_QA, could you please add the fixed version for this bug?
> 
> best regards
> fang lang

2.1 version should have fixes.
Comment 13 Igor Mammedov 2014-12-02 07:49:01 UTC 
I don't think that there is a need to document this bug in qemu-kvm[-rhev] since 'device-add cpu' is not supported option.