[Bug 1687309] Re: Assertion !usb_packet_is_inflight(p) fails in OHCI

Mon, 09 Nov 2020 04:42:45 -0800 

The QEMU project is currently considering to move its bug tracking to another 
system. For this we need to know which bugs are still valid and which could be 
closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state 
back to "New" within the next 60 days, otherwise this report will be marked as 
"Expired". Thank you and sorry for the inconvenience.

** Changed in: qemu
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687309

Title:
  Assertion !usb_packet_is_inflight(p) fails in OHCI

Status in QEMU:
  Incomplete

Bug description:
  I'm trying to get a USB web camera working in Qemu & Raspbian. USB
  works and V4L shows device info correctly and capturing frames from
  the camera works sometimes, but mostly it crashes with error message:

  qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion
  `!usb_packet_is_inflight(p)' failed.

  This looks similar to the previous bug which also caused a crash on
  the same kind of assertion but the culprit was XHCI:
  https://bugs.launchpad.net/qemu/+bug/1653384

  == Versions ==

  QEMU emulator version 2.9.50 (v2.9.0-303-g81b2d5c-dirty),
  configured with
  ./configure --target-list=arm-softmmu,arm-linux-user,armeb-linux-user 
--enable-libusb --enable-libssh2 --enable-debug

  libusb: 1.0.21

  Guest: 2017-04-10-raspbian-jessie-lite.img with kernel 4.4.34 for
  Raspbian on Qemu

  Host: Ubuntu 16.04.2 LTS, kernel 4.4.0-72-generic

  Command: /usr/local/bin/qemu-system-arm -kernel qemu-rpi-kernel
  /kernel-qemu-4.4.34-v4lm-jessie -cpu arm1176 -m 256 -M versatilepb
  -no-reboot -append "root=/dev/sda2 panic=1" -drive
  format=raw,file=2017-04-10-raspbian-jessie-lite.img -usb -usbdevice
  host:046d:0928 -net nic,model=virtio -net user,hostfwd=tcp::2222-:22

  Web camera is an old Logitech QuickCam Express Etch2 (046d:0928). It
  works otherwise without problems.

  == GDB Backtrace ==

  qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion
  `!usb_packet_is_inflight(p)' failed.

  Thread 1 "qemu-system-arm" received signal SIGABRT, Aborted.
  0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:54
  54      ../sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole.
  (gdb) bt full
  #0  0x00007fffdea6f428 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:54
          resultvar = 0
          pid = 16526
          selftid = 16526
  #1  0x00007fffdea7102a in __GI_abort () at abort.c:89
          save_stage = 2
          act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, 
sa_mask = {__val = {140737488345776,
                140737488351076, 140737488345856, 48702688480, 140737352876032, 
93825001457954, 558, 93825001458576, 0, 0,
                140736929192332, 140736930289240, 140736930302896, 260615966, 
140736930289240, 93825001457954}},
            sa_flags = -135479296, sa_restorer = 0x555555e20922}
          sigs = {__val = {32, 0 <repeats 15 times>}}
  #2  0x00007fffdea67bd7 in __assert_fail_base (fmt=<optimized out>,
      assertion=assertion@entry=0x555555e20922 "!usb_packet_is_inflight(p)",
      file=file@entry=0x555555e20686 "hw/usb/core.c", line=line@entry=558,
      function=function@entry=0x555555e20b90 <__PRETTY_FUNCTION__.27044> 
"usb_packet_setup") at assert.c:92
          str = 0x5555573e0800 ""
          total = 4096
  #3  0x00007fffdea67c82 in __GI___assert_fail (assertion=0x555555e20922 
"!usb_packet_is_inflight(p)",
      file=0x555555e20686 "hw/usb/core.c", line=558,
      function=0x555555e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") 
at assert.c:101
  No locals.
  #4  0x0000555555b4015a in usb_packet_setup (p=0x555556e81bc8, pid=105, 
ep=0x55555733e180, stream=0, id=260615936,
      short_not_ok=false, int_req=false) at hw/usb/core.c:558
          __PRETTY_FUNCTION__ = "usb_packet_setup"
  #5  0x0000555555b4f2ee in ohci_service_iso_td (ohci=0x555556e814c0, 
ed=0x7fffffffdda0, completion=0)
      at hw/usb/hcd-ohci.c:852
          int_req = false
          dir = 2
          len = 1023
          str = 0x555555e233cf "in"
          pid = 105
          ret = -8788
          i = -8912
          dev = 0x55555733d070
          ep = 0x55555733e180
          iso_td = {flags = 4039218540, bp = 251170816, next = 260615872, be = 
251173880, offset = {59386, 0, 6, 0, 53328,
              53376, 0, 0}}
          addr = 260615936
          starting_frame = 38252
          relative_frame_number = 0
          frame_count = 0
          start_offset = 59386
          next_offset = 0
          end_offset = 0
          start_addr = 251172858
          end_addr = 251173880
  #6  0x0000555555b5055c in ohci_service_ed_list (ohci=0x555556e814c0, 
head=260608080, completion=0)
      at hw/usb/hcd-ohci.c:1239
          ed = {flags = 67080322, tail = 260614272, head = 260615936, next = 0}
          next_ed = 0
          cur = 260608080
          active = 1
          link_cnt = 1
  #7  0x0000555555b50857 in ohci_frame_boundary (opaque=0x555556e814c0) at 
hw/usb/hcd-ohci.c:1304
          n = 12
          ohci = 0x555556e814c0
          hcca = {intr = {260608080 <repeats 32 times>}, frame = 38252, pad = 
0, done = 0}
  #8  0x0000555555d12050 in timerlist_run_timers (timer_list=0x555556939600) at 
util/qemu-timer.c:536
          ts = 0x555556ebc9b0
          current_time = 224991592167
          progress = false
          cb = 0x555555b50778 <ohci_frame_boundary>
          opaque = 0x555556e814c0
  #9  0x0000555555d1209c in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at 
util/qemu-timer.c:547
  No locals.
  #10 0x0000555555d1244e in qemu_clock_run_all_timers () at 
util/qemu-timer.c:662
          progress = false
          type = QEMU_CLOCK_VIRTUAL
  #11 0x0000555555d12bf9 in main_loop_wait (nonblocking=0) at 
util/main-loop.c:525
          ret = 0
          timeout = 499
          timeout_ns = 977642
  #12 0x0000555555969440 in main_loop () at vl.c:1899
  No locals.
  #13 0x0000555555971229 in main (argc=21, argv=0x7fffffffe358, 
envp=0x7fffffffe408) at vl.c:4717
          i = 0
          snapshot = 0
          linux_boot = 1
          initrd_filename = 0x0
          kernel_filename = 0x5555568d78c0 
"qemu-rpi-kernel/kernel-qemu-4.4.34-v4lm-jessie"
          kernel_cmdline = 0x5555568d8c80 "root=/dev/sda2 panic=1 "
          boot_order = 0x0
          boot_once = 0x0
          ds = 0x55555718f750
          cyls = 0
          heads = 0
          secs = 0
          translation = 0
          opts = 0x0
          machine_opts = 0x5555568d8b20
          hda_opts = 0x0
          icount_opts = 0x0
          accel_opts = 0x0
          olist = 0x55555629fc80 <qemu_machine_opts>
          optind = 21
          optarg = 0x7fffffffe780 "user,hostfwd=tcp::2222-:22"
          loadvm = 0x0
          machine_class = 0x5555568eff50
          cpu_model = 0x7fffffffe6c2 "arm1176"
          vga_model = 0x555555d8d8c4 "std"
          qtest_chrdev = 0x0
          qtest_log = 0x0
          pid_file = 0x0
          incoming = 0x0
          defconfig = true
          userconfig = true
          nographic = false
          display_type = DT_GTK
          display_remote = 0
          log_mask = 0x0
          log_file = 0x0
          trace_file = 0x0
          maxram_size = 268435456
          ram_slots = 0
          vmstate_dump_file = 0x0
          main_loop_err = 0x0
          err = 0x0
          list_data_dirs = false
          bdo_queue = {sqh_first = 0x0, sqh_last = 0x7fffffffe140}
          __func__ = "main"

  (P.S. Tiedostoa tai hakemistoa ei ole = file or directory doesn't
  exist.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1687309/+subscriptions

Reply via email to