On Sun, Jan 21, 2024 at 06:18:15PM +0100, Michał Pecio wrote: > Hi, > > I encountered an interesting race. This USB camera appears to have got > stuck and dropped by the bus during video stream initialization, leading > to an oops. This is a one time occurrence, not reproducible. Maybe not > a very severe issue due to narrow window of opportunity, but still... > > Linux v6.7, the host is XHCI. > > The first message below comes from uvc_video_start_transfer(). It is > meant to be followed immediately by a call to usb_set_interface() and > apparently during this call things went weird. > > After a half second delay the device was disconnected and another five > seconds later a NULL pointer dereference occured. > > The crashing function is usb_ifnum_to_if() and disassembly suggests that > the dereferenced NULL value was config->interface[i], for unknown i. There are a number of known-race-conditions in the v4l interface that can happen when devices go away and userspace is still holding a reference on the character device node. The developers there are working on it, but I don't know of any recent changes to help resolve this, sorry. Try asking on the linux-media mailing list? thanks, greg k-h
