libusb seems to no allways call the completion callback for requests canceled (which it is supposed to do according to the docs). So add a limit to avoid qemu waiting forever.
Tested-by: BALATON Zoltan <bala...@eik.bme.hu> Signed-off-by: Gerd Hoffmann <kra...@redhat.com> --- hw/usb/host-libusb.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index e28441379d99..094010d5f849 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -951,6 +951,7 @@ fail: static void usb_host_abort_xfers(USBHostDevice *s) { USBHostRequest *r, *rtmp; + int limit = 100; QTAILQ_FOREACH_SAFE(r, &s->requests, next, rtmp) { usb_host_req_abort(r); @@ -961,6 +962,19 @@ static void usb_host_abort_xfers(USBHostDevice *s) memset(&tv, 0, sizeof(tv)); tv.tv_usec = 2500; libusb_handle_events_timeout(ctx, &tv); + if (--limit == 0) { + /* + * Don't wait forever for libusb calling the complete + * callback (which will unlink and free the request). + * + * Leaking memory here, to make sure libusb will not + * access memory which we have released already. + */ + QTAILQ_FOREACH_SAFE(r, &s->requests, next, rtmp) { + QTAILQ_REMOVE(&s->requests, r, next); + } + return; + } } } -- 2.18.4