RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2001318 - [Upstream] QEMU core dumped if launch with '-smp , maxcpus=4'
Summary: [Upstream] QEMU core dumped if launch with '-smp , maxcpus=4'
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: qemu-kvm
Version: 9.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Paolo Bonzini
QA Contact: liunana
URL:
Whiteboard:
Depends On: 1989338 1997408
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-09-05 13:58 UTC by John Ferlan
Modified: 2022-05-17 12:28 UTC (History)
7 users (show)

Fixed In Version: qem-kvm-6.1.0-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1989338
Environment:
Last Closed: 2022-05-17 12:24:17 UTC
Type: ---
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-96251 0 None None None 2021-09-05 14:00:23 UTC
Red Hat Product Errata RHBA-2022:2307 0 None None None 2022-05-17 12:24:50 UTC

Description John Ferlan 2021-09-05 13:58:17 UTC 
+++ This bug was initially created as a clone of Bug #1989338 +++

Description of problem:
As in qemu-kvm man page says, "n" is optional,

   "-smp [[cpus=]n][,maxcpus=maxcpus][,sockets=sockets][,dies=dies][,cores=cores][,threads=threads]"

However, if launch qemu with '-smp ,maxcpus=4', qemu core dumped.


Version-Release number of selected component (if applicable):
qemu-kvm-6.1.0-1.rc1.scrmod+el8.5.0+12016+049b55fd.wrb210728
kernel-4.18.0-323.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. # /usr/libexec/qemu-kvm -smp ,maxcpus=4


Actual results:
qemu-kvm: ../qobject/qdict.c:369: qentry_destroy: Assertion `e->value != NULL' failed.
Aborted (core dumped)

Expected results:
QEMU quit with error message instead of core dump.

Additional info:
1. It's a regression.  qemu-kvm-6.0.0-16.module+el8.5.0+10848+2dccc46d works well.

2. "/usr/libexec/qemu-kvm -smp maxcpus=4,sockets=2,cores=2" works well.

3. (gdb) bt full
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        set = {__val = {0, 93825009086592, 0, 140737298297931, 93827783032832, 93825009086592, 
            93825009086592, 93825009086592, 93825009086592, 93825009086679, 93825009086692, 
            93825009086592, 93825009086692, 0, 0, 0}}
        pid = <optimized out>
        tid = <optimized out>
        ret = <optimized out>
#1  0x00007ffff4a67db5 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x555556567080, sa_sigaction = 0x555556567080}, 
          sa_mask = {__val = {0, 140737301732288, 140737299375648, 0, 0, 0, 140737488343752, 
              21474836480, 140737488343600, 140737299432112, 140737299416728, 0, 14713352540630688768, 
              140737299401645, 0, 140737299416728}}, sa_flags = 1442461189, 
          sa_restorer = 0x555555fa3627}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff4a67c89 in __assert_fail_base (
    fmt=0x7ffff4bd0698 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
--Type <RET> for more, q to quit, c to continue without paging--
    assertion=0x555555fa3627 "e->value != NULL", file=0x555555fa3605 "../qobject/qdict.c", line=369, 
    function=<optimized out>) at assert.c:92
        str = 0x555556567080 ""
        total = 4096
#3  0x00007ffff4a75a76 in __GI___assert_fail (
    assertion=assertion@entry=0x555555fa3627 "e->value != NULL", 
    file=file@entry=0x555555fa3605 "../qobject/qdict.c", line=line@entry=369, 
    function=function@entry=0x555555fa3668 <__PRETTY_FUNCTION__.16005> "qentry_destroy") at assert.c:101
No locals.
#4  0x0000555555c3a736 in qentry_destroy (e=0x5555565670f0) at ../qobject/qdict.c:369
        __PRETTY_FUNCTION__ = "qentry_destroy"
        _obj = <optimized out>
        __mptr = <optimized out>
#5  qentry_destroy (e=0x5555565670f0) at ../qobject/qdict.c:365
        __PRETTY_FUNCTION__ = "qentry_destroy"
#6  0x0000555555c3b056 in qdict_destroy_obj (obj=<optimized out>) at ../qobject/qdict.c:438
        tmp = 0x0
--Type <RET> for more, q to quit, c to continue without paging--c
        entry = <optimized out>
        i = <optimized out>
        qdict = <optimized out>
        __PRETTY_FUNCTION__ = "qdict_destroy_obj"
#7  0x0000555555b11790 in qobject_unref_impl (obj=0x555556566020) at /usr/src/debug/qemu-kvm-6.1.0-1.rc1.scrmod+el8.5.0+12016+049b55fd.wrb210728.x86_64/include/qapi/qmp/qobject.h:93
        __PRETTY_FUNCTION__ = "qobject_unref_impl"
#8  machine_parse_property_opt (propname=0x555555cba45e "smp", errp=0x7fffffffd410, arg=<optimized out>, opts_list=<optimized out>) at ../softmmu/vl.c:1562
        opts = 0x555556566020
        prop = 0x0
        help = false
        _auto_errp_prop = {local_err = 0x555556567040, errp = 0x5555564e5070 <error_fatal>}
        opts = <optimized out>
        prop = <optimized out>
        help = <optimized out>
        _auto_errp_prop = <optimized out>
        _obj = <optimized out>
        __mptr = <optimized out>
        _obj = <optimized out>
        __mptr = <optimized out>
#9  qemu_init (argc=3, argv=0x7fffffffd628, envp=<optimized out>) at ../softmmu/vl.c:3341
        popt = <optimized out>
        opts = <optimized out>
        icount_opts = 0x0
        accel_opts = <optimized out>
        olist = <optimized out>
        optind = 3
        optarg = 0x7fffffffd9b5 ",maxcpus=4"
        machine_class = <optimized out>
        userconfig = <optimized out>
        vmstate_dump_file = 0x0
        __func__ = "qemu_init"
#10 0x000055555588cced in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:49
No locals.

--- Additional comment from John Ferlan on 2021-08-03 15:57:15 UTC ---

A bit of poor man's bisection lands on upstream commit a3c2f12830683e285e1ef32d459717dcdf9b70c6 which will be included in rc2

So I'll move this to POST w/ Paolo as the owner since he made that commit.

$ git co 526f1f3a5c6726e3d3b893d8063d31fda091c7e0
$ make -j5
...
$ ./build/x86_64-softmmu/qemu-system-x86_64 -smp ,maxcpus=4
qemu-system-x86_64: ../qobject/qdict.c:369: qentry_destroy: Assertion `e->value != NULL' failed.
Aborted (core dumped)
$ git co a3c2f12830683e285e1ef32d459717dcdf9b70c6
$ make -j5
...
./build/x86_64-softmmu/qemu-system-x86_64 -smp ,maxcpus=4
qemu-system-x86_64: -smp ,maxcpus=4: Invalid parameter ''
$ 

I'm not quite sure which ITM to set here as I'm not sure what the plans are yet. It'd be strange to move it to ON_QA & VERIFIED as soon as Mirek merges in rc2...  Still I'll leave a needinfo on Mirek mostly for his awareness. Mirek feel free to just clear the needinfo (and of course making sure the various knobs are twisted as you expect them in order to move this along once rc2 is merged in).

FWIW: Yes, the same problem would exist if we did the same processing using rc1 for RHEL9, but since I believe we don't have that yet, let's not go there yet.

--- Additional comment from Miroslav Rezanina on 2021-08-06 08:12:36 UTC ---

Set DTM to 5 to have small reserve for rebase handling. ITM can be set properly reflecting DTM value.

--- Additional comment from Yumei Huang on 2021-08-06 08:25:08 UTC ---

Set ITM to 8 since Chinese holiday(Oct 1-7).

--- Additional comment from Yanan Fu on 2021-08-06 08:26:24 UTC ---

This issue gone with rc2, can get the expected result in comment 1.

Test version:
weeklyrebase build:  qemu-kvm-core-6.1.0-1.rc2.scrmod+el8.5.0+12133+c45b5bc2.wrb210804.x86_64

Test step:
# /usr/libexec/qemu-kvm -smp ,maxcpus=4
qemu-kvm: -smp ,maxcpus=4: Invalid parameter ''
Comment 1 Yanan Fu 2021-10-12 06:50:07 UTC 
Set 'Verified:Tested,SanityOnly' as gating test with qemu-kvm-6.1.0-1.el9 pass
Comment 2 liunana 2021-10-14 07:26:22 UTC 
Test Env:
    5.14.0-4.el9.x86_64
    qemu-kvm-6.1.0-1.el9.x86_64

Test PASS with steps:

1. Boot qemu with:
# /usr/libexec/qemu-kvm -smp ,maxcpus=4
qemu-kvm: -smp ,maxcpus=4: Invalid parameter ''

And qemu doesn't occur core dumped.


I will move this bug to verified directly once it is ON_QA. Thanks.



Best regards
Liu Nana
Comment 7 liunana 2021-12-20 03:26:59 UTC 
Move this bug to VERIFIED according to Comment 2.
Comment 9 errata-xmlrpc 2022-05-17 12:24:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: qemu-kvm), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2307
Note You need to log in before you can comment on or make changes to this bug.