From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter Lieven <pl@dlhnet.de>
Subject: Ubuntu/Debian Installer + Virtio-SCSI -> Bad ram
	pointer
Date: Mon, 29 Oct 2012 15:09:37 +0100
Message-ID: <508E8E21.6080406@dlhnet.de>
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="------------030106040901040105050208"
Cc: ronnie sahlberg <ronniesahlberg@gmail.com>
To: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Return-path: <qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org
Sender: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org
List-Id: kvm.vger.kernel.org

This is a multi-part message in MIME format.
--------------030106040901040105050208
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

If I try to Install Ubuntu 12.04 LTS / 12.10 64-bit on a virtio storage 
backend that supports iSCSI
qemu-kvm crashes reliably with the following error:

Bad ram pointer 0x3039303620008000

This happens directly after the confirmation of the Timezone before the 
Disk is partitioned.

If I specify  -global virtio-blk-pci.scsi=off in the cmdline this does 
not happen.

Here is a stack trace:

Thread 1 (Thread 0x7ffff7fee700 (LWP 8226)):
#0 0x00007ffff63c0a10 in abort () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 <https://github.com/sahlberg/libiscsi/issues/1> 0x00005555557b751d in 
qemu_ram_addr_from_host_nofail (
ptr=0x3039303620008000) at /usr/src/qemu-kvm-1.2.0/exec.c:2835
ram_addr = 0
#2 <https://github.com/sahlberg/libiscsi/issues/2> 0x00005555557b9177 in 
cpu_physical_memory_unmap (
buffer=0x3039303620008000, len=4986663671065686081, is_write=1,
access_len=1) at /usr/src/qemu-kvm-1.2.0/exec.c:3645
addr1 = 93825009559312
#3 <https://github.com/sahlberg/libiscsi/issues/3> 0x000055555580a9ca in 
virtqueue_fill (vq=0x5555565da710,
elem=0x555556722238, len=1, idx=0)
at /usr/src/qemu-kvm-1.2.0/hw/virtio.c:240
size = 1
offset = 0
i = 0
#4 <https://github.com/sahlberg/libiscsi/issues/4> 0x000055555580abf0 in 
virtqueue_push (vq=0x5555565da710,
elem=0x555556722238, len=1) at /usr/src/qemu-kvm-1.2.0/hw/virtio.c:276
No locals.
#5 <https://github.com/sahlberg/libiscsi/issues/5> 0x0000555555800952 in 
virtio_blk_req_complete (req=0x555556722230,
status=0) at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:62
s = 0x5555565da640
#6 <https://github.com/sahlberg/libiscsi/issues/6> 0x00005555558010bf in 
virtio_blk_handle_scsi (req=0x555556722230)
at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:261
ret = 0
i = 1
status = 0
hdr = {interface_id = 83, dxfer_direction = -3, cmd_len = 6 '\006',
mx_sb_len = 96 '`', iovec_count = 1, dxfer_len = 56,
dxferp = 0x555556726248, cmdp = 0x2aab24b6c838 "\022\001\200",
sbp = 0x2aab1d677c30 "", timeout = 0, flags = 0, pack_id = 0,
usr_ptr = 0x0, status = 0 '\000', masked_status = 0 '\000',
msg_status = 0 '\000', sb_len_wr = 0 '\000', host_status = 0,
driver_status = 0, resid = 0, duration = 0, info = 0}
#7 <https://github.com/sahlberg/libiscsi/issues/7> 0x0000555555801724 in 
virtio_blk_handle_request (req=0x555556722230,
mrb=0x7fffffffd9f0) at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:393
type = 2
#8 <https://github.com/sahlberg/libiscsi/issues/8> 0x00005555558018c3 in 
virtio_blk_handle_output (vdev=0x5555565da640,
vq=0x5555565da710) at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:426
s = 0x5555565da640
req = 0x555556722230
mrb = {blkreq = {{sector = 0, nb_sectors = 0, qiov = 0x0, cb = 0,
opaque = 0x0, error = 0} }, num_writes = 0}
#9 <https://github.com/sahlberg/libiscsi/issues/9> 0x000055555580bd81 in 
virtio_queue_notify_vq (vq=0x5555565da710)
at /usr/src/qemu-kvm-1.2.0/hw/virtio.c:648
vdev = 0x5555565da640
#10 <https://github.com/sahlberg/libiscsi/issues/10> 0x000055555580d2ff 
in virtio_queue_host_notifier_read (n=0x5555565da75c)
at /usr/src/qemu-kvm-1.2.0/hw/virtio.c:1020
vq = 0x5555565da710
#11 <https://github.com/sahlberg/libiscsi/issues/11> 0x000055555565a47e 
in qemu_iohandler_poll (readfds=0x555556073160,
writefds=0x5555560731e0, xfds=0x555556073260, ret=1) at iohandler.c:122
pioh = 0x555556541290
ioh = 0x7ffff0000e70
#12 <https://github.com/sahlberg/libiscsi/issues/12> 0x000055555572b742 
in main_loop_wait (nonblocking=0) at main-loop.c:497
ret = 1
timeout = 4294967295
#13 <https://github.com/sahlberg/libiscsi/issues/13> 0x00005555557235e2 
in main_loop () at /usr/src/qemu-kvm-1.2.0/vl.c:1643
nonblocking = false
last_io = 1
#14 <https://github.com/sahlberg/libiscsi/issues/14> 0x000055555572a21c 
in main (argc=42, argv=0x7fffffffe548,
envp=0x7fffffffe6a0) at /usr/src/qemu-kvm-1.2.0/vl.c:3790
i = 64
snapshot = 0
linux_boot = 0
icount_option = 0x0
initrd_filename = 0x0
kernel_filename = 0x0
kernel_cmdline = 0x5555558d442a ""
boot_devices = "dc", '\000'
ds = 0x5555565465a0
dcl = 0x0
cyls = 0
heads = 0
secs = 0
translation = 0
hda_opts = 0x0
opts = 0x55555650f4b0
machine_opts = 0x55555650fcb0
olist = 0x5780f638f2e0
optind = 42
optarg = 0x7fffffffebd9 "cirrus"
loadvm = 0x0
machine = 0x555555c66780
cpu_model = 0x7fffffffeb5b "host,+x2apic,model_id=Intel(R) Xeon(R) CPU", 
' ' , "L5640 @ 2.27GHz,-tsc"
vga_model = 0x7fffffffebd9 "cirrus"
pid_file = 0x7fffffffeb1a "/var/run/qemu/vm-279.pid"
incoming = 0x0
show_vnc_port = 0
defconfig = true
userconfig = true
log_mask = 0x0
log_file = 0x0
mem_trace = {malloc = 0x55555572683e ,
realloc = 0x555555726896 ,
free = 0x5555557268fd , calloc = 0, try_malloc = 0,
try_realloc = 0}
trace_events = 0x0
trace_file = 0x0

Is this a regression in qemu-kvm. I remember there where some 
modifications regarding SCSI
passthru lately. Maybe there was a problem introduced with this.

BR,
Peter


--------------030106040901040105050208
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Hi,<br>
    <br>
    If I try to Install Ubuntu 12.04 LTS / 12.10 64-bit on a virtio
    storage backend that supports iSCSI<br>
    qemu-kvm crashes reliably with the following error:<br>
    <br>
    Bad ram pointer 0x3039303620008000<br>
    <br>
    This happens directly after the confirmation of the Timezone before
    the Disk is partitioned.<br>
    <br>
    If I specify&nbsp; -global virtio-blk-pci.scsi=off in the cmdline this
    does not happen.<br>
    <br>
    Here is a stack trace:<br>
    <br>
    Thread 1 (Thread 0x7ffff7fee700 (LWP 8226)):<br>
    #0 0x00007ffff63c0a10 in abort () from
    /lib/x86_64-linux-gnu/libc.so.6<br>
    No symbol table info available.<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/1"
      class="issue-link" title="Connect fixes">#1</a> 0x00005555557b751d
    in qemu_ram_addr_from_host_nofail (<br>
    ptr=0x3039303620008000) at /usr/src/qemu-kvm-1.2.0/exec.c:2835<br>
    ram_addr = 0<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/2"
      class="issue-link" title="Prefix fix">#2</a> 0x00005555557b9177 in
    cpu_physical_memory_unmap (<br>
    buffer=0x3039303620008000, len=4986663671065686081, is_write=1,<br>
    access_len=1) at /usr/src/qemu-kvm-1.2.0/exec.c:3645<br>
    addr1 = 93825009559312<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/3"
      class="issue-link" title="Small patch to fix the RPM build on
      CentOS 5.5">#3</a> 0x000055555580a9ca in virtqueue_fill
    (vq=0x5555565da710,<br>
    elem=0x555556722238, len=1, idx=0)<br>
    at /usr/src/qemu-kvm-1.2.0/hw/virtio.c:240<br>
    size = 1<br>
    offset = 0<br>
    i = 0<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/4"
      class="issue-link" title="warning fixes for libiscsi">#4</a>
    0x000055555580abf0 in virtqueue_push (vq=0x5555565da710,<br>
    elem=0x555556722238, len=1) at
    /usr/src/qemu-kvm-1.2.0/hw/virtio.c:276<br>
    No locals.<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/5"
      class="issue-link" title="Libtool and rpm">#5</a>
    0x0000555555800952 in virtio_blk_req_complete (req=0x555556722230,<br>
    status=0) at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:62<br>
    s = 0x5555565da640<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/6"
      class="issue-link" title="Error running autogen.sh">#6</a>
    0x00005555558010bf in virtio_blk_handle_scsi (req=0x555556722230)<br>
    at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:261<br>
    ret = 0<br>
    i = 1<br>
    status = 0<br>
    hdr = {interface_id = 83, dxfer_direction = -3, cmd_len = 6 '\006',<br>
    mx_sb_len = 96 '`', iovec_count = 1, dxfer_len = 56,<br>
    dxferp = 0x555556726248, cmdp = 0x2aab24b6c838 "\022\001\200",<br>
    sbp = 0x2aab1d677c30 "", timeout = 0, flags = 0, pack_id = 0,<br>
    usr_ptr = 0x0, status = 0 '\000', masked_status = 0 '\000',<br>
    msg_status = 0 '\000', sb_len_wr = 0 '\000', host_status = 0,<br>
    driver_status = 0, resid = 0, duration = 0, info = 0}<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/7"
      class="issue-link" title="How to compile it in Fedora 17?">#7</a>
    0x0000555555801724 in virtio_blk_handle_request (req=0x555556722230,<br>
    mrb=0x7fffffffd9f0) at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:393<br>
    type = 2<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/8"
      class="issue-link" title="can't build">#8</a> 0x00005555558018c3
    in virtio_blk_handle_output (vdev=0x5555565da640,<br>
    vq=0x5555565da710) at /usr/src/qemu-kvm-1.2.0/hw/virtio-blk.c:426<br>
    s = 0x5555565da640<br>
    req = 0x555556722230<br>
    mrb = {blkreq = {{sector = 0, nb_sectors = 0, qiov = 0x0, cb = 0,<br>
    opaque = 0x0, error = 0} }, num_writes = 0}<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/9"
      class="issue-link" title="FreeBSD and illumos do not define
      SOL_TCP">#9</a> 0x000055555580bd81 in virtio_queue_notify_vq
    (vq=0x5555565da710)<br>
    at /usr/src/qemu-kvm-1.2.0/hw/virtio.c:648<br>
    vdev = 0x5555565da640<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/10"
      class="issue-link" title="Please pull from my fork of libiscsi ">#10</a>
    0x000055555580d2ff in virtio_queue_host_notifier_read
    (n=0x5555565da75c)<br>
    at /usr/src/qemu-kvm-1.2.0/hw/virtio.c:1020<br>
    vq = 0x5555565da710<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/11"
      class="issue-link" title="iscsi-ls with lot of lun : * iscsi-ls:
      double free or corruption (out): 0x00007fff0099b7d0 ***">#11</a>
    0x000055555565a47e in qemu_iohandler_poll (readfds=0x555556073160,<br>
    writefds=0x5555560731e0, xfds=0x555556073260, ret=1) at
    iohandler.c:122<br>
    pioh = 0x555556541290<br>
    ioh = 0x7ffff0000e70<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/12"
      class="issue-link" title="include lib/libiscsi.syms in tarball">#12</a>
    0x000055555572b742 in main_loop_wait (nonblocking=0) at
    main-loop.c:497<br>
    ret = 1<br>
    timeout = 4294967295<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/13"
      class="issue-link" title="iscsi-test improvements">#13</a>
    0x00005555557235e2 in main_loop () at
    /usr/src/qemu-kvm-1.2.0/vl.c:1643<br>
    nonblocking = false<br>
    last_io = 1<br>
    <a href="https://github.com/sahlberg/libiscsi/issues/14"
      class="issue-link" title="test-tool: 0214 was reading twice from
      -1">#14</a> 0x000055555572a21c in main (argc=42,
    argv=0x7fffffffe548,<br>
    envp=0x7fffffffe6a0) at /usr/src/qemu-kvm-1.2.0/vl.c:3790<br>
    i = 64<br>
    snapshot = 0<br>
    linux_boot = 0<br>
    icount_option = 0x0<br>
    initrd_filename = 0x0<br>
    kernel_filename = 0x0<br>
    kernel_cmdline = 0x5555558d442a ""<br>
    boot_devices = "dc", '\000' <br>
    ds = 0x5555565465a0<br>
    dcl = 0x0<br>
    cyls = 0<br>
    heads = 0<br>
    secs = 0<br>
    translation = 0<br>
    hda_opts = 0x0<br>
    opts = 0x55555650f4b0<br>
    machine_opts = 0x55555650fcb0<br>
    olist = 0x5780f638f2e0<br>
    optind = 42<br>
    optarg = 0x7fffffffebd9 "cirrus"<br>
    loadvm = 0x0<br>
    machine = 0x555555c66780<br>
    cpu_model = 0x7fffffffeb5b "host,+x2apic,model_id=Intel(R) Xeon(R)
    CPU", ' ' , "L5640 @ 2.27GHz,-tsc"<br>
    vga_model = 0x7fffffffebd9 "cirrus"<br>
    pid_file = 0x7fffffffeb1a "/var/run/qemu/vm-279.pid"<br>
    incoming = 0x0<br>
    show_vnc_port = 0<br>
    defconfig = true<br>
    userconfig = true<br>
    log_mask = 0x0<br>
    log_file = 0x0<br>
    mem_trace = {malloc = 0x55555572683e ,<br>
    realloc = 0x555555726896 ,<br>
    free = 0x5555557268fd , calloc = 0, try_malloc = 0,<br>
    try_realloc = 0}<br>
    trace_events = 0x0<br>
    trace_file = 0x0<br>
    <br>
    Is this a regression in qemu-kvm. I remember there where some
    modifications regarding SCSI<br>
    passthru lately. Maybe there was a problem introduced with this.<br>
    <br>
    BR,<br>
    Peter<br>
    <br>
  </body>
</html>

--------------030106040901040105050208--