RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 734995 - Core dump when hotplug three usb-hub into the same port under both uhci and ehci
Summary: Core dump when hotplug three usb-hub into the same port under both uhci and ehci
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Gerd Hoffmann
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 726317 735009 735018 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-01 06:39 UTC by Shaolong Hu
Modified: 2013-01-10 00:16 UTC (History)
8 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.206.el6
Doc Type: Bug Fix
Doc Text:
Bug was in a new 6.2 feature and isn't present in any released version.
Clone Of:
Environment:
Last Closed: 2011-12-06 16:02:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1531 0 normal SHIPPED_LIVE Moderate: qemu-kvm security, bug fix, and enhancement update 2011-12-06 01:23:30 UTC

Description Shaolong Hu 2011-09-01 06:39:16 UTC 
Description of problem:
-------------------------
Add three usb-hub to the same port cause qemu-kvm core dump, both uhci and ehci hit the issue.


Version-Release number of selected component (if applicable):
--------------------------------------------------------------
qemu-kvm-0.12.1.2-2.184.el6.x86_64
2.6.32-191.el6.x86_64


How reproducible:
------------------
100%


Steps to Reproduce:
1.Boot guest with:
#/usr/libexec/qemu-kvm -enable-kvm -M rhel6.2.0 -smp 4 -m 4G -name rhel6.1-64 -uuid 3f2ea5cd-3d29-48ff-aab2-23df1b6ae213 -drive file=RHEL-Server-6.1-64-virtio.qcow2,cache=none,if=none,rerror=stop,werror=stop,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk0,id=device-virtio-disk0,bootindex=1 -netdev tap,script=/etc/qemu-ifup,id=netdev0 -device virtio-net-pci,netdev=netdev0,id=device-net0 -boot order=cd,menu=on -monitor stdio -vnc :20 -usb

2.In qemu monitor:
device_add usb-hub,port=1,id=hub1

3.In qemu monitor:
device_add usb-hub,port=1,id=hub2

4.In qemu monitor:
device_add usb-hub,port=1,id=hub3

  
Actual results:
----------------
1.After step 2:

in guest:
#lsusb
Bus 001 Device 002: ID 0000:0000
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

in qemu monitor:
(qemu)info qtree
      dev: piix3-usb-uhci, id ""
        dev-prop: masterbus = <null>
        dev-prop: firstport = 0
        bus-prop: addr = 01.2
        bus-prop: romfile = <null>
        bus-prop: rombar = 1
        bus-prop: multifunction = off
        class USB controller, addr 00:01.2, pci id 8086:7020 (sub 1af4:1100)
        bar 4: i/o at 0xc020 [0xc03f]
        bus: usb.0
          type USB
          dev: usb-hub, id "hub1"
            bus-prop: port = "1"
            addr 0.2, port 1, speed 12, name QEMU USB Hub, attached

2.After step 3:

in guest:
#lsusb
Bus 001 Device 002: ID 0000:0000
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

in qemu monitor:
(qemu)info qtree
      dev: piix3-usb-uhci, id ""
        dev-prop: masterbus = <null>
        dev-prop: firstport = 0
        bus-prop: addr = 01.2
        bus-prop: romfile = <null>
        bus-prop: rombar = 1
        bus-prop: multifunction = off
        class USB controller, addr 00:01.2, pci id 8086:7020 (sub 1af4:1100)
        bar 4: i/o at 0xc020 [0xc03f]
        bus: usb.0
          type USB
          dev: usb-hub, id "hub2"
            bus-prop: port = "1"
            addr 0.0, port .1, speed 12, name QEMU USB Hub, attached
          dev: usb-hub, id "hub1"
            bus-prop: port = "1"
            addr 0.2, port 1, speed 12, name QEMU USB Hub, attached

3.After step 4:
(qemu) device_add usb-hub,port=1,id=hub1
(qemu) device_add usb-hub,port=1,id=hub2
(qemu) device_add usb-hub,port=1,id=hub3
qemu-kvm: savevm.c:1258: vmstate_register: Assertion `!se->compat || se->instance_id == 0' failed.
Aborted (core dumped)

4.Core dump:
Core was generated by `/usr/libexec/qemu-kvm -enable-kvm -M rhel6.2.0 -smp 4 -m 4G -name rhel6.1-64 -u'.
Program terminated with signal 6, Aborted.
#0  0x0000003e3f032945 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.22-3.el6.x86_64 celt051-0.5.1.3-0.el6.x86_64 cyrus-sasl-gssapi-2.1.23-12.el6.x86_64 cyrus-sasl-lib-2.1.23-12.el6.x86_64 cyrus-sasl-md5-2.1.23-12.el6.x86_64 cyrus-sasl-plain-2.1.23-12.el6.x86_64 db4-4.7.25-16.el6.x86_64 dbus-libs-1.2.24-5.el6_1.x86_64 gnutls-2.8.5-4.el6.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-18.el6.x86_64 libICE-1.0.6-1.el6.x86_64 libSM-1.1.0-7.1.el6.x86_64 libX11-1.3-2.el6.x86_64 libXau-1.0.5-1.el6.x86_64 libXext-1.1-3.el6.x86_64 libXfixes-4.0.4-1.el6.x86_64 libXi-1.3-3.el6.x86_64 libXrandr-1.3.0-4.el6.x86_64 libXrender-0.9.5-1.el6.x86_64 libXtst-1.0.99.2-3.el6.x86_64 libaio-0.3.107-10.el6.x86_64 libasyncns-0.8-1.1.el6.x86_64 libcom_err-1.41.12-10.el6.x86_64 libgcrypt-1.4.5-9.el6.x86_64 libgpg-error-1.7-4.el6.x86_64 libjpeg-6b-46.el6.x86_64 libselinux-2.0.94-5.1.el6.x86_64 libsndfile-1.0.20-3.el6_1.1.x86_64 libtasn1-2.3-3.el6.x86_64 libuuid-2.17.2-12.1.el6.x86_64 libxcb-1.5-1.el6.x86_64 nss-softokn-freebl-3.12.9-8.el6.x86_64 openssl-1.0.0-15.el6.x86_64 pixman-0.18.4-1.el6_0.1.x86_64 pulseaudio-libs-0.9.21-13.el6.x86_64 tcp_wrappers-libs-7.6-57.el6.x86_64
(gdb) bt
#0  0x0000003e3f032945 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003e3f034125 in abort () at abort.c:92
#2  0x0000003e3f02b9fe in __assert_fail_base (fmt=<value optimized out>, assertion=0x6498f0 "!se->compat || se->instance_id == 0", file=0x649ce1 "savevm.c", line=<value optimized out>, 
    function=<value optimized out>) at assert.c:96
#3  0x0000003e3f02bac0 in __assert_fail (assertion=0x6498f0 "!se->compat || se->instance_id == 0", file=0x649ce1 "savevm.c", line=1258, function=0x64a030 "vmstate_register") at assert.c:105
#4  0x00000000004bee31 in vmstate_register (dev=<value optimized out>, instance_id=<value optimized out>, vmsd=<value optimized out>, opaque=<value optimized out>) at savevm.c:1258
#5  0x00000000004c273f in qdev_init (dev=0x44ac050) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:288
#6  0x00000000004c2a99 in qdev_device_add (opts=0x3287f90) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:253
#7  0x00000000004c3009 in do_device_add (mon=<value optimized out>, qdict=<value optimized out>, ret_data=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:806
#8  0x00000000004124e0 in monitor_call_handler (mon=<value optimized out>, cmd=0x58e5d0, params=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4079
#9  0x0000000000417250 in handle_user_command (mon=0x307f210, cmdline=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4116
#10 0x000000000041737a in monitor_command_cb (mon=0x307f210, cmdline=<value optimized out>, opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4671
#11 0x00000000004a91bb in readline_handle_byte (rs=0x449b0f0, ch=<value optimized out>) at readline.c:369
#12 0x000000000041759c in monitor_read (opaque=<value optimized out>, buf=0x7fffc432e560 "\r", size=1) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4657
#13 0x00000000004bad2b in qemu_chr_read (opaque=0x2e43d40) at qemu-char.c:170
#14 fd_chr_read (opaque=0x2e43d40) at qemu-char.c:664
#15 0x000000000040b65f in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3854
#16 0x0000000000429e3a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2204
#17 0x000000000040db15 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4064
#18 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6284



Expected results:
------------------
If this action is not permitted, prompt error, like hotplug usb-tablet into same port it will prompt:

(qemu) device_add usb-tablet,port=1,id=input0
(qemu) device_add usb-tablet,port=1,id=input1
Error: usb port 1 (bus usb.0) not found

Device 'usb-tablet' could not be initialized


Additional info:
-------------------
Ehci hits the same issue.
Comment 2 Gerd Hoffmann 2011-09-01 13:18:40 UTC 
*** Bug 735009 has been marked as a duplicate of this bug. ***
Comment 3 Gerd Hoffmann 2011-09-02 07:18:42 UTC 
*** Bug 735018 has been marked as a duplicate of this bug. ***
Comment 5 juzhang 2011-09-03 02:46:29 UTC 
(In reply to comment #3)
> *** Bug 735018 has been marked as a duplicate of this bug. ***

bz735018 is regression bug,Since bz735018 is marked duplicated with this issue,mark this issue as regression bug too.

-snip for bz735018-
Also tested with qemu-kvm-tools-0.12.1.2-2.179.el6.x86_64,guest can be booted
successful. mark this issue as regression
Comment 8 Gerd Hoffmann 2011-09-14 09:23:59 UTC 
*** Bug 726317 has been marked as a duplicate of this bug. ***
Comment 11 Shaolong Hu 2011-10-09 09:41:34 UTC 
Verified on qemu-kvm-0.12.1.2-2.195.el6.x86_64:

Under uhci, after step 3:

(qemu) device_add usb-hub,port=1,id=hub2
Error: usb port 1 (bus usb.0) not found (in use?)
Device 'usb-hub' could not be initialized

Under ehci, after step 2:

(qemu) device_add usb-hub,port=1,id=hub1
Warning: speed mismatch trying to attach usb device QEMU USB Hub to bus ehci.0
Device 'usb-hub' could not be initialized


Based on above results, this bug has been fixed.
Comment 14 Eduardo Habkost 2011-10-28 17:59:48 UTC 
Moving to ON_QA because Errata Tool did not do it
Comment 16 Gerd Hoffmann 2011-11-18 13:02:34 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Bug was in a new 6.2 feature and isn't present in any released version.
Comment 17 errata-xmlrpc 2011-12-06 16:02:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html
Note You need to log in before you can comment on or make changes to this bug.