Re: [Qemu-stable] Data corruption in Qemu 2.7.1

[Paolo Bonzini]

On 17/01/2017 12:22, Fabian Grünbichler wrote:
> 6) repeat 3-5 until md5sum does not match, kernel spews error
> messages, or you are convinced that everything is OK
> 
> sample kernel message (for ext3):
> Jan 17 11:39:32 ubuntu kernel: sd 2:0:0:0: [sda] tag#32 FAILED Result: 
> hostbyte=DID_OK driverbyte=DRIVER_SENSE
> Jan 17 11:39:32 ubuntu kernel: sd 2:0:0:0: [sda] tag#32 Sense Key : Illegal 
> Request [current]
> Jan 17 11:39:32 ubuntu kernel: sd 2:0:0:0: [sda] tag#32 Add. Sense: Invalid 
> field in cdb
> Jan 17 11:39:32 ubuntu kernel: sd 2:0:0:0: [sda] tag#32 CDB: Write(10) 2a 00 
> 0f 3a 90 00 00 07 d8 00
> Jan 17 11:39:32 ubuntu kernel: blk_update_request: critical target error, dev 
> sda, sector 255496192

Can you reproduce it if QEMU runs under "strace -e ioctl -ff" in the 
host?  Or also using this systemtap script.

The important bit would be the lines with a nonzero status, but the
others can be useful to see what the surroundings look like.

# example output for "sudo stap -v strace.stp -c 'sg_opcodes /dev/sda'"
# | sg_opcodes[3444] 00000000 12 00 00 00 24 00 00 00 be 91
# | sg_opcodes[3444] 08100002 a3 0c 00 00 00 00 00 00 20 00

global cdbs%
global reqs%
global names%

function check_pid() {
    return target() == 0 || pid() == target();
}

probe kernel.function("blk_fill_sghdr_rq") {
    if (!check_pid()) next;

    names[$rq]=sprintf("%s[%d]", execname(), tid())
    cdbs[$rq]=sprintf("%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
                    
$hdr->cmdp[0],$hdr->cmdp[1],$hdr->cmdp[2],$hdr->cmdp[3],$hdr->cmdp[4],
                    
$hdr->cmdp[6],$hdr->cmdp[5],$hdr->cmdp[7],$hdr->cmdp[8],$hdr->cmdp[9])
}

probe kernel.function("scsi_setup_cmnd") {
    if (!($req in cdbs)) next;
    reqs[$req->special] = $req;
}

probe kernel.function("scsi_finish_command") {
    if (!($cmd in reqs)) next;
    rq = reqs[$cmd];
    printf("%s %08x %s\n", names[rq], $cmd->result, cdbs[rq]);
    delete reqs[$cmd]
    delete cdbs[rq]
}