other: 0.939 graphic: 0.890 KVM: 0.835 performance: 0.834 debug: 0.808 vnc: 0.806 semantic: 0.805 permissions: 0.790 device: 0.790 boot: 0.780 network: 0.775 files: 0.773 PID: 0.749 socket: 0.712 qemu segfault in virtio_scsi_handle_cmd_req_submit on ARM 32 bit /home/rjones/d/qemu/arm-softmmu/qemu-system-arm \ -global virtio-blk-device.scsi=off \ -nodefconfig \ -enable-fips \ -nodefaults \ -display none \ -M virt \ -machine accel=kvm:tcg \ -m 500 \ -no-reboot \ -rtc driftfix=slew \ -global kvm-pit.lost_tick_policy=discard \ -kernel /home/rjones/d/libguestfs/tmp/.guestfs-1001/appliance.d/kernel \ -initrd /home/rjones/d/libguestfs/tmp/.guestfs-1001/appliance.d/initrd \ -device virtio-scsi-device,id=scsi \ -drive file=/home/rjones/d/libguestfs/tmp/libguestfseV4fT5/scratch.1,cache=unsafe,format=raw,id=hd0,if=none \ -device scsi-hd,drive=hd0 \ -drive file=/home/rjones/d/libguestfs/tmp/.guestfs-1001/appliance.d/root,snapshot=on,id=appliance,cache=unsafe,if=none \ -device scsi-hd,drive=appliance \ -device virtio-serial-device \ -serial stdio \ -chardev socket,path=/home/rjones/d/libguestfs/tmp/libguestfseV4fT5/guestfsd.sock,id=channel0 \ -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ -append 'panic=1 mem=500M console=ttyAMA0 udevtimeout=6000 no_timer_check lpj=4464640 acpi=off printk.time=1 cgroup_disable=memory root=/dev/sdb selinux=0 guestfs_verbose=1 TERM=xterm-256color' The appliance boots, but segfaults as soon as the virtio-scsi driver is loaded: supermin: internal insmod virtio_scsi.ko [ 3.992963] scsi0 : Virtio SCSI HBA libguestfs: error: appliance closed the connection unexpectedly, see earlier error messages I captured a core dump: Core was generated by `/home/rjones/d/qemu/arm-softmmu/qemu-system-arm -global virtio-blk-device.scsi='. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000856bc in virtio_scsi_handle_cmd_req_submit (s=, req=0x6c03acf8) at /home/rjones/d/qemu/hw/scsi/virtio-scsi.c:551 551 bdrv_io_unplug(req->sreq->dev->conf.bs); (gdb) bt #0 0x000856bc in virtio_scsi_handle_cmd_req_submit (s=, req=0x6c03acf8) at /home/rjones/d/qemu/hw/scsi/virtio-scsi.c:551 #1 0x0008573a in virtio_scsi_handle_cmd (vdev=0xac4d68, vq=0xafe4b8) at /home/rjones/d/qemu/hw/scsi/virtio-scsi.c:573 #2 0x0004fdbe in access_with_adjusted_size (addr=80, value=value@entry=0x4443e6c0, size=size@entry=4, access_size_min=1, access_size_max=, access_size_max@entry=0, access=access@entry=0x4fee9 , mr=mr@entry=0xa53fa8) at /home/rjones/d/qemu/memory.c:480 #3 0x00054234 in memory_region_dispatch_write (size=4, data=2, addr=, mr=0xa53fa8) at /home/rjones/d/qemu/memory.c:1117 #4 io_mem_write (mr=0xa53fa8, addr=, val=val@entry=2, size=size@entry=4) at /home/rjones/d/qemu/memory.c:1958 #5 0x00021c88 in address_space_rw (as=0x3b96b4 , addr=167788112, buf=buf@entry=0x4443e790 "\002", len=len@entry=4, is_write=is_write@entry=true) at /home/rjones/d/qemu/exec.c:2135 #6 0x00021de6 in address_space_write (len=4, buf=0x4443e790 "\002", addr=, as=) at /home/rjones/d/qemu/exec.c:2202 #7 subpage_write (opaque=, addr=, value=2, len=4) at /home/rjones/d/qemu/exec.c:1811 #8 0x0004fdbe in access_with_adjusted_size (addr=592, value=value@entry=0x4443e820, size=size@entry=4, access_size_min=1, access_size_max=, access_size_max@entry=0, access=access@entry=0x4fee9 , mr=mr@entry=0xaed980) at /home/rjones/d/qemu/memory.c:480 #9 0x00054234 in memory_region_dispatch_write (size=4, data=2, addr=, mr=0xaed980) at /home/rjones/d/qemu/memory.c:1117 #10 io_mem_write (mr=0xaed980, addr=, val=2, size=size@entry=4) at /home/rjones/d/qemu/memory.c:1958 #11 0x00057f24 in io_writel (retaddr=1121296542, Cannot access memory at address 0x0 addr=, val=2, physaddr=592, env=0x9d6c50) at /home/rjones/d/qemu/softmmu_template.h:381 #12 helper_le_stl_mmu (env=0x9d6c50, addr=, val=2, mmu_idx=, retaddr=1121296542) at /home/rjones/d/qemu/softmmu_template.h:419 #13 0x42d5a0a0 in ?? () Cannot access memory at address 0x0 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) print req $1 = (VirtIOSCSIReq *) 0x6c03acf8 (gdb) print req->sreq $2 = (SCSIRequest *) 0xc2c2c2c2 (gdb) print req->sreq->dev Cannot access memory at address 0xc2c2c2c6 (gdb) print *req $3 = { dev = 0x6c000040, vq = 0x6c000040, qsgl = { sg = 0x0, nsg = 0, nalloc = -1027423550, size = 3267543746, dev = 0xc2c2c2c2, as = 0xc2c2c2c2 }, resp_iov = { iov = 0xc2c2c2c2, niov = -1027423550, nalloc = -1027423550, size = 3267543746 }, elem = { index = 3267543746, out_num = 3267543746, in_num = 3267543746, in_addr = {14033993530586874562 }, out_addr = {14033993530586874562 }, in_sg = {{ iov_base = 0xc2c2c2c2, iov_len = 3267543746 } }, out_sg = {{ iov_base = 0xc2c2c2c2, iov_len = 3267543746 } } }, vring = 0xc2c2c2c2, { next = { tqe_next = 0xc2c2c2c2, tqe_prev = 0xc2c2c2c2 }, remaining = -1027423550 }, sreq = 0xc2c2c2c2, resp_size = 3267543746, mode = (SCSI_XFER_TO_DEV | unknown: 3267543744), resp = { cmd = { sense_len = 3267543746, resid = 3267543746, status_qualifier = 49858, status = 194 '\302', response = 194 '\302' }, tmf = { response = 194 '\302' }, an = { event_actual = 3267543746, response = 194 '\302' }, event = { event = 3267543746, lun = "\302\302\302\302\302\302\302", , reason = 3267543746 } }, req = { { cmd = { lun = "\302\302\302\302\302\302\302", , tag = 14033993530586874562, task_attr = 194 '\302', prio = 194 '\302', crn = 194 '\302' }, cdb = 0x6c042d73 '\302' , }, tmf = { type = 3267543746, subtype = 3267543746, lun = "\302\302\302\302\302\302\302", , tag = 14033993530586874562 }, an = { type = 3267543746, lun = "\302\302\302\302\302\302\302", , event_requested = 3267543746 } } } This is qemu from git today (2014-10-07). The hardware is 32 bit ARM (ODROID-XU Samsung Exynos 5410). It is running Ubuntu 14.04 LTS as the main operating system, but I am NOT using qemu from Ubuntu (which is ancient). Richard, is this 3 year old bug still an issue? Ah, my mail client found the thread that tells me this was fixed in commit 35e4e96c4d5bfcf. So we can close this. Yes, qemu's working fine on aarch64 so this must have been fixed.