Bug 812328

Summary: qemu-kvm aborted when using multiple usb storage on Win2003 guest
Product: Red Hat Enterprise Linux 6 Reporter: Qingtang Zhou <qzhou>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.3CC: acathrow, areis, bsarathy, dyasny, flang, juzhang, michen, minovotn, mkenneth, sluo, virt-maint, xwei
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.279.el6 Doc Type: Bug Fix
Doc Text:
Cause: ehci emulation had a limitation on the number of queue heads proccessed (was added as workaround for a bug fixed meanwhile). Consequence: With lots of devices present ehci didn't process all queues, rendering some devices non-functional. Fix: Remove limitation. Resolution: ehci works fine even with lots of devices.
 Story Points: ---
Clone Of:
: 813713 (view as bug list) Environment:
Last Closed: 2012-06-20 11:46:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 813713    
Attachments:
Description Flags
full backtrace
none
qemu cmd line none

Description Qingtang Zhou 2012-04-13 11:55:02 UTC 
Description of problem:
qemu-kvm aborted with signal 6 when assign 24 'usb-storage' devices to it.
I met this problem on Win2003 guest. Tested RHEL6 guest, no crash occur found.

qemu-kvm reports:
[qemu output] qemu: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1941: ehci_advance_state: Assertion `iter < 20' failed.

BTW, I find following output before crash occurred, it repeats many times.
[qemu output] handle_dev_stop: stop
[qemu output] handle_dev_stop: stop
[qemu output] handle_dev_stop: stop
[qemu output] handle_dev_stop: stop
[qemu output] handle_dev_stop: stop
[qemu output] handle_dev_stop: stop
...


Version-Release number of selected component (if applicable):
# rpm -q kernel
kernel-2.6.32-262.el6.x86_64

# rpm -qa |grep qemu
qemu-img-0.12.1.2-2.272.el6.x86_64
qemu-kvm-tools-0.12.1.2-2.266.el6.x86_64
qemu-kvm-debuginfo-0.12.1.2-2.272.el6.x86_64
gpxe-roms-qemu-0.9.7-6.9.el6.noarch
qemu-kvm-0.12.1.2-2.272.el6.x86_64


How reproducible:
4/5

Steps to Reproduce:
1. assign 24 usb-storages to guest.
2. Start the guest with those disks.
3. Format those disks.
4. Copy file into / out of those disks.
5. Compare the original file and the copied file using md5 or fc comand.
  
Actual results:


Expected results:


Additional info:
qemu-kvm cmd line:
(actual cmd line is very long, I attach it)
# qemu ... \
-device usb-ehci,id=usb1,bus=pci.0,addr=0x4 \
-device usb-ehci,id=usb2,bus=pci.0,addr=0x5 \
-device usb-ehci,id=usb3,bus=pci.0,addr=0x6 \
-device usb-ehci,id=usb4,bus=pci.0,addr=0x7 \
-drive file='/home/autotest-devel/client/tests/kvm/stg0.qcow2',if=none,id=usb2.0,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native \
-device usb-storage,bus=usb1.0,port=1,drive=usb2.0 \
-drive file='/home/autotest-devel/client/tests/kvm/stg1.qcow2',if=none,id=usb2.1,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native \
-device usb-storage,bus=usb1.0,port=2,drive=usb2.1 \
-drive file='/home/autotest-devel/client/tests/kvm/stg2.qcow2',if=none,id=usb2.2,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native \
-device usb-storage,bus=usb1.0,port=3,drive=usb2.2 \
-drive file='/home/autotest-devel/client/tests/kvm/stg3.qcow2',if=none,id=usb2.3,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native \
-device usb-storage,bus=usb1.0,port=4,drive=usb2.3 \
-drive file='/home/autotest-devel/client/tests/kvm/stg4.qcow2',if=none,id=usb2.4,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native \
-device usb-storage,bus=usb1.0,port=5,drive=usb2.4 \
-drive file='/home/autotest-devel/client/tests/kvm/stg5.qcow2',if=none,id=usb2.5,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native \
-device usb-storage,bus=usb1.0,port=6,drive=usb2.5 \
...

gdb backtrace:
(gdb) info thread
  5 Thread 0x7fa8b346f700 (LWP 12855)  0x00007fa8c1c026e7 in ioctl () from /lib64/libc.so.6
  4 Thread 0x7fa8bc4cc700 (LWP 12909)  0x00007fa8c3b2a7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
  3 Thread 0x7fa8b2a6e700 (LWP 12856)  0x00007fa8c1c026e7 in ioctl () from /lib64/libc.so.6
  2 Thread 0x7fa8b0e3a700 (LWP 12857)  0x00007fa8c1c0aba3 in epoll_wait () from /lib64/libc.so.6
* 1 Thread 0x7fa8c413d940 (LWP 12845)  0x00007fa8c1b558a5 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007fa8c1b558a5 in raise () from /lib64/libc.so.6
#1  0x00007fa8c1b57085 in abort () from /lib64/libc.so.6
#2  0x00007fa8c1b4ea1e in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007fa8c1b4eae0 in __assert_fail () from /lib64/libc.so.6
#4  0x00007fa8c430d16c in ehci_advance_state (ehci=0x7fa8c8349720, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1941
#5  0x00007fa8c430e9ad in ehci_advance_async_state (opaque=0x7fa8c8349720) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2047
#6  ehci_frame_timer (opaque=0x7fa8c8349720) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2180
#7  0x00007fa8c41c81ea in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1323
#8  main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4019
#9  0x00007fa8c41e972a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2244
#10 0x00007fa8c41cab1c in main_loop (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4202
#11 main (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6427

(Full backtrace info is attached.)
Comment 1 Qingtang Zhou 2012-04-13 11:56:39 UTC 
Created attachment 577310 [details]
full backtrace
Comment 2 Qingtang Zhou 2012-04-13 11:57:25 UTC 
Created attachment 577311 [details]
qemu cmd line
Comment 4 Ademar Reis 2012-04-13 13:27:08 UTC 
Did we support usb-storage in RHEL6.2? If yes, please test RHEL6.2 so that we know if this is a regression or not.
Comment 5 Qingtang Zhou 2012-04-16 13:26:27 UTC 
(In reply to comment #4)
> Did we support usb-storage in RHEL6.2? If yes, please test RHEL6.2 so that we
> know if this is a regression or not.

Hi, 
I tested on RHEL6.2 GA version today, but didn't get any results (Win2003 guest always get blank screen after boot up).
I'm trying to reproduce this problem with other windows guests, hope I can get some good news tmr.
Comment 6 Ademar Reis 2012-04-16 15:30:05 UTC 
(In reply to comment #5)
> (In reply to comment #4)
> > Did we support usb-storage in RHEL6.2? If yes, please test RHEL6.2 so that we
> > know if this is a regression or not.
> 
> Hi, 
> I tested on RHEL6.2 GA version today, but didn't get any results (Win2003 guest
> always get blank screen after boot up).
> I'm trying to reproduce this problem with other windows guests, hope I can get
> some good news tmr.

I'll wait for your feedback then. Thanks.
Comment 7 Qingtang Zhou 2012-04-17 10:00:04 UTC 
(In reply to comment #6)
> (In reply to comment #5)
> > (In reply to comment #4)
> > > Did we support usb-storage in RHEL6.2? If yes, please test RHEL6.2 so that we
> > > know if this is a regression or not.
> > 
> > Hi, 
> > I tested on RHEL6.2 GA version today, but didn't get any results (Win2003 guest
> > always get blank screen after boot up).
> > I'm trying to reproduce this problem with other windows guests, hope I can get
> > some good news tmr.
> 
> I'll wait for your feedback then. Thanks.

Hi, Ademar,
After resolve that win2003 blank screen problem (qxl drive isn't correctly installed.), I tested win2003 guest on RHEL6.2GA and RHEL6.2-z host, not found qemu aborted problem.

kernel & qemu-kvm version:

RHEL-6.2 GA:
# rpm -q kernel
kernel-2.6.32-220.3.1.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64

RHEL-6.2-Z:
# rpm -q kernel
kernel-2.6.32-220.7.1.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64
Comment 8 Gerd Hoffmann 2012-04-17 11:22:09 UTC 
http://patchwork.ozlabs.org/patch/153123/
Comment 10 Gerd Hoffmann 2012-04-18 07:59:38 UTC 
patch posted.
Comment 14 langfang 2012-04-26 06:31:57 UTC 
reporduce this issue with steps and  environment as follows:
version:
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.267.el6ev.x86_64
#uname -r
2.6.32-262.el6.x86_64

steps:
1)boot guest 
(gdb) r -m 2G -smp 2 -cpu Penryn,+x2apic, -boot order=dcn,menu=on -uuid e85e6987-c012-4025-878a-d4a5f521f8a5 -rtc base=utc,clock=host,driftfix=slew -no-kvm-pit-reinjection -monitor stdio -name rhelwin7-64 -spice port=5830,disable-ticketing -vga qxl -device usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device usb-ehci,id=usb2,bus=pci.0,addr=0x5 -device usb-ehci,id=usb3,bus=pci.0,addr=0x6 -device usb-ehci,id=usb4,bus=pci.0,addr=0x7 -drive file=/home/bug812328-win2003.qcow2,index=0,if=none,id=drive-virtio-disk1,media=disk,cache=none,boot=on,snapshot=off,readonly=off,format=qcow2,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk1,id=virtio-disk1 -drive file=/home/bug812328-test/sta0.qcow2,if=none,id=usb2.0,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=1,drive=usb2.0 -drive file=/home/bug812328-test/sta1.qcow2,if=none,id=usb2.1,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=2,drive=usb2.1 -drive file=/home/bug812328-test/sta2.qcow2,if=none,id=usb2.2,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=3,drive=usb2.2 -drive file=/home/bug812328-test/sta3.qcow2,if=none,id=usb2.3,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=4,drive=usb2.3 -drive file=/home/bug812328-test/sta4.qcow2,if=none,id=usb2.4,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=5,drive=usb2.4 -drive file='/home/bug812328-test/sta5.qcow2',if=none,id=usb2.5,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=6,drive=usb2.5 -drive file='/home/bug812328-test/sta6.qcow2',if=none,id=usb2.6,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=1,drive=usb2.6 -drive file='/home/bug812328-test/sta7.qcow2',if=none,id=usb2.7,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=2,drive=usb2.7 -drive file='/home/bug812328-test/sta8.qcow2',if=none,id=usb2.8,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=3,drive=usb2.8 -drive file='/home/bug812328-test/sta9.qcow2',if=none,id=usb2.9,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=4,drive=usb2.9 -drive file='/home/bug812328-test/sta10.qcow2',if=none,id=usb2.10,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=5,drive=usb2.10 -drive file='/home/bug812328-test/sta11.qcow2',if=none,id=usb2.11,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=6,drive=usb2.11 -drive file='/home/bug812328-test/sta12.qcow2',if=none,id=usb2.12,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=1,drive=usb2.12 -drive file='/home/bug812328-test/sta13.qcow2',if=none,id=usb2.13,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=2,drive=usb2.13 -drive file='/home/bug812328-test/sta14.qcow2',if=none,id=usb2.14,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=3,drive=usb2.14 -drive file='/home/bug812328-test/sta15.qcow2',if=none,id=usb2.15,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=4,drive=usb2.15 -drive file='/home/bug812328-test/sta16.qcow2',if=none,id=usb2.16,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=5,drive=usb2.16 -drive file='/home/bug812328-test/sta17.qcow2',if=none,id=usb2.17,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=6,drive=usb2.17 -drive file='/home/bug812328-test/sta18.qcow2',if=none,id=usb2.18,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=1,drive=usb2.18 -drive file='/home/bug812328-test/sta19.qcow2',if=none,id=usb2.19,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=2,drive=usb2.19 -drive file='/home/bug812328-test/sta20.qcow2',if=none,id=usb2.20,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=3,drive=usb2.20 -drive file='/home/bug812328-test/sta21.qcow2',if=none,id=usb2.21,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=4,drive=usb2.21 -drive file='/home/bug812328-test/sta22.qcow2',if=none,id=usb2.22,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=5,drive=usb2.22 -drive file='/home/bug812328-test/sta23.qcow2',if=none,id=usb2.23,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=6,drive=usb2.23 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,mac=05:10:20:2f:37:26,bus=pci.0,addr=0x3,id=net0 
Starting program: /usr/libexec/qemu-kvm -m 2G -smp 2 -cpu Penryn,+x2apic, -boot order=dcn,menu=on -uuid e85e6987-c012-4025-878a-d4a5f521f8a5 -rtc base=utc,clock=host,driftfix=slew -no-kvm-pit-reinjection -monitor stdio -name rhelwin7-64 -spice port=5830,disable-ticketing -vga qxl -device usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device usb-ehci,id=usb2,bus=pci.0,addr=0x5 -device usb-ehci,id=usb3,bus=pci.0,addr=0x6 -device usb-ehci,id=usb4,bus=pci.0,addr=0x7 -drive file=/home/bug812328-win2003.qcow2,index=0,if=none,id=drive-virtio-disk1,media=disk,cache=none,boot=on,snapshot=off,readonly=off,format=qcow2,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk1,id=virtio-disk1 -drive file=/home/bug812328-test/sta0.qcow2,if=none,id=usb2.0,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=1,drive=usb2.0 -drive file=/home/bug812328-test/sta1.qcow2,if=none,id=usb2.1,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=2,drive=usb2.1 -drive file=/home/bug812328-test/sta2.qcow2,if=none,id=usb2.2,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=3,drive=usb2.2 -drive file=/home/bug812328-test/sta3.qcow2,if=none,id=usb2.3,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=4,drive=usb2.3 -drive file=/home/bug812328-test/sta4.qcow2,if=none,id=usb2.4,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=5,drive=usb2.4 -drive file='/home/bug812328-test/sta5.qcow2',if=none,id=usb2.5,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb1.0,port=6,drive=usb2.5 -drive file='/home/bug812328-test/sta6.qcow2',if=none,id=usb2.6,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=1,drive=usb2.6 -drive file='/home/bug812328-test/sta7.qcow2',if=none,id=usb2.7,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=2,drive=usb2.7 -drive file='/home/bug812328-test/sta8.qcow2',if=none,id=usb2.8,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=3,drive=usb2.8 -drive file='/home/bug812328-test/sta9.qcow2',if=none,id=usb2.9,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=4,drive=usb2.9 -drive file='/home/bug812328-test/sta10.qcow2',if=none,id=usb2.10,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=5,drive=usb2.10 -drive file='/home/bug812328-test/sta11.qcow2',if=none,id=usb2.11,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb2.0,port=6,drive=usb2.11 -drive file='/home/bug812328-test/sta12.qcow2',if=none,id=usb2.12,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=1,drive=usb2.12 -drive file='/home/bug812328-test/sta13.qcow2',if=none,id=usb2.13,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=2,drive=usb2.13 -drive file='/home/bug812328-test/sta14.qcow2',if=none,id=usb2.14,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=3,drive=usb2.14 -drive file='/home/bug812328-test/sta15.qcow2',if=none,id=usb2.15,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=4,drive=usb2.15 -drive file='/home/bug812328-test/sta16.qcow2',if=none,id=usb2.16,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=5,drive=usb2.16 -drive file='/home/bug812328-test/sta17.qcow2',if=none,id=usb2.17,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb3.0,port=6,drive=usb2.17 -drive file='/home/bug812328-test/sta18.qcow2',if=none,id=usb2.18,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=1,drive=usb2.18 -drive file='/home/bug812328-test/sta19.qcow2',if=none,id=usb2.19,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=2,drive=usb2.19 -drive file='/home/bug812328-test/sta20.qcow2',if=none,id=usb2.20,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=3,drive=usb2.20 -drive file='/home/bug812328-test/sta21.qcow2',if=none,id=usb2.21,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=4,drive=usb2.21 -drive file='/home/bug812328-test/sta22.qcow2',if=none,id=usb2.22,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=5,drive=usb2.22 -drive file='/home/bug812328-test/sta23.qcow2',if=none,id=usb2.23,media=disk,cache=none,boot=off,snapshot=off,readonly=off,format=qcow2,aio=native -device usb-storage,bus=usb4.0,port=6,drive=usb2.23 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,mac=05:10:20:2f:37:26,bus=pci.0,addr=0x3,id=net0

results:
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1942: ehci_advance_state: Assertion `iter < 20' failed.
(gdb) bt
#0  0x00007ffff57788a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff577a085 in abort () from /lib64/libc.so.6
#2  0x00007ffff5771a1e in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff5771ae0 in __assert_fail () from /lib64/libc.so.6
#4  0x00007ffff7f31bdc in ehci_advance_state (ehci=0x7ffffb43cca0, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1942
#5  0x00007ffff7f333b5 in ehci_advance_async_state (opaque=0x7ffffb43cca0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2049
#6  ehci_frame_timer (opaque=0x7ffffb43cca0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2178
#7  0x00007ffff7deb3ba in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1323
#8  main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4019
#9  0x00007ffff7e0c8ba in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2244
#10 0x00007ffff7dedcec in main_loop (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4202
#11 main (argc=20, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6427

verify this issue with steps and  environment as follows:

#uname -r 
2.6.32-262.el6.x86_64
#rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.282.el6.x86_64
steps:
the same as reproduce

results: guest work well.no abort qemu-kvm,so this issue has been fixed
Comment 17 Michal Novotny 2012-05-04 13:24:34 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
NEEDINFO
Comment 18 Gerd Hoffmann 2012-05-04 13:44:29 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,7 @@
-NEEDINFO+Cause: ehci emulation had a limitation on the number of queue heads proccessed (was added as workaround for a bug fixed meanwhile).
+
+Consequence: With lots of devices present ehci didn't process all queues, rendering some devices non-functional.
+
+Fix: Remove limitation.
+
+Resolution: ehci works fine even with lots of devices.
Comment 19 errata-xmlrpc 2012-06-20 11:46:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0746.html