Re: [Qemu-devel] Guests are crashing on startup, seem related to usb-audio

[Leonardo Soares Müller]

Hi, I did not save that Mageia 7 data as I was unaware I could do this.
The data below is from another crash with openSUSE Leap, this time I
saved this backtrace with generate-core-file.

QEMU command line:

env QEMU_AUDIO_ADC_VOICES=0 QEMU_AUDIO_DRV=pa \
QEMU_AUDIO_DAC_FIXED_FREQ=96000 \
QEMU_AUDIO_ADC_FIXED_FREQ=96000 \
QEMU_AUDIO_ADC_VOICES=0 \
gdb -ex "handle SIGUSR1 nostop nopass noprint" -ex "run" --args
qemu-system-x86_64 \
-name "openSUSE Leap" -k pt-br -nodefaults -enable-kvm -cpu host -smp
cores=2,threads=1 -m 2G \
-device qemu-xhci,id=xhcihub -device usb-audio,id=usbaudio,buffer=6144 \
-device virtio-tablet-pci,id=pcitablet -bios /usr/share/ovmf/OVMF.fd \
-device qxl-vga,xres=800,yres=600 -display gtk,gl=on \
-hda /home/usuario/.local/share/libvirt/images/opensuse_leap.qcow2 \
-monitor vc -serial vc \
-machine kernel_irqchip=on -global PIIX4_PM.disable_s3=1 -global
PIIX4_PM.disable_s4=1 -M pc,usb=true \
-netdev user,id=net0 -device e1000,netdev=net0,addr=8

gdb backtrace:

#0  0x00007ffff01cce97 in __GI_raise (sig=sig@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff01ce801 in __GI_abort () at abort.c:79
#2  0x00007ffff01be39a in __assert_fail_base (fmt=0x7fffd403e202
"%s%s%s:%u: %s%sAssertiva “%s” falhou.\n%n",
assertion=assertion@entry=0x555555fb8738 "p->actual_length + bytes <=
iov->size", file=file@entry=0x555555fb8456 "hw/usb/core.c",
line=line@entry=592, function=function@entry=0x555555fb8980
<__PRETTY_FUNCTION__.26351> "usb_packet_copy") at assert.c:92
#3  0x00007ffff01be412 in __GI___assert_fail (assertion=0x555555fb8738
"p->actual_length + bytes <= iov->size", file=0x555555fb8456
"hw/usb/core.c", line=592, function=0x555555fb8980
<__PRETTY_FUNCTION__.26351> "usb_packet_copy") at assert.c:101
#4  0x0000555555bd5ed7 in usb_packet_copy (p=0x7fffc4174128,
ptr=0x7fffb801e390, bytes=192) at hw/usb/core.c:592
#5  0x0000555555c024d8 in streambuf_put (buf=0x555557e468a0,
p=0x7fffc4174128) at hw/usb/dev-audio.c:325
#6  0x0000555555c02d78 in usb_audio_handle_dataout (s=0x555557e451b0,
p=0x7fffc4174128) at hw/usb/dev-audio.c:596
#7  0x0000555555c02e16 in usb_audio_handle_data (dev=0x555557e451b0,
p=0x7fffc4174128) at hw/usb/dev-audio.c:608
#8  0x0000555555bd7c39 in usb_device_handle_data (dev=0x555557e451b0,
p=0x7fffc4174128) at hw/usb/bus.c:184
#9  0x0000555555bd54a9 in usb_process_one (p=0x7fffc4174128) at
hw/usb/core.c:388
#10 0x0000555555bd5668 in usb_handle_packet (dev=0x555557e451b0,
p=0x7fffc4174128) at hw/usb/core.c:420
#11 0x0000555555bf6d8e in xhci_submit (xhci=0x7fffcd538010,
xfer=0x7fffc4174120, epctx=0x7fffc4172f40) at hw/usb/hcd-xhci.c:1819
#12 0x0000555555bf6df6 in xhci_fire_transfer (xhci=0x7fffcd538010,
xfer=0x7fffc4174120, epctx=0x7fffc4172f40) at hw/usb/hcd-xhci.c:1828
#13 0x0000555555bf73eb in xhci_kick_epctx (epctx=0x7fffc4172f40,
streamid=0) at hw/usb/hcd-xhci.c:1969
#14 0x0000555555bf6eef in xhci_kick_ep (xhci=0x7fffcd538010, slotid=1,
epid=2, streamid=0) at hw/usb/hcd-xhci.c:1853
#15 0x0000555555bfa0ac in xhci_doorbell_write (ptr=0x7fffcd538010,
reg=1, val=2, size=4) at hw/usb/hcd-xhci.c:3125
#16 0x000055555587f44e in memory_region_write_accessor
(mr=0x7fffcd538d60, addr=4, value=0x7fffceeb80b8, size=4, shift=0,
mask=4294967295, attrs=...) at /home/usuario/Documentos/qemu/memory.c:504
#17 0x000055555587f65e in access_with_adjusted_size (addr=4,
value=0x7fffceeb80b8, size=4, access_size_min=1, access_size_max=4,
access_fn=
    0x55555587f365 <memory_region_write_accessor>, mr=0x7fffcd538d60,
attrs=...) at /home/usuario/Documentos/qemu/memory.c:570
#18 0x0000555555882359 in memory_region_dispatch_write
(mr=0x7fffcd538d60, addr=4, data=2, size=4, attrs=...) at
/home/usuario/Documentos/qemu/memory.c:1452
#19 0x000055555581d359 in flatview_write_continue (fv=0x7fffc4188bc0,
addr=34359762948, attrs=..., buf=0x7ffff7ff3028 "\002", len=4, addr1=4,
l=4, mr=0x7fffcd538d60) at /home/usuario/Documentos/qemu/exec.c:3233
#20 0x000055555581d4a3 in flatview_write (fv=0x7fffc4188bc0,
addr=34359762948, attrs=..., buf=0x7ffff7ff3028 "\002", len=4) at
/home/usuario/Documentos/qemu/exec.c:3272
#21 0x000055555581d7a9 in address_space_write (as=0x5555567d6460
<address_space_memory>, addr=34359762948, attrs=..., buf=0x7ffff7ff3028
"\002", len=4) at /home/usuario/Documentos/qemu/exec.c:3362
#22 0x000055555581d7fa in address_space_rw (as=0x5555567d6460
<address_space_memory>, addr=34359762948, attrs=..., buf=0x7ffff7ff3028
"\002", len=4, is_write=true) at /home/usuario/Documentos/qemu/exec.c:3373
#23 0x000055555589ea33 in kvm_cpu_exec (cpu=0x555556b9ddf0) at
/home/usuario/Documentos/qemu/accel/kvm/kvm-all.c:2031
#24 0x000055555586453b in qemu_kvm_cpu_thread_fn (arg=0x555556b9ddf0) at
/home/usuario/Documentos/qemu/cpus.c:1281
#25 0x0000555555e11d07 in qemu_thread_start (args=0x555556bbe520) at
util/qemu-thread-posix.c:498
#26 0x00007ffff05866db in start_thread (arg=0x7fffceebb700) at
pthread_create.c:463
#27 0x00007ffff02af88f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

On #3 it outputs:
No symbol "p" in current context.

On #4 it shows:
$2 = {pid = 225, id = 2027203168, ep = 0x555557e46520, stream = 0, iov =
{iov = 0x7fffc418d190, niov = 0, nalloc = 1, size = 0}, parameter = 0,
short_not_ok = false, int_req = false, status = 0, actual_length = 0,
  state = USB_PACKET_SETUP, combined = 0x0, queue = {tqe_next = 0x0,
tqe_prev = 0x0}, combined_entry = {tqe_next = 0x0, tqe_prev = 0x0}}

Às 04:36 de 10/12/2018, kra...@redhat.com escreveu:
>   Hi,
> 
>> #3  0x00007ffff01be412 in __GI___assert_fail (assertion=0x555555fb8738
>> "p->actual_length + bytes <= iov->size", file=0x555555fb8456
>> "hw/usb/core.c", line=592, function=0x555555fb8980
>> <__PRETTY_FUNCTION__.26351> "usb_packet_copy") at assert.c:101
>> #4  0x0000555555bd5ed7 in usb_packet_copy (p=0x7fffc4722ea8,
>> ptr=0x7fffbc053ee0, bytes=192) at hw/usb/core.c:592
> 
> Can you "print *p" here?
> 
> thanks,
>   Gerd
>