Thanks Peter, I have verified this bug on libvirt-0.9.13 by compiling the source tarball, It's OK now! 2012-08-19 Wangpan >You probably (looking at the version numbers) came across a known bug: >https://bugzilla.redhat.com/show_bug.cgi?id=822068 > > >> 0x00007ffff45c5475 in raise () from /lib/x86_64-linux-gnu/libc.so.6 >> (gdb) bt >> #0 0x00007ffff45c5475 in raise () from /lib/x86_64-linux-gnu/libc.so.6 >> #1 0x00007ffff45c86f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6 >> #2 0x00007ffff45ff2fb in ?? () from /lib/x86_64-linux-gnu/libc.so.6 >> #3 0x00007ffff4608b46 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 >> #4 0x00007ffff460c428 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 >> #5 0x00007ffff460d960 in malloc () from /lib/x86_64-linux-gnu/libc.so.6 >> #6 0x00007ffff4612912 in strdup () from /lib/x86_64-linux-gnu/libc.so.6 >> #7 0x00007ffff77b75c9 in virJSONValueObjectAppend (object=object@entry=0x91d810, key=key@entry=0x4fef81 "execute", value=value@entry=0x85de90) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/util/json.c:274 >> #8 0x00007ffff77b7e87 in virJSONValueObjectAppendString (object=object@entry=0x91d810, key=key@entry=0x4fef81 "execute", value=value@entry=0x51196f "human-monitor-command") >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/util/json.c:296 >> #9 0x00000000004aa884 in qemuMonitorJSONMakeCommandRaw (wrap=wrap@entry=false, cmdname=cmdname@entry=0x51196f "human-monitor-command") >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_monitor_json.c:404 >> #10 0x00000000004ac3a7 in qemuMonitorJSONHumanCommandWithFd (mon=mon@entry=0x7fffe80010b0, cmd_str=<optimized out>, scm_fd=-1, reply_str=0x7ffff1760920) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_monitor_json.c:886 >> #11 0x000000000049d303 in qemuMonitorHMPCommandWithFd (mon=mon@entry=0x7fffe80010b0, cmd=<optimized out>, scm_fd=scm_fd@entry=-1, reply=reply@entry=0x7ffff1760920) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_monitor.c:910 >> #12 0x00000000004a8bfe in qemuMonitorTextAddDrive (mon=mon@entry=0x7fffe80010b0, drivestr=drivestr@entry=0x7fffe0202020 "file=/dev/nbd0,if=none,id=drive-virtio-disk3,format=raw") >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_monitor_text.c:2836 >> #13 0x00000000004b0814 in qemuMonitorJSONAddDrive (mon=0x7fffe80010b0, drivestr=0x7fffe0202020 "file=/dev/nbd0,if=none,id=drive-virtio-disk3,format=raw") >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_monitor_json.c:2979 >> #14 0x00000000004a1bad in qemuMonitorAddDrive (mon=<optimized out>, drivestr=<optimized out>) at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_monitor.c:2571 >> #15 0x0000000000484a5d in qemuDomainAttachPciDiskDevice (conn=conn@entry=0x7fffe00111f0, driver=driver@entry=0x81fec0, vm=vm@entry=0x82f6b0, disk=disk@entry=0x7fffe02024d0) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_hotplug.c:250 >> #16 0x0000000000461d9e in qemuDomainAttachDeviceDiskLive (vm=0x82f6b0, driver=0x81fec0, conn=0x7fffe00111f0, dev=<optimized out>) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_driver.c:5179 >> #17 qemuDomainAttachDeviceLive (dev=0x7fffe001d5b0, vm=0x82f6b0, dom=<optimized out>) at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_driver.c:5238 >> #18 qemuDomainModifyDeviceFlags (dom=<optimized out>, xml=0x7fffe001d5b0 "\001", flags=<optimized out>, action=<optimized out>) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/qemu/qemu_driver.c:5779 >> #19 0x00007ffff7846f5d in virDomainAttachDevice (domain=domain@entry=0x7fffe0201fb0, >> xml=0x7fffe0201e50 "<disk type='block'>\n <driver name='qemu' type='raw'/>\n <source dev='/dev/nbd0'/>\n <target dev='vdd'/>\n</disk>\n") >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/libvirt.c:9288 >> #20 0x000000000043ccfe in remoteDispatchDomainAttachDevice (args=0x7fffe0201ff0, rerr=0x7ffff1760c90, client=<optimized out>, server=<optimized out>, msg=<optimized out>) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./daemon/remote_dispatch.h:320 >> #21 remoteDispatchDomainAttachDeviceHelper (server=<optimized out>, client=<optimized out>, msg=<optimized out>, rerr=0x7ffff1760c90, args=0x7fffe0201ff0, ret=<optimized out>) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./daemon/remote_dispatch.h:298 >> #22 0x00007ffff788a866 in virNetServerProgramDispatchCall (msg=0x7fffe8093d20, client=0x7fffe8053050, server=0x76e920, prog=0x778880) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/rpc/virnetserverprogram.c:416 >> #23 virNetServerProgramDispatch (prog=0x778880, server=server@entry=0x76e920, client=0x7fffe8053050, msg=0x7fffe8093d20) >> at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/rpc/virnetserverprogram.c:289 >> #24 0x00007ffff78864d1 in virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x76e920) at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/rpc/virnetserver.c:161 >> #25 0x00007ffff77c373e in virThreadPoolWorker (opaque=opaque@entry=0x7789a0) at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/util/threadpool.c:144 >> #26 0x00007ffff77c31c9 in virThreadHelper (data=<optimized out>) at /build/buildd-libvirt_0.9.12-4-amd64-KyxbcZ/libvirt-0.9.12/./src/util/threads-pthread.c:161 >> #27 0x00007ffff4d27b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 >> #28 0x00007ffff466b6dd in clone () from /lib/x86_64-linux-gnu/libc.so.6 >> #29 0x0000000000000000 in ?? () >> (gdb) f 7 > >This backtrace is identical with that attached to the bug. > >The bug is fixed by commit: >commit 0f4660c8787cc41fe67f869984c0ae11d680037e >Author: Peter Krempa <pkrempa@xxxxxxxxxx> >Date: Thu Jun 14 10:29:36 2012 +0200 > > qemu: Fix off-by-one error while unescaping monitor strings > > While unescaping the commands the commands passed through to the monitor > function qemuMonitorUnescapeArg() initialized lenght of the input string > to strlen()+1 which is fine for alloc but not for iteration of the > string. > >That is included in the 0.9.13 release. To fix this issue please upgrade or >propose to backport that patch into your distro. At any rate thanks for the >exhausting bug report, it definitely helped identifying the issue and would >be useful in fixing it. > >Peter -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list