QEMU

Machine shut off after tons of lsi_scsi: error: MSG IN data too long

Bug #697510 reported by Jérôme Poulin
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
QEMU
Expired
Undecided
Unassigned

Bug Description

The problem mostly happens during our backup, syslog does not have any problematic messages.

Host is Ubuntu 10.10 x86 64 bits
Guest is Windows 2003 Server 32 bits
Using Virtio and Red Hat driver I get a STOP screen 0x100000d1 and machine either reboot, stay frozen or shut off.
Using SCSI the machine shuts off and I get tons of message on stdout;

LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 3500 -smp 4,sockets=4,cores=1,threads=1 -name BMSRV0101 -uuid 6ccbb5fa-5880-a1ab-3b7a-fb7ccc7c8ccf -nodefaults -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/BMSRV0101.monitor,server,nowait -mon chardev=monitor,mode=readline -rtc base=localtime -boot c -device lsi,id=scsi0,bus=pci.0,addr=0x4 -drive if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=/dev/vgUbuntu/vmBMSRV0101,if=none,id=drive-scsi0-0-0,boot=on,format=raw -device scsi-disk,bus=scsi0.0,scsi-id=0,drive=drive-scsi0-0-0,id=scsi0-0-0 -device virtio-net-pci,vlan=0,id=net0,mac=52:54:00:5d:7b:07,bus=pci.0,addr=0x3 -net tap,fd=63,vlan=0,name=hostnet0 -chardev pty,id=serial0 -device isa-serial,chardev=serial0 -usb -device usb-tablet,id=input0 -vnc 127.0.0.1:0 -vga cirrus -device usb-host,hostbus=002,hostaddr=005,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
char device redirected to /dev/pts/0
pci_add_option_rom: failed to find romfile "pxe-virtio.bin"
husb: open device 2.5
husb: config #1 need -1
husb: 1 interfaces claimed for configuration 1
husb: grabbed usb device 2.5
husb: config #1 need 1
husb: 1 interfaces claimed for configuration 1

lsi_scsi: error: Unimplemented message 0x00
(x8)

lsi_scsi: error: MSG IN data too long
lsi_scsi: error: Unimplemented message 0x00
(x760)

lsi_scsi: error: MSG IN data too long
lsi_scsi: error: MSG IN data too long
kvm: /build/buildd/qemu-kvm-0.12.5+noroms/hw/lsi53c895a.c:512: lsi_do_dma: Assertion `s->current' failed.

I can include minidump file if needed.
I am currently using IDE and it seems OK.

Revision history for this message
Stefan Hajnoczi (stefanha) wrote : Re: [Qemu-devel] [Bug 697510] [NEW] Machine shut off after tons of lsi_scsi: error: MSG IN data too long

On Wed, Jan 5, 2011 at 5:05 AM, TiCPU <email address hidden> wrote:
> Using Virtio and Red Hat driver I get a STOP screen 0x100000d1 and machine either reboot, stay frozen or shut off.

Here the minidump would be useful and we should get in touch with the
person that maintains the virtio-blk Windows driver.

> Using SCSI the machine shuts off and I get tons of message on stdout;
[...]
> lsi_scsi: error: Unimplemented message 0x00
> (x8)
>
> lsi_scsi: error: MSG IN data too long
> lsi_scsi: error: Unimplemented message 0x00
> (x760)
>
> lsi_scsi: error: MSG IN data too long
> lsi_scsi: error: MSG IN data too long
> kvm: /build/buildd/qemu-kvm-0.12.5+noroms/hw/lsi53c895a.c:512: lsi_do_dma: Assertion `s->current' failed.

Looks like the LSI SCSI device emulation is getting out of sync with
the guest's device driver.

Can you give more details or a test case that reproduces these
problems? Which backup software are you using and is it known to do
special purpose SCSI commands?

Stefan

Revision history for this message
Stefan Hajnoczi (stefanha) wrote :

On Thu, Jan 6, 2011 at 9:43 AM, Stefan Hajnoczi <email address hidden> wrote:
> On Wed, Jan 5, 2011 at 5:05 AM, TiCPU <email address hidden> wrote:
>> Using Virtio and Red Hat driver I get a STOP screen 0x100000d1 and machine either reboot, stay frozen or shut off.
>
> Here the minidump would be useful and we should get in touch with the
> person that maintains the virtio-blk Windows driver.

Vadim, do you maintain the virtio-blk Windows driver? Perhaps you
have some ideas on how to debug this?

Stefan

Revision history for this message
vrozenfe (vrozenfe) wrote :

"Red Hat driver" means driver from rhel virtio-win.prm?

Revision history for this message
Jérôme Poulin (jeromepoulin) wrote :

Some new informations, the IDE bus works for a while then the PC slows down and finally backup fails and freeze most of the I/Os.

The underlying device is a Iomega REV 120 USB appearing as a CD-ROM, /dev/sr0 and using FAT32 with 32k clusters.
The backup program is Symantec Backup Exec 11d

I worked around the problem by formatting the REV 120 back to UDF and sharing it via Samba, BackupExec now backups to the REV via network.

I tried iSCSI and had problems too.

I attached all the minidumps, they all look the same.

Revision history for this message
vrozenfe (vrozenfe) wrote :

Can you try viostor with sptd (scsi pass through direct) disabled?

Revision history for this message
Thomas Huth (th-huth) wrote :

Triaging old bug tickets ... do you still have this problem with the latest version of QEMU, or could we close this bug nowadays?

Changed in qemu:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for QEMU because there has been no activity for 60 days.]

Changed in qemu:
status: Incomplete → Expired
Revision history for this message
Bugs SysSec (bugs-syssec) wrote :

We found a reproducer during fuzzing:

```
qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.
```

To reproduce run the QEMU with the following command line:
```
qemu-system-x86_64 -cdrom hypertrash.iso -nographic -m 100 -enable-kvm -net none -device ich9-usb-ehci1 -device usb-tablet -device lsi53c810,id=scsi0 -drive file=hda.img,if=none,format=raw,discard=unmap,cache=none,id=someid -device scsi-hd,drive=someid,bus=scsi0.0
```

QEMU Version:
```
# qemu-5.0.0
$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
$ x86_64-softmmu/qemu-system-x86_64 --version
QEMU emulator version 5.0.0
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
```

To create disk image run:
```
dd if=/dev/zero of=hda.img bs=1024 count=1024
```

Bugs SysSec (bugs-syssec)
Changed in qemu:
status: Expired → New
Revision history for this message
Alexander Bulekov (a1xndr) wrote :

Here is a qtest reproducer:

cat << EOF | ./i386-softmmu/qemu-system-i386 -nographic -M q35,accel=qtest -qtest stdio -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw -device lsi53c895a,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0 -monitor none -serial none
outl 0xcf8 0x80001814
outl 0xcfc 0xe1068000
outl 0xcf8 0x80001818
outl 0xcf8 0x80001804
outw 0xcfc 0x7
outl 0xcf8 0x80002010
write 0xe106802e 0x1 0xff
write 0xe106802f 0x1 0xff
EOF

With -trace lsi\*:
...
[R +0.037396] write 0xe106802e 0x1 0xff
15257@1594419708.889733:lsi_reg_write Write reg DSP2 0x2e = 0xff
OK
[S +0.037420] OK
[R +0.037434] write 0xe106802f 0x1 0xff
15257@1594419708.889814:lsi_reg_write Write reg DSP3 0x2f = 0xff
15257@1594419708.889862:lsi_execute_script SCRIPTS dsp=0xffff0000 opcode 0x105e8b06 arg 0x89084e8b
qemu-system-i386: /home/alxndr/Development/qemu/hw/scsi/lsi53c895a.c:624: void lsi_do_dma(LSIState *, int): Assertion `s->current' failed.

Revision history for this message
Thomas Huth (th-huth) wrote : Moved bug report

This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:

 https://gitlab.com/qemu-project/qemu/-/issues/84

Changed in qemu:
status: New → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.