darwin_claim_interface crash when device unplug

[benbryantzoro1]

warning: libusb: warning [darwin_open] USBDeviceOpen: another process has device opened for exclusive access
error: libusb: error [darwin_reenumerate_device] USBDeviceReEnumerate: no connection to an IOService

[tormodvolden]

Thanks for the report. Can you please try to copy-paste the text from the stack trace?

[tormodvolden]

Is this on a virtual machine?

[benbryantzoro1]

sorry,it only happended once, the text is missing, only left image, in guest it maybe
in funcation darwin_devices_detached， as follow, claim device when device is set NULL

  { /* darwin_devices_detached */
  usbi_mutex_lock(&darwin_cached_devices_lock);
  list_for_each_entry(old_device, &darwin_cached_devices, list, struct darwin_cached_device) {
  if (old_device->session == session) {
    if (old_device->in_reenumerate) {
      /* device is re-enumerating. do not dereference the device at this time. libusb_reset_device()
      usbi_dbg ("detected device detatched due to re-enumeration");

      /* the device object is no longer usable so go ahead and release it */
      if (old_device->device) {
        (*(old_device->device))->Release(old_device->device);
        old_device->device = NULL;  ====>**set NULL when claim the device**
      }

      is_reenumerating = true;
    } else {
      darwin_deref_cached_device (old_device);
    }

    break;
  }
}
usbi_mutex_unlock(&darwin_cached_devices_lock);

[benbryantzoro1]

Is this on a virtual machine?

sorry, it was a PC with M1 CPU

[tormodvolden]

Please give as much information as you can. See https://github.com/libusb/libusb/wiki/Troubleshooting
As an absolute minimum: Which macOS version is this? What libusb version or checkout? If you can reproduce the issue, please attach a debug log (LIBUSB_DEBUG=3 or 4).

[benbryantzoro1]

Please give as much information as you can. See https://github.com/libusb/libusb/wiki/Troubleshooting As an absolute minimum: Which macOS version is this? What libusb version or checkout? If you can reproduce the issue, please attach a debug log (LIBUSB_DEBUG=3 or 4).

I use libusb with Version 1.0.26 release in MAC Version 13.4. I try twenty more to reproduce the BUG,but it do not happend again.

[tormodvolden]

There has been some fixes for hotplug and darwin fixes since 1.0.26, but they are mostly about exit and not detach. Anyway I'd suggest you try 1.0.27-rc1. Also, your source snippet predates 1.0.24.

[tormodvolden]

@hjelmn Do you think there can possibly be a claim on the NULL'ed device?

[mcuee]

@benbryantzoro1

Please help to try out libusb-1.0.27-rc1 as suggested. Thanks.

[benbryantzoro1]

I think this is the cause of the problem,I have two apps. One app is reset devcie, the other app use the old device ,when reset ,so it revice a detached event and set old device to NULL , so I have a question why use as flow,but no use darwin_deref_cached_device(old_device);

  if (old_device->device) {
        (*(old_device->device))->Release(old_device->device);
        old_device->device = NULL;  ====>**set NULL when claim the device**
      }

I use the libusb-1.0.27-rc1, It happend again the stack as flow

Thread 51 Crashed:
0                          	       0x11aea37f4 darwin_get_interface + 36
1                        	       0x11aea2e46 darwin_claim_interface + 86
2                       	       0x11ae96e1c libusb_claim_interface + 140
3                          	       0x11b43b4b6 usbredirhost_claim + 518
4                        	       0x11b43ad54 usbredirhost_set_device + 164

the crash code line is :
kresult = (*(darwin_device))->CreateInterfaceIterator(darwin_device, &request, &interface_iterator);

[benbryantzoro1]

also crash as follow when I init my app when another app reset device for detach:`

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0                        	       0x118f077ea process_new_device + 714
1                           	       0x118f02d0c darwin_init + 380
2                           	       0x118efca05 libusb_init + 693

the crash code line is :
(*(priv->dev->device))->GetDeviceSpeed (priv->dev->device, &devSpeed);

this may be I have alloc a new device get device info ,the cnt ==1 but it detach and release cnt --
add ref of device after darwin_get_cached_device return ,and after process_new_device, def the device

[benbryantzoro1]

libusb.patch

here is my patch

[seanm]

This looks a lot like #1386

I'm quite sure there are threading bugs with the hotplug thread and am investigating it...

[mcuee]

@benbryantzoro1

Just wondering if you have a simple test code for my to reproduce the issue. Thanks.

Please also take a look at the comments from @seanm about your proposed patch here. Thanks.

• Segmentation fault with the kernel detaching function under macOS 14.2 using sudo #1386 (comment)

[benbryantzoro1]

it's my mistake the lock twice, just unlock, I test patch in my program, every thing is ok ,I will correct my patch and push a merge request

[benbryantzoro1]

libusb.patch

here my patch

[mcuee]

it's my mistake the lock twice, just unlock, I test patch in my program, every thing is ok ,I will correct my patch and push a merge request

@benbryantzoro1

PR will be welcome. Thanks.

Please help to mention the steps to reproduce the issue. If it is possible, please post a simple test application to demonstrate the problem.

[seanm]

I would be very surprised if this bug is different from #1386.

[tormodvolden]

@benbryantzoro1 Can you please test again with latest git master?

[mcuee]

@tormodvolden and @hjelmn

Looks like this issue is not the same as #1386.

I can reproduce the issue by running hotplugtest and then unplug the device. Initially no USB devices was attached. Then I plug in the USB hub (with one USB device attached), then I unplug the USB hub, which will casue the crash.

mcuee@mcuees-Mac-mini libusb % ./examples/listdevs
[timestamp] [threadID] facility level [function call] <message>
--------------------------------------------------------------------------------
[ 0.000024] [000087e8] libusb: debug [libusb_init_context] created default context
[ 0.000030] [000087e8] libusb: debug [libusb_init_context] libusb v1.0.27.11874-rc1
[ 0.000043] [000087e8] libusb: debug [usbi_add_event_source] add fd 3 events 1
[ 0.000114] [000087e9] libusb: debug [darwin_event_thread_main] creating hotplug event source
[ 0.000285] [000087e9] libusb: debug [darwin_event_thread_main] darwin event thread ready to receive events
[ 0.000320] [000087e8] libusb: debug [libusb_get_device_list]  
[ 0.000353] [000087e8] libusb: debug [libusb_exit] destroying default context
[ 0.000366] [000087e9] libusb: debug [darwin_event_thread_main] darwin event thread exiting
[ 0.000473] [000087e8] libusb: debug [usbi_remove_event_source] remove fd 3
mcuee@mcuees-Mac-mini libusb % ./examples/hotplugtest
[timestamp] [threadID] facility level [function call] <message>
--------------------------------------------------------------------------------
[ 0.000024] [0000881c] libusb: debug [libusb_init_context] created default context
[ 0.000030] [0000881c] libusb: debug [libusb_init_context] libusb v1.0.27.11874-rc1
[ 0.000040] [0000881c] libusb: debug [usbi_add_event_source] add fd 3 events 1
[ 0.000115] [0000881d] libusb: debug [darwin_event_thread_main] creating hotplug event source
[ 0.000327] [0000881d] libusb: debug [darwin_event_thread_main] darwin event thread ready to receive events
[ 0.000362] [0000881c] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x600001264210 with handle 1
[ 0.000367] [0000881c] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x6000012641e0 with handle 2
[ 0.000375] [0000881c] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 0.000377] [0000881c] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.000380] [0000881c] libusb: debug [handle_events] event sources modified, reallocating event data
[ 0.000384] [0000881c] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 5.267009] [0000881d] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x8fa2b5471
[ 5.267258] [0000881d] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x8fa2b5471
[ 5.278855] [0000881d] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 5.278917] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 5.278971] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 5.278977] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 5.278981] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 5.279018] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 5.279027] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 5.279032] [0000881d] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 5.279035] [0000881d] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 5.279039] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 5.279042] [0000881d] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 5.279071] [0000881d] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 5.279076] [0000881d] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 5.279080] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 5.279132] [0000881d] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 5.279140] [0000881d] libusb: debug [process_new_device] allocating new device in context 0x135f04c00 for with session 0x8fa2b5471
[ 5.279146] [0000881d] libusb: debug [process_new_device] found device with address 31 port = 1 parent = 0x0 at 0x60000327c0ba
[ 5.279240] [0000881c] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 5.279249] [0000881c] libusb: debug [handle_event_trigger] event triggered
[ 5.279253] [0000881c] libusb: debug [handle_event_trigger] hotplug message received
[ 5.279260] [0000881c] libusb: debug [libusb_get_device_descriptor]  
Device attached: 1a40:0201
[ 5.279285] [0000881c] libusb: debug [libusb_open] open 2.31
[ 5.279570] [0000881c] libusb: warning [darwin_open] USBDeviceOpen: another process has device opened for exclusive access
[ 5.279648] [0000881c] libusb: debug [darwin_open] device open for access
[ 5.279658] [0000881c] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 5.279662] [0000881c] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 5.279667] [0000881c] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 5.526906] [0000881d] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x8fa8b402c
[ 5.527172] [0000881d] libusb: debug [darwin_get_cached_device] parent sessionID: 0x8fa2b5471
[ 5.527183] [0000881d] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x8fa8b402c/0x2150000 against cached device with sessionID/locationID 0x8fa2b5471/0x2100000
[ 5.527188] [0000881d] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x8fa8b402c
[ 5.537741] [0000881d] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 5.537769] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 5.537774] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 5.537778] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 5.537782] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 5.537785] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 5.537788] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 5.537792] [0000881d] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 5.537795] [0000881d] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 5.537798] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 5.537801] [0000881d] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 5.537804] [0000881d] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 5.537807] [0000881d] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 5.537811] [0000881d] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 5.537931] [0000881d] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 5.537938] [0000881d] libusb: debug [process_new_device] allocating new device in context 0x135f04c00 for with session 0x8fa8b402c
[ 5.537984] [0000881d] libusb: debug [process_new_device] found device with address 32 port = 5 parent = 0x6000038600c0 at 0x6000032780ba
[ 5.538082] [0000881c] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 5.538090] [0000881c] libusb: debug [handle_event_trigger] event triggered
[ 5.538121] [0000881c] libusb: debug [handle_event_trigger] hotplug message received
[ 5.538150] [0000881c] libusb: debug [libusb_get_device_descriptor]  
Device attached: 1a40:0201
[ 5.538174] [0000881c] libusb: debug [libusb_close]  
[ 5.538194] [0000881c] libusb: debug [libusb_open] open 2.32
[ 5.538526] [0000881c] libusb: warning [darwin_open] USBDeviceOpen: another process has device opened for exclusive access
[ 5.538640] [0000881c] libusb: debug [darwin_open] device open for access
[ 5.538650] [0000881c] libusb: debug [libusb_close]  
[ 5.538664] [0000881c] libusb: debug [libusb_exit] destroying default context
[ 5.538669] [0000881c] libusb: debug [libusb_unref_device] destroy device 2.32
[ 5.538675] [0000881c] libusb: debug [libusb_unref_device] destroy device 2.31
[ 5.538707] [0000881d] libusb: debug [darwin_event_thread_main] darwin event thread exiting
[ 5.540439] [0000881c] libusb: debug [usbi_remove_event_source] remove fd 3
mcuee@mcuees-Mac-mini libusb % ./examples/hotplugtest
[timestamp] [threadID] facility level [function call] <message>
--------------------------------------------------------------------------------
[ 0.000019] [00008915] libusb: debug [libusb_init_context] created default context
[ 0.000024] [00008915] libusb: debug [libusb_init_context] libusb v1.0.27.11874-rc1
[ 0.000036] [00008915] libusb: debug [usbi_add_event_source] add fd 3 events 1
[ 0.000110] [00008916] libusb: debug [darwin_event_thread_main] creating hotplug event source
[ 0.000289] [00008916] libusb: debug [darwin_event_thread_main] darwin event thread ready to receive events
[ 0.000424] [00008915] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x8fa2b5471
[ 0.000461] [00008915] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x8fa2b5471
[ 0.002202] [00008915] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002207] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002209] [00008915] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.002211] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.002213] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002214] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.002215] [00008915] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.002217] [00008915] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.002219] [00008915] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.002221] [00008915] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.002222] [00008915] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.002224] [00008915] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.002225] [00008915] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002227] [00008915] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002242] [00008915] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002245] [00008915] libusb: debug [process_new_device] allocating new device in context 0x146605230 for with session 0x8fa2b5471
[ 0.002248] [00008915] libusb: debug [process_new_device] found device with address 31 port = 1 parent = 0x0 at 0x600001754e3a
[ 0.002302] [00008915] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x8fa8b402c
[ 0.002322] [00008915] libusb: debug [darwin_get_cached_device] parent sessionID: 0x8fa2b5471
[ 0.002325] [00008915] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x8fa8b402c/0x2150000 against cached device with sessionID/locationID 0x8fa2b5471/0x2100000
[ 0.002327] [00008915] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x8fa8b402c
[ 0.002485] [00008915] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002489] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002491] [00008915] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.002492] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.002494] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002495] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.002497] [00008915] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.002498] [00008915] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.002500] [00008915] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.002502] [00008915] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.002503] [00008915] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.002505] [00008915] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.002506] [00008915] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002507] [00008915] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002523] [00008915] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002526] [00008915] libusb: debug [process_new_device] allocating new device in context 0x146605230 for with session 0x8fa8b402c
[ 0.002528] [00008915] libusb: debug [process_new_device] found device with address 32 port = 5 parent = 0x600001d54240 at 0x60000175503a
[ 0.002569] [00008915] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x8faecdad4
[ 0.002583] [00008915] libusb: debug [darwin_get_cached_device] parent sessionID: 0x8fa8b402c
[ 0.002585] [00008915] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x8faecdad4/0x2156000 against cached device with sessionID/locationID 0x8fa8b402c/0x2150000
[ 0.002587] [00008915] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x8faecdad4/0x2156000 against cached device with sessionID/locationID 0x8fa2b5471/0x2100000
[ 0.002589] [00008915] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x8faecdad4
[ 0.002734] [00008915] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002738] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002739] [00008915] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0110
[ 0.002741] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x00
[ 0.002742] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002744] [00008915] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x00
[ 0.002745] [00008915] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x20
[ 0.002747] [00008915] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1915
[ 0.002749] [00008915] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x1025
[ 0.002750] [00008915] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0173
[ 0.002752] [00008915] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x01
[ 0.002753] [00008915] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x02
[ 0.002755] [00008915] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002756] [00008915] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002767] [00008915] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002769] [00008915] libusb: debug [process_new_device] allocating new device in context 0x146605230 for with session 0x8faecdad4
[ 0.002771] [00008915] libusb: debug [process_new_device] found device with address 3 port = 6 parent = 0x600001d542a0 at 0x60000175513a
[ 0.002778] [00008915] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x600003754b10 with handle 1
[ 0.002781] [00008915] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x600003754b70 with handle 2
[ 0.002786] [00008915] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 0.002789] [00008915] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.002791] [00008915] libusb: debug [handle_events] event sources modified, reallocating event data
[ 0.002794] [00008915] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 2.794948] [00008916] libusb: debug [darwin_devices_detached] notifying context 0x146605230 of device disconnect
[ 2.795760] [00008915] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 2.795781] [00008915] libusb: debug [handle_event_trigger] event triggered
[ 2.795786] [00008915] libusb: debug [handle_event_trigger] hotplug message received
[ 2.795799] [00008915] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 2.795870] [00008915] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 2.795876] [00008915] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 2.795882] [00008915] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 2.797542] [00008916] libusb: debug [darwin_devices_detached] notifying context 0x146605230 of device disconnect
[ 2.797901] [00008915] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 2.797915] [00008915] libusb: debug [handle_event_trigger] event triggered
[ 2.797921] [00008915] libusb: debug [handle_event_trigger] hotplug message received
[ 2.797929] [00008915] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 2.797941] [00008915] libusb: debug [libusb_exit] destroying default context
zsh: segmentation fault  ./examples/hotplugtest
mcuee@mcuees-Mac-mini libusb % ./examples/listdevs  
1915:1025 (bus 2, device 4) path: 1.5.6
1a40:0201 (bus 2, device 1) path: 1.5
1a40:0201 (bus 2, device 2) path: 1
mcuee@mcuees-Mac-mini libusb % ./examples/testlibusb
Dev (bus 2, device 4): 1915 - 1025 speed: 12M
  Manufacturer:              ZY.Ltd
  Product:                   ZY Control Mic
Dev (bus 2, device 1): 1A40 - 0201 speed: 480M
  Product:                   USB 2.0 Hub [MTT]
Dev (bus 2, device 2): 1A40 - 0201 speed: 480M
  Product:                   USB 2.0 Hub [MTT]

[seanm]

As I've said elsewhere, there are numerous threading bugs that still exist. Thread Sanitizer exposes some of them, so does -Wthread-safety. Once 1.0.27 is out, and more of my PRs are merged, I'll continue #1419, which will hopefully help.

[mcuee]

Unfortunately the patch proposed by @benbryantzoro1 does not seem to work.

mcuee@mcuees-Mac-mini libusb % git diff
diff --git a/libusb/os/darwin_usb.c b/libusb/os/darwin_usb.c
index c0963e09..e4999e4e 100644
--- a/libusb/os/darwin_usb.c
+++ b/libusb/os/darwin_usb.c
@@ -40,7 +40,7 @@
 
 /* Default timeout to 10s for reenumerate. This is needed because USBDeviceReEnumerate
  * does not return error status on macOS. */
-#define DARWIN_REENUMERATE_TIMEOUT_US (10 * USEC_PER_SEC)
+#define DARWIN_REENUMERATE_TIMEOUT_US (20 * USEC_PER_SEC)
 
 #include <AvailabilityMacros.h>
 #if MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 && MAC_OS_X_VERSION_MIN_REQUIRED < 101200
@@ -1361,6 +1361,10 @@ static enum libusb_error darwin_get_cached_device(struct libusb_context *ctx, io
 
   usbi_mutex_unlock(&darwin_cached_devices_mutex);
 
+  if (ret == LIBUSB_SUCCESS && new_device) {
+    darwin_ref_cached_device(new_device);
+  }
+
   return ret;
 }
 
@@ -1478,6 +1482,9 @@ static enum libusb_error darwin_scan_devices(struct libusb_context *ctx) {
     (void) process_new_device (ctx, cached_device, old_session_id);
 
     IOObjectRelease(service);
+    usbi_mutex_lock(&darwin_cached_devices_mutex);
+    darwin_deref_cached_device(cached_device);
+    usbi_mutex_unlock(&darwin_cached_devices_mutex);
   }
 
   IOObjectRelease(deviceIterator);
@@ -2855,6 +2862,10 @@ static int darwin_capture_claim_interface(struct libusb_device_handle *dev_handl
     ret = darwin_detach_kernel_driver (dev_handle, iface);
     if (ret != LIBUSB_SUCCESS) {
       usbi_info (HANDLE_CTX (dev_handle), "failed to auto-detach the kernel driver for this device, ret=%d", ret);
+      if (ret == LIBUSB_ERROR_NO_DEVICE || ret == LIBUSB_ERROR_NOT_FOUND) {
+          usbi_err (HANDLE_CTX (dev_handle), "device maybe remove %d", ret);
+          return ret;
+      }
     }
   }
 

mcuee@mcuees-Mac-mini libusb % export LIBUSB_DEBUG=4 
mcuee@mcuees-Mac-mini libusb % ./examples/hotplugtest
[timestamp] [threadID] facility level [function call] <message>
--------------------------------------------------------------------------------
[ 0.000018] [0000cad9] libusb: debug [libusb_init_context] created default context
[ 0.000023] [0000cad9] libusb: debug [libusb_init_context] libusb v1.0.27.11874-rc1
[ 0.000036] [0000cad9] libusb: debug [usbi_add_event_source] add fd 3 events 1
[ 0.000112] [0000cada] libusb: debug [darwin_event_thread_main] creating hotplug event source
[ 0.000283] [0000cada] libusb: debug [darwin_event_thread_main] darwin event thread ready to receive events
[ 0.000391] [0000cad9] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x11a6940924
[ 0.000424] [0000cad9] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x11a6940924
[ 0.001999] [0000cad9] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002004] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002006] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.002008] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.002009] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002011] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.002012] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.002014] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.002016] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.002017] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.002019] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.002020] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.002022] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002023] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002039] [0000cad9] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002042] [0000cad9] libusb: debug [process_new_device] allocating new device in context 0x12ef04c00 for with session 0x11a6940924
[ 0.002045] [0000cad9] libusb: debug [process_new_device] found device with address 7 port = 1 parent = 0x0 at 0x600000b8c93a
[ 0.002104] [0000cad9] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x11a6f404a7
[ 0.002122] [0000cad9] libusb: debug [darwin_get_cached_device] parent sessionID: 0x11a6940924
[ 0.002124] [0000cad9] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x11a6f404a7/0x2150000 against cached device with sessionID/locationID 0x11a6940924/0x2100000
[ 0.002127] [0000cad9] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x11a6f404a7
[ 0.002282] [0000cad9] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002287] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002288] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.002290] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.002291] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002293] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.002294] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.002296] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.002298] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.002300] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.002301] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.002303] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.002304] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002306] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002317] [0000cad9] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002319] [0000cad9] libusb: debug [process_new_device] allocating new device in context 0x12ef04c00 for with session 0x11a6f404a7
[ 0.002321] [0000cad9] libusb: debug [process_new_device] found device with address 6 port = 5 parent = 0x60000018c1e0 at 0x600000b8cb3a
[ 0.002363] [0000cad9] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x11a757a66a
[ 0.002381] [0000cad9] libusb: debug [darwin_get_cached_device] parent sessionID: 0x11a6f404a7
[ 0.002383] [0000cad9] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x11a757a66a/0x2156000 against cached device with sessionID/locationID 0x11a6f404a7/0x2150000
[ 0.002385] [0000cad9] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x11a757a66a/0x2156000 against cached device with sessionID/locationID 0x11a6940924/0x2100000
[ 0.002387] [0000cad9] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x11a757a66a
[ 0.002538] [0000cad9] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002542] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002543] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0110
[ 0.002545] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x00
[ 0.002546] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002548] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x00
[ 0.002549] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x20
[ 0.002551] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1915
[ 0.002553] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x1025
[ 0.002554] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0173
[ 0.002556] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x01
[ 0.002557] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x02
[ 0.002559] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002560] [0000cad9] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002571] [0000cad9] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002573] [0000cad9] libusb: debug [process_new_device] allocating new device in context 0x12ef04c00 for with session 0x11a757a66a
[ 0.002575] [0000cad9] libusb: debug [process_new_device] found device with address 5 port = 6 parent = 0x60000018c2a0 at 0x600000b8cc3a
[ 0.002582] [0000cad9] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x600002b8c4e0 with handle 1
[ 0.002584] [0000cad9] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x600002b8c4b0 with handle 2
[ 0.002590] [0000cad9] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 0.002592] [0000cad9] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.002594] [0000cad9] libusb: debug [handle_events] event sources modified, reallocating event data
[ 0.002597] [0000cad9] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 3.337475] [0000cada] libusb: debug [darwin_devices_detached] notifying context 0x12ef04c00 of device disconnect
[ 3.337704] [0000cad9] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 3.337715] [0000cad9] libusb: debug [handle_event_trigger] event triggered
[ 3.337721] [0000cad9] libusb: debug [handle_event_trigger] hotplug message received
[ 3.337732] [0000cad9] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 3.337800] [0000cad9] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 3.337806] [0000cad9] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 3.337811] [0000cad9] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 3.339837] [0000cada] libusb: debug [darwin_devices_detached] notifying context 0x12ef04c00 of device disconnect
[ 3.340315] [0000cad9] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 3.340328] [0000cad9] libusb: debug [handle_event_trigger] event triggered
[ 3.340334] [0000cad9] libusb: debug [handle_event_trigger] hotplug message received
[ 3.340342] [0000cad9] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 3.340358] [0000cad9] libusb: debug [libusb_exit] destroying default context
zsh: segmentation fault  ./examples/hotplugtest

With Address Sanitizer.

mcuee@mcuees-Mac-mini hotplug_debug % ./examples/hotplugtest 
[timestamp] [threadID] facility level [function call] <message>
--------------------------------------------------------------------------------
[ 0.000118] [000133c9] libusb: debug [libusb_init_context] created default context
[ 0.000125] [000133c9] libusb: debug [libusb_init_context] libusb v1.0.27.11874-rc1
[ 0.000136] [000133c9] libusb: debug [usbi_add_event_source] add fd 3 events 1
[ 0.000291] [000133cc] libusb: debug [darwin_event_thread_main] creating hotplug event source
[ 0.000460] [000133cc] libusb: debug [darwin_event_thread_main] darwin event thread ready to receive events
[ 0.000596] [000133c9] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x14b6d68b0f
[ 0.000620] [000133c9] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x14b6d68b0f
[ 0.002926] [000133c9] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002931] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002934] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.002936] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.002938] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002940] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.002942] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.002944] [000133c9] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.002945] [000133c9] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.002947] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.002949] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.002951] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.002953] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002955] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002967] [000133c9] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002970] [000133c9] libusb: debug [process_new_device] allocating new device in context 0x103003c00 for with session 0x14b6d68b0f
[ 0.002976] [000133c9] libusb: debug [process_new_device] found device with address 24 port = 2 parent = 0x0 at 0x106200eba
[ 0.003013] [000133c9] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x14b734d9ae
[ 0.003027] [000133c9] libusb: debug [darwin_get_cached_device] parent sessionID: 0x14b6d68b0f
[ 0.003029] [000133c9] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x14b734d9ae/0x2250000 against cached device with sessionID/locationID 0x14b6d68b0f/0x2200000
[ 0.003033] [000133c9] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x14b734d9ae
[ 0.003155] [000133c9] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.003159] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.003161] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.003163] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.003165] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.003166] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.003168] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.003170] [000133c9] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.003172] [000133c9] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.003174] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.003176] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.003177] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.003179] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.003181] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.003190] [000133c9] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.003192] [000133c9] libusb: debug [process_new_device] allocating new device in context 0x103003c00 for with session 0x14b734d9ae
[ 0.003196] [000133c9] libusb: debug [process_new_device] found device with address 23 port = 5 parent = 0x106000d20 at 0x106200d3a
[ 0.003228] [000133c9] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x14b7966616
[ 0.003241] [000133c9] libusb: debug [darwin_get_cached_device] parent sessionID: 0x14b734d9ae
[ 0.003243] [000133c9] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x14b7966616/0x2256000 against cached device with sessionID/locationID 0x14b734d9ae/0x2250000
[ 0.003246] [000133c9] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x14b7966616/0x2256000 against cached device with sessionID/locationID 0x14b6d68b0f/0x2200000
[ 0.003248] [000133c9] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x14b7966616
[ 0.003370] [000133c9] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.003373] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.003375] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0110
[ 0.003377] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x00
[ 0.003379] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.003380] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x00
[ 0.003382] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x20
[ 0.003384] [000133c9] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1915
[ 0.003386] [000133c9] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x1025
[ 0.003388] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0173
[ 0.003390] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x01
[ 0.003392] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x02
[ 0.003393] [000133c9] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.003395] [000133c9] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.003403] [000133c9] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.003406] [000133c9] libusb: debug [process_new_device] allocating new device in context 0x103003c00 for with session 0x14b7966616
[ 0.003409] [000133c9] libusb: debug [process_new_device] found device with address 22 port = 6 parent = 0x106000ba0 at 0x106200bba
[ 0.003416] [000133c9] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x105d04750 with handle 1
[ 0.003419] [000133c9] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x105d04710 with handle 2
[ 0.003421] [000133c9] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 0.003423] [000133c9] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.003425] [000133c9] libusb: debug [handle_events] event sources modified, reallocating event data
[ 0.003429] [000133c9] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 3.009753] [000133cc] libusb: debug [darwin_devices_detached] notifying context 0x103003c00 of device disconnect
[ 3.009878] [000133c9] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 3.009918] [000133c9] libusb: debug [handle_event_trigger] event triggered
[ 3.009941] [000133c9] libusb: debug [handle_event_trigger] hotplug message received
[ 3.009959] [000133c9] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 3.010026] [000133c9] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 3.010040] [000133c9] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 3.010054] [000133c9] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 3.011978] [000133cc] libusb: debug [darwin_devices_detached] notifying context 0x103003c00 of device disconnect
[ 3.012551] [000133c9] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 3.012670] [000133c9] libusb: debug [handle_event_trigger] event triggered
[ 3.012684] [000133c9] libusb: debug [handle_event_trigger] hotplug message received
[ 3.012701] [000133c9] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 3.012723] [000133c9] libusb: debug [libusb_exit] destroying default context
AddressSanitizer:DEADLYSIGNAL
=================================================================
==23014==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000103421a54 bp 0x00016ceeeff0 sp 0x00016ceeef50 T0)
==23014==The signal is caused by a WRITE memory access.
==23014==Hint: address points to the zero page.
    #0 0x103421a54 in list_del libusbi.h:222
    #1 0x1034218f0 in usbi_hotplug_exit hotplug.c:209
    #2 0x103415bc8 in libusb_exit core.c:2612
    #3 0x102f12f24 in main hotplugtest.c:144
    #4 0x18c1f90dc  (<unknown module>)

==23014==Register values:
 x[0] = 0x0000000106000bc0   x[1] = 0x00000001038380e0   x[2] = 0x000000016ceee7c0   x[3] = 0x0000000000000205  
 x[4] = 0x0000000000000030   x[5] = 0x0000000000000001   x[6] = 0x000000016c6f4000   x[7] = 0x0000000000000001  
 x[8] = 0x0000007000020000   x[9] = 0x0000000000000000  x[10] = 0x0000000000000000  x[11] = 0x000000700001ffff  
x[12] = 0x000000016ceee7f8  x[13] = 0x5cf5f6c7f63726fc  x[14] = 0x0000000000000000  x[15] = 0x0000000000000000  
x[16] = 0x000000018c574eac  x[17] = 0x0000000103950728  x[18] = 0x0000000000000000  x[19] = 0x000000016ceef2c0  
x[20] = 0x0000000102f129c0  x[21] = 0x000000016ceef420  x[22] = 0x0000000103325910  x[23] = 0x000000016ceef4a0  
x[24] = 0x000000016ceef4e0  x[25] = 0x000000018c2785eb  x[26] = 0x0000000000000000  x[27] = 0x0000000000000000  
x[28] = 0x0000000000000000     fp = 0x000000016ceeeff0     lr = 0x00000001034218f4     sp = 0x000000016ceeef50  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libusbi.h:222 in list_del
==23014==ABORTING
zsh: abort      ./examples/hotplugtest

[mcuee]

@tormodvolden @seanm and @hjelmn

On the other hand, this issue exists in libusb-1.0.26 as well so it is not a regression. I just port the hotplugtest.c example from git to 1.0.26 and it has the same crash issue.

mcuee@mcuees-Mac-mini libusb-1.0.26 % ./examples/hotplugtest                                   
[timestamp] [threadID] facility level [function call] <message>
--------------------------------------------------------------------------------
[ 0.000019] [0000f405] libusb: debug [libusb_init] created default context
[ 0.000032] [0000f405] libusb: debug [libusb_init] libusb v1.0.26.11724
[ 0.000038] [0000f405] libusb: debug [usbi_add_event_source] add fd 3 events 1
[ 0.000133] [0000f405] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x1375c2da7f
[ 0.000152] [0000f405] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x1375c2da7f
[ 0.001968] [0000f405] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.001972] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.001974] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.001975] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.001976] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.001977] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.001978] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.001978] [0000f405] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.001979] [0000f405] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.001980] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.001981] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.001998] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.002000] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002001] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002014] [0000f405] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002015] [0000f405] libusb: debug [process_new_device] allocating new device in context 0x159e05230 for with session 0x1375c2da7f
[ 0.002017] [0000f405] libusb: debug [process_new_device] found device with address 21 port = 2 parent = 0x0 at 0x600000f040ba
[ 0.002047] [0000f405] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x137623b4f7
[ 0.002056] [0000f405] libusb: debug [darwin_get_cached_device] parent sessionID: 0x1375c2da7f
[ 0.002058] [0000f405] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x137623b4f7/0x2250000 against cached device with sessionID/locationID 0x1375c2da7f/0x2200000
[ 0.002059] [0000f405] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x137623b4f7
[ 0.002168] [0000f405] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002171] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002172] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0200
[ 0.002173] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x09
[ 0.002174] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002175] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x02
[ 0.002176] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x40
[ 0.002177] [0000f405] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1a40
[ 0.002178] [0000f405] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x0201
[ 0.002178] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0100
[ 0.002179] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x00
[ 0.002180] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x01
[ 0.002181] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002182] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002188] [0000f405] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002190] [0000f405] libusb: debug [process_new_device] allocating new device in context 0x159e05230 for with session 0x137623b4f7
[ 0.002191] [0000f405] libusb: debug [process_new_device] found device with address 20 port = 5 parent = 0x6000005001e0 at 0x600000f00b3a
[ 0.002217] [0000f405] libusb: debug [darwin_get_cached_device] finding cached device for sessionID 0x1376877562
[ 0.002227] [0000f405] libusb: debug [darwin_get_cached_device] parent sessionID: 0x137623b4f7
[ 0.002228] [0000f405] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x1376877562/0x2256000 against cached device with sessionID/locationID 0x137623b4f7/0x2250000
[ 0.002229] [0000f405] libusb: debug [darwin_get_cached_device] matching sessionID/locationID 0x1376877562/0x2256000 against cached device with sessionID/locationID 0x1375c2da7f/0x2200000
[ 0.002230] [0000f405] libusb: debug [darwin_get_cached_device] caching new device with sessionID 0x1376877562
[ 0.002322] [0000f405] libusb: debug [darwin_cache_device_descriptor] cached device descriptor:
[ 0.002325] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDescriptorType:    0x01
[ 0.002326] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bcdUSB:             0x0110
[ 0.002327] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceClass:       0x00
[ 0.002328] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceSubClass:    0x00
[ 0.002328] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bDeviceProtocol:    0x00
[ 0.002329] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bMaxPacketSize0:    0x20
[ 0.002330] [0000f405] libusb: debug [darwin_cache_device_descriptor]   idVendor:           0x1915
[ 0.002331] [0000f405] libusb: debug [darwin_cache_device_descriptor]   idProduct:          0x1025
[ 0.002332] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bcdDevice:          0x0173
[ 0.002333] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iManufacturer:      0x01
[ 0.002334] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iProduct:           0x02
[ 0.002335] [0000f405] libusb: debug [darwin_cache_device_descriptor]   iSerialNumber:      0x00
[ 0.002336] [0000f405] libusb: debug [darwin_cache_device_descriptor]   bNumConfigurations: 0x01
[ 0.002342] [0000f405] libusb: debug [darwin_check_configuration] active config: 1, first config: 1
[ 0.002343] [0000f405] libusb: debug [process_new_device] allocating new device in context 0x159e05230 for with session 0x1376877562
[ 0.002344] [0000f405] libusb: debug [process_new_device] found device with address 19 port = 6 parent = 0x6000005002a0 at 0x600000f00c3a
[ 0.002364] [0000f407] libusb: debug [darwin_event_thread_main] creating hotplug event source
[ 0.002432] [0000f407] libusb: debug [darwin_event_thread_main] darwin event thread ready to receive events
[ 0.002442] [0000f405] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x600002f08000 with handle 1
[ 0.002446] [0000f405] libusb: debug [libusb_hotplug_register_callback] new hotplug cb 0x600002f08030 with handle 2
[ 0.002449] [0000f405] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 0.002450] [0000f405] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.002451] [0000f405] libusb: debug [handle_events] event sources modified, reallocating event data
[ 0.002454] [0000f405] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 3.552636] [0000f407] libusb: debug [darwin_devices_detached] notifying context 0x159e05230 of device disconnect
[ 3.552805] [0000f405] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 3.552816] [0000f405] libusb: debug [handle_event_trigger] event triggered
[ 3.552822] [0000f405] libusb: debug [handle_event_trigger] hotplug message received
[ 3.552830] [0000f405] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 3.552910] [0000f405] libusb: debug [libusb_get_next_timeout] no URBs, no timeout!
[ 3.552916] [0000f405] libusb: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 3.552922] [0000f405] libusb: debug [usbi_wait_for_events] poll() 1 fds with timeout in 60000ms
[ 3.554924] [0000f407] libusb: debug [darwin_devices_detached] notifying context 0x159e05230 of device disconnect
[ 3.555366] [0000f405] libusb: debug [usbi_wait_for_events] poll() returned 1
[ 3.555382] [0000f405] libusb: debug [handle_event_trigger] event triggered
[ 3.555476] [0000f405] libusb: debug [handle_event_trigger] hotplug message received
[ 3.555485] [0000f405] libusb: debug [libusb_get_device_descriptor]  
Device detached: 1a40:0201
[ 3.555496] [0000f405] libusb: debug [libusb_exit] destroying default context
[ 3.555535] [0000f407] libusb: debug [darwin_event_thread_main] darwin event thread exiting
zsh: segmentation fault  ./examples/hotplugtest

[mcuee]

If I just unplug the attached USB device on the external HUB, then no issues. The following is with git main without any extra patches.

mcuee@mcuees-Mac-mini hotplug_debug % sudo ./examples/hotplugtest
Device detached: 1915:1025 (note: detach)
Device attached: 1915:1025 (note: attach)

The issue only appears if I unplug the external hub.

mcuee@mcuees-Mac-mini hotplug_debug % sudo ./examples/hotplugtest                                                             
Device detached: 1a40:0201
Device detached: 1a40:0201
AddressSanitizer:DEADLYSIGNAL
=================================================================
==30976==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0001032c9c60 bp 0x00016d0471d0 sp 0x00016d047130 T0)
==30976==The signal is caused by a WRITE memory access.
==30976==Hint: address points to the zero page.
    #0 0x1032c9c60 in list_del libusbi.h:222
    #1 0x1032c9afc in usbi_hotplug_exit hotplug.c:209
    #2 0x1032bddd4 in libusb_exit core.c:2612
    #3 0x102dbaf24 in main hotplugtest.c:144
    #4 0x18c1f90dc  (<unknown module>)

==30976==Register values:
 x[0] = 0x0000000105f00a40   x[1] = 0x00000001036e00e0   x[2] = 0x000000016d0469a0   x[3] = 0x00000000000001f4  
 x[4] = 0x0000000000000030   x[5] = 0x0000000000000001   x[6] = 0x000000016c84c000   x[7] = 0x0000000000000001  
 x[8] = 0x0000007000020000   x[9] = 0x0000000000000000  x[10] = 0x0000000000000000  x[11] = 0x000000700001ffff  
x[12] = 0x000000016d0469d8  x[13] = 0x5cf5f6c7f63726fc  x[14] = 0x000000016d047240  x[15] = 0x0000000000000000  
x[16] = 0x000000018c574eac  x[17] = 0x00000001037f8728  x[18] = 0x0000000000000000  x[19] = 0x000000016d0474a0  
x[20] = 0x0000000102dba9c0  x[21] = 0x000000016d0475f0  x[22] = 0x00000001031cd910  x[23] = 0x000000016d047670  
x[24] = 0x000000016d0476b0  x[25] = 0x000000018c2785eb  x[26] = 0x0000000000000000  x[27] = 0x0000000000000000  
x[28] = 0x0000000000000000     fp = 0x000000016d0471d0     lr = 0x00000001032c9b00     sp = 0x000000016d047130  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libusbi.h:222 in list_del
==30976==ABORTING
zsh: abort      sudo ./examples/hotplugtest

[mcuee]

It seems to me my issue is different from the original posted issue as the crash is different. I will create another issue about hotplugtest crash under macOS.

[mcuee]

@benbryantzoro1

Just wondering if you can try out the following test branch which seems to fix #1445. Thanks.
As per @sonatique, the branch added the lock to prevent background hot plug thread to concurrently modify device list during exit.
sonatique@e393d8e

Edit: this is no longer required as PR #1452 has been raised which sorted out Issue #1366. It will be great that you can check PR #1452 as well. Thanks.

[mcuee]

@benbryantzoro1

If you got the time, please give PR #1452 a try. Thanks.

[benbryantzoro1]

@benbryantzoro1

If you got the time, please give PR #1452 a try. Thanks.

Hi, I am in vacation, No device get with me, I will test this as soon as possible I back to work

[benbryantzoro1]

@benbryantzoro1

If you got the time, please give PR #1452 a try. Thanks.

I think it have fixed, I use the newest code of libusb with the PR, the BUG no reproduce, I try 20 times

[mcuee]

@benbryantzoro1

If you got the time, please give PR #1452 a try. Thanks.

I think it have fixed, I use the newest code of libusb with the PR, the BUG no reproduce, I try 20 times

Thanks a lot for the testing and confirm that PR #1452 fixes the issue.

[tormodvolden]

What I don't understand is that #1452, which supposedly fixes this issue, only changes hotplug_exit() which is called in libusb_exit(), whereas this issue happens on device unplug, without/before libusb_exit() being called.

But there is not enough information provided here to exclude that the poster's program actually calls libusb_exit at the same time. (hotplug_exit() is also called on a failed libusb init.)

mcuee's crash OTOH clearly happens in libusb_exit().