Debian Bug report logs - #604869
kvm: FreeBSD + virtual FAT -> crash

Package: qemu-kvm; Maintainer for qemu-kvm is Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>; Source for qemu-kvm is src:qemu (PTS, buildd, popcon).

Reported by: Jakub Wilk <jwilk@debian.org>

Date: Wed, 24 Nov 2010 22:30:02 UTC

Severity: normal

Tags: confirmed, fixed-upstream, upstream

Found in version qemu-kvm/0.13.0+dfsg-2

Fixed in version 0.14.0+dfsg-1~tls

Done: Michael Tokarev <mjt@tls.msk.ru>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, jwilk@debian.org, Jan Lübbe <jluebbe@debian.org>:
Bug#604869; Package qemu-kvm. (Wed, 24 Nov 2010 22:30:05 GMT) (full text, mbox, link).

Acknowledgement sent to Jakub Wilk <jwilk@debian.org>:
New Bug report received and forwarded. Copy sent to jwilk@debian.org, Jan Lübbe <jluebbe@debian.org>. (Wed, 24 Nov 2010 22:30:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: qemu-kvm
Version: 0.13.0+dfsg-2
Severity: normal

kvm with a virtual FAT disk crashes when trying to boot a FreeBSD 
kernel[0]. Backtrace:

#0  0xf7786425 in __kernel_vsyscall ()
#1  0xf7166751 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xf7169b82 in abort () at abort.c:92
#3  0x080889c5 in oom_check (size=4294836496) at qemu-malloc.c:30
#4  qemu_malloc (size=4294836496) at qemu-malloc.c:54
#5  0x081f55aa in qemu_sglist_init (qsg=0x91890a0, alloc_hint=536862737) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:15
#6  0x081ef32b in dma_buf_prepare (bm=0x91899ec, is_write=<value optimized out>) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:439
#7  0x081ef4c5 in ide_read_dma_cb (opaque=0x91899ec, ret=0) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:600
#8  0x081f51e8 in dma_bdrv_cb (opaque=0x9246460, ret=0) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:94
#9  0x0808e480 in bdrv_aio_bh_cb (opaque=0x92312a0) at block.c:2311
#10 0x080c68c8 in qemu_bh_poll () at async.c:150
#11 0x0806311b in main_loop_wait (nonblocking=0) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1317
#12 0x080799b4 in kvm_main_loop () at /tmp/buildd/qemu-kvm-0.13.0+dfsg/qemu-kvm.c:1710
#13 0x08065ce3 in main_loop (argc=7, argv=0xffc66154, envp=0xffc66174) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1341
#14 main (argc=7, argv=0xffc66154, envp=0xffc66174) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:3075

[0] You can try e.g. this image:
http://cdimage.debian.org/cdimage/squeeze_di_beta1/kfreebsd-i386/iso-cd/debian-squeeze-di-beta1-kfreebsd-i386-businesscard.iso


-- Package-specific info:


/proc/cpuinfo:

processor	: 0
vendor_id	: AuthenticAMD
cpu family	: 15
model		: 107
model name	: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
stepping	: 2
cpu MHz		: 2300.000
cache size	: 512 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 1
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow rep_good extd_apicid pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy 3dnowprefetch
bogomips	: 4621.36
TLB size	: 1024 4K pages
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc 100mhzsteps

processor	: 1
vendor_id	: AuthenticAMD
cpu family	: 15
model		: 107
model name	: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
stepping	: 2
cpu MHz		: 2300.000
cache size	: 512 KB
physical id	: 0
siblings	: 2
core id		: 1
cpu cores	: 2
apicid		: 1
initial apicid	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 1
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow rep_good extd_apicid pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy 3dnowprefetch
bogomips	: 4621.36
TLB size	: 1024 4K pages
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc 100mhzsteps




-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental'), (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages qemu-kvm depends on:
ii  adduser                   3.112+nmu2     add and remove users and groups
ii  bridge-utils              1.4-5          Utilities for configuring the Linu
ii  etherboot-qemu            5.4.4-7        Bootstrapping for various network 
ii  iproute                   20100519-3     networking and traffic control too
ii  libaio1                   0.3.107-7      Linux kernel AIO access library - 
ii  libasound2                1.0.23-2.1     shared library for ALSA applicatio
ii  libattr1                  1:2.4.44-2     Extended attribute shared library
ii  libbluetooth3             4.70-1         Library to use the BlueZ Linux Blu
ii  libbrlapi0.5              4.2-6          braille display access via BRLTTY 
ii  libc6                     2.11.2-7       Embedded GNU C Library: Shared lib
ii  libcurl3-gnutls           7.21.2-1       Multi-protocol file transfer libra
ii  libgnutls26               2.10.3-1       the GNU TLS library - runtime libr
ii  libjpeg62                 6b1-1          The Independent JPEG Group's JPEG 
ii  libncurses5               5.7+20100313-4 shared libraries for terminal hand
ii  libpng12-0                1.2.44-1       PNG library - runtime
ii  libpulse0                 0.9.21-3       PulseAudio client libraries
ii  libsasl2-2                2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii  libsdl1.2debian           1.2.14-6.1     Simple DirectMedia Layer
ii  libuuid1                  2.17.2-3.3     Universally Unique ID library
ii  libvdeplug2               2.2.3-3        Virtual Distributed Ethernet - Plu
ii  libx11-6                  2:1.3.3-4      X11 client-side library
ii  python                    2.6.6-5        interactive high-level object-orie
ii  qemu-keymaps              0.13.0+dfsg-2  QEMU keyboard maps
ii  qemu-utils                0.13.0+dfsg-2  QEMU utilities
ii  zlib1g                    1:1.2.5.dfsg-1 compression library - runtime

Versions of packages qemu-kvm recommends:
ii  linux-image-2.6.32-5-686 [lin 2.6.32-27  Linux 2.6.32 for modern PCs
ii  linux-image-2.6.32-5-amd64 [l 2.6.32-27  Linux 2.6.32 for 64-bit PCs

-- 
Jakub Wilk

Information forwarded to debian-bugs-dist@lists.debian.org, Jan Lübbe <jluebbe@debian.org>:
Bug#604869; Package qemu-kvm. (Thu, 25 Nov 2010 07:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Jan Lübbe <jluebbe@debian.org>. (Thu, 25 Nov 2010 07:21:03 GMT) (full text, mbox, link).

Message #10 received at 604869@bugs.debian.org (full text, mbox, reply):

25.11.2010 01:26, Jakub Wilk wrote:
> Package: qemu-kvm
> Version: 0.13.0+dfsg-2
> Severity: normal
> 
> kvm with a virtual FAT disk crashes when trying to boot a FreeBSD
> kernel[0]. Backtrace:
> 
> #0  0xf7786425 in __kernel_vsyscall ()
> #1  0xf7166751 in raise (sig=6) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> #2  0xf7169b82 in abort () at abort.c:92
> #3  0x080889c5 in oom_check (size=4294836496) at qemu-malloc.c:30
> #4  qemu_malloc (size=4294836496) at qemu-malloc.c:54
> #5  0x081f55aa in qemu_sglist_init (qsg=0x91890a0, alloc_hint=536862737)
> at /tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:15
> #6  0x081ef32b in dma_buf_prepare (bm=0x91899ec, is_write=<value
> optimized out>) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:439
> #7  0x081ef4c5 in ide_read_dma_cb (opaque=0x91899ec, ret=0) at
> /tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:600
> #8  0x081f51e8 in dma_bdrv_cb (opaque=0x9246460, ret=0) at
> /tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:94
> #9  0x0808e480 in bdrv_aio_bh_cb (opaque=0x92312a0) at block.c:2311
> #10 0x080c68c8 in qemu_bh_poll () at async.c:150
> #11 0x0806311b in main_loop_wait (nonblocking=0) at
> /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1317
> #12 0x080799b4 in kvm_main_loop () at
> /tmp/buildd/qemu-kvm-0.13.0+dfsg/qemu-kvm.c:1710
> #13 0x08065ce3 in main_loop (argc=7, argv=0xffc66154, envp=0xffc66174)
> at /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1341
> #14 main (argc=7, argv=0xffc66154, envp=0xffc66174) at
> /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:3075

Excellent...  not.

> [0] You can try e.g. this image:
> http://cdimage.debian.org/cdimage/squeeze_di_beta1/kfreebsd-i386/iso-cd/debian-squeeze-di-beta1-kfreebsd-i386-businesscard.iso

I don't think it's specific to debian or freebsd.
Can you describe how to hit the bug, -- how your
vfat directory looks like, and what did you do in
the vm to trigger it?

Thanks!

/mjt

Information forwarded to debian-bugs-dist@lists.debian.org, Jan Lübbe <jluebbe@debian.org>:
Bug#604869; Package qemu-kvm. (Thu, 25 Nov 2010 13:39:06 GMT) (full text, mbox, link).

Acknowledgement sent to Jakub Wilk <jwilk@debian.org>:
Extra info received and forwarded to list. Copy sent to Jan Lübbe <jluebbe@debian.org>. (Thu, 25 Nov 2010 13:39:06 GMT) (full text, mbox, link).

Message #15 received at 604869@bugs.debian.org (full text, mbox, reply):

* Michael Tokarev <mjt@tls.msk.ru>, 2010-11-25, 10:19:
>>#0  0xf7786425 in __kernel_vsyscall ()
>>#1  0xf7166751 in raise (sig=6) at
>>../nptl/sysdeps/unix/sysv/linux/raise.c:64
>>#2  0xf7169b82 in abort () at abort.c:92
>>#3  0x080889c5 in oom_check (size=4294836496) at qemu-malloc.c:30
>>#4  qemu_malloc (size=4294836496) at qemu-malloc.c:54
>>#5  0x081f55aa in qemu_sglist_init (qsg=0x91890a0, alloc_hint=536862737)
>>at /tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:15
>>#6  0x081ef32b in dma_buf_prepare (bm=0x91899ec, is_write=<value
>>optimized out>) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:439
>>#7  0x081ef4c5 in ide_read_dma_cb (opaque=0x91899ec, ret=0) at
>>/tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:600
>>#8  0x081f51e8 in dma_bdrv_cb (opaque=0x9246460, ret=0) at
>>/tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:94
>>#9  0x0808e480 in bdrv_aio_bh_cb (opaque=0x92312a0) at block.c:2311
>>#10 0x080c68c8 in qemu_bh_poll () at async.c:150
>>#11 0x0806311b in main_loop_wait (nonblocking=0) at
>>/tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1317
>>#12 0x080799b4 in kvm_main_loop () at
>>/tmp/buildd/qemu-kvm-0.13.0+dfsg/qemu-kvm.c:1710
>>#13 0x08065ce3 in main_loop (argc=7, argv=0xffc66154, envp=0xffc66174)
>>at /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1341
>>#14 main (argc=7, argv=0xffc66154, envp=0xffc66174) at
>>/tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:3075
>
>Excellent...  not.
>
>>[0] You can try e.g. this image:
>>http://cdimage.debian.org/cdimage/squeeze_di_beta1/kfreebsd-i386/iso-cd/debian-squeeze-di-beta1-kfreebsd-i386-businesscard.iso
>
>I don't think it's specific to debian or freebsd.

I guess so, but I was not able to trigger the bug with Linux kernel 
(I didn't try hard, though).

>Can you describe how 
>to hit the bug, -- how your vfat directory looks like, and what did you 
>do in the vm to trigger it?

OK, to trigger the bug I run:

kvm -cdrom debian-squeeze-di-beta1-kfreebsd-i386-businesscard.iso -boot d -hda fat:empty/

choose "Default install" and just wait a few seconds. Last messages in 
the guest kernel log are:

ad0: 504MB <QEMU HARDDISK 0.13.0> at ata0-master WDMA2                          
ad0: FAILURE - READ_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=1032189     

"empty" is an empty directory on a partition like this:

$ df -T empty/
Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/mapper/root-crypt
               ext4   144182892  95657860  48525032  67% /

$ mount | grep root-crypt
/dev/mapper/root-crypt on / type ext4 (rw,noatime,errors=remount-ro,acl,barrier=1,data=ordered)

-- 
Jakub Wilk

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#604869; Package qemu-kvm. (Sun, 29 Jan 2012 15:24:07 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. (Sun, 29 Jan 2012 15:24:07 GMT) (full text, mbox, link).

Message #20 received at 604869@bugs.debian.org (full text, mbox, reply):

tags 604869 + confirmed upstream fixed-upstream
thanks

[Replying to an old bugreport... Quoting in full...]

On 25.11.2010 14:48, Jakub Wilk wrote:
> * Michael Tokarev <mjt@tls.msk.ru>, 2010-11-25, 10:19:
>>> #0  0xf7786425 in __kernel_vsyscall ()
>>> #1  0xf7166751 in raise (sig=6) at
>>> ../nptl/sysdeps/unix/sysv/linux/raise.c:64
>>> #2  0xf7169b82 in abort () at abort.c:92
>>> #3  0x080889c5 in oom_check (size=4294836496) at qemu-malloc.c:30
>>> #4  qemu_malloc (size=4294836496) at qemu-malloc.c:54
>>> #5  0x081f55aa in qemu_sglist_init (qsg=0x91890a0, alloc_hint=536862737)
>>> at /tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:15
>>> #6  0x081ef32b in dma_buf_prepare (bm=0x91899ec, is_write=<value
>>> optimized out>) at /tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:439
>>> #7  0x081ef4c5 in ide_read_dma_cb (opaque=0x91899ec, ret=0) at
>>> /tmp/buildd/qemu-kvm-0.13.0+dfsg/hw/ide/core.c:600
>>> #8  0x081f51e8 in dma_bdrv_cb (opaque=0x9246460, ret=0) at
>>> /tmp/buildd/qemu-kvm-0.13.0+dfsg/dma-helpers.c:94
>>> #9  0x0808e480 in bdrv_aio_bh_cb (opaque=0x92312a0) at block.c:2311
>>> #10 0x080c68c8 in qemu_bh_poll () at async.c:150
>>> #11 0x0806311b in main_loop_wait (nonblocking=0) at
>>> /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1317
>>> #12 0x080799b4 in kvm_main_loop () at
>>> /tmp/buildd/qemu-kvm-0.13.0+dfsg/qemu-kvm.c:1710
>>> #13 0x08065ce3 in main_loop (argc=7, argv=0xffc66154, envp=0xffc66174)
>>> at /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:1341
>>> #14 main (argc=7, argv=0xffc66154, envp=0xffc66174) at
>>> /tmp/buildd/qemu-kvm-0.13.0+dfsg/vl.c:3075
>>
>> Excellent...  not.
>>
>>> [0] You can try e.g. this image:
>>> http://cdimage.debian.org/cdimage/squeeze_di_beta1/kfreebsd-i386/iso-cd/debian-squeeze-di-beta1-kfreebsd-i386-businesscard.iso
>>
>> I don't think it's specific to debian or freebsd.
> 
> I guess so, but I was not able to trigger the bug with Linux kernel (I didn't try hard, though).
> 
>> Can you describe how to hit the bug, -- how your vfat directory looks like, and what did you do in the vm to trigger it?
> 
> OK, to trigger the bug I run:
> 
> kvm -cdrom debian-squeeze-di-beta1-kfreebsd-i386-businesscard.iso -boot d -hda fat:empty/
> 
> choose "Default install" and just wait a few seconds. Last messages in the guest kernel log are:
> 
> ad0: 504MB <QEMU HARDDISK 0.13.0> at ata0-master WDMA2
> ad0: FAILURE - READ_DMA status=41<READY,ERROR> error=4<ABORTED> LBA=1032189    
>
> "empty" is an empty directory on a partition like this:
> 
> $ df -T empty/
> Filesystem    Type   1K-blocks      Used Available Use% Mounted on
> /dev/mapper/root-crypt
>                ext4   144182892  95657860  48525032  67% /
> 
> $ mount | grep root-crypt
> /dev/mapper/root-crypt on / type ext4 (rw,noatime,errors=remount-ro,acl,barrier=1,data=ordered)

I'm not sure how I overlooked this bugreport
when you provided a way to reproduce it.  So
acting on it now.

I d/loaded current 6.0.4 kfreebsd installer and
verified the bug is actually present in 0.13 as
you described.  And I found out that it does not
happen anymore in 0.14.0 and above, including
the current 1.0 version.  Upstream git log has
some mentions of SIGSEGV and memory corruption
fixes in vvfat driver and in block layer.  So it
looks like one of these fixed the issue.

I'm tagging this bug as "fixed-upstream" for now,
can you please verify that current version does
actually fix the issue for you too?

If yes, I'll close this bug for 0.14.0 version.

Thank you!

/mjt

Added tag(s) upstream, confirmed, and fixed-upstream. Request was from Michael Tokarev <mjt@tls.msk.ru> to control@bugs.debian.org. (Sun, 29 Jan 2012 15:24:11 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Michael Tokarev <mjt@tls.msk.ru>:
Bug#604869; Package qemu-kvm. (Sun, 29 Jan 2012 21:45:04 GMT) (full text, mbox, link).

Message #25 received at 604869@bugs.debian.org (full text, mbox, reply):

* Michael Tokarev <mjt@tls.msk.ru>, 2012-01-29, 19:22:
>I d/loaded current 6.0.4 kfreebsd installer and verified the bug is 
>actually present in 0.13 as you described. And I found out that it 
>does not happen anymore in 0.14.0 and above, including the current 1.0 
>version. Upstream git log has some mentions of SIGSEGV and memory 
>corruption fixes in vvfat driver and in block layer. So it looks like 
>one of these fixed the issue.
>
>I'm tagging this bug as "fixed-upstream" for now, can you please verify 
>that current version does actually fix the issue for you too?

Yes, it does. Thanks.

-- 
Jakub Wilk

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Sun, 29 Jan 2012 22:39:04 GMT) (full text, mbox, link).

Notification sent to Jakub Wilk <jwilk@debian.org>:
Bug acknowledged by developer. (Sun, 29 Jan 2012 22:39:04 GMT) (full text, mbox, link).

Message #30 received at 604869-done@bugs.debian.org (full text, mbox, reply):

Version: 0.14.0+dfsg-1~tls

On 30.01.2012 01:42, Jakub Wilk wrote:
> * Michael Tokarev <mjt@tls.msk.ru>, 2012-01-29, 19:22:
[]
>> I'm tagging this bug as "fixed-upstream" for now, can you please verify that current version does actually fix the issue for you too?
> 
> Yes, it does. Thanks.

Thank you very much for verifying.  Now closing
this bugreport.

Thank you!

/mjt

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 27 Feb 2012 07:40:00 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Nov 24 20:56:18 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #604869 kvm: FreeBSD + virtual FAT -> crash

Debian Bug report logs - #604869
kvm: FreeBSD + virtual FAT -> crash