Bug 847549
Summary: | Addng a zero-length virtio-scsi disk causes: qemu-kvm: hw/scsi-bus.c:1568: scsi_req_complete: Assertion `req->status == -1' failed. | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Richard W.M. Jones <rjones> | |
Component: | qemu | Assignee: | Paolo Bonzini <pbonzini> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 18 | CC: | amit.shah, berrange, cfergeau, crobinso, dwmw2, itamar, knoel, pbonzini, rjones, scottt.tw, virt-maint | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 857125 887881 (view as bug list) | Environment: | ||
Last Closed: | 2013-02-27 14:34:43 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 857125, 887881 |
Description
Richard W.M. Jones
2012-08-12 21:58:37 UTC
CC Paolo, since it seems to be connected to virtio-scsi in some way. OK, more subtle than I suspected. The problem is that I'm adding /dev/null as a virtio-scsi drive (for testing purposes). If I add a regular file instead, it hits bug 847548 instead. sgabios-0-1.1.20110622svn.fc19.x86_64 qemu-1.2-0.1.20120806git3e430569.fc18.x86_64 kernel-3.6.0-0.rc1.git3.2.bz844485.2.fc19.x86_64 $ guestfish -a /dev/null run -v libguestfs: [00000ms] febootstrap-supermin-helper --verbose -f checksum '/usr/lib64/guestfs/supermin.d' x86_64 supermin helper [00000ms] whitelist = (not specified), host_cpu = x86_64, kernel = (null), initrd = (null), appliance = (null) supermin helper [00000ms] inputs[0] = /usr/lib64/guestfs/supermin.d checking modpath /lib/modules/3.4.0-1.fc17.x86_64.debug is a directory checking modpath /lib/modules/3.3.4-5.fc17.x86_64.debug is a directory checking modpath /lib/modules/3.6.0-0.rc0.git6.1.fc18.x86_64 is a directory picked vmlinuz-3.6.0-0.rc0.git6.1.fc18.x86_64 because modpath /lib/modules/3.6.0-0.rc0.git6.1.fc18.x86_64 exists checking modpath /lib/modules/3.6.0-0.rc1.git3.2.bz844485.2.fc19.x86_64 is a directory picked vmlinuz-3.6.0-0.rc1.git3.2.bz844485.2.fc19.x86_64 because modpath /lib/modules/3.6.0-0.rc1.git3.2.bz844485.2.fc19.x86_64 exists checking modpath /lib/modules/3.3.7-2.fc17.x86_64.debug is a directory supermin helper [00003ms] finished creating kernel supermin helper [00003ms] visiting /usr/lib64/guestfs/supermin.d supermin helper [00003ms] visiting /usr/lib64/guestfs/supermin.d/base.img supermin helper [00003ms] visiting /usr/lib64/guestfs/supermin.d/daemon.img supermin helper [00003ms] visiting /usr/lib64/guestfs/supermin.d/hostfiles supermin helper [00101ms] visiting /usr/lib64/guestfs/supermin.d/init.img supermin helper [00101ms] adding kernel modules supermin helper [00297ms] finished creating appliance libguestfs: [00317ms] begin testing qemu features libguestfs: [00512ms] finished testing qemu features libguestfs: accept_from_daemon: 0x1c89c20 g->state = 1 [00519ms] /usr/bin/qemu-kvm \ -global virtio-blk-pci.scsi=off \ -nodefconfig \ -nodefaults \ -nographic \ -device virtio-scsi-pci,id=scsi \ -drive file=/dev/null,id=hd0,if=none \ -device scsi-hd,drive=hd0 \ -drive file=/var/tmp/.guestfs-1000/root.1781,snapshot=on,id=appliance,if=none,cache=unsafe \ -device scsi-hd,drive=appliance \ -machine accel=kvm:tcg \ -m 500 \ -no-reboot \ -no-hpet \ -device virtio-serial \ -serial stdio \ -device sga \ -chardev socket,path=/tmp/libguestfs15kgwV/guestfsd.sock,id=channel0 \ -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ -kernel /var/tmp/.guestfs-1000/kernel.1781 \ -initrd /var/tmp/.guestfs-1000/initrd.1781 \ -append 'panic=1 console=ttyS0 udevtimeout=600 no_timer_check acpi=off printk.time=1 cgroup_disable=memory root=/dev/sdb selinux=0 guestfs_verbose=1 TERM=xterm '\x1b[1;256r\x1b[256;256H\x1b[6n Google, Inc. Serial Graphics Adapter 08/12/12 SGABIOS $Id: sgabios.S 8 2010-04-22 00:03:40Z nlaredo $ (rjones.annexia.org) Sun Aug 12 22:14:04 UTC 2012 Term: 80x24 4 0 SeaBIOS (version 1.7.0-20120722_040125-) qemu-kvm: hw/scsi-bus.c:1568: scsi_req_complete: Assertion `req->status == -1' failed. libguestfs: child_cleanup: 0x1c89c20: child process died libguestfs: sending SIGTERM to process 1792 libguestfs: error: qemu terminated by signal 6 (Aborted) libguestfs: error: guestfs_launch failed, see earlier error messages libguestfs: closing guestfs handle 0x1c89c20 (state 0) A zero-length regular file also hits this bug: rm /tmp/test.img touch /tmp/test.img guestfish -a /tmp/test.img run -v This is with qemu 1.2-0.1.20120806git3e430569.fc18.x86_64 from Fedora 18. MALLOC_PERTURB_ is set, which may explain the unusual req pointer. Program terminated with signal 11, Segmentation fault. #0 scsi_req_continue (req=0x2d2d2d2d2d2d2d2d) at hw/scsi-bus.c:1497 (gdb) bt #0 scsi_req_continue (req=0x2d2d2d2d2d2d2d2d) at hw/scsi-bus.c:1497 #1 0x00007f394aaefd72 in virtio_scsi_handle_cmd (vdev=0x7f394c60d590, vq= 0x7f394c874460) at /usr/src/debug/qemu-kvm-1.2/hw/virtio-scsi.c:516 #2 0x00007f394aafa9c3 in memory_region_iorange_write ( iorange=<optimized out>, offset=16, width=2, data=<optimized out>) at /usr/src/debug/qemu-kvm-1.2/memory.c:427 #3 0x00007f394aaf72e6 in kvm_handle_io (count=1, size=2, direction=1, data=<optimized out>, port=49168) at /usr/src/debug/qemu-kvm-1.2/kvm-all.c:1382 #4 kvm_cpu_exec (env=env@entry=0x7f394c5d8e20) at /usr/src/debug/qemu-kvm-1.2/kvm-all.c:1527 #5 0x00007f394aaa3fe1 in qemu_kvm_cpu_thread_fn (arg=0x7f394c5d8e20) at /usr/src/debug/qemu-kvm-1.2/cpus.c:756 #6 0x00007f3948b2ed15 in start_thread () from /lib64/libpthread.so.0 #7 0x00007f39451bf96d in clone () from /lib64/libc.so.6 I've added a workaround to libguestfs, which is that we silently replace /dev/null in our tests with a 4K temporary file. However this is still a bug in qemu ... I think it's fixed upstream, will test shortly. I can reproduce with qemu.git (and F18 qemu-kvm FWIW): $ cat test.sh rm test.img touch test.img ./x86_64-softmmu/qemu-system-x86_64 \ -global virtio-blk-pci.scsi=off \ -nodefconfig \ -nodefaults \ -nographic \ -device virtio-scsi-pci,id=scsi \ -drive file=`pwd`/test.img,id=hd0,if=none \ -device scsi-hd,drive=hd0 \ -machine accel=kvm:tcg \ -m 500 \ -no-reboot \ -no-hpet \ -device virtio-serial \ -serial stdio \ -device sga \ #0 0x00007f1af1cc7aee in scsi_req_continue (req=0x7f1ad8000b10) at hw/scsi-bus.c:1515 #1 0x00007f1af1dd7c02 in virtio_scsi_handle_cmd (vdev=0x7f1af2bab520, vq= 0x7f1af2bbe230) at /home/crobinso/src/qemu/hw/virtio-scsi.c:519 #2 0x00007f1af1de1d32 in access_with_adjusted_size (addr=addr@entry=16, value=value@entry=0x7f1ae6fa5af8, size=2, access_size_min=<optimized out>, access_size_max=<optimized out>, access=access@entry= 0x7f1af1de2350 <memory_region_write_accessor>, opaque=opaque@entry= 0x7f1af2bbafc0) at /home/crobinso/src/qemu/memory.c:364 #3 0x00007f1af1de33a7 in memory_region_iorange_write ( iorange=<optimized out>, offset=16, width=2, data=2) at /home/crobinso/src/qemu/memory.c:439 #4 0x00007f1af1de01d6 in kvm_handle_io (count=1, size=2, direction=1, data=<optimized out>, port=49168) at /home/crobinso/src/qemu/kvm-all.c:1426 #5 kvm_cpu_exec (env=env@entry=0x7f1af2b3a8f0) at /home/crobinso/src/qemu/kvm-all.c:1571 #6 0x00007f1af1d86c41 in qemu_kvm_cpu_thread_fn (arg=0x7f1af2b3a8f0) at /home/crobinso/src/qemu/cpus.c:757 #7 0x00007f1aefda7d15 in start_thread () from /lib64/libpthread.so.0 #8 0x00007f1aebff246d in clone () from /lib64/libc.so.6 Paolo, any thoughts? Patch posted upstream: http://list-archives.org/2013/01/10/qemu-devel-nongnu-org/patch-scsi-fix-segfault-with-0-byte-disk/f/5057256939 qemu-1.2.2-6.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/qemu-1.2.2-6.fc18 qemu-1.2.2-6.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |