** Description changed: I'm trying to get a USB web camera working in Qemu & Raspbian. USB works and V4L shows device info correctly and capturing frames from the camera works sometimes, but mostly it crashes with error message: qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion `!usb_packet_is_inflight(p)' failed. This looks similar to the previous bug which also caused a crash on the same kind of assertion but the culprit was XHCI: https://bugs.launchpad.net/qemu/+bug/1653384 - == Versions == QEMU emulator version 2.9.50 (v2.9.0-303-g81b2d5c-dirty), configured with ./configure --target-list=arm-softmmu,arm-linux-user,armeb-linux-user --enable-libusb --enable-libssh2 --enable-debug libusb: 1.0.21 Guest: 2017-04-10-raspbian-jessie-lite.img with kernel 4.4.34 for Raspbian on Qemu + Host: Ubuntu 16.04.2 LTS, kernel 4.4.0-72-generic + Command: /usr/local/bin/qemu-system-arm -kernel qemu-rpi-kernel/kernel- qemu-4.4.34-v4lm-jessie -cpu arm1176 -m 256 -M versatilepb -no-reboot -append "root=/dev/sda2 panic=1" -drive format=raw,file=2017-04-10 -raspbian-jessie-lite.img -usb -usbdevice host:046d:0928 -net nic,model=virtio -net user,hostfwd=tcp::2222-:22 Web camera is an old Logitech QuickCam Express Etch2 (046d:0928). It works otherwise without problems. - == GDB Backtrace == qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion `!usb_packet_is_inflight(p)' failed. Thread 1 "qemu-system-arm" received signal SIGABRT, Aborted. 0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole. (gdb) bt full #0 0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 - resultvar = 0 - pid = 16526 - selftid = 16526 + resultvar = 0 + pid = 16526 + selftid = 16526 #1 0x00007fffdea7102a in __GI_abort () at abort.c:89 - save_stage = 2 - act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, sa_mask = {__val = {140737488345776, - 140737488351076, 140737488345856, 48702688480, 140737352876032, 93825001457954, 558, 93825001458576, 0, 0, - 140736929192332, 140736930289240, 140736930302896, 260615966, 140736930289240, 93825001457954}}, - sa_flags = -135479296, sa_restorer = 0x555555e20922} - sigs = {__val = {32, 0 <repeats 15 times>}} - #2 0x00007fffdea67bd7 in __assert_fail_base (fmt=<optimized out>, - assertion=assertion@entry=0x555555e20922 "!usb_packet_is_inflight(p)", - file=file@entry=0x555555e20686 "hw/usb/core.c", line=line@entry=558, - function=function@entry=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:92 - str = 0x5555573e0800 "" - total = 4096 - #3 0x00007fffdea67c82 in __GI___assert_fail (assertion=0x555555e20922 "!usb_packet_is_inflight(p)", - file=0x555555e20686 "hw/usb/core.c", line=558, - function=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:101 + save_stage = 2 + act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, sa_mask = {__val = {140737488345776, + 140737488351076, 140737488345856, 48702688480, 140737352876032, 93825001457954, 558, 93825001458576, 0, 0, + 140736929192332, 140736930289240, 140736930302896, 260615966, 140736930289240, 93825001457954}}, + sa_flags = -135479296, sa_restorer = 0x555555e20922} + sigs = {__val = {32, 0 <repeats 15 times>}} + #2 0x00007fffdea67bd7 in __assert_fail_base (fmt=<optimized out>, + assertion=assertion@entry=0x555555e20922 "!usb_packet_is_inflight(p)", + file=file@entry=0x555555e20686 "hw/usb/core.c", line=line@entry=558, + function=function@entry=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:92 + str = 0x5555573e0800 "" + total = 4096 + #3 0x00007fffdea67c82 in __GI___assert_fail (assertion=0x555555e20922 "!usb_packet_is_inflight(p)", + file=0x555555e20686 "hw/usb/core.c", line=558, + function=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:101 No locals. - #4 0x0000555555b4015a in usb_packet_setup (p=0x555556e81bc8, pid=105, ep=0x55555733e180, stream=0, id=260615936, - short_not_ok=false, int_req=false) at hw/usb/core.c:558 - __PRETTY_FUNCTION__ = "usb_packet_setup" + #4 0x0000555555b4015a in usb_packet_setup (p=0x555556e81bc8, pid=105, ep=0x55555733e180, stream=0, id=260615936, + short_not_ok=false, int_req=false) at hw/usb/core.c:558 + __PRETTY_FUNCTION__ = "usb_packet_setup" #5 0x0000555555b4f2ee in ohci_service_iso_td (ohci=0x555556e814c0, ed=0x7fffffffdda0, completion=0) - at hw/usb/hcd-ohci.c:852 - int_req = false - dir = 2 - len = 1023 - str = 0x555555e233cf "in" - pid = 105 - ret = -8788 - i = -8912 - dev = 0x55555733d070 - ep = 0x55555733e180 - iso_td = {flags = 4039218540, bp = 251170816, next = 260615872, be = 251173880, offset = {59386, 0, 6, 0, 53328, - 53376, 0, 0}} - addr = 260615936 - starting_frame = 38252 - relative_frame_number = 0 - frame_count = 0 - start_offset = 59386 - next_offset = 0 - end_offset = 0 - start_addr = 251172858 - end_addr = 251173880 + at hw/usb/hcd-ohci.c:852 + int_req = false + dir = 2 + len = 1023 + str = 0x555555e233cf "in" + pid = 105 + ret = -8788 + i = -8912 + dev = 0x55555733d070 + ep = 0x55555733e180 + iso_td = {flags = 4039218540, bp = 251170816, next = 260615872, be = 251173880, offset = {59386, 0, 6, 0, 53328, + 53376, 0, 0}} + addr = 260615936 + starting_frame = 38252 + relative_frame_number = 0 + frame_count = 0 + start_offset = 59386 + next_offset = 0 + end_offset = 0 + start_addr = 251172858 + end_addr = 251173880 #6 0x0000555555b5055c in ohci_service_ed_list (ohci=0x555556e814c0, head=260608080, completion=0) - at hw/usb/hcd-ohci.c:1239 - ed = {flags = 67080322, tail = 260614272, head = 260615936, next = 0} - next_ed = 0 - cur = 260608080 - active = 1 - link_cnt = 1 + at hw/usb/hcd-ohci.c:1239 + ed = {flags = 67080322, tail = 260614272, head = 260615936, next = 0} + next_ed = 0 + cur = 260608080 + active = 1 + link_cnt = 1 #7 0x0000555555b50857 in ohci_frame_boundary (opaque=0x555556e814c0) at hw/usb/hcd-ohci.c:1304 - n = 12 - ohci = 0x555556e814c0 - hcca = {intr = {260608080 <repeats 32 times>}, frame = 38252, pad = 0, done = 0} + n = 12 + ohci = 0x555556e814c0 + hcca = {intr = {260608080 <repeats 32 times>}, frame = 38252, pad = 0, done = 0} #8 0x0000555555d12050 in timerlist_run_timers (timer_list=0x555556939600) at util/qemu-timer.c:536 - ts = 0x555556ebc9b0 - current_time = 224991592167 - progress = false - cb = 0x555555b50778 <ohci_frame_boundary> - opaque = 0x555556e814c0 + ts = 0x555556ebc9b0 + current_time = 224991592167 + progress = false + cb = 0x555555b50778 <ohci_frame_boundary> + opaque = 0x555556e814c0 #9 0x0000555555d1209c in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at util/qemu-timer.c:547 No locals. #10 0x0000555555d1244e in qemu_clock_run_all_timers () at util/qemu-timer.c:662 - progress = false - type = QEMU_CLOCK_VIRTUAL + progress = false + type = QEMU_CLOCK_VIRTUAL #11 0x0000555555d12bf9 in main_loop_wait (nonblocking=0) at util/main-loop.c:525 - ret = 0 - timeout = 499 - timeout_ns = 977642 + ret = 0 + timeout = 499 + timeout_ns = 977642 #12 0x0000555555969440 in main_loop () at vl.c:1899 No locals. #13 0x0000555555971229 in main (argc=21, argv=0x7fffffffe358, envp=0x7fffffffe408) at vl.c:4717 - i = 0 - snapshot = 0 - linux_boot = 1 - initrd_filename = 0x0 - kernel_filename = 0x5555568d78c0 "qemu-rpi-kernel/kernel-qemu-4.4.34-v4lm-jessie" - kernel_cmdline = 0x5555568d8c80 "root=/dev/sda2 panic=1 " - boot_order = 0x0 - boot_once = 0x0 - ds = 0x55555718f750 - cyls = 0 - heads = 0 - secs = 0 - translation = 0 - opts = 0x0 - machine_opts = 0x5555568d8b20 - hda_opts = 0x0 - icount_opts = 0x0 - accel_opts = 0x0 - olist = 0x55555629fc80 <qemu_machine_opts> - optind = 21 - optarg = 0x7fffffffe780 "user,hostfwd=tcp::2222-:22" - loadvm = 0x0 - machine_class = 0x5555568eff50 - cpu_model = 0x7fffffffe6c2 "arm1176" - vga_model = 0x555555d8d8c4 "std" - qtest_chrdev = 0x0 - qtest_log = 0x0 - pid_file = 0x0 - incoming = 0x0 - defconfig = true - userconfig = true - nographic = false - display_type = DT_GTK - display_remote = 0 - log_mask = 0x0 - log_file = 0x0 - trace_file = 0x0 - maxram_size = 268435456 - ram_slots = 0 - vmstate_dump_file = 0x0 - main_loop_err = 0x0 - err = 0x0 - list_data_dirs = false - bdo_queue = {sqh_first = 0x0, sqh_last = 0x7fffffffe140} - __func__ = "main" + i = 0 + snapshot = 0 + linux_boot = 1 + initrd_filename = 0x0 + kernel_filename = 0x5555568d78c0 "qemu-rpi-kernel/kernel-qemu-4.4.34-v4lm-jessie" + kernel_cmdline = 0x5555568d8c80 "root=/dev/sda2 panic=1 " + boot_order = 0x0 + boot_once = 0x0 + ds = 0x55555718f750 + cyls = 0 + heads = 0 + secs = 0 + translation = 0 + opts = 0x0 + machine_opts = 0x5555568d8b20 + hda_opts = 0x0 + icount_opts = 0x0 + accel_opts = 0x0 + olist = 0x55555629fc80 <qemu_machine_opts> + optind = 21 + optarg = 0x7fffffffe780 "user,hostfwd=tcp::2222-:22" + loadvm = 0x0 + machine_class = 0x5555568eff50 + cpu_model = 0x7fffffffe6c2 "arm1176" + vga_model = 0x555555d8d8c4 "std" + qtest_chrdev = 0x0 + qtest_log = 0x0 + pid_file = 0x0 + incoming = 0x0 + defconfig = true + userconfig = true + nographic = false + display_type = DT_GTK + display_remote = 0 + log_mask = 0x0 + log_file = 0x0 + trace_file = 0x0 + maxram_size = 268435456 + ram_slots = 0 + vmstate_dump_file = 0x0 + main_loop_err = 0x0 + err = 0x0 + list_data_dirs = false + bdo_queue = {sqh_first = 0x0, sqh_last = 0x7fffffffe140} + __func__ = "main" - - (P.S. Tiedostoa tai hakemistoa ei ole = file or directory doesn't exist.) + (P.S. Tiedostoa tai hakemistoa ei ole = file or directory doesn't + exist.)
-- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1687309 Title: Assertion !usb_packet_is_inflight(p) fails in OHCI Status in QEMU: New Bug description: I'm trying to get a USB web camera working in Qemu & Raspbian. USB works and V4L shows device info correctly and capturing frames from the camera works sometimes, but mostly it crashes with error message: qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion `!usb_packet_is_inflight(p)' failed. This looks similar to the previous bug which also caused a crash on the same kind of assertion but the culprit was XHCI: https://bugs.launchpad.net/qemu/+bug/1653384 == Versions == QEMU emulator version 2.9.50 (v2.9.0-303-g81b2d5c-dirty), configured with ./configure --target-list=arm-softmmu,arm-linux-user,armeb-linux-user --enable-libusb --enable-libssh2 --enable-debug libusb: 1.0.21 Guest: 2017-04-10-raspbian-jessie-lite.img with kernel 4.4.34 for Raspbian on Qemu Host: Ubuntu 16.04.2 LTS, kernel 4.4.0-72-generic Command: /usr/local/bin/qemu-system-arm -kernel qemu-rpi-kernel /kernel-qemu-4.4.34-v4lm-jessie -cpu arm1176 -m 256 -M versatilepb -no-reboot -append "root=/dev/sda2 panic=1" -drive format=raw,file=2017-04-10-raspbian-jessie-lite.img -usb -usbdevice host:046d:0928 -net nic,model=virtio -net user,hostfwd=tcp::2222-:22 Web camera is an old Logitech QuickCam Express Etch2 (046d:0928). It works otherwise without problems. == GDB Backtrace == qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion `!usb_packet_is_inflight(p)' failed. Thread 1 "qemu-system-arm" received signal SIGABRT, Aborted. 0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole. (gdb) bt full #0 0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 resultvar = 0 pid = 16526 selftid = 16526 #1 0x00007fffdea7102a in __GI_abort () at abort.c:89 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, sa_mask = {__val = {140737488345776, 140737488351076, 140737488345856, 48702688480, 140737352876032, 93825001457954, 558, 93825001458576, 0, 0, 140736929192332, 140736930289240, 140736930302896, 260615966, 140736930289240, 93825001457954}}, sa_flags = -135479296, sa_restorer = 0x555555e20922} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007fffdea67bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x555555e20922 "!usb_packet_is_inflight(p)", file=file@entry=0x555555e20686 "hw/usb/core.c", line=line@entry=558, function=function@entry=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:92 str = 0x5555573e0800 "" total = 4096 #3 0x00007fffdea67c82 in __GI___assert_fail (assertion=0x555555e20922 "!usb_packet_is_inflight(p)", file=0x555555e20686 "hw/usb/core.c", line=558, function=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:101 No locals. #4 0x0000555555b4015a in usb_packet_setup (p=0x555556e81bc8, pid=105, ep=0x55555733e180, stream=0, id=260615936, short_not_ok=false, int_req=false) at hw/usb/core.c:558 __PRETTY_FUNCTION__ = "usb_packet_setup" #5 0x0000555555b4f2ee in ohci_service_iso_td (ohci=0x555556e814c0, ed=0x7fffffffdda0, completion=0) at hw/usb/hcd-ohci.c:852 int_req = false dir = 2 len = 1023 str = 0x555555e233cf "in" pid = 105 ret = -8788 i = -8912 dev = 0x55555733d070 ep = 0x55555733e180 iso_td = {flags = 4039218540, bp = 251170816, next = 260615872, be = 251173880, offset = {59386, 0, 6, 0, 53328, 53376, 0, 0}} addr = 260615936 starting_frame = 38252 relative_frame_number = 0 frame_count = 0 start_offset = 59386 next_offset = 0 end_offset = 0 start_addr = 251172858 end_addr = 251173880 #6 0x0000555555b5055c in ohci_service_ed_list (ohci=0x555556e814c0, head=260608080, completion=0) at hw/usb/hcd-ohci.c:1239 ed = {flags = 67080322, tail = 260614272, head = 260615936, next = 0} next_ed = 0 cur = 260608080 active = 1 link_cnt = 1 #7 0x0000555555b50857 in ohci_frame_boundary (opaque=0x555556e814c0) at hw/usb/hcd-ohci.c:1304 n = 12 ohci = 0x555556e814c0 hcca = {intr = {260608080 <repeats 32 times>}, frame = 38252, pad = 0, done = 0} #8 0x0000555555d12050 in timerlist_run_timers (timer_list=0x555556939600) at util/qemu-timer.c:536 ts = 0x555556ebc9b0 current_time = 224991592167 progress = false cb = 0x555555b50778 <ohci_frame_boundary> opaque = 0x555556e814c0 #9 0x0000555555d1209c in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at util/qemu-timer.c:547 No locals. #10 0x0000555555d1244e in qemu_clock_run_all_timers () at util/qemu-timer.c:662 progress = false type = QEMU_CLOCK_VIRTUAL #11 0x0000555555d12bf9 in main_loop_wait (nonblocking=0) at util/main-loop.c:525 ret = 0 timeout = 499 timeout_ns = 977642 #12 0x0000555555969440 in main_loop () at vl.c:1899 No locals. #13 0x0000555555971229 in main (argc=21, argv=0x7fffffffe358, envp=0x7fffffffe408) at vl.c:4717 i = 0 snapshot = 0 linux_boot = 1 initrd_filename = 0x0 kernel_filename = 0x5555568d78c0 "qemu-rpi-kernel/kernel-qemu-4.4.34-v4lm-jessie" kernel_cmdline = 0x5555568d8c80 "root=/dev/sda2 panic=1 " boot_order = 0x0 boot_once = 0x0 ds = 0x55555718f750 cyls = 0 heads = 0 secs = 0 translation = 0 opts = 0x0 machine_opts = 0x5555568d8b20 hda_opts = 0x0 icount_opts = 0x0 accel_opts = 0x0 olist = 0x55555629fc80 <qemu_machine_opts> optind = 21 optarg = 0x7fffffffe780 "user,hostfwd=tcp::2222-:22" loadvm = 0x0 machine_class = 0x5555568eff50 cpu_model = 0x7fffffffe6c2 "arm1176" vga_model = 0x555555d8d8c4 "std" qtest_chrdev = 0x0 qtest_log = 0x0 pid_file = 0x0 incoming = 0x0 defconfig = true userconfig = true nographic = false display_type = DT_GTK display_remote = 0 log_mask = 0x0 log_file = 0x0 trace_file = 0x0 maxram_size = 268435456 ram_slots = 0 vmstate_dump_file = 0x0 main_loop_err = 0x0 err = 0x0 list_data_dirs = false bdo_queue = {sqh_first = 0x0, sqh_last = 0x7fffffffe140} __func__ = "main" (P.S. Tiedostoa tai hakemistoa ei ole = file or directory doesn't exist.) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1687309/+subscriptions
