Hide Forgot
Description of problem: Boot guest with a wrong network driver and use openvswitch as backend, qemu coredumpd Version-Release number of selected component (if applicable): # rpm -q qemu-kvm-rhev qemu-kvm-rhev-1.5.3-11.el7.x86_64 # rpm -q openvswitch openvswitch-2.0.0-1.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.Boot guest with a wrong network driver name, like "virtio-pci" # /usr/libexec/qemu-kvm -M q35 -cpu Penryn -enable-kvm -m 4096 -smp 1,socket=1,cores=1,threads=1 -name rhel7 -nodefaults -nodefconfig -drive file=gluster://10.66.5.134/gv0/rhel7latest.qcow2_v3,if=none,id=drive-virtio-disk0,format=qcow2,werror=stop,rerror=stop,aio=native -device virtio-scsi-pci,id=virtio-disk0 -device scsi-hd,bus=virtio-disk0.0,drive=drive-virtio-disk0,id=scsi-hd -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -vnc :10 -vga qxl -global qxl-vga.vram_size=67108864 -monitor stdio -boot menu=on -netdev tap,id=netdev0,vhost=on,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -device virtio-pci,mac=ce:71:f6:64:8f:18,netdev=netdev0,id=net0 -device virtio-balloon-pci,id=b1 Actual results: qemu coredumpd: (gdb) bt #0 0x00007ffff32de999 in raise () from /lib64/libc.so.6 #1 0x00007ffff32e00a8 in abort () from /lib64/libc.so.6 #2 0x00007ffff7711bc6 in g_assertion_message () from /lib64/libglib-2.0.so.0 #3 0x00007ffff7711c24 in g_assertion_message_expr () from /lib64/libglib-2.0.so.0 #4 0x00005555556f7e31 in object_initialize_with_type (data=0x555556704e10, type=0x5555564b3a40) at qom/object.c:309 #5 0x00005555556f7f7c in object_new_with_type (type=0x5555564b3a40) at qom/object.c:413 #6 0x00005555556f8015 in object_new (typename=typename@entry=0x5555564c2890 "virtio-pci") at qom/object.c:423 #7 0x00005555556e498d in qdev_device_add (opts=0x5555564c27c0) at qdev-monitor.c:473 #8 0x0000555555729a09 in device_init_func (opts=<optimized out>, opaque=<optimized out>) at vl.c:2279 #9 0x0000555555858a5b in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x5555557299f0 <device_init_func>, opaque=opaque@entry=0x0, abort_on_failure=abort_on_failure@entry=1) at util/qemu-option.c:1164 #10 0x00005555555c4746 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4280 (gdb) bt ful #0 0x00007ffff32de999 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00007ffff32e00a8 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00007ffff7711bc6 in g_assertion_message () from /lib64/libglib-2.0.so.0 No symbol table info available. #3 0x00007ffff7711c24 in g_assertion_message_expr () from /lib64/libglib-2.0.so.0 No symbol table info available. #4 0x00005555556f7e31 in object_initialize_with_type (data=0x555556704e10, type=0x5555564b3a40) at qom/object.c:309 obj = <optimized out> __PRETTY_FUNCTION__ = "object_initialize_with_type" #5 0x00005555556f7f7c in object_new_with_type (type=0x5555564b3a40) at qom/object.c:413 obj = 0x555556704e10 __PRETTY_FUNCTION__ = "object_new_with_type" #6 0x00005555556f8015 in object_new (typename=typename@entry=0x5555564c2890 "virtio-pci") at qom/object.c:423 ti = <optimized out> #7 0x00005555556e498d in qdev_device_add (opts=0x5555564c27c0) at qdev-monitor.c:473 obj = <optimized out> k = 0x5555566df7d0 driver = 0x5555564c2890 "virtio-pci" path = 0x0 id = <optimized out> qdev = <optimized out> bus = 0x555556687260 __func__ = "qdev_device_add" #8 0x0000555555729a09 in device_init_func (opts=<optimized out>, opaque=<optimized out>) at vl.c:2279 dev = <optimized out> #9 0x0000555555858a5b in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x5555557299f0 <device_init_func>, opaque=opaque@entry=0x0, abort_on_failure=abort_on_failure@entry=1) at util/qemu-option.c:1164 loc = {kind = LOC_CMDLINE, num = 2, ptr = 0x7fffffffe328, prev = 0x55555644f9a0 <std_loc>} opts = 0x5555564c27c0 rc = 0 #10 0x00005555555c4746 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4280 i = <optimized out> snapshot = 0 linux_boot = 0 icount_option = 0x0 initrd_filename = 0x0 kernel_filename = 0x0 kernel_cmdline = 0x5555558ad730 "" boot_devices = '\000' <repeats 32 times> ds = <optimized out> cyls = 0 heads = 0 secs = 0 translation = 0 hda_opts = <optimized out> opts = <optimized out> machine_opts = <optimized out> olist = <optimized out> optind = 40 optarg = 0x7fffffffe81f "virtio-balloon-pci,id=b1" loadvm = 0x0 machine = 0x555555c33720 <pc_q35_machine_rhel700> cpu_model = 0x7fffffffe59f "Penryn" vga_model = 0x7fffffffe743 "qxl" pid_file = 0x0 incoming = 0x0 show_vnc_port = 0 defconfig = <optimized out> userconfig = false log_mask = 0x0 log_file = 0x0 mem_trace = {malloc = 0x55555572a7b0 <malloc_and_trace>, realloc = 0x55555572a770 <realloc_and_trace>, free = 0x55555572a730 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0} trace_events = 0x0 trace_file = 0x0 __PRETTY_FUNCTION__ = "main" args = {ram_size = 4294967296, boot_device = 0x555555867d26 "cad", kernel_filename = 0x0, kernel_cmdline = 0x5555558ad730 "", initrd_filename = 0x0, cpu_model = 0x7fffffffe59f "Penryn"} Expected results: qemu can quit without coredumpd Additional info:
This bug just occurs when the driver name is set as "virtio-pci", so change the bug summary
This patch fixed the crash in upstream commit 2fa4e56d88aa0039062bbc7f9a88e9f90c77ed94 Author: Igor Mammedov <imammedo> Date: Tue Sep 17 15:32:32 2013 +0200 qdev-monitor: Fix crash when device_add is called with abstract driver User is able to crash running QEMU when following monitor command is called: device_add intel-hda-generic Crash is caused by assertion in object_initialize_with_type() when type is abstract. Checking if type is abstract before instance is created in qdev_device_add() allows to prevent crash on incorrect user input. Cc: qemu-stable Signed-off-by: Igor Mammedov <imammedo> Signed-off-by: Andreas Färber <afaerber> diff --git a/qdev-monitor.c b/qdev-monitor.c index 8f9f6cb..753bab7 100644 --- a/qdev-monitor.c +++ b/qdev-monitor.c @@ -481,6 +481,12 @@ DeviceState *qdev_device_add(QemuOpts *opts) return NULL; } + if (object_class_is_abstract(oc)) { + qerror_report(QERR_INVALID_PARAMETER_VALUE, "driver", + "non-abstract device type"); + return NULL; + } + dc = DEVICE_CLASS(oc); /* find bus */
*** Bug 1044329 has been marked as a duplicate of this bug. ***
Fix included in qemu-kvm-1.5.3-36.el7
Regression for -device nonexistant! Before this patch: qemu-kvm: -device nonexistant: Parameter 'driver' expects device type After: SEGV.
Fix has been folded into the fix for bug 669524. *** This bug has been marked as a duplicate of bug 669524 ***