Re: [PATCH v2] media: usb: uvc: Fix NULL pointer dereference during USB device hot-unplug
From: Jie Deng
Date: Mon Nov 24 2025 - 22:14:55 EST
Hi Ricardo
Thank you for your reply
在 2025/11/24 17:06, Ricardo Ribalda 写道:
Hi Jie1. What this patch does:
On Mon, 24 Nov 2025 at 04:08, Jie Deng <dengjie03@xxxxxxxxxx> wrote:
Hi RicardoSeems that the patch that fixed the issue:
Thank you for your reply
在 2025/11/22 16:17, Ricardo Ribalda 写道:
Hi JieThe kernel version I'm using is 5.4.18
On Sat, 22 Nov 2025 at 08:26, Jie Deng <dengjie03@xxxxxxxxxx> wrote:
Add safety checks to prevent kernel panic during the race window inCan you share the kernel version that you are using?
USB device disconnection.
This patchThis patch may indeed eliminate the problem I described.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c93d73c9c2cfa7658f7100d201a47c4856746222
Should prevent the race that you are describing.
In your trace you have a reference to uvc_queue_streamoff that was
deleted by that patch
The 5.4 longterm version should not have synchronized this patch?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/media/usb/uvc/uvc_driver.c?id=c9ec6f1736363b2b2bb4e266997389740f628441
Problem scenario: When a USB device is disconnected, the kernel initiates the
unregistration process, but the device might still be in a streaming state.
2. The issue fixed by my patch submission:
1)Problem scenario: When userspace actively stops streaming, the USB device gets
disconnected during the stopping process.
2)Fix method: In the stream stopping function, check whether the USB device is still
connected to avoid accessing structures of already disconnected devices. This is fixed
by adding null pointer checks.
The patch I submitted addresses a different race condition.
Thanks,
Jie Deng
Was only backported until 5.10
5.4 is EOL this December. So it is probably not worth doing anything more.
Regards!
Thanks,
Jie Deng