Bug 739678

Summary: qemu hits assert on usb-host device hot add
Product: [Fedora] Fedora Reporter: Chris Wright <chrisw>
Component: qemuAssignee: Fedora Virtualization Maintainers <virt-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: amit.shah, berrange, crobinso, dougsland, dwmw2, ehabkost, itamar, jaswinder, jforbes, knoel, pebolle, scottt.tw, tburke, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-17 22:01:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Wright 2011-09-19 19:17:20 UTC 
Description of problem:

When hot adding usb host device to guest, qemu hits assert.

Version-Release number of selected component (if applicable):

Upstream qemu including usb/usb.27 changes from kraxel's tree.

How reproducible:

100%

Steps to Reproduce and Actual results:

Hotplug usb-host device (phone):

(qemu) device_add usb-host,hostbus=2,hostport=1,bus=usb.0
 
Hits this assert:
 
qemu-system-x86_64: /home/chrisw/git/qemu/qemu/hw/usb.c:349:
usb_packet_complete: Assertion `p->owner != ((void *)0)' failed.

And hotplug usb-host device (mouse):
 
(qemu) device_add usb-host,hostbus=6,hostaddr=11,bus=usb.0

Hits this assert:
 
qemu-system-x86_64: savevm.c:1260: vmstate_register_with_alias_id:
Assertion `!se->compat || se->instance_id == 0' failed.


Expected results:

Device is added and functional.

Additional info:

This works on qemu-system-x86.0.15.0-4
This doesn't work on upstream commit:

530889f sun4u: don't set up isa_mem_base

Or with usb/usb.27 merged in to that upstream base.
Comment 1 Gerd Hoffmann 2011-09-20 08:10:52 UTC 
Can you attach a stacktrace for the assert please?
Comment 2 Gerd Hoffmann 2011-10-28 10:01:27 UTC 
Can you retest with latest master?
Comment 3 Paul Bolle 2012-01-25 11:09:18 UTC 
0) I ran into this with 0.15.1:
$ qemu -usb -snapshot -fda 2880.img
husb: open device 1.6
husb: config #1 need -1
husb: 1 interfaces claimed for configuration 1
husb: grabbed usb device 1.6
husb: config #1 need 1
husb: 1 interfaces claimed for configuration 1
husb: config #1 need 1
husb: 1 interfaces claimed for configuration 1
qemu: /builddir/build/BUILD/qemu-kvm-0.15.1/hw/usb.c:336: usb_packet_complete: Assertion `p->owner != ((void *)0)' failed.
Aborted (core dumped)

1) Backtrace (manually generated from abrt's directory for this crash), as asked to original submitter in comment #1:
(gdb) bt
#0  0x00007f0cb2a2d285 in raise () from /lib64/libc.so.6
#1  0x00007f0cb2a2eb9b in abort () from /lib64/libc.so.6
#2  0x00007f0cb2a25e9e in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007f0cb2a25f42 in __assert_fail () from /lib64/libc.so.6
#4  0x00007f0cb74ddd4a in usb_packet_complete (dev=<optimized out>, p=0x7f0cb8a4c040)
    at /usr/src/debug/qemu-kvm-0.15.1/hw/usb.c:336
#5  0x00007f0cb74e0ed0 in async_complete (opaque=0x7f0cb8a4d570) at usb-linux.c:360
#6  0x00007f0cb7503bfa in qemu_iohandler_poll (readfds=0x7fffe7fe0020, writefds=0x7fffe7fe00a0, 
    xfds=<optimized out>, ret=<optimized out>) at iohandler.c:158
#7  0x00007f0cb74815b9 in main_loop_wait (nonblocking=<optimized out>)
    at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1348
#8  0x00007f0cb746c661 in main_loop () at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1392
#9  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at /usr/src/debug/qemu-kvm-0.15.1/vl.c:3378

2) Feel free to prod for more details, testing, etc.
Comment 4 Paul Bolle 2012-01-25 11:14:23 UTC 
Mark as duplicate of bug #769625 ? That report has a (backported) patch attached, which is claimed to fix this issue.
Comment 5 Fedora Admin XMLRPC Client 2012-03-15 17:59:21 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 6 Cole Robinson 2012-06-17 22:01:38 UTC 
This should be fixed by qemu-1.0 in F17+, please reopen this report if you are still hitting issues.