ESP32 Forum

ESP32 Official Forum
https://esp32.com/

ESP-IDF V5.2.2 USB host - device address always incrementing

https://esp32.com/viewtopic.php?t=47963

Page 1 of 1

ESP-IDF V5.2.2 USB host - device address always incrementing

Posted: Sun Apr 05, 2026 4:29 am
by Aussie Susan
I'm using ESP-IDF V5.5.2 and the USB host on an ESP32S3.
I have the DEV_MAX_COUNT #define set to 4.
Using software based on the various C code examples, I can attach a USB device, using tt and then detach the device.
I can then attach it again, use it and detach it.
When I attach it fore the 3rd time I get a crash when the 'client_event_cb' function tries to give the driver_obj->constant.mux_lock.
I've traced this to the 'event_msg->new_dev.address' being too large.
On the first attach the address given is 1. On the next attach it is 2 and on the 3rd attach it is 3. The 4th attach has the address as 4 which obviously is past the end of the mux_protected.device[]' array (which is of size DEV_MAX_COUNT).
Is this a bug? If so, has it been fixed in a later release (I know I'm a little behind at the moment)?
If this caused by me now doing something in the client_event_cb callback function when the device is remove? If so what?
Susan

My client event callback function code (with some debugging logging calls)

Code: Select all

static void client_event_cb(const usb_host_client_event_msg_t *event_msg, void *arg)
{
    class_driver_t *driver_obj = (class_driver_t *)arg;
    switch (event_msg->event) {
    case USB_HOST_CLIENT_EVENT_NEW_DEV:
        ESP_LOGI(TAG, "New Device - event_msg->new_dev.address = %d", event_msg->new_dev.address);
        // Save the device address
        xSemaphoreTake(driver_obj->constant.mux_lock, portMAX_DELAY);
        driver_obj->mux_protected.device[event_msg->new_dev.address].dev_addr = event_msg->new_dev.address;
        driver_obj->mux_protected.device[event_msg->new_dev.address].dev_hdl = NULL;
        // Open the device next
        driver_obj->mux_protected.device[event_msg->new_dev.address].actions = ACTION_OPEN_DEV;
        // Set flag
        driver_obj->mux_protected.flags.unhandled_devices = 1;
        xSemaphoreGive(driver_obj->constant.mux_lock);
        break;

    case USB_HOST_CLIENT_EVENT_DEV_GONE:
        ESP_LOGI(TAG, "Device Gone");
        // Cancel any other actions and close the device next
        xSemaphoreTake(driver_obj->constant.mux_lock, portMAX_DELAY);
        for (uint8_t i = 0; i < DEV_MAX_COUNT; i++) {
            if (driver_obj->mux_protected.device[i].dev_hdl == event_msg->dev_gone.dev_hdl) {
                driver_obj->mux_protected.device[i].actions = ACTION_CLOSE_DEV;
                // Set flag
                driver_obj->mux_protected.flags.unhandled_devices = 1;
            }
        }
        xSemaphoreGive(driver_obj->constant.mux_lock);
        break;
    default:
        ESP_LOGW(TAG, "Unsupported client event: %d (possibly suspend/resume)", event_msg->event);
        break;
    }
}
The output of the debug logging calls as I attach and detach the USB device - the crash is when I try to 'give' the semaphore as its 'address' has been over-written:

Code: Select all

I (1747) USB_Host: Registering Client
I (10177) USB_Host: New Device - event_msg->new_dev.address = 1
I (15137) USB_Host: Device Gone
I (20587) USB_Host: New Device - event_msg->new_dev.address = 2
I (24677) USB_Host: Device Gone
I (29027) USB_Host: New Device - event_msg->new_dev.address = 3
I (33407) USB_Host: Device Gone
I (37047) USB_Host: New Device - event_msg->new_dev.address = 4

assert failed: xQueueGenericSend queue.c:939 (!( ( pvItemToQueue == ((void *)0) ) && ( pxQueue->uxItemSize != ( UBaseType_t ) 0U ) ))


Backtrace: 0x4037c24d:0x3fcb9a30 0x4037c215:0x3fcb9a50 0x40384749:0x3fcb9a70 0x4037c892:0x3fcb9b90 0x4200bdd6:0x3fcb9bd0 0x4200ec3e:0x3fcb9bf0 0x4200c950:0x3fcb9c20 0x4037cefd:0x3fcb9ca0
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/