Something very strange is going on with the dwc_otg driver in 2016-05-27-raspbian-jessie.img. Something is reading and writing incrementally throughout the register space of the hcd-dwc2 host. And adding the "dwc_otg.fiq_fsm_enable=0" kernel option does not fix it.
Brendan, Petunia, is there a reason why you are testing with such an old version of Raspbian? I used 2019-09-26-raspbian-buster.img when developing the hcd-dwc2 emulation, and it works fine, other than needing the "dwc_otg.fiq_fsm_enable=0" kernel option. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1892604 Title: qemu-system-arm: ../hw/usb/hcd-dwc2.c:666: dwc2_glbreg_read: Assertion `addr <= GINTSTS2' failed. Status in QEMU: New Bug description: When trying to run the 2016-05-27 Raspbian image on the emulated raspi2 platform, the system boots but shortly after the login prompt QEMU (master; commit ID ca489cd037e4d50dc6c40570a167504ad7e5a521) dies with: qemu-system-arm: ../hw/usb/hcd-dwc2.c:666: dwc2_glbreg_read: Assertion `addr <= GINTSTS2' failed. Steps to reproduce: 1. Get the image: wget http://downloads.raspberrypi.org/raspbian/images/raspbian-2016-05-31/2016-05-27 -raspbian-jessie.zip 2. Extract the kernel image and DTB: sudo losetup -f --show -P 2016-05-27-raspbian-jessie.img sudo mkdir /mnt/rpi sudo mount /dev/loop11p1 /mnt/rpi/ cp /mnt/rpi/kernel7.img . cp /mnt/rpi/bcm2709-rpi-2-b.dtb . sudo umount /mnt/rpi sudo losetup -d /dev/loop11 3. Run QEMU: qemu-system-arm -M raspi2 -m 1G -dtb bcm2709-rpi-2-b.dtb -kernel kernel7.img -append "rw earlyprintk loglevel=8 console=ttyAMA0,115200 dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2" -sd 2016-05-27-raspbian-jessie.img -smp 4 -serial stdio -display none A few seconds after the login prompt is displayed, QEMU will exit with the assertion failure. I also tried changing all of the asserts to if statements that (for MMIO reads) returned 0 and (for writes) just returned, but this resulted in a non-responsive system. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1892604/+subscriptions