1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
id = 634
title = "usbredir: assertion failure after suspend/resume when stopped"
state = "opened"
created_at = "2021-09-23T19:54:30.325Z"
closed_at = "n/a"
labels = ["USB"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/634"
host-os = "Debian bookworm/sid"
host-arch = "x86_64"
qemu-version = "\"QEMU emulator version 6.1.0 (Debian 1:6.1+dfsg-5)\" \\"
guest-os = "KNOPPIX 9.1 (and Windows 10 21H1)"
guest-arch = "x86_64"
description = """Accessing a USB smart card ([Yubikey 5 NFC](https://www.yubico.com/product/yubikey-5-nfc/)) from the guest after host suspend/resume while the guest is stopped and the device is redirected causes QEMU to crash with "Segmentation fault" (with master) or the assertion failure (with Debian 1:6.1+dfsg-5):
qemu-system-x86_64: ../../hw/usb/core.c:470: usb_packet_complete_one: Assertion `p->stream || QTAILQ_FIRST(&ep->queue) == p' failed."""
reproduce = """1. Run `qemu-system-x86_64` with command line listed above.
2. Run `remote-viewer spice://localhost:3001` in another terminal.
3. Redirect the smart card to the guest in remote-viewer.
4. Run `gpg --card-status` in the guest.
5. Run `stop` in the QEMU monitor.
6. Run `rtcwake --mode mem --seconds 1` as root to suspend the host to S3, then resume. (or `ehco mem >/sys/power/state` or `systemctl suspend` then wake manually)
7. Run `cont` in QEMU monitor to resume the guest.
8. Stop redirecting the smart card to the guest in remote-viewer.
9. Start redirecting the smart card to the guest in remote-viewer.
10. Run `gpg --card-status` in the guest. Repeat if necessary.
Note that after step 7 the train has left the rails. Executing `gpg --card-status` in the guest at this point would print:
gpg: selecting card failed: no such device
gpg: OpenPGP card not available: no such device
However, stopping and resuming redirection appears to be necessary to trigger the assertion failure.
Also note that on Windows, it's not necessary to execute any `gpg` commands. QEMU will hit the assertion failure after step 9."""
additional = """<details>
<summary>backtrace with version built from 2c3e83f92d</summary>
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00005623c09a5754 in usb_handle_packet
(dev=0x5623c3592500, p=p@entry=0x7f92e43c81c8) at ../hw/usb/core.c:441
#1 0x00005623c09be239 in xhci_submit
(epctx=<optimized out>, xfer=<optimized out>, xhci=<optimized out>)
at ../hw/usb/hcd-xhci.c:1783
#2 xhci_fire_transfer
(epctx=<optimized out>, xfer=<optimized out>, xhci=<optimized out>)
at ../hw/usb/hcd-xhci.c:1792
#3 xhci_kick_epctx (epctx=0x7f92e43c7c30, streamid=0)
at ../hw/usb/hcd-xhci.c:1951
#4 0x00005623c09bea1b in xhci_kick_ep
(xhci=<optimized out>, slotid=<optimized out>, epid=<optimized out>, streamid=<optimized out>) at ../hw/usb/hcd-xhci.c:1817
#5 0x00005623c09bebd8 in xhci_doorbell_write
(ptr=0x7f92ec137970, reg=1, val=4, size=<optimized out>)
at ../hw/usb/hcd-xhci.c:3118
#6 0x00005623c0abbc7f in memory_region_write_accessor
(mr=mr@entry=0x7f92ec137ed0, addr=4, value=value@entry=0x7f92eda403e8, size=size@entry=4, shift=<optimized out>, mask=mask@entry=4294967295, attrs=...)
at ../softmmu/memory.c:492
#7 0x00005623c0ab953e in access_with_adjusted_size
(addr=addr@entry=4, value=value@entry=0x7f92eda403e8, size=size@entry=4, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=
0x5623c0abbc00 <memory_region_write_accessor>, mr=0x7f92ec137ed0, attrs=...) at ../softmmu/memory.c:554
#8 0x00005623c0abd650 in memory_region_dispatch_write
(mr=mr@entry=0x7f92ec137ed0, addr=4, data=<optimized out>, op=<optimized out>, attrs=attrs@entry=...) at ../softmmu/memory.c:1511
#9 0x00005623c0aad417 in flatview_write_continue
(fv=fv@entry=0x7f92e43c7140, addr=addr@entry=4227932164, attrs=attrs@entry=..., ptr=ptr@entry=0x7f92ef17f028, len=len@entry=4, addr1=<optimized out>, l=<optimized out>, mr=0x7f92ec137ed0)
at /home/kevin/tmp/qemu/include/qemu/host-utils.h:165
#10 0x00005623c0ab09db in flatview_write
(len=4, buf=0x7f92ef17f028, attrs=..., addr=4227932164, fv=0x7f92e43c7140)
at ../softmmu/physmem.c:2820
#11 address_space_write
(as=<optimized out>, addr=4227932164, attrs=..., buf=buf@entry=0x7f92ef17f028, len=4) at ../softmmu/physmem.c:2912
#12 0x00005623c0ab0a9f in address_space_rw
(as=<optimized out>, addr=<optimized out>, attrs=...,
attrs@entry=..., buf=buf@entry=0x7f92ef17f028, len=<optimized out>, is_write=<optimized out>) at ../softmmu/physmem.c:2922
#13 0x00005623c0ba2890 in kvm_cpu_exec (cpu=cpu@entry=0x5623c2729bc0)
at ../accel/kvm/kvm-all.c:2893
#14 0x00005623c0ba3bbd in kvm_vcpu_thread_fn (arg=arg@entry=0x5623c2729bc0)
at ../accel/kvm/kvm-accel-ops.c:49
#15 0x00005623c0d0a959 in qemu_thread_start (args=0x7f92eda40610)
at ../util/qemu-thread-posix.c:557
#16 0x00007f92fd431eae in start_thread (arg=0x7f92eda45640)
at pthread_create.c:463
#17 0x00007f92fca2fa5f in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
</details>
Let me know if there are any additional logs or information that would be useful.
Thanks,\\
Kevin"""
|