Comment 2 for bug 1883732

Here's a QTest reproducer:

cat << EOF | ./i386-softmmu/qemu-system-i386 \
-device nec-usb-xhci -trace usb\* \
-device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001014
outl 0xcfc 0xff000a8e
outl 0xcf8 0x80001004
outl 0xcfc 0x1c77695e
writel 0xff000a8e00000040 0x1d00d815
write 0x1d 0x1 0x5c
write 0x2d 0x1 0x27
write 0x3d 0x1 0x2e
write 0xd 0x1 0x60
write 0x17232 0x1 0x03
write 0x17254 0x1 0x05
write 0x4d 0x1 0x5c
write 0x5d 0x1 0x27
write 0x60 0x1 0x2e
write 0x61 0x1 0x72
write 0x62 0x1 0x01
write 0x6d 0x1 0x2e
write 0x6f 0x1 0x01
writel 0xff000a8e00002000 0x0
writeq 0xff000a8e00002000 0x514ef0100000009
EOF

The trace:
[R +0.031152] writel 0xff000a8e00000040 0x1d00d815
26994@1597124755.565242:usb_xhci_oper_write off 0x0000, val 0x1d00d815
26994@1597124755.565247:usb_xhci_run
26994@1597124755.565252:usb_xhci_irq_intx level 0
OK
[S +0.031173] OK
[R +0.031179] write 0x1d 0x1 0x5c
OK
[S +0.031190] OK
[R +0.031195] write 0x2d 0x1 0x27
OK
[S +0.031198] OK
[R +0.031203] write 0x3d 0x1 0x2e
OK
[S +0.031207] OK
[R +0.031211] write 0xd 0x1 0x60
OK
[S +0.031214] OK
[R +0.031219] write 0x17232 0x1 0x03
OK
[S +0.031224] OK
[R +0.031228] write 0x17254 0x1 0x05
OK
[S +0.031231] OK
[R +0.031236] write 0x4d 0x1 0x5c
OK
[S +0.031239] OK
[R +0.031244] write 0x5d 0x1 0x27
OK
[S +0.031247] OK
[R +0.031251] write 0x60 0x1 0x2e
OK
[S +0.031254] OK
[R +0.031259] write 0x61 0x1 0x72
OK
[S +0.031262] OK
[R +0.031267] write 0x62 0x1 0x01
OK
[S +0.031270] OK
[R +0.031275] write 0x6d 0x1 0x2e
OK
[S +0.031278] OK
[R +0.031282] write 0x6f 0x1 0x01
OK
[S +0.031286] OK
[R +0.031290] writel 0xff000a8e00002000 0x0
26994@1597124755.565377:usb_xhci_doorbell_write off 0x0000, val 0x00000000
26994@1597124755.565384:usb_xhci_fetch_trb addr 0x0000000000000000, ???, p 0x0000000000000000, s 0x00000000, c 0x00006000
26994@1597124755.565390:usb_xhci_unimplemented command (0x18)
26994@1597124755.565395:usb_xhci_fetch_trb addr 0x0000000000000010, CR_NOOP, p 0x0000000000000000, s 0x00000000, c 0x00005c00
26994@1597124755.565399:usb_xhci_fetch_trb addr 0x0000000000000020, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
26994@1597124755.565403:usb_xhci_slot_enable slotid 1
26994@1597124755.565406:usb_xhci_fetch_trb addr 0x0000000000000030, CR_ADDRESS_DEVICE, p 0x0000000000000000, s 0x00000000, c 0x00002e00
26994@1597124755.565411:usb_xhci_fetch_trb addr 0x0000000000000040, CR_NOOP, p 0x0000000000000000, s 0x00000000, c 0x00005c00
26994@1597124755.565416:usb_xhci_fetch_trb addr 0x0000000000000050, CR_ENABLE_SLOT, p 0x0000000000000000, s 0x00000000, c 0x00002700
26994@1597124755.565421:usb_xhci_slot_enable slotid 2
26994@1597124755.565423:usb_xhci_fetch_trb addr 0x0000000000000060, CR_ADDRESS_DEVICE, p 0x000000000001722e, s 0x00000000, c 0x01002e00
26994@1597124755.565431:usb_xhci_slot_address slotid 1, port 1
26994@1597124755.565436:usb_xhci_ep_enable slotid 1, epid 1
26994@1597124755.565444:usb_xhci_fetch_trb addr 0x0000000000000070, TRB_RESERVED, p 0x0000000000000000, s 0x00000000, c 0x00000000
OK
[S +0.031365] OK
[R +0.031370] writeq 0xff000a8e00002000 0x514ef0100000009
26994@1597124755.565456:usb_xhci_doorbell_write off 0x0000, val 0x00000009
26994@1597124755.565459:usb_xhci_doorbell_write off 0x0004, val 0x0514ef01
26994@1597124755.565462:usb_xhci_ep_kick slotid 1, epid 1, streamid 1300
qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/hw/usb/hcd-xhci.c:1955: void xhci_kick_epctx(XHCIEPContext *, unsigned int): Assertion `ring->dequeue != 0' failed.
Aborted

-Alex