[Bug 1884684] Re: QEMU 5.0: Guest VM hangs/freeze when unplugging USB device

[TheCatFelix]

I do get get the same backtrace in gdb every time every time when we
reproduce the hang:

(gdb) thread apply all bt

Thread 9 (Thread 0x7fd1415ff700 (LWP 3202)):
#0  0x00007fd323d154bf in __GI___poll (fds=0x7fd1415fe6c0, nfds=2, timeout=-1) 
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fd324978bb2 in ?? () from 
target:/lib/x86_64-linux-gnu/libusb-1.0.so.0
#2  0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#3  0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 8 (Thread 0x7fd1437fe700 (LWP 3171)):
#0  0x00007fd323d16d87 in ioctl () at ../sysdeps/unix/syscall-template.S:120
#1  0x000055a5daef74f7 in kvm_vcpu_ioctl ()
#2  0x000055a5daef7631 in kvm_cpu_exec ()
#3  0x000055a5daedaede in ?? ()
#4  0x000055a5db32194b in ?? ()
#5  0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#6  0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 7 (Thread 0x7fd143fff700 (LWP 3170)):
#0  0x00007fd323d16d87 in ioctl () at ../sysdeps/unix/syscall-template.S:120
#1  0x000055a5daef74f7 in kvm_vcpu_ioctl ()
#2  0x000055a5daef7631 in kvm_cpu_exec ()
#3  0x000055a5daedaede in ?? ()
#4  0x000055a5db32194b in ?? ()
#5  0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#6  0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7fd150dfd700 (LWP 3169)):
#0  __lll_lock_wait (futex=futex@entry=0x55a5db80a540, private=0) at 
lowlevellock.c:52
#1  0x00007fd323df2843 in __GI___pthread_mutex_lock (mutex=0x55a5db80a540) at 
../nptl/pthread_mutex_lock.c:80
#2  0x000055a5db321b43 in qemu_mutex_lock_impl ()
#3  0x000055a5daedac8e in qemu_mutex_lock_iothread_impl ()
#4  0x000055a5dae92ac9 in ?? ()
#5  0x000055a5dae97de7 in flatview_read_continue ()
#6  0x000055a5dae98023 in ?? ()
#7  0x000055a5dae9813b in address_space_read_full ()
#8  0x000055a5daef78cf in kvm_cpu_exec ()
#9  0x000055a5daedaede in ?? ()
#10 0x000055a5db32194b in ?? ()
#11 0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#12 0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7fd1515fe700 (LWP 3168)):
#0  __lll_lock_wait (futex=futex@entry=0x55a5db80a540, private=0) at 
lowlevellock.c:52
#1  0x00007fd323df2843 in __GI___pthread_mutex_lock (mutex=0x55a5db80a540) at 
../nptl/pthread_mutex_lock.c:80
#2  0x000055a5db321b43 in qemu_mutex_lock_impl ()
#3  0x000055a5daedac8e in qemu_mutex_lock_iothread_impl ()
#4  0x000055a5dae92ac9 in ?? ()
#5  0x000055a5dae97de7 in flatview_read_continue ()
#6  0x000055a5dae98023 in ?? ()
#7  0x000055a5dae9813b in address_space_read_full ()
#8  0x000055a5daef78cf in kvm_cpu_exec ()
#9  0x000055a5daedaede in ?? ()
#10 0x000055a5db32194b in ?? ()
#11 0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#12 0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fd151dff700 (LWP 3167)):
#0  __lll_lock_wait (futex=futex@entry=0x55a5db80a540, private=0) at 
lowlevellock.c:52
#1  0x00007fd323df2843 in __GI___pthread_mutex_lock (mutex=0x55a5db80a540) at 
../nptl/pthread_mutex_lock.c:80
--Type <RET> for more, q to quit, c to continue without paging--
#2  0x000055a5db321b43 in qemu_mutex_lock_impl ()
#3  0x000055a5daedac8e in qemu_mutex_lock_iothread_impl ()
#4  0x000055a5dae92ac9 in ?? ()
#5  0x000055a5dae97de7 in flatview_read_continue ()
#6  0x000055a5dae98023 in ?? ()
#7  0x000055a5dae9813b in address_space_read_full ()
#8  0x000055a5daef78cf in kvm_cpu_exec ()
#9  0x000055a5daedaede in ?? ()
#10 0x000055a5db32194b in ?? ()
#11 0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#12 0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fd320d97700 (LWP 3166)):
#0  0x00007fd323d154bf in __GI___poll (fds=0x7fd318003180, nfds=3, timeout=-1) 
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fd324a097ee in ?? () from 
target:/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fd324a09b53 in g_main_loop_run () from 
target:/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x000055a5db016c71 in ?? ()
#4  0x000055a5db32194b in ?? ()
#5  0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#6  0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fd3224de700 (LWP 3156)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x000055a5db3226fa in qemu_event_wait ()
#2  0x000055a5db33466a in ?? ()
#3  0x000055a5db32194b in ?? ()
#4  0x00007fd323defea7 in start_thread (arg=<optimized out>) at 
pthread_create.c:477
#5  0x00007fd323d1feaf in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fd3224dff40 (LWP 3148)):
#0  0x00007fd323d154bf in __GI___poll (fds=0x55a5dca30150, nfds=3, timeout=3) 
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fd324971f4d in ?? () from 
target:/lib/x86_64-linux-gnu/libusb-1.0.so.0
#2  0x00007fd32497316c in libusb_handle_events_timeout_completed () from 
target:/lib/x86_64-linux-gnu/libusb-1.0.so.0
#3  0x000055a5db18edc7 in ?? ()
#4  0x000055a5db18efab in ?? ()
#5  0x000055a5db31abf7 in aio_bh_poll ()
#6  0x000055a5db31e3fe in aio_dispatch ()
#7  0x000055a5db31aace in ?? ()
#8  0x00007fd324a095fd in g_main_context_dispatch () from 
target:/lib/x86_64-linux-gnu/libglib-2.0.so.0
#9  0x000055a5db31d638 in main_loop_wait ()
#10 0x000055a5dafad309 in qemu_main_loop ()
#11 0x000055a5dae9125e in main ()
(gdb)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1884684

Title:
  QEMU 5.0: Guest VM hangs/freeze when unplugging USB device

Status in QEMU:
  New

Bug description:
  Setup:

  Host: Debian/SID, Kernel 5.6, QEMU 5.0
  Guest: Windows 10 VM with PCI and USB device passthrough.

  Problem: Guest VM suddenly hangs when pulling USB device out from the
  Host.

  Observations:
   - Issue appears to be related to QEMU 5.0
     - It started after an upgrade to QEMU 5.0.
     - Downgrading only QEMU on multiple systems fixes the issue.

   - Issue is very reproducible.
     - Most of the time within a few attempts of pulling/reconnecting the 
device.
     - Issue happens with multiple devices (I did try standard HID devices, a 
webcam and an x-ray sensor).

   - Guest just hangs.
     - Display output remains on last frame shown.
     - Ping to Guest immediately stops working.
     - Logs in the Guest stop logging immediately.

   - Host is fine and thinks the Guest is fine. 
     - Guest continues to show as running in "virsh list".
     - No suspicious entries in the QEMU logs.
     - No suspicious entries in Host syslogs/messages.
     - Host can can kill guest "virsh destroy" and respawn fine.

   - Issue seems widespread.
     - Multiple similar reports from ProxMox users after upgrade to ProxMox 6.2 
for both Windows and Linux guests (First version that uses QEMU 5.0)

  
https://forum.proxmox.com/threads/vm-freezes-when-disconnecting-usb-keyboard-and-mouse.70287/
  https://forum.proxmox.com/threads/usb-drive-crashes-vm.70214/
  
https://forum.proxmox.com/threads/latest-proxmox-usb-disconnects-freeze-kvm.70398/
  
https://forum.proxmox.com/threads/vm-with-gpu-passthrough-freezes-when-turning-off-monitor-after-proxmox-6-2-upgrade.69821/
  
https://forum.proxmox.com/threads/vm-with-gpu-passthrough-freezes-when-turning-off-monitor-after-proxmox-6-2-upgrade.69824/

  I'd be more than happy any debugs that might be helpful.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1884684/+subscriptions