Bug 807916

Summary: boot from the USB storage core dumped after press "ctrl-alt-delete"
Product: Red Hat Enterprise Linux 6 Reporter: Sibiao Luo <sluo>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 6.3CC: acathrow, areis, bcao, bsarathy, chayang, dyasny, flang, juzhang, michen, minovotn, mkenneth, qzhang, shu, virt-maint, wdai, wquan, xfu, xigao
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.268.el6 Doc Type: Bug Fix
Doc Text:
Cause: qemu had a bogous assert() in the ehci emulation code. Consequence: qemu dumps core for no reason. Fix: remove assert() Resolution: core dumps are gone.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 11:45:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sibiao Luo 2012-03-29 07:01:55 UTC 
Description of problem:
boot the guest with "-boot menu=on", and set bootindex of emulated USB storage to 1, press F12 during POST and select booting from emulated USB storage, after fail to boot, then press "ctrl-alt-delete" to reset system, core dumped occur.

Version-Release number of selected component (if applicable):
host info:
# uname -r && rpm -q qemu-kvm
2.6.32-251.el6.x86_64
qemu-kvm-0.12.1.2-2.265.el6rhev.x86_64
# rpm -qa | grep seabios
seabios-0.6.1.2-15.el6.x86_64
guest info:
guest_name: RHEL-Server-6.3-64
# uname -r
2.6.32-251.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot the guest with "-boot menu=on", and set "bootindex=1" to the emulated USB storage.
CLI: # /usr/libexec/qemu-kvm -M rhel6.3.0 -cpu SandyBridge -enable-kvm -smp 8,sockets=1,cores=8,threads=1 -m 4G -usb -device usb-tablet,id=input0 -name RHEL-Server-6.3-64 -uuid `uuidgen` -device usb-ehci,id=ehci -drive file=/home/lv_seabios/usb-storage.qcow2,if=none,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native,id=usb-stick -device usb-storage,bus=ehci.0,drive=usb-stick,bootindex=1 -device virtio-balloon-pci,id=ballooning -spice port=5931,disable-ticketing -vga qxl -monitor stdio -boot menu=on -nodefaults
2.press F12 during POST and select booting from emulated USB storage.
3.press "ctrl-alt-delete" to reset system.
  
Actual results:
after the step 3,
(qemu) Request for more bytes than allowed
processing error - resetting ehci HC
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2007: ehci_advance_state: Assertion `0' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff57788a5 in raise () from /lib64/libc.so.6

(gdb) bt
#0  0x00007ffff57788a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff577a085 in abort () from /lib64/libc.so.6
#2  0x00007ffff5771a1e in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff5771ae0 in __assert_fail () from /lib64/libc.so.6
#4  0x00007ffff7f31fe5 in ehci_advance_state (ehci=0x7ffff9d0a3f0, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2007
#5  0x00007ffff7f33365 in ehci_advance_async_state (opaque=0x7ffff9d0a3f0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2049
#6  ehci_frame_timer (opaque=0x7ffff9d0a3f0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2178
#7  0x00007ffff7deb36a in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1323
#8  main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4019
#9  0x00007ffff7e0c86a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2244
#10 0x00007ffff7dedc9c in main_loop (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4202
#11 main (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6427
(gdb)

Expected results:
the system should be reset (restarted) successfully.

Additional info:
Comment 3 Gerd Hoffmann 2012-03-30 11:49:00 UTC 
Patch posted.
Comment 7 Sibiao Luo 2012-04-18 12:32:07 UTC 
Reproduced and verified this issue with the same steps.

Reproduced this issue with the environment and test results as following: 
host info:
# uname -r && rpm -q qemu-kvm
2.6.32-262.el6.x86_64
qemu-kvm-0.12.1.2-2.261.el6.x86_64
guest info:
RHEL-6.3-Beta-1.0-x86_64

Actual results:
processing error - resetting ehci HC
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2007: ehci_advance_state: Assertion `0' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff577b8a5 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff577b8a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff577d085 in abort () from /lib64/libc.so.6
#2  0x00007ffff5774a1e in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff5774ae0 in __assert_fail () from /lib64/libc.so.6
#4  0x00007ffff7f33a85 in ehci_advance_state (ehci=0x7ffff9d0b3f0, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2007
#5  0x00007ffff7f34e05 in ehci_advance_async_state (opaque=0x7ffff9d0b3f0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2049
#6  ehci_frame_timer (opaque=0x7ffff9d0b3f0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2178
#7  0x00007ffff7deee7a in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1323
#8  main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4019
#9  0x00007ffff7e1035a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2244
#10 0x00007ffff7df17ac in main_loop (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4202
#11 main (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6427
(gdb) q

Verified this issue with the environment and test results as following: 
host info:
# uname -r && rpm -q qemu-kvm
2.6.32-262.el6.x86_64
qemu-kvm-0.12.1.2-2.277.el6.x86_64
guest info:
RHEL-6.3-Beta-1.0-x86_64

Actual results:
press F12 during POST and select booting from emulated USB storage, then press "ctrl-alt-delete" to reset system successfully.

Above all, this issue has been fixed.
Comment 9 Michal Novotny 2012-05-04 13:17:20 UTC 
Gerd, could you please add Technical Notes to this bug?

Thanks!
Michal
Comment 10 Michal Novotny 2012-05-04 13:17:20 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
NEEDINFO
Comment 11 Gerd Hoffmann 2012-05-04 13:27:26 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,7 @@
-NEEDINFO+Cause: qemu had a bogous assert() in the ehci emulation code.
+
+Consequence: qemu dumps core for no reason.
+
+Fix: remove assert()
+
+Resolution: core dumps are gone.
Comment 12 errata-xmlrpc 2012-06-20 11:45:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0746.html