Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2018:0816
Description of problem: qemu will coredump after executing info qtree Version-Release number of selected component (if applicable): qemu-kvm-1.5.3-154.el7.x86_64 3.10.0-836.el7.x86_64 nvidia driver 390.21(host & guest) How reproducible: 100% Steps to Reproduce: 1.Try to boot guest with a vgpu and a sr-iov device: /usr/libexec/qemu-kvm -name 75 -m 4G \ -S \ -cpu Broadwell,enforce \ -smp 4 \ -monitor stdio \ -qmp unix:/tmp/qmp,server,nowait \ -device VGA \ -serial unix:/tmp/console,server,nowait \ -netdev tap,id=idinWyYp,vhost=on -device e1000,mac=42:ce:a9:d2:2e:d8,id=idlbq7eA,netdev=idinWyYp \ -uuid 225e11b2-a869-41b5-91cd-6a32a907be7e \ -drive file=guest1.qcow2,if=none,id=drive-scsi-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-hd,drive=drive-scsi-disk0,id=scsi-disk0 \ -vnc :0 \ -device vfio-pci,sysfsdev=/sys/bus/mdev/devices/c0d9aaf1-8c0b-4ee1-b90d-ef36b43f9bd0,id=gvt \ -device vfio-pci,host=01:10.1,id=iov \ 2.Execute "info qtree" in hmp 3. Actual results: qemu will coredump with log: #0 0x00007f301d9d51b7 in raise () from /lib64/libc.so.6 #1 0x00007f301d9d68a8 in abort () from /lib64/libc.so.6 #2 0x00007f301d9cdfd6 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00007f301d9ce082 in __assert_fail () from /lib64/libc.so.6 #4 0x000055629c661e58 in get_pci_host_devaddr (obj=<optimized out>, v=0x55629f7e2ee0, opaque=<optimized out>, name=0x55629c864fd5 "host", errp=0x7fff23689bb0) at hw/core/qdev-properties.c:737 #5 0x000055629c717ce4 in object_property_print (obj=obj@entry=0x5562a055cc00, name=0x55629c864fd5 "host", errp=0x7fff23689bb0) at qom/object.c:928 #6 0x000055629c702bec in qdev_print_props (indent=8, props=0x55629cc4e420 <vfio_pci_dev_properties>, dev=0x5562a055cc00, mon=0x55629f7ce500) at qdev-monitor.c:585 #7 qdev_print (indent=8, dev=0x5562a055cc00, mon=0x55629f7ce500) at qdev-monitor.c:623 #8 qbus_print (mon=mon@entry=0x55629f7ce500, bus=bus@entry=0x55629f7b3600, indent=6, indent@entry=4) at qdev-monitor.c:641 #9 0x000055629c702b9d in qdev_print (indent=4, dev=0x5562a0471000, mon=0x55629f7ce500) at qdev-monitor.c:628 #10 qbus_print (mon=0x55629f7ce500, bus=<optimized out>, indent=2) at qdev-monitor.c:641 #11 0x000055629c7a3389 in handle_user_command (mon=mon@entry=0x55629f7ce500, cmdline=<optimized out>) at /usr/src/debug/qemu-1.5.3/monitor.c:4010 #12 0x000055629c7a3657 in monitor_command_cb (mon=0x55629f7ce500, cmdline=<optimized out>, opaque=<optimized out>) at /usr/src/debug/qemu-1.5.3/monitor.c:4626 #13 0x000055629c719034 in readline_handle_byte (rs=0x5562a0010000, ch=<optimized out>) at readline.c:374 #14 0x000055629c7a35e4 in monitor_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/debug/qemu-1.5.3/monitor.c:4612 #15 0x000055629c70680b in qemu_chr_be_write (len=<optimized out>, buf=0x7fff23689d50 "\r\243h#\377\177", s=0x55629f804000) at qemu-char.c:167 #16 fd_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x55629f804000) at qemu-char.c:850 #17 0x00007f30265c48f9 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #18 0x000055629c6d8d4a in glib_pollfds_poll () at main-loop.c:187 #19 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235 #20 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:475 #21 0x000055629c5ee890 in main_loop () at vl.c:1995 #22 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4361 Expected results: qemu won't crash Additional info: