Version-Release number of selected component: qemu-system-x86-1.6.2-4.fc20 Additional info: reporter: libreport-2.2.2 backtrace_rating: 4 cmdline: /usr/bin/qemu-system-x86_64 -machine accel=kvm -name openfiler -S -machine pc-i440fx-1.6,accel=kvm,usb=off -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid f1004a99-be30-4151-b865-db196a08abb7 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/openfiler.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot menu=off -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device lsi,id=scsi0,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive file=/home/libvirt/openfiler.img,if=none,id=drive-scsi0-0-0,format=raw -device scsi-hd,bus=scsi0.0,scsi-id=0,drive=drive-scsi0-0-0,id=scsi0-0-0,bootindex=1 -drive file=/home/libvirt/data.qcow2,if=none,id=drive-scsi0-0-1,format=qcow2 -device scsi-hd,bus=scsi0.0,scsi-id=1,drive=drive-scsi0-0-1,id=scsi0-0-1 -drive if=none,id=drive-ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -netdev tap,fd=23,id=hostnet0,vhost=on,vhostfd=24 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:37:b5:a2,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5901,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 crash_function: lsi_do_dma executable: /usr/bin/qemu-system-x86_64 kernel: 3.14.2-200.fc20.x86_64 runlevel: N 5 type: CCpp uid: 107 Truncated backtrace: Thread no. 1 (9 frames) #4 lsi_do_dma at hw/scsi/lsi53c895a.c:537 #5 lsi_execute_script at hw/scsi/lsi53c895a.c:1153 #6 access_with_adjusted_size at /usr/src/debug/qemu-1.6.2/memory.c:477 #7 memory_region_dispatch_write at /usr/src/debug/qemu-1.6.2/memory.c:989 #8 io_mem_write at /usr/src/debug/qemu-1.6.2/memory.c:1748 #9 address_space_rw at /usr/src/debug/qemu-1.6.2/exec.c:1980 #10 cpu_physical_memory_rw at /usr/src/debug/qemu-1.6.2/exec.c:2049 #11 kvm_cpu_exec at /usr/src/debug/qemu-1.6.2/kvm-all.c:1673 #12 qemu_kvm_cpu_thread_fn at /usr/src/debug/qemu-1.6.2/cpus.c:785
Created attachment 892030 [details] File: backtrace
Created attachment 892031 [details] File: cgroup
Created attachment 892032 [details] File: core_backtrace
Created attachment 892033 [details] File: dso_list
Created attachment 892034 [details] File: environ
Created attachment 892035 [details] File: limits
Created attachment 892036 [details] File: maps
Created attachment 892037 [details] File: open_fds
Created attachment 892038 [details] File: proc_pid_status
Created attachment 892039 [details] File: var_log_messages
Can you explain a bit what was happening when this crashed? Is it regularly reproducible?
Yep, but 99% in cases I'm getting kernel panic. I'm started VM with virtio network.
Created attachment 892160 [details] Kernel panic screen Is panic on my screen is other problem? Bug with virtio net I can reproduce 100%. When I'm downloading from VM ot panic.
I can't reproduce when I'm using this bridge with rtl8369 driver. With e1000 it's panic.
The backtrace associated with this bug is due to the scsi adapter attached to the VM. The virtio net backtrace is something different, please file a kernel bug for that.
(In reply to Cole Robinson from comment #15) > The backtrace associated with this bug is due to the scsi adapter attached > to the VM. The virtio net backtrace is something different, please file a > kernel bug for that. Ok. I've opened bug against kernel. https://bugzilla.kernel.org/show_bug.cgi?id=75411 In this case I've changed and changed and changed type of disks (distro, which I've tried to install didn't find my disks). SATA, SCSI, USB, IDE, etc.
Another user experienced a similar problem: I've created raw image 6GB large and tried to use it as scsi multipath in qemu: qemu-kvm -display vnc=:1 -usbdevice tablet -m 2048 -drive if=scsi,file=foo.img,serial=0001 -drive if=scsi,file=foo.img,serial=0001 -cdrom ~/isos/rhel6/RHEL6.iso -boot once=d VM crashes after anaconda created filesystems with message: /home/pholica/bin/qemu-vnc: line 6: 23500 Aborted (core dumped) reporter: libreport-2.2.3 backtrace_rating: 4 cmdline: /usr/bin/qemu-system-x86_64 -machine accel=kvm -display vnc=:1 -usbdevice tablet -m 2048 -drive if=scsi,file=foo.img,serial=0001 -drive if=scsi,file=foo.img,serial=0001 -cdrom /home/pholica/isos/rhel6/RHEL-6.6-20140718.0-Client-x86_64-dvd1.iso -boot once=d crash_function: lsi_do_dma executable: /usr/bin/qemu-system-x86_64 kernel: 3.15.6-200.fc20.x86_64 package: qemu-system-x86-1.6.2-6.fc20 reason: qemu-system-x86_64 killed by SIGABRT runlevel: N 5 type: CCpp uid: 14741
Hmm, it seems to happen everytime scsi interface is used (doesn't depend on mpath). qemu-kvm -display vnc=:1 -usbdevice tablet -m 2048 -drive if=scsi,file=foo.img,serial=0001 -cdrom ~/isos/rhel6/RHEL6.iso -boot once=d
*** Bug 1115243 has been marked as a duplicate of this bug. ***
I've just reproduced this issue also on Fedora-20 GA x86_64 using netinst image. Here are steps to reproduce: 1. qemu-img create foo.img 6G 2. wget http://download.fedoraproject.org/pub/fedora/linux/releases/20/Fedora/x86_64/iso/Fedora-20-x86_64-netinst.iso 3. qemu-kvm -vga std -m 2048 -drive if=scsi,file=foo.img,serial=0001 -cdrom Fedora-20-x86_64-netinst.iso -boot once=d 4. Start installation and proceed with default partitioning (and also everything else default) 5. Begin installation Anaconda crashes once ext4 is created on /dev/mapper/fedora-root
Created attachment 921714 [details] anaconda.log Here is what I was able to capture from anaconda using virtio serial console. I hope it helps.
This bug is unfortunately blocking multipath testing in qemu on distributions, that don't have virtio-scsi driver.
Okay I poked at this some. It's 100% reproducible for me using Pavel's reproducer. The culprit in our F20 branch is this CVE backport: commit 8f4754ede56e3f9ea3fd7207f4a7c4453e59285b Author: Kevin Wolf <kwolf> Date: Wed Mar 26 13:06:02 2014 +0100 block: Limit request size (CVE-2014-0143) That patch isn't wrong though, it just seems to tickle this error. But upstream 2.0, which has that patch, isn't affected. Hmmm. So I tried earlier versions with that commit applied and can reproduce the issue. Bisecting like that points to this as the fix: commit 84f94a9a82487639bc87d5f09f938c9f6a61f79a Author: Paolo Bonzini <pbonzini> Date: Fri Nov 22 13:40:01 2013 +0100 scsi-disk: correctly implement WRITE SAME Which sounds reasonable. However I don't think it's a simple backport, a bunch of the surrounding patches sound related. Pavel, in the mean time, I'd suggest using qemu from fedora-virt-preview, which doesn't have this issue: http://fedoraproject.org/wiki/Virtualization_Preview_Repository
Thanks a lot, I've tested the fix in preview repo and it works as expected => no crash.
Unfortunately trying to backport these patches is kind of a pain. So I suggest that if anyone needs LSI emulation, they use the latest packages from virt-preview
Another user experienced a similar problem: Tried to provission a machine using a RHEL6 profile stored in my Satellite server. After hardware initialization it crashed. reporter: libreport-2.2.3 backtrace_rating: 4 cmdline: /usr/bin/qemu-system-x86_64 -machine accel=kvm -name rhel6 -S -machine pc-i440fx-1.6,accel=kvm,usb=off -cpu SandyBridge -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 32330860-7428-48b5-8975-dc9868e81fa5 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/home/alp/.config/libvirt/qemu/lib/rhel6.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device lsi,id=scsi0,bus=pci.0,addr=0x9 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive file=/home/alp/.libvirt/image/rhel6.qcow2,if=none,id=drive-scsi0-0-0,format=qcow2 -device scsi-hd,bus=scsi0.0,scsi-id=0,drive=drive-scsi0-0-0,id=scsi0-0-0,bootindex=1 -drive file=/home/alp/Downloads/Linux/generated.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -netdev user,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:9e:eb:53,bus=pci.0,addr=0x3 -netdev user,id=hostnet1 -device virtio-net-pci,netdev=hostnet1,id=net1,mac=52:54:00:3b:2c:64,bus=pci.0,addr=0xa -netdev user,id=hostnet2 -device virtio-net-pci,netdev=hostnet2,id=net2,mac=52:54:00:31:2a:47,bus=pci.0,addr=0xb -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5907,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 crash_function: lsi_do_dma executable: /usr/bin/qemu-system-x86_64 kernel: 3.15.8-200.fc20.x86_64 package: qemu-system-x86-1.6.2-7.fc20 reason: qemu-system-x86_64 killed by SIGABRT runlevel: N 5 type: CCpp uid: 10004
Another user experienced a similar problem: Within the anaconda process after it has initialized storage devices my kickstart file tries to create extra partitions for swap. I am not completely sure, I think it is at this time the virtual machine crashes. reporter: libreport-2.2.3 backtrace_rating: 4 cmdline: /usr/bin/qemu-system-x86_64 -machine accel=kvm -name rhel6 -S -machine pc-i440fx-1.6,accel=kvm,usb=off -cpu SandyBridge -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 32330860-7428-48b5-8975-dc9868e81fa5 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/home/alp/.config/libvirt/qemu/lib/rhel6.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device lsi,id=scsi0,bus=pci.0,addr=0x9 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive file=/home/alp/.libvirt/image/rhel6.qcow2,if=none,id=drive-scsi0-0-0,format=qcow2 -device scsi-hd,bus=scsi0.0,scsi-id=0,drive=drive-scsi0-0-0,id=scsi0-0-0,bootindex=2 -drive file=/home/alp/Downloads/Linux/generated.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev user,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:9e:eb:53,bus=pci.0,addr=0x3 -netdev user,id=hostnet1 -device virtio-net-pci,netdev=hostnet1,id=net1,mac=52:54:00:3b:2c:64,bus=pci.0,addr=0xa -netdev user,id=hostnet2 -device virtio-net-pci,netdev=hostnet2,id=net2,mac=52:54:00:31:2a:47,bus=pci.0,addr=0xb -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5907,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 crash_function: lsi_do_dma executable: /usr/bin/qemu-system-x86_64 kernel: 3.15.8-200.fc20.x86_64 package: qemu-system-x86-1.6.2-8.fc20 reason: qemu-system-x86_64 killed by SIGABRT runlevel: N 5 type: CCpp uid: 10004
Paolo, any suggestion for safely backporting this commit? commit 84f94a9a82487639bc87d5f09f938c9f6a61f79a Author: Paolo Bonzini <pbonzini> Date: Fri Nov 22 13:40:01 2013 +0100 scsi-disk: correctly implement WRITE SAME It seems interdepenent with a lot of other scsi work that went in at the same time, but after backporting the CVE fix mentioned in Comment #23, lsi + anaconda crashes reliably without the above commit.
I concur. Changing the vm to use anything but SCSI makes my installer complete successfully.
I'm not sure what the dependencies are, but you can safely kill the "if (buffer_is_zero(inbuf, s->qdev.blocksize))" in order to simplify the backport.
This message is a reminder that Fedora 20 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 20. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '20'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 20 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Since F20 is EOL soon, just closing this, I won't be trying a tricky backport at this point