[Bug 1883732] Re: xhci_kick_epctx: Assertion `ring->dequeue != 0' failed

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1883732] Re: xhci_kick_epctx: Assertion `ring->dequeue != 0' failed

From:	Alexander Bulekov
Subject:	[Bug 1883732] Re: xhci_kick_epctx: Assertion `ring->dequeue != 0' failed.
Date:	Tue, 11 Aug 2020 05:46:41 -0000

Here's a QTest reproducer:

cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device nec-usb-xhci -trace usb\* \
-device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001014
outl 0xcfc 0xff000a8e
outl 0xcf8 0x80001004
outl 0xcfc 0x1c77695e
writel 0xff000a8e00000040 0x1d00d815
write 0x1d 0x1 0x5c
write 0x2d 0x1 0x27
write 0x3d 0x1 0x2e
write 0xd 0x1 0x60
write 0x17232 0x1 0x03
write 0x17254 0x1 0x05
write 0x4d 0x1 0x5c
write 0x5d 0x1 0x27
write 0x60 0x1 0x2e
write 0x61 0x1 0x72
write 0x62 0x1 0x01
write 0x6d 0x1 0x2e
write 0x6f 0x1 0x01
writel 0xff000a8e00002000 0x0
writeq 0xff000a8e00002000 0x514ef0100000009
EOF

The trace:
[R +0.031152] writel 0xff000a8e00000040 0x1d00d815
26994@1597124755.565242:usb_xhci_oper_write off 0x0000, val 0x1d00d815
26994@1597124755.565247:usb_xhci_run
26994@1597124755.565252:usb_xhci_irq_intx level 0
OK
[S +0.031173] OK
[R +0.031179] write 0x1d 0x1 0x5c
OK
[S +0.031190] OK
[R +0.031195] write 0x2d 0x1 0x27
OK
[S +0.031198] OK
[R +0.031203] write 0x3d 0x1 0x2e
OK
[S +0.031207] OK
[R +0.031211] write 0xd 0x1 0x60
OK
[S +0.031214] OK
[R +0.031219] write 0x17232 0x1 0x03
OK
[S +0.031224] OK
[R +0.031228] write 0x17254 0x1 0x05
OK
[S +0.031231] OK
[R +0.031236] write 0x4d 0x1 0x5c
OK
[S +0.031239] OK
[R +0.031244] write 0x5d 0x1 0x27
OK
[S +0.031247] OK
[R +0.031251] write 0x60 0x1 0x2e
OK
[S +0.031254] OK
[R +0.031259] write 0x61 0x1 0x72
OK
[S +0.031262] OK
[R +0.031267] write 0x62 0x1 0x01
OK
[S +0.031270] OK
[R +0.031275] write 0x6d 0x1 0x2e
OK
[S +0.031278] OK
[R +0.031282] write 0x6f 0x1 0x01
OK
[S +0.031286] OK
[R +0.031290] writel 0xff000a8e00002000 0x0
26994@1597124755.565377:usb_xhci_doorbell_write off 0x0000, val 0x00000000
26994@1597124755.565384:usb_xhci_fetch_trb addr 0x0000000000000000, ???, p 
0x0000000000000000, s 0x00000000, c 0x00006000
26994@1597124755.565390:usb_xhci_unimplemented command (0x18)
26994@1597124755.565395:usb_xhci_fetch_trb addr 0x0000000000000010, CR_NOOP, p 
0x0000000000000000, s 0x00000000, c 0x00005c00
26994@1597124755.565399:usb_xhci_fetch_trb addr 0x0000000000000020, 
CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
26994@1597124755.565403:usb_xhci_slot_enable slotid 1
26994@1597124755.565406:usb_xhci_fetch_trb addr 0x0000000000000030, 
CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002e00
26994@1597124755.565411:usb_xhci_fetch_trb addr 0x0000000000000040, CR_NOOP, p 
0x0000000000000000, s 0x00000000, c 0x00005c00
26994@1597124755.565416:usb_xhci_fetch_trb addr 0x0000000000000050, 
CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
26994@1597124755.565421:usb_xhci_slot_enable slotid 2
26994@1597124755.565423:usb_xhci_fetch_trb addr 0x0000000000000060, 
CR_ADDRESS_DEVICE, p 0x000000000001722e, s 0x00000000, c 0x01002e00
26994@1597124755.565431:usb_xhci_slot_address slotid 1, port 1
26994@1597124755.565436:usb_xhci_ep_enable slotid 1, epid 1
26994@1597124755.565444:usb_xhci_fetch_trb addr 0x0000000000000070, 
TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000
OK
[S +0.031365] OK
[R +0.031370] writeq 0xff000a8e00002000 0x514ef0100000009
26994@1597124755.565456:usb_xhci_doorbell_write off 0x0000, val 0x00000009
26994@1597124755.565459:usb_xhci_doorbell_write off 0x0004, val 0x0514ef01
26994@1597124755.565462:usb_xhci_ep_kick slotid 1, epid 1, streamid 1300
qemu-system-i386: 
/home/alxndr/Development/qemu/general-fuzz/hw/usb/hcd-xhci.c:1955: void 
xhci_kick_epctx(XHCIEPContext *, unsigned int): Assertion `ring->dequeue != 0' 
failed.
Aborted

-Alex

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1883732

Title:
  xhci_kick_epctx: Assertion `ring->dequeue != 0' failed.

Status in QEMU:
  New

Bug description:
  To reproduce run the QEMU with the following command line:
  ```
  qemu-system-x86_64 -cdrom hypertrash_os_bios_crash.iso -nographic -m 100 
-enable-kvm -device virtio-gpu-pci -device nec-usb-xhci -device usb-audio
  ```

  QEMU Version:
  ```
  # qemu-5.0.0
  $ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
  $ x86_64-softmmu/qemu-system-x86_64 --version
  QEMU emulator version 5.0.0
  Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1883732/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1883732] Re: xhci_kick_epctx: Assertion `ring->dequeue != 0' failed., Alexander Bulekov <=

Prev by Date: Re: [PATCH 7/7] target/arm/cpu: spe: Enable spe to work with host cpu
Next by Date: [PATCH 1/1] target/arm: adjust CPTR_EL2 according to HCR_EL2.E2H
Previous by thread: [Bug 1883729] Re: xhci_find_stream: Assertion `streamid != 0' failed.
Next by thread: [PATCH 1/1] target/arm: adjust CPTR_EL2 according to HCR_EL2.E2H
Index(es):
- Date
- Thread