Created attachment 405831 [details] Output of 'dmesg' showing segfault of usbmuxd Description of problem: I got this segfault when I was attempting to "restore my iPhone to factory settings": I was running iTunes 9.1 inside a VMware VM. iTunes appears to have "erased" my iPhone, and caused it to "hard reset". So the device appeared to disconnect and then reconnect as "Product: Apple Mobile Device (Recovery Mode)". iTunes then appears to have downloaded new firmware, and caused the device to reset/disconnect/reconnect again, this time the device appears as "Product: iPhone" Quickly following, I get the usbmuxd segfault: Apr 11 09:45:04 tlondon kernel: usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Apr 11 09:45:04 tlondon kernel: usb 2-1: Product: iPhone Apr 11 09:45:04 tlondon kernel: usb 2-1: Manufacturer: Apple Inc. Apr 11 09:45:04 tlondon kernel: usb 2-1: SerialNumber: 27e03640511c0fcc68f17db232af8c1cd104ac18 Apr 11 09:45:04 tlondon kernel: generic-usb 0003:05AC:1292.0003: hiddev96,hidraw2: USB HID v1.11 Device [Apple Inc. iPhone] on usb-0000:00:1d.7-1/input2 Apr 11 09:45:04 tlondon kernel: usb 2-1: reset high speed USB device using ehci_hcd and address 6 Apr 11 09:45:05 tlondon kernel: usb 2-1: usbfs: process 7471 (usbmuxd) did not claim interface 2 before use Apr 11 09:45:05 tlondon usbmuxd[7471]: [1] Failed to submit TX transfer 0xf82890 len 20 to device 2-6: -1 Apr 11 09:45:05 tlondon usbmuxd[7471]: [1] usb_send failed while sending packet (len 20) to device 1: -1 Apr 11 09:45:05 tlondon usbmuxd[7471]: [1] Error sending version request packet to device 1#012 Apr 11 09:45:05 tlondon kernel: usbmuxd[7471]: segfault at 2a9d ip 000000342c8093a4 sp 00007fff2bc501e0 error 4 in libpthread-2.11.90.so[342c800000+18000] Apr 11 09:45:05 tlondon kernel: usb 2-1: reset high speed USB device using ehci_hcd and address 6 I cannot locate any core file, sorry. If I get some hints on how to produce more enlightening debug info, I can rerun this sequence..... I'm attaching complete output from 'dmesg' Version-Release number of selected component (if applicable): usbmuxd-1.0.3-1.fc14.x86_64 kernel-2.6.34-0.28.rc3.git3.fc14.x86_64 How reproducible: don't know Steps to Reproduce: 1. described above 2. 3. Actual results: Expected results: Additional info:
When it segfaults is there a kernel dump in dmesg?
I see no kernel dump in the dmesg I attached. Here is a snippet from dmesg: usb 2-1: New USB device found, idVendor=05ac, idProduct=1292 usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 2-1: Product: iPhone usb 2-1: Manufacturer: Apple Inc. usb 2-1: SerialNumber: 27e03640511c0fcc68f17db232af8c1cd104ac18 generic-usb 0003:05AC:1292.0003: hiddev96,hidraw2: USB HID v1.11 Device [Apple Inc. iPhone] on usb-0000:00:1d.7-1/input2 usb 2-1: reset high speed USB device using ehci_hcd and address 6 usb 2-1: usbfs: process 7471 (usbmuxd) did not claim interface 2 before use usbmuxd[7471]: segfault at 2a9d ip 000000342c8093a4 sp 00007fff2bc501e0 error 4 in libpthread-2.11.90.so[342c800000+18000] usb 2-1: reset high speed USB device using ehci_hcd and address 6 usbcore: registered new interface driver snd-usb-audio usb 2-1: usbfs: process 7304 (vmware-vmx) did not claim interface 2 before use usb 2-1: usbfs: process 7304 (vmware-vmx) did not claim interface 1 before use usb 2-1: USB disconnect, address 6 If I look now, I don't see usbmuxd running: [tbl@tlondon Download]$ ps gax | grep usb 64 ? S 0:00 [usbhid_resumer] 139 ? S 0:01 [usb-storage] 7081 ? Ss 0:02 /usr/bin/vmware-usbarbitrator 8338 pts/1 S+ 0:00 grep usb [tbl@tlondon Download]$ I suppose if it is running before I start the above sequence, I can attach to it via 'gdb -p XXXXX' When does 'usbmuxd' start?
> When does 'usbmuxd' start? It gets started via a udev rule from /lib/udev/rules.d/85-usbmuxd.rules you should be able to modify those (or disable it and run it from a command line) with some command line rules to run it in the foreground and possibly with more debugging.
Created attachment 405858 [details] output of 'usbmuxd -vv -f' I ran usbmuxd manually via 'usbmuxd -vv -f', capturing the output in the attached file. I did not attempt to wipe my iPhone this run. Anything unusual here? I seem to get lots of spew similar to: [14:40:55.710][4] Found new device with v/p 05ac:1292 at 2-12 [14:40:55.711][2] Could not claim interface 1 for device 2-12: -6
I think this is fixed in usbmuxd in master: http://cgit.sukimashita.com/usbmuxd.git/log/ See "Parse out interface/endpoint descriptors instead of hardcoding them" It makes the device accessible in recovery mode. Should be in the next upstream release.
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle. Changing version to '14'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This should now be fixed as there's been 2-3 releases since then. Tom can you confirm that is the case?
Hmmm.... I can no longer test this, as I've 'lost' the VMWare setup, etc. and I've moved to rawhide.... Sorry.
Can you see if you have the issue in rawhide, its the same version of the libraries in both.
I'll try, but it will take me some time to recreate the 'testbed'... [I've removed VMWare, etc....] I'll attempt to gather the necessary items and test this weekend......