Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 896324

Summary: Segmentation fault after guest unhotplug ehci controller then guest reboot
Product: Red Hat Enterprise Linux 6 Reporter: langfang <flang>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 6.4CC: acathrow, bsarathy, chayang, dyasny, flang, juzhang, mkenneth, qzhang, sluo, virt-maint, xfu, xigao
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-02 10:40:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description langfang 2013-01-17 03:15:44 UTC 
Description of problem:
Guest with ehci controller--->after guest boot up, unhotplug ehci controller--->reboot guest--->Segmentation fault

Version-Release number of selected component (if applicable):
Host
# uname -r
2.6.32-354.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.351.el6.x86_64

Guest:
win8-32

virtio-win-prewhql-0.1-49 

How reproducible:
1/3

Steps to Reproduce:
1.Boot guest with 
 ....-readconfig /etc/qemu/ich9-ehci-uhci.cfg -device usb-storage,drive=drive-usb-0-0,id=usb-0-0,removable=on,bus=ehci.0,port=1 -drive  file=/root/usb2.qcow2,if=none,id=drive-usb-0-0,media=disk,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native  -device usb-hub,bus=ehci.0,port=2,id=hub -device usb-storage,bus=ehci.0,port=2.4,drive=drive-usb-2-0,id=usb-2-0,removable=on -drive file=/root/usb.qcow2,if=none,id=drive-usb-2-0,media=disk,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads.....
2.After guest boot up
(qemu)info pci
...
Bus  0, device  29, function 7:
    USB controller: PCI device 8086:293a
      IRQ 11.
      BAR0: 32 bit memory at 0xf4040000 [0xf4040fff].
      id "ehci"
...
(qemu)device_del ehci
(qemu)info pci---->check if delete "ehci"

3.(qemu)system_reset
  
Actual results:

(qemu) system_reset
(qemu) 
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f2c575 in ehci_reset (opaque=0x7ffffb3ce1e0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:900
900	        if (devs[i] && devs[i]->attached) {
(gdb) bt
#0  0x00007ffff7f2c575 in ehci_reset (opaque=0x7ffffb3ce1e0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:900
#1  0x00007ffff7ddc162 in qemu_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3332
#2  0x00007ffff7e00960 in qemu_kvm_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1978
#3  0x00007ffff7e00b63 in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#4  0x00007ffff7de1158 in main_loop (argc=54, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4187
#5  main (argc=54, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6525

Expected results:
Guest can be work well

Additional info:

MY CLI:
: /usr/libexec/qemu-kvm -M rhel6.4.0 -cpu Penryn,+sep -enable-kvm -uuid f183ac17-9309-445b-aed7-008ab4e44bec -rtc base=localtime,clock=host,driftfix=slew -m 8G -smp 6,maxcpus=8,sockets=6,cores=1,threads=1 -name win8-32 -drive file=/home/win8-32.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native,media=disk,werror=stop,rerror=stop -device virtio-scsi-pci,id=bus1 -device scsi-hd,bus=bus1.0,drive=drive-virtio-disk0,id=virtio-scsi-pci0,bootindex=0 -device virtio-balloon-pci,bus=pci.0,id=balloon0,addr=0x5 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -monitor stdio -qmp tcp:0:4444,server,nowait  -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net1,mac=94:37:E6:17:58:28 -vga qxl -spice port=3000,disable-ticketing -boot c -readconfig /etc/qemu/ich9-ehci-uhci.cfg -device usb-storage,drive=drive-usb-0-0,id=usb-0-0,removable=on,bus=ehci.0,port=1 -drive  file=/root/usb2.qcow2,if=none,id=drive-usb-0-0,media=disk,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native  -device usb-hub,bus=ehci.0,port=2,id=hub -device usb-storage,bus=ehci.0,port=2.4,drive=drive-usb-2-0,id=usb-2-0,removable=on -drive file=/root/usb.qcow2,if=none,id=drive-usb-2-0,media=disk,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads
Comment 1 langfang 2013-01-17 03:49:30 UTC 
# cat /etc/qemu/ich9-ehci-uhci.cfg 

[device "ehci"]
  driver = "ich9-usb-ehci1"
  addr = "1d.7"
  multifunction = "on"

[device "uhci-1"]
  driver = "ich9-usb-uhci1"
  addr = "1d.0"
  multifunction = "on"
  masterbus = "ehci.0"
  firstport = "0"

[device "uhci-2"]
  driver = "ich9-usb-uhci2"
  addr = "1d.1"
  multifunction = "on"
  masterbus = "ehci.0"
  firstport = "2"

[device "uhci-3"]
  driver = "ich9-usb-uhci3"
  addr = "1d.2"
  multifunction = "on"
  masterbus = "ehci.0"
  firstport = "4"

Addtional info
1) Tried on rhel6.4 guest can be hit 1/10
Guest:
# uname -r
2.6.32-354.el6.x86_64
Comment 2 Gerd Hoffmann 2013-04-02 10:40:26 UTC 
ehci (and uhci) are not hotpluggable.
Must be tagged as such, so qemu simply prints an error instead of crashing ...

*** This bug has been marked as a duplicate of bug 879096 ***