Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-70846

[RHEL10.0] virtio: bogus descriptor or out of resources, qemu Assertion by smmuv3

XMLWordPrintable

    • Yes
    • Moderate
    • 2
    • rhel-sst-virt-arm
    • ssg_virtualization
    • 8
    • False
    • Hide

      None

      Show
      None
    • None
    • Virt ARM 25-1, Virt ARM 25-3
    • None
    • None
    • aarch64
    • None

      What were you trying to do that didn't work?
      When the guest uses virtio-scsi controller and is protected with smmuv3, after reboot the guest, the qemu process will report a message: "virtio: bogus descriptor or out of resources" then qemu-kvm: ../system/physmem.c:3295: void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
       /tmp/aexpect_o5cG6jav/aexpect-i83b93p3.sh: line 1: 42350 Aborted                 (core dumped) MALLOC_PERTURB_=1 /usr/libexec/qemu-kvm ...
       (Process terminated with status 134)

      What is the impact of this issue to you?
      qemu core dumped

      Please provide the package NVR for which the bug is seen:
      host/guest kernel: 6.12.0-30.el10.aarch64+64k
      qemu: qemu-kvm-9.1.0-5.el10
      edk2:edk2-aarch64-20240524-11.el10.noarch

      How reproducible:
      5%

      Steps to reproduce
      1. boot guest with iommu=smmuv3

      MALLOC_PERTURB_=1 /usr/libexec/qemu-kvm \
-name 'avocado-vt-vm1' \
-sandbox on \
-blockdev '{"node-name": "file_aavmf_code", "driver": "file", "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2", "auto-read-only": true, "discard": "unmap"}' \
-blockdev '{"node-name": "drive_aavmf_code", "driver": "qcow2", "read-only": true, "file": "file_aavmf_code"}' \
-blockdev '{"node-name": "file_aavmf_vars", "driver": "file", "filename": "/root/avocado/data/avocado-vt/avocado-vt-vm1_rhel100-aarch64-4k-virtio-scsi_qcow2_filesystem_VARS.qcow2", "auto-read-only": true, "discard": "unmap"}' \
-blockdev '{"node-name": "drive_aavmf_vars", "driver": "qcow2", "read-only": false, "file": "file_aavmf_vars"}' \
-machine virt,gic-version=host,its=on,ras=on,iommu=smmuv3,pflash0=drive_aavmf_code,pflash1=drive_aavmf_vars,memory-backend=mem-machine_mem \
-device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \
-device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}' \
-nodefaults -device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \
-device '{"driver": "virtio-gpu-pci", "bus": "pcie-root-port-1", "addr": "0x0", "iommu_platform": true}' \
-m 8192 -object '{"size": 8589934592, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}' \
-smp 4,maxcpus=4,cores=2,threads=1,clusters=1,sockets=2 \
-cpu 'host' \
-chardev socket,server=on,id=qmp_id_qmpmonitor1,wait=off,path=/var/tmp/monitor-qmpmonitor1 \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-serial unix:'/var/tmp/serial-serial0',server=on,wait=off \
-object '{"qom-type": "rng-random", "filename": "/dev/urandom", "id": "passthrough-StGlgxYl"}' \
-device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \
-device '{"driver": "virtio-rng-pci", "id": "virtio-rng-t5PxMxPS", "rng": "passthrough-StGlgxYl", "bus": "pcie-root-port-2", "addr": "0x0", "iommu_platform": true}' \
-device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \
-device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-3", "addr": "0x0"}' \
-device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
-device '{"id": "pcie-root-port-4", "port": 4, "driver": "pcie-root-port", "addr": "0x1.0x4", "bus": "pcie.0", "chassis": 5}' \
-device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pcie-root-port-4", "addr": "0x0", "iommu_platform": true}' \
-blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/rhel100-aarch64-4k-virtio-scsi.qcow2", "cache": {"direct": true, "no-flush": false}}' \
-blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \
-device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' \
-device '{"id": "pcie-root-port-5", "port": 5, "driver": "pcie-root-port", "addr": "0x1.0x5", "bus": "pcie.0", "chassis": 6}' \
-device '{"driver": "virtio-net-pci", "mac": "9a:1e:e8:32:06:61", "rombar": 0, "id": "idXvPqgx", "netdev": "idbByB2q", "bus": "pcie-root-port-5", "addr": "0x0", "iommu_platform": true}' \
-netdev '{"id": "idbByB2q", "type": "tap", "vhost": true}' \
-vnc :20 \
-enable-kvm \
-monitor stdio

      2. Reboot the guest
      In guest send command: shutdown -r now

      Expected results
      Guest rebooted without anything

      Actual results
      qemu core dumped

              eauger Eric Auger
              zhenyzha@redhat.com Steven Zhang
              virt-maint virt-maint
              virt-bugs virt-bugs
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: