1708076 – QEMU core dump "qemu_set_nonblock: Assertion `f != -1' failed" with a non-exist fd on tap

Bug 1708076 - QEMU core dump "qemu_set_nonblock: Assertion `f != -1' failed" with a non-exist fd on tap

Summary: QEMU core dump "qemu_set_nonblock: Assertion `f != -1' failed" with a non-exi...

Keywords:
Status:	CLOSED DUPLICATE of bug 1848274
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	8.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.1
Assignee:	Virtualization Maintenance
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1709627 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-05-09 06:12 UTC by CongLi
Modified:	2020-08-13 10:49 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-08-13 10:49:36 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description CongLi 2019-05-09 06:12:02 UTC

Description of problem:
QEMU core dump when tap device with a non-exist fd.
qemu-kvm: util/oslib-posix.c:245: qemu_set_nonblock: Assertion `f != -1' failed.
ovmf.sh: line 30:   811 Aborted                 (core dumped) MALLOC_PERTURB_=1 /usr/libexec/qemu-kvm -S -name 'avocado-vt-vm1' -machine q35 -nodefaults -device VGA,bus=pcie.0,addr=0x1 -device pcie-root-port,id=pcie.0-root-port-3,slot=3,chassis=3,addr=0x3,bus=pcie.0 -device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pcie.0-root-port-3,addr=0x0 -drive id=drive_image1,if=none,snapshot=off,aio=threads,cache=none,format=qcow2,file=/home/kvm_autotest_root/images/rhel810-64-virtio-scsi.qcow2 -device scsi-hd,id=image1,drive=drive_image1 -device pcie-root-port,id=pcie.0-root-port-4,slot=4,chassis=4,addr=0x4,bus=pcie.0 -device virtio-net-pci,mac=9a:91:92:93:94:95,id=id3cE67z,vectors=4,netdev=idR4I0Ft,bus=pcie.0-root-port-4,addr=0x0 -netdev tap,id=idR4I0Ft,vhost=on,vhostfd=22,fd=16 ....

(gdb) bt
#0  0x00007f3a81dcd93f in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007f3a81db7c95 in __GI_abort () at abort.c:79
#2  0x00007f3a81db7b69 in __assert_fail_base
    (fmt=0x7f3a81f1e860 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5560e23dd3bd "f != -1", file=0x5560e23dd34f "util/oslib-posix.c", line=245, function=<optimized out>) at assert.c:92
#3  0x00007f3a81dc5df6 in __GI___assert_fail
    (assertion=assertion@entry=0x5560e23dd3bd "f != -1", file=file@entry=0x5560e23dd34f "util/oslib-posix.c", line=line@entry=245, function=function@entry=0x5560e23dd550 <__PRETTY_FUNCTION__.20478> "qemu_set_nonblock") at assert.c:101
#4  0x00005560e223e4e1 in qemu_set_nonblock (fd=fd@entry=16) at util/oslib-posix.c:245
#5  0x00005560e2133f39 in net_init_tap (netdev=0x5560e43b3460, name=0x5560e43b3690 "idR4I0Ft", peer=0x0, errp=0x7fff7e7248d0) at net/tap.c:794
#6  0x00005560e2123c37 in net_client_init1 (errp=0x7fff7e7248d0, is_netdev=true, object=0x5560e43b3460) at net/net.c:1060
#7  0x00005560e2123c37 in net_client_init (opts=<optimized out>, is_netdev=<optimized out>, errp=0x7fff7e724bd0) at net/net.c:1154
#8  0x00005560e224d872 in qemu_opts_foreach
    (list=<optimized out>, func=func@entry=0x5560e2124180 <net_init_netdev>, opaque=opaque@entry=0x0, errp=errp@entry=0x7fff7e724bd0)
    at util/qemu-option.c:1171
#9  0x00005560e2126576 in net_init_clients (errp=0x7fff7e724bd0) at net/net.c:1564
#10 0x00005560e1ee7131 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4432
(gdb) q


Version-Release number of selected component (if applicable):
qemu-kvm-4.0.0-0.module+el8.1.0+3169+3c501422.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Boot a guest with a non-exist fd to tap device
-netdev tap,id=idR4I0Ft,vhost=on,vhostfd=22,fd=16 \
                                 ^^^^^^^^^^^^^^^^
2.
3.

Actual results:
QEMU core dump.

Expected results:
QEMU should give a kindly warning instead of core dump.

Additional info:
1. QEMU CML:
MALLOC_PERTURB_=1 \
/usr/libexec/qemu-kvm \
-S \
-name 'avocado-vt-vm1' \
-machine q35 \
-nodefaults \
-device VGA,bus=pcie.0,addr=0x1 \
-device pcie-root-port,id=pcie.0-root-port-4,slot=4,chassis=4,addr=0x4,bus=pcie.0 \
-device virtio-net-pci,mac=9a:91:92:93:94:95,id=id3cE67z,vectors=4,netdev=idR4I0Ft,bus=pcie.0-root-port-4,addr=0x0 \
-netdev tap,id=idR4I0Ft,vhost=on,vhostfd=22,fd=16 \
-m 14336 \
-smp 12,maxcpus=12,cores=6,threads=1,sockets=2 \
-cpu 'SandyBridge',+kvm_pv_unhalt \
-monitor stdio

Comment 3 Pei Zhang 2019-05-14 03:03:31 UTC

*** Bug 1709627 has been marked as a duplicate of this bug. ***

Comment 4 Yumei Huang 2019-07-01 07:23:26 UTC

Reproduced with qemu-kvm-4.0.0-4.module+el8.1.0+3356+cda7f1ee, and can't reproduce with qemu-kvm-2.12.0-78.module+el8.1.0+3434+46ed87c2.

Comment 5 jason wang 2019-07-01 09:45:37 UTC

FYI, there used to be some discussion on this https://patchwork.kernel.org/patch/10029443/

Thanks

Comment 6 Tingting Mao 2019-11-15 09:12:05 UTC

Still hit this issue in 'qemu-kvm-4.1.0-14.module+el8.2.0+4677+51176c2e'.

Comment 7 Ademar Reis 2020-02-05 22:57:26 UTC

QEMU has been recently split into sub-components and as a one-time operation to avoid breakage of tools, we are setting the QEMU sub-component of this BZ to "General". Please review and change the sub-component if necessary the next time you review this BZ. Thanks

Comment 8 Laurent Vivier 2020-08-12 15:04:09 UTC

This problem should be fixed in qemu-kvm-5.1.0 (by e7b347d0bf64). See BZ 1848274.

Comment 9 John Ferlan 2020-08-13 10:49:36 UTC


*** This bug has been marked as a duplicate of bug 1848274 ***

Note You need to log in before you can comment on or make changes to this bug.