Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-70845

[RHEL9.6] virtio: bogus descriptor or out of resources, qemu Assertion

XMLWordPrintable

    • Yes
    • Moderate
    • 1
    • rhel-sst-virt-arm
    • ssg_virtualization
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • Virt ARM 25-3
    • None
    • None
    • aarch64
    • None

      What were you trying to do that didn't work?
      When the guest uses virtio-scsi controller and is protected with smmuv3, after reboot the guest, the qemu process will report a message: "virtio: bogus descriptor or out of resources" then qemu-kvm: ../system/physmem.c:3295: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
       /tmp/aexpect_o5cG6jav/aexpect-i83b93p3.sh: line 1: 42350 Aborted                 (core dumped) MALLOC_PERTURB_=1 /usr/libexec/qemu-kvm ...
       (Process terminated with status 134)

      What is the impact of this issue to you?
      qemu core dumped

      Please provide the package NVR for which the bug is seen:
      host/guest kernel: 5.14.0-536.el9.aarch64+64k
      qemu: qemu-kvm-9.1.0-6.el9
      edk2:edk2-aarch64-20240524-10.el9.noarch

      How reproducible:
      5%

      Steps to reproduce
      1. boot guest with iommu=smmuv3

      MALLOC_PERTURB_=1 /usr/libexec/qemu-kvm  \
-name 'avocado-vt-vm1'  \
-sandbox on \
-blockdev '{"node-name": "file_aavmf_code", "driver": "file", "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2", "auto-read-only": true, "discard": "unmap"}' \
-blockdev '{"node-name": "drive_aavmf_code", "driver": "qcow2", "read-only": true, "file": "file_aavmf_code"}' \
-blockdev '{"node-name": "file_aavmf_vars", "driver": "file", "filename": "/root/avocado/data/avocado-vt/avocado-vt-vm1_rhel960-aarch64-64k-virtio-scsi_qcow2_filesystem_VARS.qcow2", "auto-read-only": true, "discard": "unmap"}' \
-blockdev '{"node-name": "drive_aavmf_vars", "driver": "qcow2", "read-only": false, "file": "file_aavmf_vars"}' \
-machine virt,gic-version=host,its=on,ras=on,iommu=smmuv3,pflash0=drive_aavmf_code,pflash1=drive_aavmf_vars,memory-backend=mem-machine_mem \
-device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \
-device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}'  \
-nodefaults \
-device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \
-device '{"driver": "virtio-gpu-pci", "bus": "pcie-root-port-1", "addr": "0x0", "iommu_platform": true}' \
-m 8192 \
-object '{"size": 8589934592, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}'  \
-smp 4,maxcpus=4,cores=2,threads=1,clusters=1,sockets=2  \
-cpu 'host' \
-chardev socket,path=/var/tmp/monitor-qmpmonitor1,id=qmp_id_qmpmonitor1,wait=off,server=on  \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-serial unix:'/var/tmp/serial-serial0',server=on,wait=off \
-object '{"qom-type": "rng-random", "filename": "/dev/urandom", "id": "passthrough-B0R81fCX"}' \
-device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \
-device '{"driver": "virtio-rng-pci", "id": "virtio-rng-4MzvZ7w4", "rng": "passthrough-B0R81fCX", "bus": "pcie-root-port-2", "addr": "0x0", "iommu_platform": true}' \
-device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \
-device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-3", "addr": "0x0"}' \
-device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
-device '{"id": "pcie-root-port-4", "port": 4, "driver": "pcie-root-port", "addr": "0x1.0x4", "bus": "pcie.0", "chassis": 5}' \
-device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pcie-root-port-4", "addr": "0x0", "iommu_platform": true}' \
-blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/rhel960-aarch64-64k-virtio-scsi.qcow2", "cache": {"direct": true, "no-flush": false}}' \
-blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache":
{"direct": true, "no-flush": false}
, "file": "file_image1"}' \
-device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' \
-device '{"id": "pcie-root-port-5", "port": 5, "driver": "pcie-root-port", "addr": "0x1.0x5", "bus": "pcie.0", "chassis": 6}' \
-device '{"driver": "virtio-net-pci", "mac": "9a:ca:04:74:0c:50", "rombar": 0, "id": "idOZQts6", "netdev": "id0E6NnU", "bus": "pcie-root-port-5", "addr": "0x0", "iommu_platform": true}' \
-netdev  '{"id": "id0E6NnU", "type": "tap", "vhost": true}'  \
-vnc :20  \
-rtc base=utc,clock=host \
-chardev socket,id=char_vtpm_avocado-vt-vm1_tpm0,path=/root/avocado/data/avocado-vt/swtpm/avocado-vt-vm1_tpm0_swtpm.sock \
-tpmdev emulator,chardev=char_vtpm_avocado-vt-vm1_tpm0,id=emulator_vtpm_avocado-vt-vm1_tpm0 \
-device '{"id": "tpm-tis-device_vtpm_avocado-vt-vm1_tpm0", "tpmdev": "emulator_vtpm_avocado-vt-vm1_tpm0", "driver": "tpm-tis-device"}' \
-enable-kvm \
-monitor stdio

      2. Reboot the guest
      In guest send command: shutdown -r now

      Expected results
      Guest rebooted without anything

      Actual results
      qemu core dumped

              eauger Eric Auger
              zhenyzha@redhat.com Steven Zhang
              virt-maint virt-maint
              virt-bugs virt-bugs
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: