Bug 981183
Summary: | qemu core dump and host reboot automatically when pass through usb speaker into guest with uhci controller | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sibiao Luo <sluo> |
Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | acathrow, chayang, hhuang, jjaburek, juzhang, kraxel, michen, mvadkert, qzhang, rhod, shuang, vg.aetera, virt-maint, xfu |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | qemu-kvm-1.5.3-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 12:30:40 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 879454, 949385, 986296 |
Description
Sibiao Luo
2013-07-04 08:27:30 UTC
(gdb) bt #0 0x00007fedc1688a19 in raise () from /lib64/libc.so.6 #1 0x00007fedc168a128 in abort () from /lib64/libc.so.6 #2 0x00007fedc1681986 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00007fedc1681a32 in __assert_fail () from /lib64/libc.so.6 #4 0x00007fedc5e9ed37 in usb_handle_packet (dev=<optimized out>, p=p@entry=0x7fedc866d870) at hw/usb/core.c:412 #5 0x00007fedc5eae32f in uhci_handle_td (s=s@entry=0x7fedc85d8fb0, q=0x7fedc8389e50, q@entry=0x0, qh_addr=qh_addr@entry=922768898, td=td@entry=0x7fff18076e90, td_addr=<optimized out>, int_mask=int_mask@entry=0x7fff18076e7c) at hw/usb/hcd-uhci.c:904 #6 0x00007fedc5eae7a6 in uhci_process_frame (s=s@entry=0x7fedc85d8fb0) at hw/usb/hcd-uhci.c:1084 #7 0x00007fedc5eaeab5 in uhci_frame_timer (opaque=0x7fedc85d8fb0) at hw/usb/hcd-uhci.c:1183 #8 0x00007fedc5ef8136 in qemu_run_timers (clock=0x7fedc8376bb0) at qemu-timer.c:394 #9 0x00007fedc5ef83d5 in qemu_run_timers (clock=<optimized out>) at qemu-timer.c:459 #10 qemu_run_all_timers () at qemu-timer.c:452 #11 0x00007fedc5ecbede in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:470 #12 0x00007fedc5dcc609 in main_loop () at vl.c:2029 #13 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4419 (gdb) bt full #0 0x00007fedc1688a19 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00007fedc168a128 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00007fedc1681986 in __assert_fail_base () from /lib64/libc.so.6 No symbol table info available. #3 0x00007fedc1681a32 in __assert_fail () from /lib64/libc.so.6 No symbol table info available. #4 0x00007fedc5e9ed37 in usb_handle_packet (dev=<optimized out>, p=p@entry=0x7fedc866d870) at hw/usb/core.c:412 __PRETTY_FUNCTION__ = "usb_handle_packet" #5 0x00007fedc5eae32f in uhci_handle_td (s=s@entry=0x7fedc85d8fb0, q=0x7fedc8389e50, q@entry=0x0, qh_addr=qh_addr@entry=922768898, td=td@entry=0x7fff18076e90, td_addr=<optimized out>, int_mask=int_mask@entry=0x7fff18076e7c) at hw/usb/hcd-uhci.c:904 max_len = 4 spd = <optimized out> queuing = false pid = 105 'i' async = <optimized out> __PRETTY_FUNCTION__ = "uhci_handle_td" #6 0x00007fedc5eae7a6 in uhci_process_frame (s=s@entry=0x7fedc85d8fb0) at hw/usb/hcd-uhci.c:1084 frame_addr = <optimized out> link = 922763328 old_td_ctrl = 427819008 val = 3934623232 int_mask = 0 curr_qh = 922768898 td_count = 0 cnt = 254 ret = <optimized out> td = {link = 922763520, ctrl = 427819008, token = 6390377, buffer = 922796032} qh = {link = 922768514, el_link = 922763328} qhdb = {addr = {922767874, 922768898, 922768642, 922768642, 3362090568, 32749, 3361090352, 32749, 4, 0, 0, 0, 403140352, 32767, 3288105177, 32749, 336, 0, 3365783256, 32749, 1, 0, 41938816, 0, 8, 0, 3244853401, 32749, 3362171696, 32749, 3359500104, 32749, 3359485728, 32749, 3288103977, 32749, 3359500104, 32749, 3319891274, 32749, 3320804144, 32749, 67108864, 0, 3288108960, 32749, 2147221247, 4294967294, 1, 0, 3365783200, 32749, 3362171696, 32749, 3320801922, 32749, 8, 0, 3934623232, 2495673974, 3362174288, 32749, 3319683386, 32749, 49240, 0, 3891826657, 4294934528, 3078, 0, 3288105081, 32749, 0, 0, 3322239968, 32749, 403140640, 32767, 3288105177, 32749, 0, 0, 3320625885, 32749, 14, 0, 4294967294, 0 <repeats 15 times>, 3359075248, 32749, 4294967295, 0, 403141288, 32767, 3361574832, 32749, 3334837312, 32749, 1912314509, 2, 3245718957, 32749, 3320804144, 32749, 3321084142, 32749, 10450, 0, 594434525, 0, 0, 0, 3934623232, 2495673974}, count = -935872752} __PRETTY_FUNCTION__ = "uhci_process_frame" #7 0x00007fedc5eaeab5 in uhci_frame_timer (opaque=0x7fedc85d8fb0) at hw/usb/hcd-uhci.c:1183 t_now = 10502249416 t_last_run = <optimized out> i = 0 frames = 1 #8 0x00007fedc5ef8136 in qemu_run_timers (clock=0x7fedc8376bb0) at qemu-timer.c:394 ts = <optimized out> current_time = <optimized out> #9 0x00007fedc5ef83d5 in qemu_run_timers (clock=<optimized out>) at qemu-timer.c:459 No locals. #10 qemu_run_all_timers () at qemu-timer.c:452 No locals. #11 0x00007fedc5ecbede in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:470 ret = 1 timeout = 4294967295 #12 0x00007fedc5dcc609 in main_loop () at vl.c:2029 nonblocking = <optimized out> last_io = 1 #13 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4419 i = <optimized out> snapshot = 0 linux_boot = <optimized out> icount_option = 0x0 initrd_filename = <optimized out> kernel_filename = <optimized out> kernel_cmdline = <optimized out> boot_devices = '\000' <repeats 32 times> ds = <optimized out> cyls = 0 heads = 0 secs = 0 translation = 0 hda_opts = <optimized out> opts = <optimized out> machine_opts = <optimized out> olist = <optimized out> optind = 62 optarg = 0x7fff180797d2 "usb-host,hostbus=1,hostaddr=3,id=hostdev,port=1,isobufs=4" loadvm = 0x0 machine = 0x7fedc643cf60 <pc_q35_machine_rhel700> cpu_model = 0x7fff18079227 "SandyBridge" vga_model = 0x7fedc609b2ef "cirrus" pid_file = 0x0 incoming = 0x0 show_vnc_port = 0 defconfig = <optimized out> userconfig = false log_mask = 0x0 log_file = 0x0 mem_trace = {malloc = 0x7fedc5f35060 <malloc_and_trace>, realloc = 0x7fedc5f35020 <realloc_and_trace>, free = 0x7fedc5f34fe0 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0} trace_events = 0x0 trace_file = 0x0 __PRETTY_FUNCTION__ = "main" args = {ram_size = 4294967296, boot_device = 0x7fedc60717a6 "cad", kernel_filename = 0x0, kernel_cmdline = 0x7fedc60b7c90 "", initrd_filename = 0x0, cpu_model = 0x7fff18079227 "SandyBridge"} (gdb) # lsusb -vv Bus 001 Device 003: ID 0c76:160c JMTek, LLC. Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.10 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x0c76 JMTek, LLC. idProduct 0x160c bcdDevice 1.00 iManufacturer 0 iProduct 1 USB Speaker iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 135 bNumInterfaces 3 bConfigurationValue 1 iConfiguration 0 bmAttributes 0x80 (Bus Powered) MaxPower 500mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 0 bInterfaceClass 1 Audio bInterfaceSubClass 1 Control Device bInterfaceProtocol 0 iInterface 0 AudioControl Interface Descriptor: bLength 9 bDescriptorType 36 bDescriptorSubtype 1 (HEADER) bcdADC 1.00 wTotalLength 40 bInCollection 1 baInterfaceNr( 0) 1 AudioControl Interface Descriptor: bLength 12 bDescriptorType 36 bDescriptorSubtype 2 (INPUT_TERMINAL) bTerminalID 1 wTerminalType 0x0101 USB Streaming bAssocTerminal 0 bNrChannels 2 wChannelConfig 0x0003 Left Front (L) Right Front (R) iChannelNames 0 iTerminal 0 AudioControl Interface Descriptor: bLength 9 bDescriptorType 36 bDescriptorSubtype 3 (OUTPUT_TERMINAL) bTerminalID 17 wTerminalType 0x0301 Speaker bAssocTerminal 0 bSourceID 49 iTerminal 0 AudioControl Interface Descriptor: bLength 10 bDescriptorType 36 bDescriptorSubtype 6 (FEATURE_UNIT) bUnitID 49 bSourceID 1 bControlSize 1 bmaControls( 0) 0x01 Mute Control bmaControls( 1) 0x02 Volume Control bmaControls( 2) 0x02 Volume Control iFeature 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 0 bInterfaceClass 1 Audio bInterfaceSubClass 2 Streaming bInterfaceProtocol 0 iInterface 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 1 bNumEndpoints 1 bInterfaceClass 1 Audio bInterfaceSubClass 2 Streaming bInterfaceProtocol 0 iInterface 0 AudioStreaming Interface Descriptor: bLength 7 bDescriptorType 36 bDescriptorSubtype 1 (AS_GENERAL) bTerminalLink 1 bDelay 1 frames wFormatTag 1 PCM AudioStreaming Interface Descriptor: bLength 11 bDescriptorType 36 bDescriptorSubtype 2 (FORMAT_TYPE) bFormatType 1 (FORMAT_TYPE_I) bNrChannels 2 bSubframeSize 2 bBitResolution 16 bSamFreqType 1 Discrete tSamFreq[ 0] 48000 Endpoint Descriptor: bLength 9 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 9 Transfer Type Isochronous Synch Type Adaptive Usage Type Data wMaxPacketSize 0x00c8 1x 200 bytes bInterval 1 bRefresh 0 bSynchAddress 0 AudioControl Endpoint Descriptor: bLength 7 bDescriptorType 37 bDescriptorSubtype 1 (EP_GENERAL) bmAttributes 0x00 bLockDelayUnits 1 Milliseconds wLockDelay 1 Milliseconds Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 2 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 3 Human Interface Device bInterfaceSubClass 0 No Subclass bInterfaceProtocol 0 None iInterface 0 HID Device Descriptor: bLength 9 bDescriptorType 33 bcdHID 1.00 bCountryCode 0 Not supported bNumDescriptors 1 bDescriptorType 34 Report wDescriptorLength 50 Report Descriptors: ** UNAVAILABLE ** Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0004 1x 4 bytes bInterval 32 Device Status: 0x0000 (Bus Powered) upstream commit 628e54857a82a3cb65ef96c12640c30d6307a064 Upstream commit is tagged for stable, so it should show up in 1.5.2 *** Bug 980738 has been marked as a duplicate of this bug. *** *** Bug 986291 has been marked as a duplicate of this bug. *** Fixed in upstreqm qemu 1.5.3. Verify this issue on qemu-kvm-1.5.3-2.el7.x86_64, qemu no call dumped any more. host info: # uname -r && rpm -q qemu-kvm 3.10.0-11.el7.x86_64 qemu-kvm-1.5.3-2.el7.x86_64 gust info: windows_server_2012_x64 # lsusb | grep JMTek Bus 001 Device 003: ID 0c76:160c JMTek, LLC. # /usr/libexec/qemu-kvm -S -M q35 -cpu SandyBridge -enable-kvm -m 4096 -smp 2,sockets=2,cores=1,threads=1 -no-kvm-pit-reinjection -name sluo-test -uuid ed09fa10-6ffe-4811-a42f-0294afcb5a42 -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pcie.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=/home/windows_server_2012_x64.qcow2,if=none,id=drive-system-disk,format=qcow2,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK1 -device virtio-scsi-pci,bus=pcie.0,addr=0x4,id=scsi0 -device scsi-hd,bus=scsi0.0,drive=drive-system-disk,id=system-disk,bootindex=1 -net none -device virtio-balloon-pci,id=ballooning,bus=pcie.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -serial unix:/tmp/ttyS0,server,nowait -qmp tcp:0:4444,server,nowait -k en-us -boot menu=on -vnc :1 -spice disable-ticketing,port=5931 -monitor stdio -usb -device usb-host,hostbus=1,hostaddr=3,id=usb-stick (qemu) info usb Device 0.1, Port 1, Speed 12 Mb/s, Product USB Speaker (qemu) info usbhost Bus 3, Addr 2, Port 3, Speed 1.5 Mb/s Class 00: USB device 413c:3012, Dell USB Optical Mouse Bus 3, Addr 3, Port 4, Speed 1.5 Mb/s Class 00: USB device 03f0:0024, HP Basic USB Keyboard Bus 1, Addr 3, Port 1.1, Speed 12 Mb/s Class 00: USB device 0c76:160c, USB Speaker (qemu) info qtree ... dev: ich9-usb-ehci1, id "" maxframes = 128 addr = 1d.7 romfile = <null> rombar = 1 multifunction = on command_serr_enable = on class USB controller, addr 00:1d.7, pci id 8086:293a (sub 1af4:1100) bar 0: mem at 0xfebf2000 [0xfebf2fff] bus: usb-bus.0 type usb-bus dev: usb-host, id "usb-stick" hostbus = 1 hostaddr = 3 hostport = <null> vendorid = 0x0 productid = 0x0 isobufs = 4 isobsize = 32 bootindex = -1 loglevel = 2 pipeline = on port = <null> full-path = on addr 0.1, port 1, speed 12, name USB Speaker, attached ... Base on above, this issue has been fixed correctly. Best Regards, sluo This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |