Description of problem: QEMU core dumped if set dies a negative value. Version-Release number of selected component (if applicable): qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1 kernel-4.18.0-131.el8.x86_64 How reproducible: always Steps to Reproduce: 1. # /usr/libexec/qemu-kvm -smp 2,dies=-2 2. 3. Actual results: # /usr/libexec/qemu-kvm -smp 2,dies=-2 qemu-kvm: warning: Invalid CPU topology deprecated: sockets (0) * dies (4294967294) * cores (1) * threads (1) != maxcpus (2) qemu-kvm: /builddir/build/BUILD/qemu-4.1.0-rc4/target/i386/cpu.c:4392: cpu_x86_cpuid: Assertion `!(*eax & ~0x1f)' failed. Aborted (core dumped) Expected results: No core dump. Additional info:
(gdb) bt full #0 0x00007f70ab97f8df in raise () at /lib64/libc.so.6 #1 0x00007f70ab969cf5 in abort () at /lib64/libc.so.6 #2 0x00007f70ab969bc9 in _nl_load_domain.cold.0 () at /lib64/libc.so.6 #3 0x00007f70ab977e96 in .annobin_assert.c_end () at /lib64/libc.so.6 #4 0x000055adf0fee752 in cpu_x86_cpuid (env=env@entry=0x55adf2801c50, index=<optimized out>, index@entry=11, count=count@entry=1, eax=eax@entry=0x7f709fffda24, ebx=ebx@entry=0x7f709fffda28, ecx=ecx@entry=0x7f709fffda2c, edx=0x7f709fffda30) at /usr/src/debug/qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1.x86_64/target/i386/cpu.c:4392 cpu = 0x55adf27f9400 cs = 0x55adf27f9400 die_offset = <optimized out> limit = <optimized out> __PRETTY_FUNCTION__ = "cpu_x86_cpuid" #5 0x000055adf103dc2f in kvm_arch_init_vcpu (cs=0x55adf27f9400) at /usr/src/debug/qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1.x86_64/target/i386/kvm.c:1478 cpuid_data = {cpuid = {nent = 0, padding = 0, entries = 0x7f709fffd748}, entries = {{function = 1073741824, index = 0, flags = 0, eax = 1073741825, ebx = 1263359563, ecx = 1447775574, edx = 77, padding = {0, 0, 0}}, {function = 1073741825, index = 0, flags = 0, eax = 16777467, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 0, index = 0, flags = 0, eax = 31, ebx = 1970169159, ecx = 1818588270, edx = 1231384169, padding = {0, 0, 0}}, {function = 1, index = 0, flags = 0, eax = 1747, ebx = 2048, ecx = 2149588993, edx = 126614525, padding = {0, 0, 0}}, {function = 2, index = 0, flags = 6, eax = 1, ebx = 0, ecx = 77, edx = 2895997, padding = {0, 0, 0}}, {function = 3, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 4, index = 0, flags = 1, eax = 289, ebx--Type <RET> for more, q to quit, c to continue without paging--c = 29360191, ecx = 63, edx = 1, padding = {0, 0, 0}}, {function = 4, index = 1, flags = 1, eax = 290, ebx = 29360191, ecx = 63, edx = 1, padding = {0, 0, 0}}, {function = 4, index = 2, flags = 1, eax = 323, ebx = 62914623, ecx = 4095, edx = 1, padding = {0, 0, 0}}, {function = 4, index = 3, flags = 1, eax = 355, ebx = 62914623, ecx = 16383, edx = 6, padding = {0, 0, 0}}, {function = 4, index = 4, flags = 1, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 5, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 3, edx = 0, padding = {0, 0, 0}}, {function = 6, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 7, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 8, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 9, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 10, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}}, {function = 11, index = 0, flags = 1, eax = 0, ebx = 1, ecx = 256, edx = 0, padding = {0, 0, 0}}, {function = 11, index = 1, flags = 1, eax = 32, ebx = 1, ecx = 513, edx = 0, padding = {0, 0, 0}}, {function = 0, index = 0, flags = 0, eax = 0, ebx = 0, ecx = 0, edx = 0, padding = {0, 0, 0}} <repeats 81 times>}} cpu = 0x55adf27f9400 __func__ = "kvm_arch_init_vcpu" env = 0x55adf2801c50 limit = 31 i = 11 j = 1 cpuid_i = <optimized out> unused = 1818588270 c = 0x7f709fffda18 kvm_base = 1073741824 max_nested_state_len = <optimized out> r = <optimized out> local_err = 0x0 __PRETTY_FUNCTION__ = "kvm_arch_init_vcpu" #6 0x000055adf0f50ed7 in qemu_kvm_cpu_thread_fn (arg=0x55adf27f9400) at /usr/src/debug/qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1.x86_64/cpus.c:1270 cpu = 0x55adf27f9400 r = <optimized out> #7 0x000055adf1270174 in qemu_thread_start (args=0x55adf281d930) at util/qemu-thread-posix.c:502 __clframe = {__cancel_routine = <optimized out>, __cancel_arg = 0x0, __do_it = 1, __cancel_type = <optimized out>} qemu_thread_args = 0x55adf281d930 start_routine = 0x55adf0f50e80 <qemu_kvm_cpu_thread_fn> arg = 0x55adf27f9400 r = <optimized out> #8 0x00007f70abd132de in start_thread () at /lib64/libpthread.so.0 #9 0x00007f70aba44133 in clone () at /lib64/libc.so.6
If set dies=0, QEMU core dumped with different error. # /usr/libexec/qemu-kvm -smp 2,dies=0 Floating point exception (core dumped) (gdb) bt full #0 0x00005574da0e8ed7 in pc_smp_parse (ms=0x5574dcadb400, opts=0x5574dca71b30) at /usr/src/debug/qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1.x86_64/hw/i386/pc.c:1781 pcms = 0x5574dcadb400 __func__ = "pc_smp_parse" #1 0x00005574da025e35 in main (argc=<optimized out>, argv=0x7ffe2c292298, envp=<optimized out>) at vl.c:4016 i = <optimized out> snapshot = 0 linux_boot = <optimized out> initrd_filename = <optimized out> kernel_filename = <optimized out> kernel_cmdline = <optimized out> boot_order = 0x0 boot_once = 0x0 ds = <optimized out> opts = <optimized out> machine_opts = <optimized out> icount_opts = 0x0 accel_opts = 0x0 olist = <optimized out> optind = 3 optarg = 0x7ffe2c293cbe "2,dies=0" loadvm = 0x0 machine_class = 0x5574dcaac8e0 cpu_option = 0x0 vga_model = 0x0 qtest_chrdev = 0x0 qtest_log = 0x0 incoming = 0x0 userconfig = <optimized out> nographic = false display_remote = 0 log_mask = 0x0 log_file = 0x0 trace_file = 0x0 maxram_size = 134217728 ram_slots = 0 --Type <RET> for more, q to quit, c to continue without paging--c vmstate_dump_file = 0x0 main_loop_err = 0x0 err = 0x0 list_data_dirs = false dir = <optimized out> bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffe2c292130} __func__ = "main"
Need to pay attention, if value < 0, set parameter 'cores' or 'threads' also hit this issue. # /usr/libexec/qemu-kvm -smp 2,threads=-1 qemu-kvm: warning: Invalid CPU topology deprecated: sockets (0) * dies (1) * cores (1) * threads (4294967295) != maxcpus (2) qemu-kvm: /builddir/build/BUILD/qemu-4.1.0-rc4/target/i386/cpu.c:261: encode_cache_cpuid4: Assertion `num_apic_ids > 0' failed. Aborted (core dumped) # /usr/libexec/qemu-kvm -smp 2,cores=-1 qemu-kvm: warning: Invalid CPU topology deprecated: sockets (0) * dies (1) * cores (4294967295) * threads (1) != maxcpus (2) qemu-kvm: /builddir/build/BUILD/qemu-4.1.0-rc4/target/i386/cpu.c:4392: cpu_x86_cpuid: Assertion `!(*eax & ~0x1f)' failed. Aborted (core dumped) When forcibly setting dies=0, it should be switch to 1 like the others. # /usr/libexec/qemu-kvm -smp 2,sockets=4,cores=0,threads=0 qemu-kvm: cpu topology: sockets (4) * dies (1) * cores (1) * threads (1) > maxcpus (2) -------> dies (1) # /usr/libexec/qemu-kvm -smp 2,sockets=4,dies=0,cores=0,threads=0 Floating point exception (core dumped)
Thanks Yihuang for the update. I tried with qemu-kvm-2.12.0-83.module+el8.1.0+3852+0ba8aef0 and qemu-kvm-rhev-2.12.0-33.el7, if set cores=-1, won't hit the core dump. # /usr/libexec/qemu-kvm -smp 2,cores=-1 qemu-kvm: cpu topology: sockets (1) * cores (4294967295) * threads (1) > maxcpus (2) So adding regression keyword.
Eduardo - this seems to be related to upstream commit 1b45842203 so assigning to you. Could be different bugs though so you may need to clone/split. The @dies values missed that a 0 based value used as a divisor won't be good. When @dies < 0, I'm getting a different result. The @cores or @threads value being negative could be a separate issue as the code gets a bit further, but it could also be a validation of input type case.
Severity and priority aren't high, because libvirt doesn't even support the "dies" option yet. When it starts supporting it, the XML schema will make it accepts only positive values for the option. Moving to backlog.
QEMU has been recently split into sub-components and as a one-time operation to avoid breakage of tools, we are setting the QEMU sub-component of this BZ to "General". Please review and change the sub-component if necessary the next time you review this BZ. Thanks
Hit same issue on rhel8.3.0 slow train. qemu-kvm-4.2.0-25.module+el8.3.0+6974+1d9d018b # /usr/libexec/qemu-kvm -smp 2,dies=-2 qemu-kvm: warning: Invalid CPU topology deprecated: sockets (0) * dies (4294967294) * cores (1) * threads (1) != maxcpus (2) qemu-kvm: /builddir/build/BUILD/qemu-4.2.0/target/i386/cpu.c:5578: cpu_x86_cpuid: Assertion `!(*eax & ~0x1f)' failed. Aborted (core dumped)
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Still can reproduce this bug with following configurations: 1. # /usr/libexec/qemu-kvm -smp 2,sockets=4,dies=0,cores=0,threads=0 Floating point exception (core dumped) 2. # /usr/libexec/qemu-kvm -smp 2,dies=0 Floating point exception (core dumped) Test environments: intel-walkerpass-02.khw1.lab.eng.bos.redhat.com kernel-4.18.0-298.el8.x86_64 qemu-kvm-5.2.0-12.module+el8.4.0+10354+98272afe.x86_64 I will re-open this BZ now, Please help to check this, thanks. Best regards Liu Nana