Hi, Kevin Wolf wrote:
> This pulls the request completion for error cases from the caller to > scsi_disk_emulate_command. This should not change semantics, but allows to > reuse scsi_handle_write_error() for flushes in the next patch. Today I tried out qemu-system-arm for the first time. It's faster than I expected; very neat. Unfortunately it segfaults. Reproducible with "master" (077030d11). Bisects to v0.14.0-rc0~489 (scsi-disk: Complete failed requests in scsi_disk_emulate_command, 2010-10-25). Ideas? Jonathan Backtrace: | Program received signal SIGSEGV, Segmentation fault. | 0x00000000005552b5 in lsi_do_command (s=0x13b84d0) at /home/jrn/src/qemu/hw/lsi53c895a.c:762 | 762 dev->info->read_data(dev, s->current->tag); | (gdb) bt full | #0 0x00000000005552b5 in lsi_do_command (s=0x13b84d0) at /home/jrn/src/qemu/hw/lsi53c895a.c:762 | dev = 0x13baf10 | buf = "\000\000\000\000\000\000\000\000\251\207Q\000\000\000\000" | n = 656877154 | #1 lsi_execute_script (s=0x13b84d0) at /home/jrn/src/qemu/hw/lsi53c895a.c:1067 | insn = 20688656 | addr = 97263452 | addr_high = <value optimized out> | opcode = <value optimized out> | insn_processed = 18 | #2 0x00000000005566b8 in lsi_reg_writeb (s=0x13b84d0, offset=<value optimized out>, val=32 ' ') | at /home/jrn/src/qemu/hw/lsi53c895a.c:1656 | No locals. | #3 0x000000004059fe4e in ?? () | No symbol table info available. | #4 0x0000000000000040 in ?? () | No symbol table info available. | #5 0x0000000000000000 in ?? () | No symbol table info available. | (gdb) p n | $1 = 656877154 | (gdb) p dev->info | $2 = (SCSIDeviceInfo *) 0x8df000 | (gdb) p s->current | $3 = (lsi_request *) 0x0 That's weird because qemu_mallocz should have checked for NULL. Program counter: | Dump of assembler code for function lsi_execute_script: [...] | 0x0000000000555250 <+2784>: callq 0x42a970 <qemu_mallocz> | 0x0000000000555255 <+2789>: mov 0x334(%rbx),%edx | 0x000000000055525b <+2795>: mov %rax,0x350(%rbx) | 0x0000000000555262 <+2802>: mov %rbp,%rdi | 0x0000000000555265 <+2805>: mov %edx,(%rax) | 0x0000000000555267 <+2807>: mov 0x350(%rbx),%rsi | 0x000000000055526e <+2814>: lea 0x30(%rsp),%rdx | 0x0000000000555273 <+2819>: mov 0x98(%rbp),%rax | 0x000000000055527a <+2826>: mov 0x330(%rbx),%ecx | 0x0000000000555280 <+2832>: mov (%rsi),%esi | 0x0000000000555282 <+2834>: callq *0x78(%rax) | 0x0000000000555285 <+2837>: cmp $0x0,%eax | 0x0000000000555288 <+2840>: mov %eax,%r14d | 0x000000000055528b <+2843>: jle 0x5555cc <lsi_execute_script+3676> | 0x0000000000555291 <+2849>: movzbl 0x38b(%rbx),%eax | 0x0000000000555298 <+2856>: mov 0x350(%rbx),%rdx | 0x000000000055529f <+2863>: mov %rbp,%rdi | 0x00000000005552a2 <+2866>: and $0xfffffffffffffff8,%eax | 0x00000000005552a5 <+2869>: or $0x1,%eax | 0x00000000005552a8 <+2872>: mov %al,0x38b(%rbx) | 0x00000000005552ae <+2878>: mov 0x98(%rbp),%rax | => 0x00000000005552b5 <+2885>: mov (%rdx),%esi | 0x00000000005552b7 <+2887>: callq *0x80(%rax) | 0x00000000005552bd <+2893>: mov 0x338(%rbx),%ebp Recipe: | $ ./configure --prefix=$HOME/opt/qemu --disable-werror | [...] | $ make -j2 install STRIP=: | [...] | $ PATH=$HOME/opt/qemu/bin:$PATH | $ qemu-img create arm-install.qemu 10G | Formatting 'arm-install.qemu', fmt=raw size=10737418240 | $ wget http://d-i.debian.org/daily-images/armel/daily/versatile/netboot/initrd.gz | [...] | $ wget http://d-i.debian.org/daily-images/armel/daily/versatile/netboot/vmlinuz-2.6.37-2-versatile | [...] | $ sha1sum initrd.gz vmlinuz-2.6.37-2-versatile | 9822cd356e2e66c0ee2d08f2dfc100f074683b81 initrd.gz | 81aa8f15f6d0fb3fa971d859787f89eec653d1a3 vmlinuz-2.6.37-2-versatile | $ | $ qemu-system-arm -M versatilepb -kernel vmlinuz-2.6.37-2-versatile \ | -initrd initrd.gz -hda arm-install.qemu | Segmentation fault (core dumped) The above transcript does not describe the installation process, since it happened in another window. 1. choice of keymap, mirror, etc are boring 2. It asks for a root password. Leave it blank. 3. It asks for a new account. I chose "sudoer". 4. It wants a password. Give one. 5. Choose a time zone and switch to vt4 for messages. 6. Messages (copied by hand): | kernel: [ 928.454139] SCSI subsystem initialized | kernel: [ 928.767929] PCI: enabling device 0000:00:0c.0 (0100 -> 0103) | kernel: [ 928.840653] sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 27 | kernel: [ 928.893943] sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking | kernel: [ 928.902942] sym0: SCSI BUS has been reset. | kernel: [ 928.903283] scsi0 : sym-2.2.3 | kernel: [ 931.915071] sym0: unknown interrupt(s) ignored, ISTAT=0x5 DSTAT=0x80 SIST=0x0 | kernel: [ 931.922015] scsi 0:0:0:0: Direct-Access QEMU QEMU HARDDISK 0.14 PQ: 0 ANSI: 5 | kernel: [ 931.922765] scsi target0:0:0: tagged command queuing enabled, command queue depth 16. | kernel: [ 931.923171] scsi target0:0:0: Beginning Domain Validation | kernel: [ 931.928165] scsi target0:0:0: Domain Validation skipping write tests 7. Segfault. The messages stop. | $ gcc --version | gcc (Debian 4.6.0-7) 4.6.1 20110507 (prerelease) | Copyright (C) 2011 Free Software Foundation, Inc. | This is free software; see the source for copying conditions. There is NO | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | $ ld --version | GNU ld (GNU Binutils for Debian) 2.21.51.20110421 | Copyright 2011 Free Software Foundation, Inc. | This program is free software; you may redistribute it under the terms of | the GNU General Public License version 3 or (at your option) a later version. | This program has absolutely no warranty. | $ /lib/libc.so.6 | head -1 | GNU C Library (Debian EGLIBC 2.13-4) stable release version 2.13, by Roland McGrath et al. | $ uname -a | Linux elie 2.6.39-rc5-amd64 #1 SMP Sat Apr 30 05:48:55 UTC 2011 x86_64 GNU/Linux