[Qemu-devel] [BUG] USB assertion triggers in usb_packet_complete()

[Qemu-devel] [BUG] USB assertion triggers in usb_packet_complete()

[Thomas Huth]

 Hi!

I am currently facing a problem when running QEMU (up-to-date git
version) with OHCI and a lot of virtual USB devices.
The emulator dies with the following assertion:

qemu-system-arm: hw/usb.c:337: usb_packet_complete:
Assertion `p->owner != ((void *)0)' failed.

To reproduce this problem, you can run the configure script with
"--target-list=arm-softmmu" for example, then download the files
vmlinuz-2.6.26-2-versatile and initrd.img-2.6.26-2-versatile
from http://people.debian.org/~aurel32/qemu/arm/ and then run
qemu like this:

qemu-system-arm -kernel vmlinuz-2.6.26-2-versatile \
  -initrd initrd.img-2.6.26-2-versatile -M versatilepb -usb \
  -drive if=none,file=/tmp/linux-0.2.img,cache=none,id=disk0 \
  -device usb-storage,drive=disk0 -usbdevice mouse \
  -usbdevice keyboard -usbdevice tablet

It boots the Linux kernel for a while, then dies with the above
assertion.

Observations:
- It could be related to the fact that QEMU puts a hub into the
  USB tree in that case ... when I specify less USB devices, I was
  not able to reproduce this problem, but in that case there are
  also no hubs in the tree. According to the comment in
  usb_packet_complete(), there might be problems with the assert() in
  case there is a hub ... ?
- So far I was only able to reproduce this problem when the emulated
  platform uses an OHCI controller. I haven't seen the problem to
  occur with UHCI yet (but I have to admit that I also haven't done a
  lot of tests with UHCI).

Do you have any ideas what could be wrong here?

 Regards,
  Thomas

Re: [Qemu-devel] [BUG] USB assertion triggers in usb_packet_complete()

[Thomas Huth]

Am Mon, 10 Oct 2011 15:03:41 +0200
schrieb Thomas Huth <thuth@linux.vnet.ibm.com>:
> 
> I am currently facing a problem when running QEMU (up-to-date git
> version) with OHCI and a lot of virtual USB devices.
> The emulator dies with the following assertion:
> 
> qemu-system-arm: hw/usb.c:337: usb_packet_complete:
> Assertion `p->owner != ((void *)0)' failed.

Not sure whether this is the right solution, but this patch fixes the
problem for me:

diff --git a/hw/usb.c b/hw/usb.c
index fa90204..7cef9e2 100644
--- a/hw/usb.c
+++ b/hw/usb.c
@@ -25,6 +25,7 @@
  */
 #include "qemu-common.h"
 #include "usb.h"
+#include "usb-desc.h"
 #include "iov.h"
 
 void usb_attach(USBPort *port)
@@ -334,7 +335,9 @@ int usb_handle_packet(USBDevice *dev, USBPacket *p)
 void usb_packet_complete(USBDevice *dev, USBPacket *p)
 {
     /* Note: p->owner != dev is possible in case dev is a hub */
-    assert(p->owner != NULL);
+    if (dev->device->bDeviceClass != USB_CLASS_HUB) {
+        assert(p->owner != NULL);
+    }
     p->owner = NULL;
     dev->port->ops->complete(dev->port, p);
 }


 Thomas

Re: [Qemu-devel] [BUG] USB assertion triggers in usb_packet_complete()

[Stefan Hajnoczi]

On Tue, Oct 11, 2011 at 8:35 AM, Thomas Huth <thuth@linux.vnet.ibm.com> wrote:
> Am Mon, 10 Oct 2011 15:03:41 +0200
> schrieb Thomas Huth <thuth@linux.vnet.ibm.com>:
>>
>> I am currently facing a problem when running QEMU (up-to-date git
>> version) with OHCI and a lot of virtual USB devices.
>> The emulator dies with the following assertion:
>>
>> qemu-system-arm: hw/usb.c:337: usb_packet_complete:
>> Assertion `p->owner != ((void *)0)' failed.

Hi Thomas,
I hit the same bug recently and Gerd has posted a patch which you can test:
http://patchwork.ozlabs.org/patch/118726/

Stefan

Re: [Qemu-devel] [BUG] USB assertion triggers in usb_packet_complete()

[Thomas Huth]

Am Wed, 12 Oct 2011 11:02:42 +0100
schrieb Stefan Hajnoczi <stefanha@gmail.com>:

> On Tue, Oct 11, 2011 at 8:35 AM, Thomas Huth <thuth@linux.vnet.ibm.com> wrote:
> > Am Mon, 10 Oct 2011 15:03:41 +0200
> > schrieb Thomas Huth <thuth@linux.vnet.ibm.com>:
> >>
> >> I am currently facing a problem when running QEMU (up-to-date git
> >> version) with OHCI and a lot of virtual USB devices.
> >> The emulator dies with the following assertion:
> >>
> >> qemu-system-arm: hw/usb.c:337: usb_packet_complete:
> >> Assertion `p->owner != ((void *)0)' failed.
> 
> Hi Thomas,
> I hit the same bug recently and Gerd has posted a patch which you can test:
> http://patchwork.ozlabs.org/patch/118726/

Thanks for the hint, Stefan, you're right, that seems to be the same
bug. Your patch is working fine in my scenario, too.

However, Gerd's patch is not working for me, the assertion still
triggers. It seems like usb_packet_complete() is called for the leaf
node before it is called for the hub node, so the leaf node already set
p->owner = NULL.

 Thomas

Re: [Qemu-devel] [BUG] USB assertion triggers in usb_packet_complete()

[Gerd Hoffmann]

   Hi,

>> Hi Thomas,
>> I hit the same bug recently and Gerd has posted a patch which you can test:
>> http://patchwork.ozlabs.org/patch/118726/
>
> Thanks for the hint, Stefan, you're right, that seems to be the same
> bug. Your patch is working fine in my scenario, too.
>
> However, Gerd's patch is not working for me, the assertion still
> triggers. It seems like usb_packet_complete() is called for the leaf
> node before it is called for the hub node, so the leaf node already set
> p->owner = NULL.

Ah, right, on completion the call chain goes the other way around, so 
the usb_handle_packet() style approach doesn't fly.

I think going with Stefans approach + a big fat comment is the best 
solution then.  I'll go queue up a patch.

cheers,
   Gerd