Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1044899

Summary: Qemu core dumped when sending "info qtree" command with "-M q35" machine type
Product: Red Hat Enterprise Linux 7 Reporter: Qunfang Zhang <qzhang>
Component: qemu-kvmAssignee: Dr. David Alan Gilbert <dgilbert>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: acathrow, armbru, dgilbert, hhuang, juzhang, michen, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-22 12:30:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Qunfang Zhang 2013-12-19 08:34:31 UTC 
Description of problem:
Start a qemu command line with "-M q35" machine type, and check the "info qtree" output. QEMU core dumped. Tried other machine type like "pc" or "rhel6.5.0", no problem.

Version-Release number of selected component (if applicable):
kernel-3.10.0-63.el7.x86_64
qemu-kvm-1.5.3-30.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Start a command line with -M q35:
/usr/libexec/qemu-kvm -M q35 -monitor stdio

2. (qemu) info qtree

3.

Actual results:
QEMU core dumped.

Expected results:
No core dump happens.

Additional info:

(qemu) info qtree 
bus: main-system-bus
  type System
  dev: kvm-ioapic, id ""
    gpio-in 24
    gsi_base = 0
    irq 0
    mmio 00000000fec00000/0000000000001000
  dev: q35-pcihost, id ""
    MCFG = 2952790016

Program received signal SIGFPE, Arithmetic exception.
0x0000555555675a39 in print_size (dev=0x5555565757b0, prop=0x555555c69018 <mch_props+56>, 
    dest=0x7fffffffc0c0 "\003", len=1024) at hw/core/qdev-properties.c:1180
1180	    for (div = (long int)1 << 40; !(*ptr / div) ; div >>= 10) {
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.27.2-1.el7.x86_64 celt051-0.5.1.3-6.el7.x86_64 cyrus-sasl-lib-2.1.26-12.1.el7.x86_64 cyrus-sasl-md5-2.1.26-12.1.el7.x86_64 cyrus-sasl-plain-2.1.26-12.1.el7.x86_64 dbus-libs-1.6.12-5.el7.x86_64 flac-libs-1.3.0-2.el7.x86_64 glib2-2.36.3-2.el7.x86_64 glibc-2.17-36.el7.x86_64 glusterfs-api-3.4.0.40rhs-2.el7.x86_64 glusterfs-libs-3.4.0.40rhs-2.el7.x86_64 gmp-5.1.1-3.el7.x86_64 gnutls-3.1.16-1.el7.x86_64 gsm-1.0.13-9.el7.x86_64 json-c-0.11-1.el7.x86_64 keyutils-libs-1.5.8-1.el7.x86_64 krb5-libs-1.11.3-31.el7.x86_64 libICE-1.0.8-5.el7.x86_64 libSM-1.2.1-5.el7.x86_64 libX11-1.6.0-1.el7.x86_64 libXau-1.0.8-1.el7.x86_64 libXext-1.3.2-1.el7.x86_64 libXi-1.7.2-1.el7.x86_64 libXtst-1.2.2-1.el7.x86_64 libaio-0.3.109-9.el7.x86_64 libasyncns-0.8-5.el7.x86_64 libattr-2.4.46-10.el7.x86_64 libcap-2.22-6.el7.x86_64 libcom_err-1.42.8-2.el7.x86_64 libdb-5.3.21-14.el7.x86_64 libgcc-4.8.2-3.el7.x86_64 libgcrypt-1.5.3-1.el7.x86_64 libgpg-error-1.12-1.el7.x86_64 libibverbs-1.1.7-3.el7.x86_64 libiscsi-1.9.0-3.el7.x86_64 libjpeg-turbo-1.2.90-2.el7.x86_64 libogg-1.3.0-5.el7.x86_64 libpng-1.5.13-2.el7.x86_64 librdmacm-1.0.17-1.el7.x86_64 libseccomp-2.1.1-0.el7.x86_64 libselinux-2.1.13-21.el7.x86_64 libsndfile-1.0.25-7.el7.x86_64 libtasn1-3.3-1.el7.x86_64 libusbx-1.0.15-2.el7.x86_64 libuuid-2.23.2-6.el7.x86_64 libvorbis-1.3.3-4.el7.x86_64 libxcb-1.9-3.el7.x86_64 nettle-2.6-2.el7.x86_64 nspr-4.10-3.el7.x86_64 nss-3.15.2-8.el7.x86_64 nss-softokn-freebl-3.15.2-2.el7.x86_64 nss-util-3.15.2-1.el7.x86_64 openssl-libs-1.0.1e-23.el7.x86_64 p11-kit-0.18.7-2.el7.x86_64 pcre-8.32-8.el7.x86_64 pixman-0.30.0-1.el7.x86_64 pulseaudio-libs-3.0-11.el7.x86_64 tcp_wrappers-libs-7.6-75.el7.x86_64 usbredir-0.6-5.el7.x86_64 zlib-1.2.7-10.el7.x86_64
(gdb) bt
#0  0x0000555555675a39 in print_size (dev=0x5555565757b0, prop=0x555555c69018 <mch_props+56>, 
    dest=0x7fffffffc0c0 "\003", len=1024) at hw/core/qdev-properties.c:1180
#1  0x0000555555678ae8 in qdev_get_legacy_property (obj=<optimized out>, v=0x5555565d8890, 
    opaque=0x555555c69018 <mch_props+56>, name=0x555556d837e0 "legacy-pci-hole64-size", errp=0x7fffffffc500)
    at hw/core/qdev.c:561
#2  0x000055555573d17e in object_property_get_qobject (obj=obj@entry=0x5555565757b0, 
    name=name@entry=0x555556d837e0 "legacy-pci-hole64-size", errp=errp@entry=0x7fffffffc590) at qom/qom-qobject.c:37
#3  0x000055555573bde3 in object_property_get_str (obj=obj@entry=0x5555565757b0, 
    name=name@entry=0x555556d837e0 "legacy-pci-hole64-size", errp=errp@entry=0x7fffffffc590) at qom/object.c:805
#4  0x0000555555727bf4 in qdev_print_props (indent=4, props=0x555555c69018 <mch_props+56>, dev=0x5555565757b0, 
    mon=0x555556542d80) at qdev-monitor.c:561
#5  qdev_print (indent=4, dev=0x5555565757b0, mon=0x555556542d80) at qdev-monitor.c:601
#6  qbus_print (mon=0x555556542d80, bus=<optimized out>, indent=2) at qdev-monitor.c:619
#7  0x00005555557d9e49 in handle_user_command (mon=mon@entry=0x555556542d80, cmdline=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4008
#8  0x00005555557da14b in monitor_command_cb (mon=0x555556542d80, cmdline=<optimized out>, opaque=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4624
#9  0x000055555573dac0 in readline_handle_byte (rs=0x555556546c20, ch=<optimized out>) at readline.c:374
#10 0x00005555557da0b4 in monitor_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/monitor.c:4610
#11 0x000055555572c26b in qemu_chr_be_write (len=<optimized out>, buf=0x7fffffffc6f0 "\r\307\377\377\377\177", 
    s=0x55555652a820) at qemu-char.c:167
#12 fd_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x55555652a820) at qemu-char.c:850
#13 0x00007ffff74e9e06 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#14 0x00005555556f991a in glib_pollfds_poll () at main-loop.c:187
#15 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:232
#16 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:464
#17 0x0000555555601050 in main_loop () at vl.c:1984
#18 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4343
Comment 2 Dr. David Alan Gilbert 2014-01-09 11:42:17 UTC 
Confirmed on qemu-kvm.x86_64 10:1.5.3-30.el7
Bug doesn't happen on current upstream, or F20 qemu.
Comment 3 Dr. David Alan Gilbert 2014-01-09 12:08:48 UTC 
Upstream 1197cbb9eda1dc82e2fa1815ca62bc3de158353e

Author: Richard Henderson <rth>
Date:   Tue Jul 30 08:20:43 2013 -1000

    qdev: Use clz in print_size

should fix this.
Comment 6 Markus Armbruster 2014-01-22 12:30:44 UTC 
This is a regression caused by the fix for bug 1034876.  I made that one fail QA, and posted a fix.  Closing this one as duplicate.  It's not exactly duplicate, but it'll do.

*** This bug has been marked as a duplicate of bug 1034876 ***