From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34081)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1bHaND-00063q-Cu
	for qemu-devel@nongnu.org; Mon, 27 Jun 2016 13:31:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1bHaN8-0002Ry-Vy
	for qemu-devel@nongnu.org; Mon, 27 Jun 2016 13:31:03 -0400
Received: from indium.canonical.com ([91.189.90.7]:43243)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1bHaN8-0002RV-Nx
	for qemu-devel@nongnu.org; Mon, 27 Jun 2016 13:30:58 -0400
Received: from loganberry.canonical.com ([91.189.90.37])
	by indium.canonical.com with esmtp (Exim 4.76 #1 (Debian))
	id 1bHaN7-00042p-Hg
	for <qemu-devel@nongnu.org>; Mon, 27 Jun 2016 17:30:57 +0000
Received: from loganberry.canonical.com (localhost [127.0.0.1])
	by loganberry.canonical.com (Postfix) with ESMTP id 4428A2E80D1
	for <qemu-devel@nongnu.org>; Mon, 27 Jun 2016 17:30:57 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 27 Jun 2016 17:21:44 -0000
From: Eduardo <1596579@bugs.launchpad.net>
Reply-To: Bug 1596579 <1596579@bugs.launchpad.net>
Sender: bounces@canonical.com
References: <20160627153749.31174.93791.malonedeb@chaenomeles.canonical.com>
Message-Id: <20160627172144.23628.28861.malone@gac.canonical.com>
Errors-To: bounces@canonical.com
Subject: [Qemu-devel] [Bug 1596579] Re: segfault upon reboot
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

The VM is fine until I issue a reboot on the guest OS, in this case it
happened right at [315765.858431]. That is, once I boot the host, the
guest starts fine, I am able to use the tape drive fine, but when I
reboot for whatever reason, I guess the segfault.

Is this enough or do you want the full dumpxml ?

    <hostdev mode=3D'subsystem' type=3D'pci' managed=3D'yes'>
      <driver name=3D'vfio'/>
      <source>
        <address domain=3D'0x0000' bus=3D'0x1a' slot=3D'0x00' function=3D'0=
x0'/>
      </source>
      <alias name=3D'hostdev0'/>
      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x08' fu=
nction=3D'0x0'/>
    </hostdev>

Makes sense to me what you've explained about libvirt returning to the
host driver, but unfortunately I don't have enough knowledge to comment,
sorry.

lspci -vvv:

1a:00.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068E PCI-Exp=
ress Fusion-MPT SAS (rev 08)
        Subsystem: Hewlett-Packard Company SC44Ge Host Bus Adapter
        Physical Slot: 3
        Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr+=
 Stepping- SERR+ FastB2B- DisINTx+
        Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=3Dfast >TAbort- <T=
Abort- <MAbort- >SERR- <PERR- INTx-
        Latency: 0, Cache Line Size: 64 bytes
        Interrupt: pin A routed to IRQ 27
        Region 0: I/O ports at 2000 [disabled] [size=3D256]
        Region 1: Memory at 97a10000 (64-bit, non-prefetchable) [size=3D16K]
        Region 3: Memory at 97a00000 (64-bit, non-prefetchable) [size=3D64K]
        Expansion ROM at <ignored> [disabled]
        Capabilities: [50] Power Management version 2
                Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=3D0mA PME(D0-,D1-,D2=
-,D3hot-,D3cold-)
                Status: D0 NoSoftRst- PME-Enable- DSel=3D0 DScale=3D0 PME-
        Capabilities: [68] Express (v1) Endpoint, MSI 00
                DevCap: MaxPayload 4096 bytes, PhantFunc 0, Latency L0s <64=
ns, L1 <1us
                        ExtTag+ AttnBtn- AttnInd- PwrInd- RBE- FLReset-
                DevCtl: Report errors: Correctable- Non-Fatal+ Fatal+ Unsup=
ported-
                        RlxdOrd+ ExtTag+ PhantFunc- AuxPwr- NoSnoop+
                        MaxPayload 256 bytes, MaxReadReq 4096 bytes
                DevSta: CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr- Tr=
ansPend-
                LnkCap: Port #0, Speed 2.5GT/s, Width x8, ASPM L0s L1, Exit=
 Latency L0s <64ns, L1 <1us
                        ClockPM- Surprise- LLActRep- BwNot-
                LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
                        ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
                LnkSta: Speed 2.5GT/s, Width x8, TrErr- Train- SlotClk- DLA=
ctive- BWMgmt- ABWMgmt-
        Capabilities: [98] MSI: Enable- Count=3D1/1 Maskable- 64bit+
                Address: 0000000000000000  Data: 0000
        Capabilities: [b0] MSI-X: Enable+ Count=3D1 Masked-
                Vector table: BAR=3D1 offset=3D00002000
                PBA: BAR=3D1 offset=3D00003000
        Capabilities: [100 v1] Advanced Error Reporting
                UESta:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- =
RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
                UEMsk:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- =
RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
                UESvrt: DLP+ SDES- TLP+ FCP+ CmpltTO+ CmpltAbrt- UnxCmplt- =
RxOF+ MalfTLP+ ECRC+ UnsupReq- ACSViol-
                CESta:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatal=
Err-
                CEMsk:  RxErr- BadTLP+ BadDLLP+ Rollover+ Timeout+ NonFatal=
Err-
                AERCap: First Error Pointer: 00, GenCap+ CGenEn- ChkCap+ Ch=
kEn-
        Kernel driver in use: vfio-pci

Installed debuginfo packages and abrt caught it. The coredump is 11G but
tar.bz2 everything is at 367M. Anything in specific you'd like from all
the debug info generated?

-- =

You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1596579

Title:
  segfault upon reboot

Status in QEMU:
  New

Bug description:
  [   31.167946] VFIO - User Level meta-driver version: 0.3
  [   34.969182] kvm: zapping shadow pages for mmio generation wraparound
  [   43.095077] vfio-pci 0000:1a:00.0: irq 50 for MSI/MSI-X
  [166493.891331] perf interrupt took too long (2506 > 2500), lowering kern=
el.perf_event_max_sample_rate to 50000
  [315765.858431] qemu-kvm[1385]: segfault at 0 ip           (null) sp 0000=
7ffe5430db18 error 14
  [315782.002077] vfio-pci 0000:1a:00.0: transaction is not cleared; procee=
ding with reset anyway
  [315782.910854] mptsas 0000:1a:00.0: Refused to change power state, curre=
ntly in D3
  [315782.911236] mptbase: ioc1: Initiating bringup
  [315782.911238] mptbase: ioc1: WARNING - Unexpected doorbell active!
  [315842.957613] mptbase: ioc1: ERROR - Failed to come READY after reset! =
IocState=3Df0000000
  [315842.957670] mptbase: ioc1: WARNING - ResetHistory bit failed to clear!
  [315842.957675] mptbase: ioc1: ERROR - Diagnostic reset FAILED! (ffffffff=
h)
  [315842.957717] mptbase: ioc1: WARNING - NOT READY WARNING!
  [315842.957720] mptbase: ioc1: ERROR - didn't initialize properly! (-1)
  [315842.957890] mptsas: probe of 0000:1a:00.0 failed with error -1

  The qemu-kvm segfault happens when I issue a reboot on the Windows VM. Th=
e card I have is:
  1a:00.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068E PCI-E=
xpress Fusion-MPT SAS (rev ff)

  I have two of these cards (bought with many years difference), exact same=
 model, and they fail the same way. I'm using PCI passthrough on this card =
for access to the tape drive.
  This is very easy to reproduce, so feel free to let me know what to try.
  Kernel 3.10.0-327.18.2.el7.x86_64 (Centos 7.2.1511).
  qemu-kvm-1.5.3-105.el7_2.4.x86_64
  Reporting it here because of the segfault, but I guess I might have to op=
en a bug report with mptbase as well?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1596579/+subscriptions