Bug 1172950

Summary: Migration win7-64 guest with usb-bot from RHEL7.1->RHEL7.0.z, qemu-kvm on dst RHEL7.0.z core dump
Product: Red Hat Enterprise Linux 7 Reporter: huiqingding <huding>
Component: qemu-kvm-rhevAssignee: Dr. David Alan Gilbert <dgilbert>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: amit.shah, hhuang, huding, juli, juzhang, kraxel, quintela, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-16 08:54:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description huiqingding 2014-12-11 07:43:06 UTC 
Description of problem:
Boot a win7-64 guest with usb-bot on RHEL7.1 host, migrate the guest to RHEL7.0.z host, qemu-kvm on dst host core dump.

Version-Release number of selected component (if applicable):
100%

How reproducible:
RHEL7.1 src host:
kenrel-3.10.0-212.el7.x86_64
qemu-kvm-rhev-2.1.2-16.el7.x86_64

RHEL7.0.z dst host:
kernel-3.10.0-123.9.3.el7.x86_64
qemu-kvm-rhev-1.5.3-60.el7_0.11.x86_64

Guest: 
win7-64

Steps to Reproduce:
1. boot a win7-64 guest with three usb-bot on RHEL7.1 src host:
/usr/libexec/qemu-kvm -cpu Opteron_G1,enforce \
-enable-kvm  -m 4096 -realtime mlock=off -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -numa node,cpus=0 \
-M pc-i440fx-rhel7.0.0 \
-drive file=/mnt/win7-64.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=writethrough,werror=stop,rerror=stop \
-device virtio-scsi-pci,id=scsi0,addr=0x13 \
-device scsi-hd,drive=drive-scsi-disk,bus=scsi0.0,id=data-disk2,bootindex=1 \
-spice port=5901,password=redhat-vga,disable-ticketing -vga qxl -global qxl-vga.vram_size=33554432 \
-monitor stdio \
-device nec-usb-xhci,id=xhci \
-device usb-bot,id=bot1,bus=xhci.0 \
-drive file=/mnt/driver.iso,if=none,id=usb-cdrom1,format=raw \
-device scsi-cd,bus=bot1.0,scsi-id=0,lun=1,drive=usb-cdrom1,id=usb-cdrom1 \
-device usb-ehci,id=ehci \
-device usb-bot,id=bot2,bus=ehci.0 \
-drive file=/mnt/bot-disk1,id=usb-disk1,if=none,format=qcow2 \
-device scsi-hd,bus=bot2.0,scsi-id=0,lun=0,drive=usb-disk1,id=usb-disk1 \
-device nec-usb-xhci,id=xhci1 \
-device usb-storage,drive=drive-usb-2,id=usb-2,removable=on,bus=xhci1.0,port=1 \
-drive file=/mnt/usb-xhci,if=none,id=drive-usb-2,media=disk,format=qcow2 \

2. boot the guest on RHEL7.0.z dst host with "-incoming tcp:0:5800"

3. do migration
(qemu) migrate -d tcp:10.66.9.152:5800

Actual results:
On dst RHEL7.0.z host, qemu-kvm core dump
(gdb) bt
#0  xhci_lookup_uport (xhci=xhci@entry=0x7fffd8270010, slot_ctx=slot_ctx@entry=0x7ffff7fc6c60) at hw/usb/hcd-xhci.c:2106
#1  0x00005555556cc4e8 in usb_xhci_post_load (opaque=0x7fffd8270010, version_id=<optimized out>) at hw/usb/hcd-xhci.c:3459
#2  0x00005555557abe60 in vmstate_load_state (f=0x555556a7aa20, vmsd=0x555555bfa2e0 <vmstate_xhci>, opaque=0x7fffd8270010, version_id=1) at /usr/src/debug/qemu-1.5.3/savevm.c:1779
#3  0x00005555557aca16 in qemu_loadvm_state (f=f@entry=0x555556a7aa20) at /usr/src/debug/qemu-1.5.3/savevm.c:2337
#4  0x00005555556e723e in process_incoming_migration_co (opaque=0x555556a7aa20) at migration.c:105
#5  0x00005555556523ea in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:118
#6  0x00007ffff2ca3570 in ?? () from /lib64/libc.so.6
#7  0x00007fffffffb060 in ?? ()
#8  0x0000000000000000 in ?? ()
(gdb) q


Expected results:
qemu-kvm does not core dump and guest works well.

Additional info:
I also test win8.1-32 guest and RHEL7.1 guest, not hit this problem.