Hi, On 08/16/2012 09:26 PM, Gerd Hoffmann wrote: >> I can get things working by turning ehci_fill_queue() into a nop... >> Investigating this further. But if you've any insights they would be >> appreciated. I'm thinking this may be caused by packets completing >> out of order, which could be caused by the special handling of some >> ctrl commands ... > > usbredir wouldn't see multiple parallel inflight requests per endpoint > unless you explicitly enable this using usb_ep_set_pipeline(). Doing > that on bulk endpoints should give you a nice performance boost for usb > sticks. Doing it on the control endpoint is asking for trouble ;) > > Can you turn on all ehci tracepoints & send me a log? No need for that, I've been debugging this almost the entire day yesterday and I've significantly narrowed it down further, the problem is that the assert triggers when: 1) There are more packets then 1 in the queue (iow fill_queue did something) 2) A packet completion is not followed by an advqueue call 2) happens when a packet fails, and the queue should be halted, in this case ehci_state_writeback() correctly does not call advqueue, bot does a horizqh instead. The problem is that once this happens p->qtdaddr == q->qtdaddr is no longer true ... I've already come up with multiple approaches to try and fix this, but none work sofar :| Another problem with failing packets is that hw/usb/core.c will happily execute the next packet in the ep queue, even though the spec says the ep-queue should be halted, giving the guest a chance to cancel transfers after the failed one without them ever executing. I've a poc patch fixing this too. I've attached a wip patch with my work on this so-far. Note that currently the halted bit at the ehci level never gets cleared (since we've queues at 2 levels, we need to track halting at 2 levels too) Regards, Hans