1123904 – Early QMP commands segfault

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1123904 - Early QMP commands segfault

Summary: Early QMP commands segfault

Keywords:
Status:	CLOSED DUPLICATE of bug 988865
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Cole Robinson
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-28 15:16 UTC by Kevin Wolf
Modified:	2015-01-27 22:07 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-01-27 22:07:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Kevin Wolf 2014-07-28 15:16:09 UTC

When directly sending a QMP command on startup (just piping commands into qemu
is something that qemu-iotests does for some test cases that involve QMP),
qemu crashes:

$ x86_64-softmmu/qemu-system-x86_64 -qmp stdio <<< '{ "execute": "qmp_capabilities" }'
Segmentation fault (core dumped)

The segfault is avoided by inserting a delay:

$ (sleep 1; echo '{ "execute": "qmp_capabilities" }') | x86_64-softmmu/qemu-system-x86_64 -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 1, "minor": 12, "major": 0}, "package": "(qemu-kvm-devel)"}, "capabilities": []}}
{"return": {}}
{"timestamp": {"seconds": 1406560293, "microseconds": 328605}, "event": "SHUTDOWN"}


(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x000000000049e1e8 in json_lexer_feed_char (lexer=lexer@entry=0xef05a0, ch=123 '{', flush=flush@entry=false) at json-lexer.c:339
#2  0x000000000049e37e in json_lexer_feed (lexer=0xef05a0, buffer=<optimized out>, size=<optimized out>) at json-lexer.c:355
#3  0x000000000049e689 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at json-streamer.c:110
#4  0x0000000000440a9f in monitor_control_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /home/kwolf/source/qemu-kvm-rhel6/monitor.c:5024
#5  0x00000000004c03b1 in qemu_chr_be_write (len=<optimized out>, buf=0x7fffffffc5e0 "{\001", s=0xd99a10) at qemu-char.c:192
#6  fd_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0xd99a10) at qemu-char.c:793
#7  0x00007ffff62aaac6 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#8  0x000000000043f090 in glib_select_poll (err=false, xfds=0x7fffffffd7c0, wfds=0x7fffffffd740, rfds=0x7fffffffd6c0) at /home/kwolf/source/qemu-kvm-rhel6/vl.c:4001
#9  main_loop_wait (timeout=0, timeout@entry=1000) at /home/kwolf/source/qemu-kvm-rhel6/vl.c:4074
#10 0x000000000045cfc2 in kvm_main_loop () at /home/kwolf/source/qemu-kvm-rhel6/qemu-kvm.c:2258
#11 0x00000000004381c1 in main_loop () at /home/kwolf/source/qemu-kvm-rhel6/vl.c:4268
#12 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /home/kwolf/source/qemu-kvm-rhel6/vl.c:6711

(gdb) up
#1  0x000000000049e1e8 in json_lexer_feed_char (lexer=lexer@entry=0xf53d70, ch=123 '{', flush=flush@entry=false) at json-lexer.c:339
339             lexer->emit(lexer, lexer->token, lexer->state, lexer->x, lexer->y);

(gdb) p *lexer
$2 = {emit = 0x0, state = 0, token = 0x0, x = 1, y = 0}

Note You need to log in before you can comment on or make changes to this bug.