Bug 901390
| Summary: | ehci crash, reproducible when booting guest with many disks | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Sibiao Luo <sluo> | ||||
| Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> | ||||
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6.4 | CC: | acathrow, bsarathy, chayang, dyasny, ehabkost, gnatapov, hdegoede, juzhang, kwolf, mazhang, michen, mkenneth, pbonzini, qzhang, qzhou, rhod, sluo, virt-maint | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-05-26 17:21:11 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Sibiao Luo
2013-01-18 05:30:29 UTC
# /usr/libexec/qemu-kvm -M rhel6.4.0 -cpu SandyBridge -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name virtual-blk-device -uuid 350e716b-5f98-4bf0-9a2a-c8e423295244 -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=/home/RHEL6.4-20121212.1-Server-x86_64-copy.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-system-disk,id=system-disk,bootindex=0 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=2c:41:38:b6:40:22,bus=pci.0,addr=0x5,bootindex=2,event_idx=off -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -device usb-ehci,id=ehci,bus=pci.0,addr=0x7 -chardev spicevmc,name=usbredir,id=usbredirchardev1 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1,bus=ehci.0,debug=2 -drive file=/home/usb-storage.raw,if=none,id=storage,media=disk,cache=none,format=raw -device usb-storage,drive=storage,id=usb-storage -k en-us -spice port=5931,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -drive file=/home/floppy1.vfd,if=none,id=drive-fdc0-0-0,format=raw -global isa-fdc.driveA=drive-fdc0-0-0 -drive file=/home/my-cdrom1.iso,if=none,media=cdrom,format=raw,id=drive-ide1-0-1 -device ide-drive,drive=drive-ide1-0-1,id=ide1-0-1,bus=ide.0,unit=0 -boot menu=on -drive file=/home/my-data-disk1.raw,if=none,id=drive-virtio-disk1,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x9,scsi=off,drive=drive-virtio-disk1,id=virtio-disk1,serial="QEMU-DISK1" -drive file=/home/my-data-disk2.raw,if=none,id=drive-virtio-disk2,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x10,scsi=off,drive=drive-virtio-disk2,id=virtio-disk2,serial="QEMU-DISK2" -drive file=/home/my-data-disk3.raw,if=none,id=drive-virtio-disk3,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x11,scsi=off,drive=drive-virtio-disk3,id=virtio-disk3,serial="QEMU-DISK3" -drive file=/home/my-data-disk4.raw,if=none,id=drive-virtio-disk4,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x12,scsi=off,drive=drive-virtio-disk4,id=virtio-disk4,serial="QEMU-DISK4" -drive file=/home/my-data-disk5.raw,if=none,id=drive-virtio-disk5,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x13,scsi=off,drive=drive-virtio-disk5,id=virtio-disk5,serial="QEMU-DISK5" -drive file=/home/my-data-disk6.raw,if=none,id=drive-virtio-disk6,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x14,scsi=off,drive=drive-virtio-disk6,id=virtio-disk6,serial="QEMU-DISK6" -drive file=/home/my-data-disk7.raw,if=none,id=drive-virtio-disk7,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x15,scsi=off,drive=drive-virtio-disk7,id=virtio-disk7,serial="QEMU-DISK7" -drive file=/home/my-data-disk8.raw,if=none,id=drive-virtio-disk8,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x16,scsi=off,drive=drive-virtio-disk8,id=virtio-disk8,serial="QEMU-DISK8" -device sga -chardev socket,id=serial0,path=/var/sluo,server,nowait -device isa-serial,chardev=serial0 ehci: Bad asynchronous state 1010. Resetting to active
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2086: ehci_advance_async_state: Assertion `0' failed.
Aborted (core dumped)
(gdb) bt
#0 0x00007f31ab9038a5 in raise () from /lib64/libc.so.6
#1 0x00007f31ab905085 in abort () from /lib64/libc.so.6
#2 0x00007f31ab8fca1e in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007f31ab8fcae0 in __assert_fail () from /lib64/libc.so.6
#4 0x00007f31ae0efecb in ehci_advance_async_state (ehci=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2086
#5 0x00007f31adfd7131 in qemu_bh_poll () at /usr/src/debug/qemu-kvm-0.12.1.2/async.c:70
#6 0x00007f31adfde5b6 in qemu_aio_wait () at /usr/src/debug/qemu-kvm-0.12.1.2/aio.c:145
#7 0x00007f31adfdb3bd in bdrv_rw_co (bs=<value optimized out>, sector_num=<value optimized out>, buf=<value optimized out>, nb_sectors=<value optimized out>,
is_write=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/block.c:1746
#8 0x00007f31adfdb470 in guess_disk_lchs (bs=0x7f31afb8fc30, pcylinders=0x7fffe1fb241c, pheads=0x7fffe1fb2418, psectors=0x7fffe1fb2414)
at /usr/src/debug/qemu-kvm-0.12.1.2/block.c:2191
#9 0x00007f31adfdb5ef in bdrv_guess_geometry (bs=0x7f31afb8fc30, pcyls=0x7fffe1fb245c, pheads=0x7fffe1fb2458, psecs=0x7fffe1fb2454)
at /usr/src/debug/qemu-kvm-0.12.1.2/block.c:2238
#10 0x00007f31ae01b0da in mode_sense_page (s=0x7f31afc24b30, page=<value optimized out>, p_outbuf=0x7fffe1fb24a8, page_control=<value optimized out>)
at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:936
#11 0x00007f31ae01b955 in scsi_disk_emulate_mode_sense (req=0x7f31b162bc30, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1126
#12 scsi_disk_emulate_command (req=0x7f31b162bc30, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1244
#13 scsi_send_command (req=0x7f31b162bc30, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1470
#14 0x00007f31ae018791 in scsi_req_enqueue (req=0x7f31b162bc30) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:665
#15 0x00007f31ae017791 in usb_msd_handle_data (dev=0x7f31b065d210, p=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-msd.c:410
#16 0x00007f31ae0102e2 in usb_handle_packet (dev=0x7f31b065d210, p=0x7f31b15acd28) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb.c:325
#17 0x00007f31ae0ef715 in ehci_execute (ehci=0x7f31b0655530, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1441
#18 ehci_state_execute (ehci=0x7f31b0655530, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1887
#19 ehci_advance_state (ehci=0x7f31b0655530, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2004
#20 0x00007f31ae0eff97 in ehci_advance_async_state (ehci=0x7f31b0655530) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2067
#21 0x00007f31ae0f02b2 in ehci_frame_timer (opaque=0x7f31b0655530) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2213
#22 0x00007f31adfa060a in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1325
#23 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4004
#24 0x00007f31adfc2aca in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2244
#25 0x00007f31adfa3158 in main_loop (argc=110, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4187
#26 main (argc=110, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6525
(gdb) q
Created attachment 682082 [details]
guest kernel log.
My host cpu info: processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz stepping : 7 cpu MHz : 1600.000 cache size : 8192 KB physical id : 0 siblings : 8 core id : 3 cpu cores : 4 apicid : 7 initial apicid : 7 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid bogomips : 6784.77 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. met it again on kernel-2.6.32-356.el6.x86_64 & qemu-kvm-0.12.1.2-2.355.el6.x86_64 with the rhel guest.
host info:
2.6.32-356.el6.x86_64
qemu-kvm-0.12.1.2-2.355.el6.x86_64
guest info:
2.6.32-356.el6.x86_64
qemu-kvm command line:
# /usr/libexec/qemu-kvm -M rhel6.4.0 -cpu SandyBridge,+sep -enable-kvm -m 2048 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name virtual-blk-data-plane -uuid bef435d2-6d6d-4faf-9936-bc02ac89082a -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=/dev/vg-90.100-sluo/lv-90-100-RHEL6.4-20130123.0-Server-x86_64.raw,if=none,id=system-virtio-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop,serial="QEMU-DISK1" -device virtio-blk-pci,bus=pci.0,addr=0x5,scsi=off,x-data-plane=on,drive=system-virtio-disk,id=system-disk,bootindex=1 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=2C:41:38:B6:40:33,bus=pci.0,addr=0x7,bootindex=2 -drive file=/dev/vg-90.100-sluo/lv-90-100-my-data-disk.raw,if=none,id=drive-virtio-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,serial="QEMU-DISK2",bus=pci.0,addr=0x8,scsi=off,x-data-plane=on,drive=drive-virtio-disk,id=virtio-disk -device usb-ehci,id=ehci,bus=pci.0,addr=0x9 -chardev spicevmc,name=usbredir,id=usbredirchardev1 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1,bus=ehci.0,debug=3 -drive file=/home/floppy.vfd,if=none,id=drive-fdc0-0-0,format=raw -global isa-fdc.driveA=drive-fdc0-0-0 -drive file=/home/my-cdrom.iso,if=none,media=cdrom,format=raw,id=drive-ide1-0-1 -device ide-drive,drive=drive-ide1-0-1,id=ide1-0-1,bus=ide.0,unit=0 -drive file=/dev/vg-90.100-sluo/lv-90-100-usb-storage1,if=none,id=storage1,media=disk,cache=none,format=raw -device usb-storage,drive=storage1,serial=storage1 -drive file=/dev/vg-90.100-sluo/lv-90-100-usb-storage2,if=none,id=storage2,media=disk,cache=none,format=raw,serial=storage2 -device usb-storage,drive=storage2 -k en-us -boot menu=on -serial unix:/tmp/ttyS0,server,nowait -qmp tcp:0:4444,server,nowait -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -vnc :1 -spice port=5931,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -monitor stdio
(qemu) ehci: Bad asynchronous state 1010. Resetting to active
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2086: ehci_advance_async_state: Assertion `0' failed.
Aborted (core dumped)
(gdb) bt
#0 0x00007f4212c8e8a5 in raise () from /lib64/libc.so.6
#1 0x00007f4212c90085 in abort () from /lib64/libc.so.6
#2 0x00007f4212c87a1e in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007f4212c87ae0 in __assert_fail () from /lib64/libc.so.6
#4 0x00007f421547abcb in ehci_advance_async_state (ehci=0x7f4217341570) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2086
#5 0x00007f4215362001 in qemu_bh_poll () at /usr/src/debug/qemu-kvm-0.12.1.2/async.c:70
#6 0x00007f4215369486 in qemu_aio_wait () at /usr/src/debug/qemu-kvm-0.12.1.2/aio.c:145
#7 0x00007f421536628d in bdrv_rw_co (bs=<value optimized out>, sector_num=<value optimized out>, buf=<value optimized out>, nb_sectors=<value optimized out>,
is_write=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/block.c:1746
#8 0x00007f4215366340 in guess_disk_lchs (bs=0x7f42168640d0, pcylinders=0x7fffc959a87c, pheads=0x7fffc959a878, psectors=0x7fffc959a874)
at /usr/src/debug/qemu-kvm-0.12.1.2/block.c:2191
#9 0x00007f42153664bf in bdrv_guess_geometry (bs=0x7f42168640d0, pcyls=0x7fffc959a8bc, pheads=0x7fffc959a8b8, psecs=0x7fffc959a8b4)
at /usr/src/debug/qemu-kvm-0.12.1.2/block.c:2238
#10 0x00007f42153a5faa in mode_sense_page (s=0x7f4216919bb0, page=<value optimized out>, p_outbuf=0x7fffc959a908, page_control=<value optimized out>)
at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:936
#11 0x00007f42153a6825 in scsi_disk_emulate_mode_sense (req=0x7f421861d590, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1126
#12 scsi_disk_emulate_command (req=0x7f421861d590, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1244
#13 scsi_send_command (req=0x7f421861d590, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1470
#14 0x00007f42153a3661 in scsi_req_enqueue (req=0x7f421861d590) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:665
#15 0x00007f42153a2661 in usb_msd_handle_data (dev=0x7f421734a420, p=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-msd.c:410
#16 0x00007f421539b1b2 in usb_handle_packet (dev=0x7f421734a420, p=0x7f42186bd0f8) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb.c:325
#17 0x00007f421547a415 in ehci_execute (ehci=0x7f4217341570, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1441
#18 ehci_state_execute (ehci=0x7f4217341570, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:1887
#19 ehci_advance_state (ehci=0x7f4217341570, async=1) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2004
#20 0x00007f421547ac97 in ehci_advance_async_state (ehci=0x7f4217341570) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2067
#21 0x00007f421547afb2 in ehci_frame_timer (opaque=0x7f4217341570) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-ehci.c:2213
#22 0x00007f421532b4ba in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1325
#23 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4004
#24 0x00007f421534d97a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2244
#25 0x00007f421532e008 in main_loop (argc=88, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4187
#26 main (argc=88, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6525
(gdb) q
Hmm, looks like memory corruption on a quick glance. Does it still reproduce with RHEL-6.4 final? Are the virtio disks required to trigger it? Either it is very difficult to reproduce, or it is solved. In any case, I am closing this bug, and we can reopen it once we have enough debugging materials. |