If you encounter uvc_disconnect then you may have a different issue than I do. I can clearly see via debugging that uvc_disconnect is never reached. In my case the disconnect is happening in usb/core/hub.c:usb_disconnect. The comment on top if this function says "This call is synchronous, and may not be used in an interrupt context" though I can clearly see that during uvc initialization it is being triggered by interrupt (the device disconnecting itself). So the disconnect comes unexpectedly via interrupt from hub, not from uvc_video. Maybe there are two separate issues?
https://github.com/torvalds/linux/blob/99613159ad749543621da8238acf1a122880144e/drivers/usb/core/hub.c#L2263 *pdev = NULL; On Tue, Jan 18, 2022 at 2:50 PM Kai-Heng Feng <[email protected]> wrote: > > The issue is that uvc_disconnect() set the USB intf to NULL, but still > kept the uvcvideo device registered, hence a NULL pointer deference > happens afterward. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1827452 > > Title: > null pointer dereference in uvcvideo > > Status in linux package in Ubuntu: > Confirmed > > Bug description: > I have a logitech c920 webcam. When using this camera in obs-studio > v23.x, all of my USB devices stop working and I see the following in > my kernel log: > > [ 590.282211] usb 3-3: new high-speed USB device number 5 using xhci_hcd > [ 592.660916] usb 3-3: New USB device found, idVendor=046d, > idProduct=082d, bcdDevice= 0.11 > [ 592.660922] usb 3-3: New USB device strings: Mfr=0, Product=2, > SerialNumber=1 > [ 592.660925] usb 3-3: Product: HD Pro Webcam C920 > [ 592.660928] usb 3-3: SerialNumber: 2EAD866F > [ 592.664600] uvcvideo: Found UVC 1.00 device HD Pro Webcam C920 > (046d:082d) > [ 592.666416] uvcvideo 3-3:1.0: Entity type for entity Processing 3 was > not initialized! > [ 592.666421] uvcvideo 3-3:1.0: Entity type for entity Extension 6 was not > initialized! > [ 592.666425] uvcvideo 3-3:1.0: Entity type for entity Extension 12 was > not initialized! > [ 592.666428] uvcvideo 3-3:1.0: Entity type for entity Camera 1 was not > initialized! > [ 592.666430] uvcvideo 3-3:1.0: Entity type for entity Extension 8 was not > initialized! > [ 592.666433] uvcvideo 3-3:1.0: Entity type for entity Extension 9 was not > initialized! > [ 592.666436] uvcvideo 3-3:1.0: Entity type for entity Extension 10 was > not initialized! > [ 592.666439] uvcvideo 3-3:1.0: Entity type for entity Extension 11 was > not initialized! > [ 592.666622] input: HD Pro Webcam C920 as > /devices/pci0000:00/0000:00:14.0/usb3/3-3/3-3:1.0/input/input23 > [ 748.490453] usb 3-3: reset high-speed USB device number 5 using xhci_hcd > [ 938.125745] usb 3-3: USB disconnect, device number 5 > [ 943.298530] BUG: unable to handle kernel NULL pointer dereference at > 0000000000000000 > [ 943.298533] #PF error: [normal kernel read fault] > [ 943.298534] PGD 80000007ca5f3067 P4D 80000007ca5f3067 PUD 0 > [ 943.298536] Oops: 0000 [#1] SMP PTI > [ 943.298538] CPU: 0 PID: 9442 Comm: libobs: graphic Tainted: P > OE 5.0.0-13-generic #14-Ubuntu > [ 943.298539] Hardware name: Gigabyte Technology Co., Ltd. > Z87-HD3/Z87-HD3, BIOS F7 01/20/2014 > [ 943.298543] RIP: 0010:usb_ifnum_to_if+0x24/0x60 > [ 943.298544] Code: ff c3 0f 1f 40 00 0f 1f 44 00 00 55 48 8b 87 c0 03 00 > 00 48 89 e5 48 85 c0 74 43 0f b6 48 04 84 c9 74 39 48 8b 90 98 00 00 00 <48> > 8b 3a 0f b6 7f 02 39 fe 74 2b 48 8d 90 a0 00 00 00 8d 41 ff 48 > [ 943.298545] RSP: 0018:ffffbdae493dbab0 EFLAGS: 00010202 > [ 943.298547] RAX: ffffa106ae527000 RBX: ffffa1070ad0a800 RCX: > 0000000000000004 > [ 943.298547] RDX: 0000000000000000 RSI: 0000000000000001 RDI: > ffffa1070ad0a800 > [ 943.298548] RBP: ffffbdae493dbab0 R08: 0000000000027040 R09: > ffffffffb57825b8 > [ 943.298549] R10: fffffba45fce4bc0 R11: 0000000000000001 R12: > 0000000000000000 > [ 943.298550] R13: ffffa10644187b98 R14: 00000000ffffff92 R15: > ffffa1075131a000 > [ 943.298551] FS: 00007f93c40d7700(0000) GS:ffffa1075ea00000(0000) > knlGS:0000000000000000 > [ 943.298552] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 943.298553] CR2: 0000000000000000 CR3: 00000006f8a94004 CR4: > 00000000001606f0 > [ 943.298553] Call Trace: > [ 943.298557] usb_hcd_alloc_bandwidth+0x241/0x370 > [ 943.298559] usb_set_interface+0xfc/0x380 > [ 943.298565] uvc_video_start_transfer+0x155/0x4b0 [uvcvideo] > [ 943.298568] uvc_video_start_streaming+0x7f/0xd0 [uvcvideo] > [ 943.298570] uvc_start_streaming+0x28/0x70 [uvcvideo] > [ 943.298573] vb2_start_streaming+0x6d/0x110 [videobuf2_common] > [ 943.298575] vb2_core_streamon+0x59/0xc0 [videobuf2_common] > [ 943.298578] vb2_streamon+0x18/0x30 [videobuf2_v4l2] > [ 943.298580] uvc_queue_streamon+0x2e/0x50 [uvcvideo] > [ 943.298582] uvc_ioctl_streamon+0x3f/0x60 [uvcvideo] > [ 943.298588] v4l_streamon+0x20/0x30 [videodev] > [ 943.298592] __video_do_ioctl+0x19a/0x3f0 [videodev] > [ 943.298596] video_usercopy+0x1a6/0x660 [videodev] > [ 943.298599] ? v4l_s_fmt+0x630/0x630 [videodev] > [ 943.298603] video_ioctl2+0x15/0x20 [videodev] > [ 943.298606] v4l2_ioctl+0x49/0x50 [videodev] > [ 943.298608] do_vfs_ioctl+0xa9/0x640 > [ 943.298610] ? __switch_to_asm+0x34/0x70 > [ 943.298611] ? __switch_to_asm+0x40/0x70 > [ 943.298612] ? __switch_to_asm+0x34/0x70 > [ 943.298612] ? __switch_to_asm+0x40/0x70 > [ 943.298613] ? __switch_to_asm+0x34/0x70 > [ 943.298614] ? __switch_to_asm+0x40/0x70 > [ 943.298615] ? __switch_to_asm+0x34/0x70 > [ 943.298616] ? __switch_to_asm+0x40/0x70 > [ 943.298617] ksys_ioctl+0x67/0x90 > [ 943.298619] __x64_sys_ioctl+0x1a/0x20 > [ 943.298621] do_syscall_64+0x5a/0x110 > [ 943.298622] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > [ 943.298623] RIP: 0033:0x7f9430e082e9 > [ 943.298624] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 > 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> > 3d 01 f0 ff ff 73 01 c3 48 8b 0d 77 cb 0c 00 f7 d8 64 89 01 48 > [ 943.298625] RSP: 002b:00007f93c40d6428 EFLAGS: 00000246 ORIG_RAX: > 0000000000000010 > [ 943.298626] RAX: ffffffffffffffda RBX: 00007f94000da020 RCX: > 00007f9430e082e9 > [ 943.298627] RDX: 00007f93c40d6444 RSI: 0000000040045612 RDI: > 000000000000003b > [ 943.298628] RBP: 0000000000000000 R08: 00000000c058560f R09: > 000055f3e344a6e0 > [ 943.298629] R10: 0000000000000000 R11: 0000000000000246 R12: > 000000000000003b > [ 943.298629] R13: 00007f93c40d68bc R14: 00007f94000da020 R15: > 0000000000000000 > [ 943.298631] Modules linked in: uvcvideo videobuf2_vmalloc > videobuf2_memops videobuf2_v4l2 videobuf2_common snd_usb_audio videodev > snd_usbmidi_lib media rfcomm joydev input_leds hid_generic uhid hid > algif_hash algif_skcipher af_alg nf_conntrack_netlink nfnetlink xfrm_user > xfrm_algo xt_addrtype xt_conntrack br_netfilter veth ebtable_filter ebtables > ip6t_MASQUERADE ip6table_nat nf_nat_ipv6 ip6table_filter ip6_tables > ipt_MASQUERADE xt_CHECKSUM xt_comment xt_tcpudp iptable_nat nf_nat_ipv4 > nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle > iptable_filter bpfilter bridge stp llc aufs overlay pci_stub vboxpci(OE) > vboxnetadp(OE) vboxnetflt(OE) cmac bnep vboxdrv(OE) binfmt_misc > nvidia_uvm(OE) nls_iso8859_1 intel_rapl x86_pkg_temp_thermal intel_powerclamp > kvm_intel kvm irqbypass snd_hda_codec_hdmi crct10dif_pclmul crc32_pclmul > ghash_clmulni_intel nvidia_drm(POE) nvidia_modeset(POE) arc4 btusb btrtl > btbcm btintel nvidia(POE) snd_hda_codec_realtek bluetooth aesni_intel > [ 943.298652] snd_hda_codec_generic ledtrig_audio aes_x86_64 > snd_hda_intel crypto_simd snd_hda_codec cryptd ecdh_generic glue_helper > iwlmvm snd_hda_core mac80211 snd_hwdep snd_pcm intel_cstate intel_rapl_perf > snd_seq_midi snd_seq_midi_event snd_rawmidi iwlwifi drm_kms_helper drm > snd_seq ipmi_devintf ipmi_msghandler fb_sys_fops syscopyarea snd_seq_device > sysfillrect cfg80211 snd_timer sysimgblt snd soundcore mei_me mei mac_hid > sch_fq_codel it87 hwmon_vid coretemp parport_pc ppdev lp parport ip_tables > x_tables autofs4 xfs raid10 raid456 async_raid6_recov async_memcpy async_pq > async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear > dm_mirror dm_region_hash dm_log i2c_i801 ahci lpc_ich libahci r8169 realtek > video > [ 943.298672] CR2: 0000000000000000 > [ 943.298674] ---[ end trace 62d503b51a37a64a ]--- > [ 943.298675] RIP: 0010:usb_ifnum_to_if+0x24/0x60 > [ 943.298676] Code: ff c3 0f 1f 40 00 0f 1f 44 00 00 55 48 8b 87 c0 03 00 > 00 48 89 e5 48 85 c0 74 43 0f b6 48 04 84 c9 74 39 48 8b 90 98 00 00 00 <48> > 8b 3a 0f b6 7f 02 39 fe 74 2b 48 8d 90 a0 00 00 00 8d 41 ff 48 > [ 943.298677] RSP: 0018:ffffbdae493dbab0 EFLAGS: 00010202 > [ 943.298678] RAX: ffffa106ae527000 RBX: ffffa1070ad0a800 RCX: > 0000000000000004 > [ 943.298679] RDX: 0000000000000000 RSI: 0000000000000001 RDI: > ffffa1070ad0a800 > [ 943.298680] RBP: ffffbdae493dbab0 R08: 0000000000027040 R09: > ffffffffb57825b8 > [ 943.298680] R10: fffffba45fce4bc0 R11: 0000000000000001 R12: > 0000000000000000 > [ 943.298681] R13: ffffa10644187b98 R14: 00000000ffffff92 R15: > ffffa1075131a000 > [ 943.298682] FS: 00007f93c40d7700(0000) GS:ffffa1075ea00000(0000) > knlGS:0000000000000000 > [ 943.298683] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 943.298684] CR2: 0000000000000000 CR3: 00000006f8a94004 CR4: > 00000000001606f0 > > Interestingly, this doesn't crash the machine, but it does seem to > crash udev or whatever is responsible for updating USB device state, > as I've disconnected the webcam but running lsusb still shows it as > connected. This is something of a pain as the only way I could file > this report was to ssh in from another machine with X forwarding > enabled, as my keyboard and mouse no longer function. > > Note that sometimes OBS will work fine with this camera, however this > bug will still occur when I attempt to change the camera resolution. > > ProblemType: Bug > DistroRelease: Ubuntu 19.04 > Package: linux-modules-extra-5.0.0-13-generic 5.0.0-13.14 > ProcVersionSignature: Ubuntu 5.0.0-13.14-generic 5.0.6 > Uname: Linux 5.0.0-13-generic x86_64 > NonfreeKernelModules: nvidia_modeset nvidia > ApportVersion: 2.20.10-0ubuntu27 > Architecture: amd64 > AudioDevicesInUse: > USER PID ACCESS COMMAND > /dev/snd/controlC1: bburns 3961 F.... pulseaudio > /dev/snd/pcmC1D7p: bburns 3961 F...m pulseaudio > /dev/snd/controlC0: bburns 3961 F.... pulseaudio > /dev/snd/pcmC0D1c: bburns 3961 F...m pulseaudio > Date: Thu May 2 18:47:59 2019 > HibernationDevice: RESUME=none > InstallationDate: Installed on 2018-07-30 (276 days ago) > InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 > (20180725) > MachineType: Gigabyte Technology Co., Ltd. Z87-HD3 > ProcEnviron: > TERM=xterm-256color > PATH=(custom, no user) > XDG_RUNTIME_DIR=<set> > LANG=en_US.UTF-8 > SHELL=/bin/bash > ProcFB: 0 EFI VGA > ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.0.0-13-generic > root=/dev/mapper/cl_box-root ro > RelatedPackageVersions: > linux-restricted-modules-5.0.0-13-generic N/A > linux-backports-modules-5.0.0-13-generic N/A > linux-firmware 1.178 > SourcePackage: linux > UpgradeStatus: Upgraded to disco on 2019-04-24 (8 days ago) > dmi.bios.date: 01/20/2014 > dmi.bios.vendor: American Megatrends Inc. > dmi.bios.version: F7 > dmi.board.asset.tag: To be filled by O.E.M. > dmi.board.name: Z87-HD3 > dmi.board.vendor: Gigabyte Technology Co., Ltd. > dmi.board.version: To be filled by O.E.M. > dmi.chassis.asset.tag: To Be Filled By O.E.M. > dmi.chassis.type: 3 > dmi.chassis.vendor: Gigabyte Technology Co., Ltd. > dmi.chassis.version: To Be Filled By O.E.M. > dmi.modalias: > dmi:bvnAmericanMegatrendsInc.:bvrF7:bd01/20/2014:svnGigabyteTechnologyCo.,Ltd.:pnZ87-HD3:pvrTobefilledbyO.E.M.:rvnGigabyteTechnologyCo.,Ltd.:rnZ87-HD3:rvrTobefilledbyO.E.M.:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvrToBeFilledByO.E.M.: > dmi.product.family: To be filled by O.E.M. > dmi.product.name: Z87-HD3 > dmi.product.sku: To be filled by O.E.M. > dmi.product.version: To be filled by O.E.M. > dmi.sys.vendor: Gigabyte Technology Co., Ltd. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1827452/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1827452 Title: null pointer dereference in uvcvideo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1827452/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
