Bug 1044899

Summary: Qemu core dumped when sending "info qtree" command with "-M q35" machine type
Product: Red Hat Enterprise Linux 7 Reporter: Qunfang Zhang <qzhang>
Component: qemu-kvmAssignee: Dr. David Alan Gilbert <dgilbert>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: acathrow, armbru, dgilbert, hhuang, juzhang, michen, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-22 12:30:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Qunfang Zhang 2013-12-19 08:34:31 UTC 
Description of problem:
Start a qemu command line with "-M q35" machine type, and check the "info qtree" output. QEMU core dumped. Tried other machine type like "pc" or "rhel6.5.0", no problem.

Version-Release number of selected component (if applicable):
kernel-3.10.0-63.el7.x86_64
qemu-kvm-1.5.3-30.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Start a command line with -M q35:
/usr/libexec/qemu-kvm -M q35 -monitor stdio

2. (qemu) info qtree

3.

Actual results:
QEMU core dumped.

Expected results:
No core dump happens.

Additional info:

(qemu) info qtree 
bus: main-system-bus
  type System
  dev: kvm-ioapic, id ""
    gpio-in 24
    gsi_base = 0
    irq 0
    mmio 00000000fec00000/0000000000001000
  dev: q35-pcihost, id ""
    MCFG = 2952790016

Program received signal SIGFPE, Arithmetic exception.
0x0000555555675a39 in print_size (dev=0x5555565757b0, prop=0x555555c69018 <mch_props+56>, 
    dest=0x7fffffffc0c0 "\003", len=1024) at hw/core/qdev-properties.c:1180
1180	    for (div = (long int)1 << 40; !(*ptr / div) ; div >>= 10) {
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.27.2-1.el7.x86_64 celt051-0.5.1.3-6.el7.x86_64 cyrus-sasl-lib-2.1.26-12.1.el7.x86_64 cyrus-sasl-md5-2.1.26-12.1.el7.x86_64 cyrus-sasl-plain-2.1.26-12.1.el7.x86_64 dbus-libs-1.6.12-5.el7.x86_64 flac-libs-1.3.0-2.el7.x86_64 glib2-2.36.3-2.el7.x86_64 glibc-2.17-36.el7.x86_64 glusterfs-api-3.4.0.40rhs-2.el7.x86_64 glusterfs-libs-3.4.0.40rhs-2.el7.x86_64 gmp-5.1.1-3.el7.x86_64 gnutls-3.1.16-1.el7.x86_64 gsm-1.0.13-9.el7.x86_64 json-c-0.11-1.el7.x86_64 keyutils-libs-1.5.8-1.el7.x86_64 krb5-libs-1.11.3-31.el7.x86_64 libICE-1.0.8-5.el7.x86_64 libSM-1.2.1-5.el7.x86_64 libX11-1.6.0-1.el7.x86_64 libXau-1.0.8-1.el7.x86_64 libXext-1.3.2-1.el7.x86_64 libXi-1.7.2-1.el7.x86_64 libXtst-1.2.2-1.el7.x86_64 libaio-0.3.109-9.el7.x86_64 libasyncns-0.8-5.el7.x86_64 libattr-2.4.46-10.el7.x86_64 libcap-2.22-6.el7.x86_64 libcom_err-1.42.8-2.el7.x86_64 libdb-5.3.21-14.el7.x86_64 libgcc-4.8.2-3.el7.x86_64 libgcrypt-1.5.3-1.el7.x86_64 libgpg-error-1.12-1.el7.x86_64 libibverbs-1.1.7-3.el7.x86_64 libiscsi-1.9.0-3.el7.x86_64 libjpeg-turbo-1.2.90-2.el7.x86_64 libogg-1.3.0-5.el7.x86_64 libpng-1.5.13-2.el7.x86_64 librdmacm-1.0.17-1.el7.x86_64 libseccomp-2.1.1-0.el7.x86_64 libselinux-2.1.13-21.el7.x86_64 libsndfile-1.0.25-7.el7.x86_64 libtasn1-3.3-1.el7.x86_64 libusbx-1.0.15-2.el7.x86_64 libuuid-2.23.2-6.el7.x86_64 libvorbis-1.3.3-4.el7.x86_64 libxcb-1.9-3.el7.x86_64 nettle-2.6-2.el7.x86_64 nspr-4.10-3.el7.x86_64 nss-3.15.2-8.el7.x86_64 nss-softokn-freebl-3.15.2-2.el7.x86_64 nss-util-3.15.2-1.el7.x86_64 openssl-libs-1.0.1e-23.el7.x86_64 p11-kit-0.18.7-2.el7.x86_64 pcre-8.32-8.el7.x86_64 pixman-0.30.0-1.el7.x86_64 pulseaudio-libs-3.0-11.el7.x86_64 tcp_wrappers-libs-7.6-75.el7.x86_64 usbredir-0.6-5.el7.x86_64 zlib-1.2.7-10.el7.x86_64
(gdb) bt
#0  0x0000555555675a39 in print_size (dev=0x5555565757b0, prop=0x555555c69018 <mch_props+56>, 
    dest=0x7fffffffc0c0 "\003", len=1024) at hw/core/qdev-properties.c:1180
#1  0x0000555555678ae8 in qdev_get_legacy_property (obj=<optimized out>, v=0x5555565d8890, 
    opaque=0x555555c69018 <mch_props+56>, name=0x555556d837e0 "legacy-pci-hole64-size", errp=0x7fffffffc500)
    at hw/core/qdev.c:561
#2  0x000055555573d17e in object_property_get_qobject (obj=obj@entry=0x5555565757b0, 
    name=name@entry=0x555556d837e0 "legacy-pci-hole64-size", errp=errp@entry=0x7fffffffc590) at qom/qom-qobject.c:37
#3  0x000055555573bde3 in object_property_get_str (obj=obj@entry=0x5555565757b0, 
    name=name@entry=0x555556d837e0 "legacy-pci-hole64-size", errp=errp@entry=0x7fffffffc590) at qom/object.c:805
#4  0x0000555555727bf4 in qdev_print_props (indent=4, props=0x555555c69018 <mch_props+56>, dev=0x5555565757b0, 
    mon=0x555556542d80) at qdev-monitor.c:561
#5  qdev_print (indent=4, dev=0x5555565757b0, mon=0x555556542d80) at qdev-monitor.c:601
#6  qbus_print (mon=0x555556542d80, bus=<optimized out>, indent=2) at qdev-monitor.c:619
#7  0x00005555557d9e49 in handle_user_command (mon=mon@entry=0x555556542d80, cmdline=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4008
#8  0x00005555557da14b in monitor_command_cb (mon=0x555556542d80, cmdline=<optimized out>, opaque=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4624
#9  0x000055555573dac0 in readline_handle_byte (rs=0x555556546c20, ch=<optimized out>) at readline.c:374
#10 0x00005555557da0b4 in monitor_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4610
#11 0x000055555572c26b in qemu_chr_be_write (len=<optimized out>, buf=0x7fffffffc6f0 "\r\307\377\377\377\177", 
    s=0x55555652a820) at qemu-char.c:167
#12 fd_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x55555652a820) at qemu-char.c:850
#13 0x00007ffff74e9e06 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#14 0x00005555556f991a in glib_pollfds_poll () at main-loop.c:187
#15 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:232
#16 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:464
#17 0x0000555555601050 in main_loop () at vl.c:1984
#18 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4343
Comment 2 Dr. David Alan Gilbert 2014-01-09 11:42:17 UTC 
Confirmed on qemu-kvm.x86_64 10:1.5.3-30.el7
Bug doesn't happen on current upstream, or F20 qemu.
Comment 3 Dr. David Alan Gilbert 2014-01-09 12:08:48 UTC 
Upstream 1197cbb9eda1dc82e2fa1815ca62bc3de158353e

Author: Richard Henderson <rth>
Date:   Tue Jul 30 08:20:43 2013 -1000

    qdev: Use clz in print_size

should fix this.
Comment 6 Markus Armbruster 2014-01-22 12:30:44 UTC 
This is a regression caused by the fix for bug 1034876.  I made that one fail QA, and posted a fix.  Closing this one as duplicate.  It's not exactly duplicate, but it'll do.

*** This bug has been marked as a duplicate of bug 1034876 ***