Bug 980377
| Summary: | QEMU core dump when pathrough USB3.0 stick to guest var xhci controller | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Sibiao Luo <sluo> | ||||
| Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 7.0 | CC: | acathrow, chayang, flang, hhuang, juzhang, kraxel, michen, qzhang, rhod, shuang, virt-maint, xfu | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | qemu-kvm-1.5.3-1.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-06-13 11:46:11 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Sibiao Luo
2013-07-02 08:11:20 UTC
(gdb) bt
#0 0x00007f8f1895da19 in raise () from /lib64/libc.so.6
#1 0x00007f8f1895f128 in abort () from /lib64/libc.so.6
#2 0x00007f8f1d18f1fd in xhci_complete_packet (xfer=xfer@entry=0x7f8efc002038) at hw/usb/hcd-xhci.c:1727
#3 0x00007f8f1d18fe57 in xhci_complete (port=<optimized out>, packet=0x7f8efc002040) at hw/usb/hcd-xhci.c:3197
#4 0x00007f8f1d17c31a in usb_packet_complete (dev=0x7f8f1e91c9f0, p=p@entry=0x7f8efc002040) at hw/usb/core.c:457
#5 0x00007f8f1d194135 in usb_host_req_complete_data (xfer=<optimized out>) at hw/usb/host-libusb.c:375
#6 0x00007f8f194a0767 in usbi_handle_transfer_completion () from /lib64/libusb-1.0.so.0
#7 0x00007f8f194a3a7c in op_handle_events () from /lib64/libusb-1.0.so.0
#8 0x00007f8f194a04f1 in handle_events () from /lib64/libusb-1.0.so.0
#9 0x00007f8f194a1013 in libusb_handle_events_timeout_completed () from /lib64/libusb-1.0.so.0
#10 0x00007f8f1d192be4 in usb_host_handle_fd (opaque=<optimized out>) at hw/usb/host-libusb.c:195
#11 0x00007f8f1d1a3da6 in qemu_iohandler_poll (pollfds=0x7f8f1e638e00, ret=ret@entry=1) at iohandler.c:147
#12 0x00007f8f1d1a9468 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:465
#13 0x00007f8f1d0a9ba9 in main_loop () at vl.c:2029
#14 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4419
(gdb) bt full
#0 0x00007f8f1895da19 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007f8f1895f128 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007f8f1d18f1fd in xhci_complete_packet (xfer=xfer@entry=0x7f8efc002038) at hw/usb/hcd-xhci.c:1727
__func__ = "xhci_complete_packet"
#3 0x00007f8f1d18fe57 in xhci_complete (port=<optimized out>, packet=0x7f8efc002040) at hw/usb/hcd-xhci.c:3197
xfer = 0x7f8efc002038
#4 0x00007f8f1d17c31a in usb_packet_complete (dev=0x7f8f1e91c9f0, p=p@entry=0x7f8efc002040) at hw/usb/core.c:457
ep = 0x7f8f1e91dd70
#5 0x00007f8f1d194135 in usb_host_req_complete_data (xfer=<optimized out>) at hw/usb/host-libusb.c:375
r = 0x7f8f0002bad0
s = 0x7f8f1e91c9f0
disconnect = false
__func__ = "usb_host_req_complete_data"
#6 0x00007f8f194a0767 in usbi_handle_transfer_completion () from /lib64/libusb-1.0.so.0
No symbol table info available.
#7 0x00007f8f194a3a7c in op_handle_events () from /lib64/libusb-1.0.so.0
No symbol table info available.
#8 0x00007f8f194a04f1 in handle_events () from /lib64/libusb-1.0.so.0
No symbol table info available.
#9 0x00007f8f194a1013 in libusb_handle_events_timeout_completed () from /lib64/libusb-1.0.so.0
No symbol table info available.
#10 0x00007f8f1d192be4 in usb_host_handle_fd (opaque=<optimized out>) at hw/usb/host-libusb.c:195
tv = {tv_sec = 0, tv_usec = 0}
#11 0x00007f8f1d1a3da6 in qemu_iohandler_poll (pollfds=0x7f8f1e638e00, ret=ret@entry=1) at iohandler.c:147
revents = <optimized out>
pioh = 0x7f8f1e91ff80
ioh = 0x7f8f1e839420
#12 0x00007f8f1d1a9468 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:465
ret = 1
timeout = 4294967295
#13 0x00007f8f1d0a9ba9 in main_loop () at vl.c:2029
nonblocking = <optimized out>
last_io = 1
#14 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4419
i = <optimized out>
snapshot = 0
linux_boot = <optimized out>
icount_option = 0x0
initrd_filename = <optimized out>
kernel_filename = <optimized out>
kernel_cmdline = <optimized out>
boot_devices = '\000' <repeats 32 times>
ds = <optimized out>
cyls = 0
heads = 0
secs = 0
translation = 0
hda_opts = <optimized out>
opts = <optimized out>
machine_opts = <optimized out>
olist = <optimized out>
optind = 63
optarg = 0x7fff4025c7e1 "usb-host,hostbus=4,hostaddr=3,id=usb-stick"
loadvm = 0x0
machine = 0x7f8f1d71ff20 <pc_q35_machine_v1_5>
cpu_model = 0x7fff4025c208 "SandyBridge"
vga_model = 0x7f8f1d378e4f "cirrus"
pid_file = 0x0
incoming = 0x0
show_vnc_port = 0
defconfig = <optimized out>
userconfig = false
log_mask = 0x0
log_file = 0x0
mem_trace = {malloc = 0x7f8f1d212600 <malloc_and_trace>, realloc = 0x7f8f1d2125c0 <realloc_and_trace>,
free = 0x7f8f1d212580 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0}
trace_events = 0x0
trace_file = 0x0
__PRETTY_FUNCTION__ = "main"
args = {ram_size = 4294967296, boot_device = 0x7f8f1d34f306 "cad", kernel_filename = 0x0,
kernel_cmdline = 0x7f8f1d395910 "", initrd_filename = 0x0, cpu_model = 0x7fff4025c208 "SandyBridge"}
(gdb)
My whole qemu-kvm command line:
# /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -name sluo -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa61 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=bridge1,addr=0x4 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=/home/RHEL-7.0-20130628.0-Server-x86_64.qcow3,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial="QEMU-DISK1" -device virtio-scsi-pci,num_queues=4,id=scsi0,bus=bridge1,addr=0x5 -device scsi-hd,bus=scsi0.0,drive=drive-system-disk,id=system-disk,bootindex=1 -device virtio-balloon-pci,id=ballooning,bus=bridge1,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -netdev tap,id=hostnet0,vhost=on,queues=4,script=/etc/qemu-ifup -device virtio-net-pci,mq=on,vectors=17,netdev=hostnet0,id=virtio-net-pci0,mac=08:2e:5f:0a:0d:b1,bus=bridge1,addr=0x7,bootindex=2 -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice port=5931,disable-ticketing -monitor stdio -device nec-usb-xhci,id=xhci0,bus=bridge1,addr=0x8 -device usb-host,hostbus=4,hostaddr=3,id=usb-stick
(qemu) info usb
Device 0.0, Port 1, Speed 5000 Mb/s, Product
(qemu) info usbhost
Bus 4, Addr 3, Port 1, Speed 5000 Mb/s
Class 00: USB device 1516:6221,
Bus 1, Addr 4, Port 1.3.1, Speed 1.5 Mb/s
Class 00: USB device 0557:2213, CS-1734A V4.2.414
(qemu) xhci_complete_packet: FIXME: status = -5
FIXME xhci_complete_packet:1727 unhandled USB_RET_*
Aborted (core dumped)
Created attachment 767663 [details]
the dmesg of guest during boot up.
my cpu info: processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz stepping : 7 microcode : 0x28 cpu MHz : 1666.000 cache size : 8192 KB physical id : 0 siblings : 8 core id : 3 cpu cores : 4 apicid : 7 initial apicid : 7 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid bogomips : 6784.13 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: also hit it withtout pci bridge, just Q35. # /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -name sluo -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa61 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3...-device nec-usb-xhci,id=xhci0,addr=0x8 -device usb-host,hostbus=4,hostaddr=2,id=usb-stick,bus=xhci0.0 (qemu) main_channel_link: add main channel client main_channel_handle_parsed: net test: latency 0.478000 ms, bitrate 14948905109 bps (14256.386861 Mbps) inputs_connect: inputs channel client create red_dispatcher_set_cursor_peer: xhci_complete_packet: FIXME: status = -5 FIXME xhci_complete_packet:1727 unhandled USB_RET_* Aborted (core dumped) Test with kernel-3.10.0-0.rc7.64.el7.x86_64 qemu-kvm-1.4.0-4.el7.x86_64, did not hit this issue, it can passthrough the usb3.0 stick to guest successfully, and the usb stick can be found in the guest. So, it was regression issue, set high priority to it. Best Regards, sluo Also hit it with pc-xx machine type, the same core dump bt log as comment #0. # /usr/libexec/qemu-kvm -M pc-i440fx-1.5 -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection....-device nec-usb-xhci,id=xhci0,bus=pci.0,addr=0x8 -device usb-host,hostbus=4,hostaddr=2,id=usb-stick,bus=xhci0.0 Warning: option deprecated, use lost_tick_policy property of kvm-pit instead. QEMU 1.5.1 monitor - type 'help' for more information (qemu) (/usr/libexec/qemu-kvm:1499): SpiceWorker-Warning **: red_worker.c:11477:dev_destroy_primary_surface: double destroy of primary surface (/usr/libexec/qemu-kvm:1499): SpiceWorker-Warning **: red_worker.c:9663:red_create_surface: condition `surface->context.canvas' reached main_channel_link: add main channel client main_channel_handle_parsed: net test: latency 0.770000 ms, bitrate 9481481481 bps (9042.245370 Mbps) inputs_connect: inputs channel client create red_dispatcher_set_cursor_peer: (qemu) xhci_complete_packet: FIXME: status = -5 FIXME xhci_complete_packet:1727 unhandled USB_RET_* Aborted (core dumped) Fixed in upstream qemu 1.5.3 Reproduce this bug as follow version: Host: # uname -r 3.9.0-0.55.el7.x86_64 # rpm -q qemu-kvm qemu-kvm-1.5.1-1.el7.x86_64 Guest:Rhel7 Steps: 1.insert a usb3.0 stick to host var physically XHCI controller. 2.get the bus and addr of usb3.0 stick info. 3.pathrough USB3.0 stick to guest var xhci controller with pcie&pci birdge. # /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -name sluo -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa61 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3...-device nec-usb-xhci,id=xhci0,bus=bridge1,addr=0x8 -device usb-host,hostbus=4,hostaddr=3,id=usb-stick Actual results (qemu) xhci_complete_packet: FIXME: status = -5 FIXME xhci_complete_packet:1727 unhandled USB_RET_* Aborted (core dumped) Verify this bug as follow version Host: # uname -r 3.9.0-0.55.el7.x86_64 # rpm -q qemu-kvm qemu-kvm-1.5.3-20.el7.x86_64 Guest: 3.10.0-0.55.el7.x86_64 Steps as same as reproduce Results: Tried about 5 times, qemu and guest work well ,not hit core dump, and usb device work well. According to above test ,this bug have fixed. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |