Hide Forgot
Description of problem: When hotplug a virtio-pci device via qmp(with wrong format), qemu-kvm core dump. Version-Release number of selected component (if applicable): 3.10.0-61.el7.x86_64 qemu-kvm-rhev-1.5.3-21.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.Boot guest. # gdb --args /usr/libexec/qemu-kvm -S -M pc-i440fx-rhel7.0.0 -cpu SandyBridge,hv_spinlocks=0x1fff,hv_relaxed,hv_vapic -enable-kvm -m 2G -smp 2,sockets=2,cores=1,threads=1 -name juli -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa68 -rtc base=localtime,clock=host,driftfix=slew \ -device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 \ -drive file=/home/juli/win2012r2.raw,if=none,id=drive-scsi0-0-0,media=disk,cache=none,format=raw,werror=stop,rerror=stop,aio=native -device scsi-hd,drive=drive-scsi0-0-0,bus=scsi0.0,scsi-id=0,lun=0,id=juli,bootindex=0 \ -k en-us -boot menu=on,reboot-timeout=-1,strict=on \ -qmp tcp:0:4499,server,nowait -vnc :8 -monitor stdio 2.hot-plug a virtio-pci device via qmp with wrong format. $ telnet 10.66.104.53 4499 {"execute":"qmp_capabilities"} {"execute":"device_add","arguments":{"driver":"virtio-pci","host":"05:10.6","id":"hostnet_VF8"}} Actual results: After step 2, qemu-kvm core dump. (gdb) bt #0 0x00007ffff30db979 in raise () from /lib64/libc.so.6 #1 0x00007ffff30dd088 in abort () from /lib64/libc.so.6 #2 0x00007ffff750dbc6 in g_assertion_message () from /lib64/libglib-2.0.so.0 #3 0x00007ffff750dc24 in g_assertion_message_expr () from /lib64/libglib-2.0.so.0 #4 0x00005555557377d1 in object_initialize_with_type (data=0x5555565fa1b0, type=0x5555564fb0d0) at qom/object.c:309 #5 0x000055555573791c in object_new_with_type (type=0x5555564fb0d0) at qom/object.c:413 #6 0x00005555557379b5 in object_new ( typename=typename@entry=0x5555565a6430 "virtio-pci") at qom/object.c:423 #7 0x0000555555723ffd in qdev_device_add (opts=opts@entry=0x5555565aff80) at qdev-monitor.c:513 #8 0x000055555572449d in do_device_add (mon=<optimized out>, qdict=<optimized out>, ret_data=<optimized out>) at qdev-monitor.c:649 #9 0x00005555557ce2e7 in qmp_call_cmd (cmd=<optimized out>, params=0x5555565f9190, mon=0x55555650b020) at /usr/src/debug/qemu-1.5.3/monitor.c:4509 #10 handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-1.5.3/monitor.c:4575 #11 0x0000555555887332 in json_message_process_token (lexer=0x55555650b0b0, token=0x5555565afd70, type=JSON_OPERATOR, x=96, y=1) at qobject/json-streamer.c:87 ---Type <return> to continue, or q <return> to quit--- #12 0x0000555555898e2f in json_lexer_feed_char ( lexer=lexer@entry=0x55555650b0b0, ch=<optimized out>, flush=flush@entry=false) at qobject/json-lexer.c:303 #13 0x0000555555898f46 in json_lexer_feed (lexer=0x55555650b0b0, buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:356 #14 0x0000555555887531 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:110 #15 0x00005555557cce33 in monitor_control_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/debug/qemu-1.5.3/monitor.c:4596 #16 0x0000555555728081 in qemu_chr_be_write (len=<optimized out>, buf=0x7fffffffcbf0 "};PVUU", s=0x555556504890) at qemu-char.c:167 #17 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x555556504890) at qemu-char.c:2491 #18 0x00007ffff74e9e06 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #19 0x00005555556f9e8a in glib_pollfds_poll () at main-loop.c:187 #20 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:232 #21 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:464 #22 0x00005555555ffea8 in main_loop () at vl.c:1986 #23 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4343 Expected results: qemu-kvm works well or give some warning info. Additional info:
This bug seams dupl from bug #1026712
*** This bug has been marked as a duplicate of bug 1026712 ***