DWC3 doesn't work with XHCI controllers #233
Description
Operating System
macOS Tahoe 26.1
What is your CPU's model?
Apple M1
Describe the unexpected behaviour in detail.
usb wont connect.
Companion VM: ubuntu 24.04.3 LTS (GNU/Linux 6.8.0-90-generic aarch64)
../QEMUAppleSilicon/build/qemu-system-aarch64 \
-accel hvf \
-cpu host \
-m 2G \
-smp 2 \
-M virt \
-overcommit cpu-pm=on -rtc base=utc,clock=rt,driftfix=none -drive file=companion.qcow2,format=qcow2,if=virtio \
-device qemu-xhci,id=usb \
-device usb-tcp-remote,bus=usb.0,conn-type=unix,conn-addr=/tmp/qemu-usb.sock \
-display none \
-serial stdio \
-drive if=pflash,format=raw,readonly=on,file=/opt/homebrew/share/qemu/edk2-aarch64-code.fdIOS VM:
./QEMUAppleSilicon/build/qemu-system-aarch64 -M t8030,usb-conn-type=unix,usb-conn-addr=/tmp/qemu-usb.sock,trustcache=iPhone11_8_iPhone12_1_14.0_18A5351d_Restore/Firmware/038-44135-124.dmg.trustcache,ticket=root_ticket.der,sep-fw=sep-firmware.n104.RELEASE.new.img4,sep-rom=AppleSEPROM-Cebu-B1,kaslr-off=true \
-kernel iPhone11_8_iPhone12_1_14.0_18A5351d_Restore/kernelcache.research.iphone12b -dtb iPhone11_8_iPhone12_1_14.0_18A5351d_Restore/Firmware/all_flash/DeviceTree.n104ap.im4p \
-append "tlto_us=-1 mtxspin=-1 agm-genuine=1 agm-authentic=1 agm-trusted=1 serial=3 launchd_unsecure_cache=1 wdt=-1 -vm_compressor_wk_sw" \
-smp 4 \
-m 4G \
-serial mon:stdio \
-drive file=sep_nvram,if=pflash,format=raw \
-drive file=sep_ssc,if=pflash,format=raw \
-drive file=root,format=raw,if=none,id=root -device nvme-ns,drive=root,bus=nvme-bus.0,nsid=1,nstype=1,logical_block_size=4096,physical_block_size=4096 \
-drive file=firmware,format=raw,if=none,id=firmware -device nvme-ns,drive=firmware,bus=nvme-bus.0,nsid=2,nstype=2,logical_block_size=4096,physical_block_size=4096 \
-drive file=syscfg,format=raw,if=none,id=syscfg -device nvme-ns,drive=syscfg,bus=nvme-bus.0,nsid=3,nstype=3,logical_block_size=4096,physical_block_size=4096 \
-drive file=ctrl_bits,format=raw,if=none,id=ctrl_bits -device nvme-ns,drive=ctrl_bits,bus=nvme-bus.0,nsid=4,nstype=4,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvram,if=none,format=raw,id=nvram -device apple-nvram,drive=nvram,bus=nvme-bus.0,nsid=5,nstype=5,id=nvram,logical_block_size=4096,physical_block_size=4096 \
-drive file=effaceable,format=raw,if=none,id=effaceable -device nvme-ns,drive=effaceable,bus=nvme-bus.0,nsid=6,nstype=6,logical_block_size=4096,physical_block_size=4096 \
-drive file=panic_log,format=raw,if=none,id=panic_log -device nvme-ns,drive=panic_log,bus=nvme-bus.0,nsid=7,nstype=8,logical_block_size=4096,physical_block_size=4096 \
-display cocoa,zoom-to-fit=on,zoom-interpolation=on,show-cursor=on \
-initrd iPhone11_8_iPhone12_1_14.0_18A5351d_Restore/038-44135-124.dmgWhat should've happened instead?
connect and work
Attach any logs related to this issue.
IOS:
...
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: UniqueDeviceID
2026-01-06 19:37:19.950705+0000 restored_external[7:531] RestoreLog: Client Query: UniqueDeviceID
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: nFRqKto/RuQAV1P+0/qkBA
2026-01-06 19:37:19.952520+0000 restored_external[7:531] RestoreLog: Client Query: nFRqKto/RuQAV1P+0/qkBA
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: TF31PAB6aO8KAbPyNKSxKA
2026-01-06 19:37:19.955065+0000 restored_external[7:531] RestoreLog: Client Query: TF31PAB6aO8KAbPyNKSxKA
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: TF31PAB6aO8KAbPyNKSxKA : 1234605616436508552
2026-01-06 19:37:19.959022+0000 restored_external[7:531] RestoreLog: Client Response: TF31PAB6aO8KAbPyNKSxKA : 1234605616436508552
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: 566JrJVMlDfnslGpwUzNlQ
2026-01-06 19:37:19.960298+0000 restored_external[7:531] RestoreLog: Client Query: 566JrJVMlDfnslGpwUzNlQ
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: 566JrJVMlDfnslGpwUzNlQ : 32816
2026-01-06 19:37:19.964760+0000 restored_external[7:531] RestoreLog: Client Response: 566JrJVMlDfnslGpwUzNlQ : 32816
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: nFRqKto/RuQAV1P+0/qkBA : <CFData 0x140909850 [0x105a301b8]>{length = 25, capacity = 25, bytes = 0x30303030383033302d31313232333334 ... 3535363637373838}
2026-01-06 19:37:19.975692+0000 restored_external[7:531] RestoreLog: Client Response: nFRqKto/RuQAV1P+0/qkBA : {length = 25, bytes = 0x30303030 38303330 2d313132 32333334 ... 35353636 37373838 }
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: UniqueDeviceID : 00008030-1122334455667788
2026-01-06 19:37:19.978125+0000 restored_external[7:531] RestoreLog: Client Response: UniqueDeviceID : 00008030-1122334455667788
000009.587559 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Apple Mobile Device
000009.588006 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
000009.588587 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Reserved 1 + Apple Mobile Device
000009.588886 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: Reserved
000009.589171 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
000009.589482 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Reserved 2 + Apple Mobile Device
000009.589768 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: Reserved
000009.590081 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
000009.590509 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Reserved 3 + Apple Mobile Device
000009.590926 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: Reserved
000009.591127 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
waiting for matching IOKit service: {
IOProviderClass = AppleUSBDeviceMux;
}
AppleUSBDeviceMux build: Aug 12 2020 22:50:42
000009.604818 AppleT8027USBXDCI@: IOUSBDeviceController::gated_registerFunction: register function Reserved
000009.607284 AppleT8027USBXDCI@: IOUSBDeviceController::gated_registerFunction: register function AppleUSBMux
000009.607617 AppleT8027USBXDCI@: IOUSBDeviceController::startUSBStack: starting usb stack
000009.608907 AppleT8027USBXDCI@0: IOUSBDeviceController::startUSBStack: not connected
000009.609311 AppleT8027USBXDCI@0: AppleUSBXDCI::goOnBus: not on bus
000009.612720 AppleT8027USBXDCI@0: AppleUSBXDCIARM::cableChangeOccurred: cable detect disabled: transport type 2 connect type 2 restricted mode _lastRestrictedMode 0
000009.613227 AppleT8027USBXDCI@0: AppleUSBXDCIARM::cableChangeOccurred: powering on for transport type 2 connect type 2 restricted mode 0
IOReturn AppleUSBDeviceMux::setPropertiesGated(OSObject *) setting debug level to 7
[19:37:23.0010-GMT]{4>7} CHECKPOINT END: MAIN:[0x040E] enable_usb
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 10
restore-step-user-progress = 0
waiting for host to trigger start of restore [timeout of 120 seconds]
Companion:
[ 27.739604] usb 1-1: device descriptor read/64, error -110
[ 43.605090] usb 1-1: device descriptor read/64, error -110
[ 65.108843] usb 1-1: device descriptor read/64, error -110
[ 85.988804] usb 1-1: device descriptor read/8, error -110
[ 91.617063] usb 1-1: device descriptor read/8, error -110
[ 107.489079] usb 1-1: device descriptor read/8, error -110
[ 107.595265] usb usb1-port1: unable to enumerate USB device
Host:
$ /bin/ls -la /tmp/qemu-usb.sock
srw-rw-rw- 1 user wheel 0 Jan 6 11:36 /tmp/qemu-usb.sockIssue Report Terms
- You have made sure that there are no other reports about this bug.
- You do not use any software that might interfere with correct function of this software. For Hackintosh users, that could be OCLP, WEG, etc.
- You are on the latest commit of the emulator.
- You acknowledge that violation of these terms may result in your issue being closed or you getting blocked from the organisation.
Metadata
Metadata
Assignees
Type
Projects
Status