Can only be true for last TRB
| if (event->status & DEPEVT_STATUS_IOC) | return 1;
This is the problem. The whole USB request gets only one interrupt when the last TRB completes, so dwc3_gadget_ep_reclaim_trb_sg() gets called with event->status = 0x6 which has DEPEVT_STATUS_IOC bit set. Thus dwc3_gadget_ep_reclaim_completed_trb() returns 1 for the first TRB and the for-loop ends without having a chance to iterate through the sg list.
If we have a short packet, then we may fall here. Is that the case?
No need for a short packet to make it fail. In my case below, a 16384 byte request got slipt into 4 TRBs of 4096 bytes. All TRBs were completed normally, but the for-loop in dwc3_gadget_ep_reclaim_trb_sg() was terminated right after handling the first TRB. After that the trb_dequeue is messed up.
buffer_addr,size,type,ioc,isp_imi,csp,chn,lst,hwo 0000000077849000, 4096,normal,0,0,1,1,0,0 000000007784a000, 4096,normal,0,0,1,1,0,0 000000007784b000, 4096,normal,0,0,1,1,0,0 000000007784c000, 4096,normal,1,0,1,0,0,0 000000007784d000, 512,normal,1,0,1,0,0,0
My first version of the patch was trying to address the issue in dwc3_gadget_ep_reclaim_completed_trb(), but then I thought it's a bad idea to touch this function because that is also called from non scatter_gather list case, and I was not sure if returning 1 for the linear case is correct or not.
I just sent v3 of the patch. Let me know your thoughts.
-Fei