[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Using SCSI disks causes segfaults
From: |
Gunnar Beutner |
Subject: |
[Qemu-devel] Using SCSI disks causes segfaults |
Date: |
Sun, 20 Sep 2009 03:15:37 +0200 |
User-agent: |
Thunderbird 2.0.0.23 (Windows/20090812) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello QEMU devs,
I'm seeing some rather peculiar crashes here when using emulated SCSI
disks. But let me give you some general information about my QEMU
installation first:
QEMU version: 0.11.0-rc2, also reproduced with 0.10.6
QEMU configure flags: ./configure --prefix=/opt/qemu
- --target-list=x86_64-softmmu --enable-debug
KVM version: kvm-kmod-devel-88 "srcversion: 582A2669898E61DCDFACF8D"
(however, this problem also happens when KVM/KQEMU is disabled)
Kernel (host): Linux 2.6.30 (vanilla) x64
Kernel (vm): Linux 2.6.30 (vanilla) x64, also reproduced this using
Debian lenny's kernel (2.6.26-1-amd64)
What I'm trying to do is to assign two SATA disks to a virtual machine
as SCSI devices. Here's how I'm starting QEMU:
/opt/qemu/bin/qemu-system-x86_64 -enable-kvm -drive
if=scsi,file=/dev/sda -drive if=scsi,file=/dev/sdb -net
nic,model=rtl8139,macaddr=00:1d:92:f3:ad:dc -net socket,fd=200 -vnc
:1,password -k de -monitor stdio -S -usbdevice tablet -m 256 -smp 1
- -boot order=n
Both disks (sda, sdb) have the following partition layout:
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00041e09
Device Boot Start End Blocks Id System
/dev/sda1 1 523 4200997 fd Linux raid
autodetect
/dev/sda2 524 785 2104515 fd Linux raid
autodetect
/dev/sda3 786 60801 482078520 fd Linux raid
autodetect
The virtual machine boots a minimal Debian installation using PXE. Once
that's running the following commands are executed inside the VM:
mdadm --create /dev/md0 -l 1 -n 2 /dev/sda1 /dev/sdb1
mdadm --create /dev/md1 -l 1 -n 2 /dev/sda2 /dev/sdb2
mdadm --create /dev/md2 -l 1 -n 2 /dev/sda3 /dev/sdb3
mkswap /dev/md0
mkfs /dev/md1
mkfs /dev/md2
About half-way through the last "mkfs" I'm getting the following errors
in the QEMU console:
lsi_scsi: error: IO with unknown tag 65653
scsi-disk: Tag 0x10075 already in use
scsi-disk: Tag 0x10053 already in use
QEMU crashes as soon as mkfs is finished or when stopping mkfs either
using CTRL+C or CTRL+S (once the previously shown errors show up in the
QEMU console):
lsi_scsi: error: IO with unknown tag 65813
lsi_scsi: error: IO with unknown tag 65831
lsi_scsi: error: IO with unknown tag 65845
lsi_scsi: error: IO with unknown tag 65867
/root/startqemu: line 2: 24453 Segmentation fault (core dumped)
/opt/qemu/bin/qemu-system-x86_64 -enable-kvm -drive
if=scsi,file=/dev/sda -drive if=scsi,file=/dev/sdb -net
nic,model=rtl8139,macaddr=00:1d:92:f3:ad:dc -net socket,fd=200 -vnc
:1,password -k de -monitor stdio -S -usbdevice tablet -m 256 -smp 1
- -boot order=n
For some reason the number/size of md devices matters. I can't seem to
(directly) reproduce the crash with just one md device or differently
sized partitions.
However these crashes also happen during normal operation (i.e. not just
when running mkfs) at irregular intervals - at least when md devices are
involved. Sometimes I am getting kernel panics (rather than QEMU
segfaults) which appear to be directly related to the LSI SCSI kernel
module:
http://gunnar.beutner.name/try10
http://gunnar.beutner.name/try11
I've been trying to reproduce this problem for a while now and (so far)
I'm getting two distinct stacktraces from the crashes:
(gdb) bt full
#0 0x00007f26f11b100b in memcpy () from /lib/libc.so.6
No symbol table info available.
#1 0x0000000000518da4 in cpu_physical_memory_rw (addr=146219008,
buf=0x0, len=4096, is_write=1) at /root/qemu-0.11.0-rc2/exec.c:3151
addr1 = 146219008
l = 4096
io_index = 0
ptr = (uint8_t *) 0x7f26e3fb1000 "À;9\230"
val = 0
page = 146219008
pd = 146219008
p = (PhysPageDesc *) 0xcf1b90
#2 0x000000000057e677 in cpu_physical_memory_write (addr=146219008,
buf=0x0, len=4096) at ../cpu-common.h:59
No locals.
#3 0x000000000057e572 in lsi_do_dma (s=0xc7f820, out=0) at
/root/qemu-0.11.0-rc2/hw/lsi53c895a.c:521
count = 4096
addr = 146219008
#4 0x000000000057f7a1 in lsi_execute_script (s=0xc7f820) at
/root/qemu-0.11.0-rc2/hw/lsi53c895a.c:992
insn = 285212672
addr = 146219008
addr_high = 0
opcode = 4
insn_processed = 77
#5 0x000000000057e3cb in lsi_resume_script (s=0xc7f820) at
/root/qemu-0.11.0-rc2/hw/lsi53c895a.c:476
No locals.
#6 0x000000000057eb64 in lsi_command_complete (opaque=0xc7f820,
reason=0, tag=65853, arg=0) at /root/qemu-0.11.0-rc2/hw/lsi53c895a.c:652
s = (LSIState *) 0xc7f820
out = 1
#7 0x00000000004bf058 in scsi_command_complete (r=0xdecaf0, status=0,
sense=0) at /root/qemu-0.11.0-rc2/hw/scsi-disk.c:147
s = (SCSIDeviceState *) 0xc9ebd0
tag = 65853
#8 0x00000000004bf3fd in scsi_write_complete (opaque=0xdecaf0, ret=0)
at /root/qemu-0.11.0-rc2/hw/scsi-disk.c:258
r = (SCSIRequest *) 0xdecaf0
s = (SCSIDeviceState *) 0xc9ebd0
len = 24576
n = 48
#9 0x00000000004ae0cd in posix_aio_read (opaque=0xc5fcb0) at
block/raw-posix.c:553
s = (PosixAioState *) 0xc5fcb0
acb = (RawAIOCB *) 0x105ca10
pacb = (RawAIOCB **) 0xc5fcb8
ret = 0
len = 1
#10 0x000000000040d463 in main_loop_wait (timeout=5000) at
/root/qemu-0.11.0-rc2/vl.c:4129
pioh = (IOHandlerRecord **) 0x40d7c2
ioh = (IOHandlerRecord *) 0xc5fd20
rfds = {fds_bits = {64, 0 <repeats 15 times>}}
wfds = {fds_bits = {0 <repeats 16 times>}}
xfds = {fds_bits = {0 <repeats 16 times>}}
ret = 1
nfds = 200
tv = {tv_sec = 4, tv_usec = 999995}
#11 0x000000000040da97 in main_loop () at /root/qemu-0.11.0-rc2/vl.c:4347
r = 0
#12 0x0000000000411046 in main (argc=25, argv=0x7fff648784a8,
envp=0x7fff64878578) at /root/qemu-0.11.0-rc2/vl.c:6142
gdbstub_dev = 0x0
boot_devices_bitmap = 8192
i = 1
snapshot = 0
linux_boot = 0
net_boot = 1
- ---Type <return> to continue, or q <return> to quit---
initrd_filename = 0x0
kernel_filename = 0x0
kernel_cmdline = 0x586a68 ""
boot_devices = "n\000d", '\0' <repeats 29 times>
ds = (DisplayState *) 0xc8f740
dcl = (DisplayChangeListener *) 0x0
cyls = 0
heads = 0
secs = 0
translation = 0
net_clients = {0x7fff648794c4
"nic,model=rtl8139,macaddr=00:1d:92:f3:ad:dc", 0x7fff648794f5
"socket,fd=200",
0xd82b830 <Address 0xd82b830 out of bounds>, 0x7fff64878210 "", 0x0,
0x7f26f2a055ae "\205À\017\217z\001", 0x0, 0x7f26f2affc08 "h;@",
0x7f2600000001 <Address 0x7f2600000001 out of bounds>, 0x0,
0x100000001 <Address 0x100000001 out of bounds>, 0x7f26f2affc08 "h;@",
0x7f26f2c16358 "¸bÁò&\177", 0x7fff64878270 "\002", 0x1f2c16000
<Address 0x1f2c16000 out of bounds>, 0x7f26f2affc08 "h;@",
0x7f26f2c16358 "¸bÁò&\177",
0x7fff64878290 "ðþÅ", 0x7f26f2c16000 "", 0x40384c "memset", 0x0,
0x7f26f2afe528 "ô\222\024ñ&\177", 0x1 <Address 0x1 out of bounds>, 0x0,
0x7fff00000001 <Address 0x7fff00000001 out of bounds>, 0x7fff648782e8
"", 0xc53b745f <Address 0xc53b745f out of bounds>,
0x7f26f2a04eac "\205Àt\"A\213D$\f\205Àu\027\205í\017\037D",
0x100000000 <Address 0x100000000 out of bounds>, 0x7f26f2affb40 "°tÀò&\177",
0xa <Address 0xa out of bounds>, 0x1a <Address 0x1a out of bounds>}
nb_net_clients = 2
bt_opts = {0x0, 0x7f26f2affc08 "h;@", 0x7f26f2c074b0 "",
0x40384c "memset", 0x7f26f1143fd8 "", 0x400e10 "T\f",
0x100000000 <Address 0x100000000 out of bounds>, 0x10000031d <Address
0x10000031d out of bounds>, 0xd39ad3d <Address 0xd39ad3d out of bounds>,
0x7f26f2c16358 "¸bÁò&\177"}
nb_bt_opts = 0
hda_index = -1
optind = 25
r = 0x7fff6487954c "-boot"
optarg = 0x7fff64879552 "order=n"
monitor_hd = (CharDriverState *) 0xc5fef0
monitor_device = 0x7fff64879523 "stdio"
serial_devices = {0x589aa0 "vc:80Cx24C", 0x0, 0x0, 0x0}
serial_device_index = 0
parallel_devices = {0x589aa0 "vc:80Cx24C", 0x0, 0x0}
parallel_device_index = 0
virtio_consoles = {0x0}
virtio_console_index = 0
loadvm = 0x0
machine = (QEMUMachine *) 0x844e60
cpu_model = 0x0
usb_devices = {0x7fff64879537 "tablet", 0x7f26f2a04eac
"\205Àt\"A\213D$\f\205Àu\027\205í\017\037D", 0x7f26f29fc848 "à»!",
0x7f26f2affb40 "°tÀò&\177", 0xa <Address 0xa out of bounds>,
0x7f26f2a04eac "\205Àt\"A\213D$\f\205Àu\027\205í\017\037D",
0xd39ad3d <Address 0xd39ad3d out of bounds>, 0x7f26f2affb40 "°tÀò&\177"}
usb_devices_index = 1
fds = {-224410832, 32550}
tb_size = 0
pid_file = 0x0
incoming = 0x0
fd = 0
pwd = (struct passwd *) 0x0
chroot_dir = 0x0
run_as = 0x0
env = (struct CPUX86State *) 0x0
show_vnc_port = 0
params = {0x589a5f "order", 0x589a65 "once", 0x589a6a "menu", 0x0}
(gdb)
- ----------------------
and (this particular crash is actually from qemu-kvm-0.11.0-rc2, not
sure if the -kvm bits make any difference though):
(gdb) bt full
#0 0x00000000004a0dc6 in qemu_aio_release (p=0x106ca10) at block.c:1529
acb = (BlockDriverAIOCB *) 0x106ca10
pool = (AIOPool *) 0x0
#1 0x00000000004b990d in posix_aio_read (opaque=0xc71cb0) at
block/raw-posix.c:567
s = (PosixAioState *) 0xc71cb0
acb = (RawAIOCB *) 0x106ca10
pacb = (RawAIOCB **) 0xc71cb8
ret = 0
offset = 128
sig = {siginfo = {ssi_signo = 12, pad =
"\000\000\000\000\000\000\000\000ôX", '\0' <repeats 113 times>},
buf = "\f", '\0' <repeats 11 times>, "ôX", '\0' <repeats 113 times>}
#2 0x000000000040e301 in main_loop_wait (timeout=1000) at
/root/qemu-kvm-0.11.0-rc2/vl.c:4188
pioh = (IOHandlerRecord **) 0xc6f7c8
ioh = (IOHandlerRecord *) 0xc71d20
rfds = {fds_bits = {64, 0 <repeats 15 times>}}
wfds = {fds_bits = {0 <repeats 16 times>}}
xfds = {fds_bits = {0 <repeats 16 times>}}
ret = 1
nfds = 200
tv = {tv_sec = 0, tv_usec = 999874}
#3 0x000000000042d36e in kvm_main_loop () at
/root/qemu-kvm-0.11.0-rc2/qemu-kvm.c:2079
fds = {14, 15}
mask = {__val = {268443648, 0 <repeats 15 times>}}
sigfd = 16
#4 0x000000000040e9bb in main_loop () at
/root/qemu-kvm-0.11.0-rc2/vl.c:4393
r = 0
#5 0x0000000000411f7b in main (argc=24, argv=0x7fff78551208,
envp=0x7fff785512d0) at /root/qemu-kvm-0.11.0-rc2/vl.c:6263
gdbstub_dev = 0x0
boot_devices_bitmap = 8192
i = 1
snapshot = 0
linux_boot = 0
net_boot = 1
initrd_filename = 0x0
kernel_filename = 0x0
kernel_cmdline = 0x5931b0 ""
boot_devices = "n\000d", '\0' <repeats 29 times>
ds = (DisplayState *) 0xcbd940
dcl = (DisplayChangeListener *) 0x0
cyls = 0
heads = 0
secs = 0
translation = 0
net_clients = {0x7fff785534da "nic,macaddr=00:1d:92:f3:ad:dc",
0x7fff785534fd "socket,fd=200", 0xd82b830 <Address 0xd82b830 out of bounds>,
0x7fff78550f70 "", 0x0, 0x7f27390535ae "\037", 0x0, 0x7f2739149d50
"ÍA@", 0x1 <Address 0x1 out of bounds>, 0x0,
0x100000001 <Address 0x100000001 out of bounds>, 0x7f2739149d50 "ÍA@",
0x7f2739264358 "¸B&9'\177", 0x7fff78550fd0 "\002",
0x139264000 <Address 0x139264000 out of bounds>, 0x7f2739149d50 "ÍA@",
0x7f2739264358 "¸B&9'\177", 0x7fff78550ff0 "°zÇ", 0x7f2739264000 "",
0x403e7c "memset", 0x2b43e9ed <Address 0x2b43e9ed out of bounds>,
0x7fff78551000 "\b\022Ux", 0x0, 0x7f27390535ae "\037", 0x0,
0x7f27391474e0 "jªÜ3'\177",
0x1 <Address 0x1 out of bounds>, 0x7f2739052eac "\037D", 0x100000001
<Address 0x100000001 out of bounds>, 0x7f2739149c60 "\2009%9'\177",
0xe <Address 0xe out of bounds>, 0x23 <Address 0x23 out of bounds>}
nb_net_clients = 2
bt_opts = {0x0, 0x7f2739149d50 "ÍA@", 0x7f2739253980 "",
0x403e7c "memset", 0x7f2736f60fd8 "", 0x401430 "D\016",
0x100000000 <Address 0x100000000 out of bounds>, 0x10000031d <Address
0x10000031d out of bounds>, 0xd39ad3d <Address 0xd39ad3d out of bounds>,
0x7f2739264358 "¸B&9'\177"}
nb_bt_opts = 0
hda_index = -1
optind = 24
r = 0x7fff78553554 "-boot"
optarg = 0x7fff7855355a "n"
- ---Type <return> to continue, or q <return> to quit---
monitor_hd = (CharDriverState *) 0xc77ab0
monitor_device = 0x7fff7855352b "stdio"
serial_devices = {0x5967e0 "vc:80Cx24C", 0x0, 0x0, 0x0}
serial_device_index = 0
parallel_devices = {0x5967e0 "vc:80Cx24C", 0x0, 0x0}
parallel_device_index = 0
virtio_consoles = {0x0}
virtio_console_index = 0
loadvm = 0x0
machine = (QEMUMachine *) 0x855e80
cpu_model = 0x0
usb_devices = {0x7fff7855353f "tablet", 0x7f2739052eac "\037D",
0x7f273904a848 "\020æ", 0x7f2739149c60 "\2009%9'\177",
0xe <Address 0xe out of bounds>, 0x7f2739052eac "\037D", 0xd39ad3d
<Address 0xd39ad3d out of bounds>, 0x7f2739149c60 "\2009%9'\177"}
usb_devices_index = 1
fds = {956605232, 32551}
tb_size = 0
pid_file = 0x0
incoming = 0x0
fd = 0
pwd = (struct passwd *) 0x0
chroot_dir = 0x0
run_as = 0x0
env = (struct CPUX86State *) 0x0
show_vnc_port = 0
params = {0x5967af "order", 0x5967b5 "once", 0x5967ba "menu", 0x0}
(gdb)
I would love to run the md RAID in the host and use IDE instead of SCSI.
However, unfortunatelly this is not an option for me as I'm trying to
run an existing installation of Linux with QEMU which I cannot make any
modifications to.
Please let me know if you need any further details for my bug report.
Best regards
Gunnar Beutner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkq1gjkACgkQUdP8VAVyiv+ssgCeKJLwT3myb6DDtwpmwNflfaFI
5FcAmwcQI4w4HyqPh/B8UZ25EQqnsJkz
=2z0Z
-----END PGP SIGNATURE-----
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] Using SCSI disks causes segfaults,
Gunnar Beutner <=