Skip to content

Segmentation fault when introspecting machine properties

Host environment

  • Operating system: Fedora
  • Architecture: x86
  • QEMU flavor: qemu-system-x86_64
  • QEMU version: master branch (commit 7433709a)
  • QEMU command line: 
    echo '{ "execute": "qmp_capabilities" }{ "execute": "qom-list-properties","arguments": { "typename": "pc-q35-10.0-machine"}}' | ./qemu-system-x86_64 -M pc -qmp stdio

Emulated/Virtualized environment

  • Operating system: n/a
  • Architecture: x86

Description of problem

QEMU currrently crashes when trying to list the properties of the q35 machine type while QEMU has been started with the i440fx machine type. Introspecting QOM objects for their properties should always be possible, but apparently there is currently something causing a crash in this case.

Steps to reproduce

  1. Start QEMU with: qemu-system-x86_64 -M pc -qmp stdio
  2. Enter these commands in the QMP monitor:
 { "execute": "qmp_capabilities" }
 { "execute": "qom-list-properties","arguments": { "typename": "pc-q35-10.0-machine"}}

Additional information

Backtrace looks like this:

mc146818rtc_set_cmos_data (s=0x0, addr=95, val=-1) at ../../devel/qemu/hw/rtc/mc146818rtc.c:738
738	        s->cmos_data[addr] = val;
--Type <RET> for more, q to quit, c to continue without paging--#0  mc146818rtc_set_cmos_data (s=0x0, addr=95, val=-1) at ../../devel/qemu/hw/rtc/mc146818rtc.c:738
#1  0x0000555555bf15d2 in pc_machine_done (notifier=0x555557f40750, data=<optimized out>) at ../../devel/qemu/hw/i386/pc.c:632
#2  0x0000555555d4f7a2 in object_init_with_type (obj=obj@entry=0x555557f40320, ti=ti@entry=0x5555579c3c60)
    at ../../devel/qemu/qom/object.c:424
#3  0x0000555555d49c7e in object_initialize_with_type (obj=0x555557f40320, size=<optimized out>, type=type@entry=0x5555579c3c60)
    at ../../devel/qemu/qom/object.c:570
#4  0x0000555555d4a660 in object_new_with_type (type=0x5555579c3c60) at ../../devel/qemu/qom/object.c:774
#5  object_new (typename=typename@entry=0x555558672b30 "pc-q35-10.0-machine") at ../../devel/qemu/qom/object.c:789
#6  0x0000555555e825c5 in qmp_qom_list_properties (typename=0x555558672b30 "pc-q35-10.0-machine", errp=errp@entry=0x7fffffffd988)
    at ../../devel/qemu/qom/qom-qmp-cmds.c:205
#7  0x0000555555ef0525 in qmp_marshal_qom_list_properties (args=<optimized out>, ret=0x7fffeda9af00, errp=0x7fffeda9af08)
    at qapi/qapi-commands-qom.c:288
#8  0x0000555555f1edc1 in do_qmp_dispatch_bh (opaque=0x7fffeda9aed0) at ../../devel/qemu/qapi/qmp-dispatch.c:128
#9  0x0000555555f40e28 in aio_bh_poll (ctx=ctx@entry=0x5555579f2930) at ../../devel/qemu/util/async.c:219
#10 0x0000555555f2886f in aio_dispatch (ctx=0x5555579f2930) at ../../devel/qemu/util/aio-posix.c:424
#11 0x0000555555f41cbb in aio_ctx_dispatch (source=0x0, callback=0x5f, user_data=<optimized out>) at ../../devel/qemu/util/async.c:361
#12 0x00007ffff6d98e8c in g_main_context_dispatch_unlocked.lto_priv () at /lib64/libglib-2.0.so.0
#13 0x00007ffff6d99155 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#14 0x0000555555f42540 in glib_pollfds_poll () at ../../devel/qemu/util/main-loop.c:287
#15 os_host_main_loop_wait (timeout=<optimized out>) at ../../devel/qemu/util/main-loop.c:310
#16 main_loop_wait (nonblocking=nonblocking@entry=0) at ../../devel/qemu/util/main-loop.c:589
#17 0x0000555555ae1207 in qemu_main_loop () at ../../devel/qemu/system/runstate.c:835
#18 0x0000555555e85d57 in qemu_default_main (opaque=<optimized out>) at ../../devel/qemu/system/main.c:48
#19 0x0000555555e85d2f in main (argc=<optimized out>, argv=<optimized out>) at ../../devel/qemu/system/main.c:76
Edited by Thomas Huth
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information