The attached ZIP file contains USB packet capture file made with Wireshark on host OS side during crash.
What happens in the capture: - packets 1-202: starting Qemu - running lsusb and v4l-info -> no packets produced - packets 203-268: fswebcam testpic05.jpg -> OK - packets 269-320: fswebcam testpic05b.jpg -> crash as described in the bug report For your reference, testpic05.jpg is attached, too. ** Attachment added: "usb-packet-capture-on-qemu-crash-170501.zip" https://bugs.launchpad.net/qemu/+bug/1687309/+attachment/4870531/+files/usb-packet-capture-on-qemu-crash-170501.zip -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1687309 Title: Assertion !usb_packet_is_inflight(p) fails in OHCI Status in QEMU: New Bug description: I'm trying to get a USB web camera working in Qemu & Raspbian. USB works and V4L shows device info correctly and capturing frames from the camera works sometimes, but mostly it crashes with error message: qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion `!usb_packet_is_inflight(p)' failed. This looks similar to the previous bug which also caused a crash on the same kind of assertion but the culprit was XHCI: https://bugs.launchpad.net/qemu/+bug/1653384 == Versions == QEMU emulator version 2.9.50 (v2.9.0-303-g81b2d5c-dirty), configured with ./configure --target-list=arm-softmmu,arm-linux-user,armeb-linux-user --enable-libusb --enable-libssh2 --enable-debug libusb: 1.0.21 Guest: 2017-04-10-raspbian-jessie-lite.img with kernel 4.4.34 for Raspbian on Qemu Host: Ubuntu 16.04.2 LTS, kernel 4.4.0-72-generic Command: /usr/local/bin/qemu-system-arm -kernel qemu-rpi-kernel /kernel-qemu-4.4.34-v4lm-jessie -cpu arm1176 -m 256 -M versatilepb -no-reboot -append "root=/dev/sda2 panic=1" -drive format=raw,file=2017-04-10-raspbian-jessie-lite.img -usb -usbdevice host:046d:0928 -net nic,model=virtio -net user,hostfwd=tcp::2222-:22 Web camera is an old Logitech QuickCam Express Etch2 (046d:0928). It works otherwise without problems. == GDB Backtrace == qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion `!usb_packet_is_inflight(p)' failed. Thread 1 "qemu-system-arm" received signal SIGABRT, Aborted. 0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole. (gdb) bt full #0 0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 resultvar = 0 pid = 16526 selftid = 16526 #1 0x00007fffdea7102a in __GI_abort () at abort.c:89 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, sa_mask = {__val = {140737488345776, 140737488351076, 140737488345856, 48702688480, 140737352876032, 93825001457954, 558, 93825001458576, 0, 0, 140736929192332, 140736930289240, 140736930302896, 260615966, 140736930289240, 93825001457954}}, sa_flags = -135479296, sa_restorer = 0x555555e20922} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007fffdea67bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x555555e20922 "!usb_packet_is_inflight(p)", file=file@entry=0x555555e20686 "hw/usb/core.c", line=line@entry=558, function=function@entry=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:92 str = 0x5555573e0800 "" total = 4096 #3 0x00007fffdea67c82 in __GI___assert_fail (assertion=0x555555e20922 "!usb_packet_is_inflight(p)", file=0x555555e20686 "hw/usb/core.c", line=558, function=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") at assert.c:101 No locals. #4 0x0000555555b4015a in usb_packet_setup (p=0x555556e81bc8, pid=105, ep=0x55555733e180, stream=0, id=260615936, short_not_ok=false, int_req=false) at hw/usb/core.c:558 __PRETTY_FUNCTION__ = "usb_packet_setup" #5 0x0000555555b4f2ee in ohci_service_iso_td (ohci=0x555556e814c0, ed=0x7fffffffdda0, completion=0) at hw/usb/hcd-ohci.c:852 int_req = false dir = 2 len = 1023 str = 0x555555e233cf "in" pid = 105 ret = -8788 i = -8912 dev = 0x55555733d070 ep = 0x55555733e180 iso_td = {flags = 4039218540, bp = 251170816, next = 260615872, be = 251173880, offset = {59386, 0, 6, 0, 53328, 53376, 0, 0}} addr = 260615936 starting_frame = 38252 relative_frame_number = 0 frame_count = 0 start_offset = 59386 next_offset = 0 end_offset = 0 start_addr = 251172858 end_addr = 251173880 #6 0x0000555555b5055c in ohci_service_ed_list (ohci=0x555556e814c0, head=260608080, completion=0) at hw/usb/hcd-ohci.c:1239 ed = {flags = 67080322, tail = 260614272, head = 260615936, next = 0} next_ed = 0 cur = 260608080 active = 1 link_cnt = 1 #7 0x0000555555b50857 in ohci_frame_boundary (opaque=0x555556e814c0) at hw/usb/hcd-ohci.c:1304 n = 12 ohci = 0x555556e814c0 hcca = {intr = {260608080 <repeats 32 times>}, frame = 38252, pad = 0, done = 0} #8 0x0000555555d12050 in timerlist_run_timers (timer_list=0x555556939600) at util/qemu-timer.c:536 ts = 0x555556ebc9b0 current_time = 224991592167 progress = false cb = 0x555555b50778 <ohci_frame_boundary> opaque = 0x555556e814c0 #9 0x0000555555d1209c in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at util/qemu-timer.c:547 No locals. #10 0x0000555555d1244e in qemu_clock_run_all_timers () at util/qemu-timer.c:662 progress = false type = QEMU_CLOCK_VIRTUAL #11 0x0000555555d12bf9 in main_loop_wait (nonblocking=0) at util/main-loop.c:525 ret = 0 timeout = 499 timeout_ns = 977642 #12 0x0000555555969440 in main_loop () at vl.c:1899 No locals. #13 0x0000555555971229 in main (argc=21, argv=0x7fffffffe358, envp=0x7fffffffe408) at vl.c:4717 i = 0 snapshot = 0 linux_boot = 1 initrd_filename = 0x0 kernel_filename = 0x5555568d78c0 "qemu-rpi-kernel/kernel-qemu-4.4.34-v4lm-jessie" kernel_cmdline = 0x5555568d8c80 "root=/dev/sda2 panic=1 " boot_order = 0x0 boot_once = 0x0 ds = 0x55555718f750 cyls = 0 heads = 0 secs = 0 translation = 0 opts = 0x0 machine_opts = 0x5555568d8b20 hda_opts = 0x0 icount_opts = 0x0 accel_opts = 0x0 olist = 0x55555629fc80 <qemu_machine_opts> optind = 21 optarg = 0x7fffffffe780 "user,hostfwd=tcp::2222-:22" loadvm = 0x0 machine_class = 0x5555568eff50 cpu_model = 0x7fffffffe6c2 "arm1176" vga_model = 0x555555d8d8c4 "std" qtest_chrdev = 0x0 qtest_log = 0x0 pid_file = 0x0 incoming = 0x0 defconfig = true userconfig = true nographic = false display_type = DT_GTK display_remote = 0 log_mask = 0x0 log_file = 0x0 trace_file = 0x0 maxram_size = 268435456 ram_slots = 0 vmstate_dump_file = 0x0 main_loop_err = 0x0 err = 0x0 list_data_dirs = false bdo_queue = {sqh_first = 0x0, sqh_last = 0x7fffffffe140} __func__ = "main" (P.S. Tiedostoa tai hakemistoa ei ole = file or directory doesn't exist.) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1687309/+subscriptions
