KVM segmentation fault, using SCSI+writeback and linux 2.4 guest

Bug #595438 reported by Коренберг Марк
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KVM
Invalid
Undecided
Unassigned
QEMU
Fix Released
Undecided
Unassigned
qemu-kvm
Fix Released
Undecided
Unassigned
qemu-kvm (Debian)
Fix Released
Unknown
qemu-kvm (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Fix Released
Medium
Unassigned

Bug Description

I Use Ubuntu 32 bit 10.04 with standard KVM.
I have Intel E7600 @ 3.06GHz processor with VMX

In this system I Run:
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -M pc-0.12 -enable-kvm -m 256 -smp 1 -name spamsender -uuid b9cacd5e-08f7-41fd-78c8-89cec59af881 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/spamsender.monitor,server,nowait -monitor chardev:monitor -boot d -drive file=/mnt/megadiff/cdiso_400_130.iso,if=ide,media=cdrom,index=2 -drive file=/home/mmarkk/spamsender2.img,if=scsi,index=0,format=qcow2,cache=writeback -net nic,macaddr=00:00:00:00:00:00,vlan=0,name=nic.0 -net tap,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus

.iso image contain custom distro of 2.4-linux kernel based system. During install process (when .tar.gz actively unpacked), kvm dead with segmentation fault.

And ONLY when I choose scsi virtual disk and writeback simultaneously.
But, writeback+ide, writethrough+scsi works OK.

I use qcow2. It seems, that qcow does not have such problems.

Virtual machine get down at random time during file copy. It seems, when qcow2 file size need to be expanded.

IMPACT: kvm used with scsi virtual disk and writeback dies with segfault.

FIX: is the inclusion of a patch cherry-picked from upstream which dequeues
requests before invoking callbacks. It is at
http://bazaar.launchpad.net/~serge-hallyn/ubuntu/lucid/qemu-kvm/fix-scsi-writeback/revision/70

TO REPRODUCE: See the command above.

REGRESSION POTENTIAL: this is cherry-picked from upstream, and has been
tested by the bug reporter with no ill effects.

Revision history for this message
Коренберг Марк (socketpair) wrote :

do not fuck me about 'spamsender' machine name. I never send spam. it's just our mail server :)

Revision history for this message
Коренберг Марк (socketpair) wrote :

Bug 100% reproductible (on this, and on other machine with different processor)

core dump (bzip2) attached

summary: - segmentation scsi writeback
+ KVM segmentation fault, using SCSI+writeback and linux 2.4 guest
description: updated
Revision history for this message
Jes Sorensen (jes-sorensen) wrote :

Could you try and run this in GDB and get the backtrace when it crashes?
Just do:

gdb /usr/bin/kvm
(gdb) set args -M pc-0.12 -enable-kvm -m 256 -smp 1 -name spamsender -uuid b9cacd5e-08f7-41fd-78c8-89cec59af881 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/spamsender.monitor,server,nowait -monitor chardev:monitor -boot d -drive file=/mnt/megadiff/cdiso_400_130.iso,if=ide,media=cdrom,index=2 -drive file=/home/mmarkk/spamsender2.img,if=scsi,index=0,format=qcow2,cache=writeback -net nic,macaddr=00:00:00:00:00:00,vlan=0,name=nic.0 -net tap,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
(gdb) run
<after crash>
(gdb) bt

Make sure to have all the debug packages installed, otherwise the backtrace isn't really useful.

Unfortunately the core file you posted isn't of use to anyone who doesn't have Ubuntu installed with the exact packages you have installed. It just shows some random addresses in gdb.

Thanks,
Jes

Revision history for this message
Коренберг Марк (socketpair) wrote :

(gdb) run
Starting program: /usr/bin/kvm -M pc-0.12 -enable-kvm -m 256 -smp 1 -boot d -drive file=/mnt/megadiff/cdiso_400_130.iso,if=ide,media=cdrom,index=2 -drive file=/home/mmarkk/spamsender2.img,if=scsi,index=0,format=qcow2,cache=writeback
[Thread debugging using libthread_db enabled]
[New Thread 0xb7145b70 (LWP 4715)]
pci_add_option_rom: failed to find romfile "pxe-rtl8139.bin"
[New Thread 0xa54c4b70 (LWP 4747)]
scsi-disk: Tag 0x0 already in use

Program received signal SIGSEGV, Segmentation fault.
0x08468b10 in ?? ()
(gdb) bt
#0 0x08468b10 in ?? ()
#1 0x080f0ef6 in ?? ()
#2 0x080d4cf9 in ?? ()
#3 0x080c470f in ?? ()
#4 0x080c47c7 in ?? ()
#5 0x08052266 in ?? ()
#6 0x0806dcc4 in ?? ()
#7 0x08055465 in ?? ()
#8 0xb7a42bd6 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#9 0x0804ec51 in ?? ()
(gdb)

mmarkk@mmarkk-work:~/src/KVM$ pmap 4712
4712: /usr/bin/kvm -M pc-0.12 -enable-kvm -m 256 -smp 1 -boot d -drive file=/mnt/megadiff/cdiso_400_130.iso,if=ide,media=cdrom,index=2 -drive file=/home/mmarkk/spamsender2.img,if=scsi,index=0,format=qcow2,cache=writeback
08048000 2064K r-x-- /usr/bin/qemu-system-x86_64
0824c000 4K r---- /usr/bin/qemu-system-x86_64
0824d000 76K rw--- /usr/bin/qemu-system-x86_64
08260000 3408K rw--- [ anon ]
085b4000 64K rw--- [ anon ]

It seems, that 0x0804ec51 is in anonymous memory, does not it ?

I will try to use debug libraries. Please write how I can help more.

Revision history for this message
Коренберг Марк (socketpair) wrote :

scsi-disk: Tag 0x0 already in use
maybe problem here?

Revision history for this message
Коренберг Марк (socketpair) wrote :

sudo apt-get install libaio1-dbg libcomerr2-dbg libdbus-glib-1-2-dbg libgcrypt11-dbg keyutils-dbg libncurses5-dbg zlib1g-dbg libc6-dbg libcurl3-dbg libdirectfb-1.2-0-dbg libgnutls26-dbg libkrb5-dbg libice6-dbg libldap-2.4-2-dbg libogg-dbg libpulse0-dbg gsasl-dbg libsm6-dbg libtasn1-3-dbg libx11-6-dbg libxau6-dbg libxcb1-dbg libxdmcp6-dbg libxext6-dbg libxi6-dbg libxtst6-dbg libc-dbg

is this sufficient ?

Revision history for this message
Коренберг Марк (socketpair) wrote :

(gdb) bt
#0 0x00000202 in ?? ()
#1 0x080f362c in ?? ()
#2 0x080f0f16 in ?? ()
#3 0x080d4d19 in ?? ()
#4 0x080c472f in ?? ()
#5 0x080c47e7 in ?? ()
#6 0x08052266 in ?? ()
#7 0x0806dcc4 in ?? ()
#8 0x08055465 in ?? ()
#9 0xb7a42bd6 in __libc_start_main (main=0x8053f20, argc=14, ubp_av=0xbffff3e4, init=0x81f0480, fini=0x81f0470,
    rtld_fini=0xb7ff10c0 <_dl_fini>, stack_end=0xbffff3dc) at libc-start.c:226
#10 0x0804ec51 in ?? ()

nothing interesting after installing debug libraries. What to do next?
(kvm has been upgraded o latest in ubuntu, addresses has been changed in output)

Revision history for this message
Коренберг Марк (socketpair) wrote :

Yeah. I have compile non-stripped kvm binary.
(gdb) bt
#0 0x0852cd88 in ?? ()
#1 0x080f0f16 in scsi_command_complete (r=0x86252d8, status=<value optimized out>, sense=<value optimized out>)
    at /home/mmarkk/src/KVM/qemu-kvm-0.12.3+noroms/hw/scsi-disk.c:105
#2 0x080d4d19 in qcow_aio_write_cb (opaque=0x85e68b8, ret=0) at block/qcow2.c:631
#3 0x080c472f in posix_aio_process_queue (opaque=0x846bd98) at posix-aio-compat.c:460
#4 0x080c47e7 in posix_aio_read (opaque=0x846bd98) at posix-aio-compat.c:501
#5 0x08052266 in main_loop_wait (timeout=1000) at /home/mmarkk/src/KVM/qemu-kvm-0.12.3+noroms/vl.c:3999
#6 0x0806dcc4 in kvm_main_loop () at /home/mmarkk/src/KVM/qemu-kvm-0.12.3+noroms/qemu-kvm.c:2122
#7 0x08055465 in main_loop (argc=14, argv=0xbffff3e4, envp=0xbffff420) at /home/mmarkk/src/KVM/qemu-kvm-0.12.3+noroms/vl.c:4210
#8 main (argc=14, argv=0xbffff3e4, envp=0xbffff420) at /home/mmarkk/src/KVM/qemu-kvm-0.12.3+noroms/vl.c:6238

Revision history for this message
Коренберг Марк (socketpair) wrote :

/* Helper function for command completion. */
static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
{
    DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
            r->req.tag, status, sense);
    scsi_req_set_status(&r->req, status, sense);
    scsi_req_complete(&r->req); // <--------- this is line #105 in my sources.
    scsi_remove_request(r);
}

What to do next?

Revision history for this message
Коренберг Марк (socketpair) wrote :

void scsi_req_complete(SCSIRequest *req)
{
    assert(req->status != -1);
    req->bus->complete(req->bus, SCSI_REASON_DONE,
                       req->tag,
                       req->status);
}

(gdb) bt 1
#0 0x0852cd88 in ?? ()
(More stack frames follow...)
(gdb) frame 1
#1 0x080f0f16 in scsi_command_complete (r=0x86252d8, status=<value optimized out>, sense=<value optimized out>)
    at /home/mmarkk/src/KVM/qemu-kvm-0.12.3+noroms/hw/scsi-disk.c:105
105 scsi_req_complete(&r->req);
(gdb) print r->req->bus->complete
$7 = (scsi_completionfn) 0x852cd88
(gdb) disassemble 0x852cd88
No function contains specified address.

Corrupted memory ?

Revision history for this message
Коренберг Марк (socketpair) wrote :
Download full text (3.5 KiB)

I have tried to repeat this bug on latest snapshot of kvm, and kvm get fall in same places.
I talked with Jan Kiszka. bt commands on three experiments in same conditions:

-------------------------------------------------
(gdb) bt
#0 0xb7412500 in main_arena () from /lib/tls/i686/cmov/libc.so.6
#1 0x080b1a36 in scsi_write_complete (opaque=0x9f4bef0, ret=0) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/hw/scsi-disk.c:231
#2 0x08095281 in qcow_aio_write_cb (opaque=0x9fef530, ret=0) at block/qcow2.c:640
#3 0x080849bf in posix_aio_process_queue (opaque=0x9ddb798) at posix-aio-compat.c:460
#4 0x08084a77 in posix_aio_read (opaque=0x9ddb798) at posix-aio-compat.c:501
#5 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1300
#6 0x0806ea84 in kvm_main_loop () at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/qemu-kvm.c:1710
#7 0x08060a73 in main_loop (argc=14, argv=0xbf959ef4, envp=0xbf959f30) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1340
#8 main (argc=14, argv=0xbf959ef4, envp=0xbf959f30) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:3069
-------------------------------------------------
(gdb) bt
#0 0xb7778430 in __kernel_vsyscall ()
#1 0xb7309651 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0xb730ca82 in *__GI_abort () at abort.c:92
#3 0xb734049d in __libc_message (do_abort=2, fmt=0xb7414f98 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps unix/sysv/linux/libc_fatal.c:189
#4 0xb734a591 in malloc_printerr (action=<value optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0x9aca398) at malloc.c:6264
#5 0xb734bde8 in _int_free (av=<value optimized out>, p=<value optimized out>) at malloc.c:4792
#6 0xb734eecd in *__GI___libc_free (mem=0x9aca398) at malloc.c:3738
#7 0x080b186c in scsi_remove_request (r=0x9aca398) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/hw/scsi-disk.c:86
#8 0x08095281 in qcow_aio_write_cb (opaque=0x9abee58, ret=0) at block/qcow2.c:640
#9 0x080849bf in posix_aio_process_queue (opaque=0x994e798) at posix-aio-compat.c:460
#10 0x08084a77 in posix_aio_read (opaque=0x994e798) at posix-aio-compat.c:501
#11 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1300
#12 0x0806ea84 in kvm_main_loop () at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/qemu-kvm.c:1710
#13 0x08060a73 in main_loop (argc=14, argv=0xbffb66e4, envp=0xbffb6720) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1340
#14 main (argc=14, argv=0xbffb66e4, envp=0xbffb6720) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:3069
--------------------------------------------------------
#0 0x08d134f0 in ?? ()
#1 0x080b1936 in scsi_command_complete (r=0x8d083f0, status=<value optimized out>, sense=<value optimized out>) at home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/hw/scsi-disk.c:106
#2 0x08095281 in qcow_aio_write_cb (opaque=0x8dab488, ret=0) at block/qcow2.c:640
#3 0x080849bf in posix_aio_process_queue (opaque=0x8b97798) at posix-aio-compat.c:460
#4 0x08084a77 in posix_aio_read (opaque=0x8b97798) at posix-aio-compat.c:501
#5 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/src/KV...

Read more...

Changed in qemu:
status: New → Confirmed
Revision history for this message
Коренберг Марк (socketpair) wrote :

I can send .iso installation image (~400mb compressed) and instructions how to reproduce bug.

Revision history for this message
Коренберг Марк (socketpair) wrote :

format=qcow2, aio=threads - the same.....
format=qcow - DOES NOT DIE (!) - checked experiment three times !

Revision history for this message
Коренберг Марк (socketpair) wrote :

RHEL 5.5 (in guest) does not break KVM in such conditions.

Revision history for this message
Коренберг Марк (socketpair) wrote :

valgrind --malloc-fill=0x69 --free-fill=0x11

Process terminating with default action of signal 11 (SIGSEGV)
==00:00:01:03.046 29447== Access not within mapped region at address 0x11111151
==00:00:01:03.046 29447== at 0x80B4713: scsi_req_free (scsi-bus.c:153)
==00:00:01:03.047 29447== by 0x80B186B: scsi_remove_request (scsi-disk.c:86)
==00:00:01:03.047 29447== by 0x8095280: qcow_aio_write_cb (qcow2.c:640)
==00:00:01:03.047 29447== by 0x80849BE: posix_aio_process_queue (posix-aio-compat.c:460)
==00:00:01:03.047 29447== by 0x8084A76: posix_aio_read (posix-aio-compat.c:501)
==00:00:01:03.047 29447== by 0x805E3D7: main_loop_wait (vl.c:1300)
==00:00:01:03.047 29447== by 0x806EA83: kvm_main_loop (qemu-kvm.c:1710)
==00:00:01:03.047 29447== by 0x8060A72: main (vl.c:1340)

It seems, that 0x11111151 - is a pointer inside already freed region :(

http://dl3.ideco-software.ru/IdecoICS/IdecoICS_342_123.iso
http://dl1.ideco-software.ru/IdecoICS/IdecoICS_342_123.iso
http://dl2.ideco-software.ru/IdecoICS/IdecoICS_342_123.iso

(If you get 404, please inform me, I will give new links.)

Instructions how to reproduce:
after boot: type "setup100hz action=install p=1" and press Enter. Line should look as:

boot: setup100hz action=install p=1

In each experiment
You need fresh (empty) "qemu-img create -f qcow2 8G" image (preferable in tmpfs filesystem) Image will be expanded nearly to 1.5 Gb. I have VMX-enabled Intel processor and 32-bit kernel. KVM was built just using ./configure && make

command:
qemu-system-x86_64 -drive file=xxx.img,cache=writeback,if=scsi -cdrom IdecoICS_342_123.iso

It will show some dialogs while copying files after which it will go to reboot if all OK.
In our case: somewhere during copying files, kvm will do segmentation fault, before rebooting of VM.

Revision history for this message
Коренберг Марк (socketpair) wrote :

New links:

http://dl3.ideco-software.ru/IdecoICS/IdecoICS_343_102.iso
http://dl1.ideco-software.ru/IdecoICS/IdecoICS_343_102.iso
http://dl2.ideco-software.ru/IdecoICS/IdecoICS_343_102.iso

For some reason the fall of KVM are much rarer, though earlier it fell each time. I noticed that more often than not, it crashes when KVM is in the background, and I say, sitting in the browser. It seems, that it is true race-condition.

$ ./kvm --version
QEMU emulator version 0.12.50 (qemu-kvm-devel), Copyright (c) 2003-2008 Fabrice Bellard

Also, I have checked - cache=writeback does not work not in ide, nor in scsi. I mean that write cache does not work, and writing work as writethrough. In old version of KVM (qemu-kvm-0.12.3) there is no such bug.

Revision history for this message
Коренберг Марк (socketpair) wrote :

Patch was created and sent to developers by Jan Kiszka. (He does not love bugtrackers)

Revision history for this message
Коренберг Марк (socketpair) wrote :
Changed in qemu:
status: Confirmed → Fix Committed
affects: qemu → qemu-kvm
Changed in qemu:
status: New → Fix Committed
Changed in qemu-kvm:
status: Fix Committed → Confirmed
Changed in kvm:
status: New → Confirmed
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for pushing on this! The fix is in 0.13.0-rc0, and we will merge
this into maverick as soon as it is GA'd. The fix appears to very
cleanly (with a few offsets but no rejects) apply to both the lucid and
maverick source. I propose we merge the patch by itself into lucid, and
wait for the GA for maverick.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 595438] Re: KVM segmentation fault, using SCSI+writeback and linux 2.4 guest

Could you test qemu-kvm_0.12.3+noroms-0ubuntu10 from
ppa:serge-hallyn/virt? If this fixes your problem then I will
propose it for merge.

Revision history for this message
Коренберг Марк (socketpair) wrote :

Please say how to make ppa:... repository work for me.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Quoting Коренберг Марк (<email address hidden>):
> Please say how to make ppa:... repository work for me.

sudo add-apt-repository ppa:serge-hallyn/virt
sudo apt-get update
sudo apt-get upgrade

Then to remove it, rm /etc/apt/sources.list.d/serge-hallyn-virt-lucid.list
and apt-get update again.

Revision history for this message
Коренберг Марк (socketpair) wrote :

Yeah! bug is killed ! Thanks for work, I love OpenSource :)

description: updated
Changed in qemu:
status: Fix Committed → Fix Released
status: Fix Released → Fix Committed
Changed in qemu-kvm:
status: Confirmed → Fix Released
Changed in qemu-kvm (Ubuntu):
status: New → Fix Released
importance: Undecided → Medium
Steve Beattie (sbeattie)
Changed in qemu-kvm (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Martin Pitt (pitti) wrote :

SRU ack, please upload.

Thierry Carrez (ttx)
Changed in qemu-kvm (Ubuntu Lucid):
assignee: nobody → Thierry Carrez (ttx)
Revision history for this message
Thierry Carrez (ttx) wrote :

Uploaded to lucid-proposed

Changed in qemu-kvm (Ubuntu Lucid):
assignee: Thierry Carrez (ttx) → nobody
status: In Progress → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted qemu-kvm into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in qemu-kvm (Ubuntu Lucid):
status: Confirmed → Fix Committed
tags: added: verification-needed
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

Could anyone test the package in -proposed and report feedback here ?
Thanks in advance.

Changed in qemu-kvm (Debian):
status: Unknown → Confirmed
Changed in qemu-kvm (Debian):
status: Confirmed → Fix Released
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Tried to reproduce this so as to be able to verify the fix in lucid-proposed,
but a 2.4 based livecd is apparently hard to come by! Can someone who
reproduces this point me to a livecd i can use?

Revision history for this message
Коренберг Марк (socketpair) wrote :
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks. I will try to reproduce this as soon as I can (which will be next
week.) IF anyone else can get to it sooner, to confirm that the proposed
fix works, by all means please comment the result here so the fix can
finally get cleared.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

At last! I was able to reproduce this using a copy of fedora 1 from

http://archive.kernel.org/fedora-archive/fedora/linux/core/1/i386/iso/yarrow-i386-disc1.iso

This would segfault before completing install from disc 1 more than 50% of the time. With the qemu-kvm from -proposed, I've not been able to get it to segfault.

Revision history for this message
Dustin Kirkland  (kirkland) wrote : Re: [Bug 595438] Re: KVM segmentation fault, using SCSI+writeback and linux 2.4 guest

Fedora1? Seriously? :-P

Revision history for this message
Imre Gergely (cemc) wrote :

I can confirm the segfault with the same Fedora 1 install. It doesn't even get to 50%, it segfaults way earlier. In fact I tried this:

- kvm-img create -f qcow2 /store/KVM/test.qcow2 2G
- gimre@voy:~$ sudo LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sn:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -M pc-0.12 -enable-kvm -m 256 -smp 1 -name spamsender -uuid b9cacd5e-08f7-41fd-78c8-89cec59af881 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/test.monitor,server,nowait -monitor chardev:monitor -boot d -drive file=/store/Kits/isos/yarrow-i386-disc1.iso,if=ide,media=cdrom,index=2 -drive file=/store/KVM/test.qcow2,if=scsi,index=0,format=qcow2,cache=writeback -net nic,macaddr=00:00:00:00:00:00,vlan=0,name=nic.0 -net tap,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 172.16.21.1:1 -vga cirrus
(mostly the same options, renamed only to "test whatever")
- Fedora text install, everything on default, "Personal Desktop", auto-partitioning
- after it complained that the stuff wouldn't fit (because the partitions are too small), I gave it another go (without reboot) and it crapped out instantly.

----------
gimre@voy:~$ sudo LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sn:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -M pc-0.12 -enable-kvm -m 256 -smp 1 -name spamsender -uuid b9cacd5e-08f7-41fd-78c8-89cec59af881 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/test.monitor,server,nowait -monitor chardev:monitor -boot d -drive file=/store/Kits/isos/yarrow-i386-disc1.iso,if=ide,media=cdrom,index=2 -drive file=/store/KVM/test.qcow2,if=scsi,index=0,format=qcow2,cache=writeback -net nic,macaddr=00:00:00:00:00:00,vlan=0,name=nic.0 -net tap,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 172.16.21.1:1 -vga cirrus
char device redirected to /dev/pts/12
pci_add_option_rom: failed to find romfile "pxe-rtl8139.bin"
scsi-disk: Tag 0x0 already in use
Segmentation fault
----------

I'll try the -proposed package in a little while.

Revision history for this message
Imre Gergely (cemc) wrote :

Tried the package from -proposed and the above command installs Fedora Core 1, without any problems, tried it three times just to be sure.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu-kvm - 0.12.3+noroms-0ubuntu9.3

---------------
qemu-kvm (0.12.3+noroms-0ubuntu9.3) lucid-proposed; urgency=low

  * Fix segfault when using scsi with writeback (LP: #595438)
 -- Serge Hallyn <email address hidden> Wed, 28 Jul 2010 09:56:56 -0500

Changed in qemu-kvm (Ubuntu Lucid):
status: Fix Committed → Fix Released
Aurelien Jarno (aurel32)
Changed in qemu:
status: Fix Committed → Fix Released
Changed in kvm:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.