Comment 38 for bug 1827452

I've seen this on 5.19.9 as well (not Ubuntu, NixOS 22.05). I thought it's interesting as well.

My setup is a Logitech BRIO camera connected to a USB3 hub, connected to a LG display, connected via USB-C to my laptop. The issue happened (I think) when plugging in the camera into the USB hub.

[91105.117569] usb 3-6.1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[91105.117574] usb 3-6.1.3: Product: USB-Serial Controller D
[91105.117576] usb 3-6.1.3: Manufacturer: Prolific Technology Inc.
[91105.126255] pl2303 3-6.1.3:1.0: pl2303 converter detected
[91105.127474] usb 3-6.1.3: pl2303 converter now attached to ttyUSB0
[91108.797780] BUG: kernel NULL pointer dereference, address: 0000000000000000
[91108.797787] #PF: supervisor read access in kernel mode
[91108.797790] #PF: error_code(0x0000) - not-present page
[91108.797793] PGD 0 P4D 0
[91108.797797] Oops: 0000 [#1] PREEMPT SMP NOPTI
[91108.797801] CPU: 6 PID: 80084 Comm: ThreadPoolSingl Tainted: G O 5.19.9 #1-NixOS
[91108.797806] Hardware name: TUXEDO TUXEDO Book XP14 Gen12/NV4XMB,ME,MZ, BIOS 1.07.14RTR1 08/24/2021
[91108.797808] RIP: 0010:usb_ifnum_to_if+0x3a/0x60 [usbcore]
[91108.797824] Code: 34 41 0f b6 50 04 84 d2 74 33 83 ea 01 49 8d 80 98 00 00 00 49 8d 8c d0 a0 00 00 00 eb 09 48 83 c0 08 48 39 c8 74 16 4c 8b 00 <49> 8b 10 0f b6 52 02 39 f2 75 e9 4c 89 c0 c3 cc cc cc cc 45 31 c0
[91108.797826] RSP: 0018:ffffa54807acfbb0 EFLAGS: 00010206
[91108.797829] RAX: ffff92881be64c98 RBX: 0000000000000000 RCX: ffff92881be64cc8
[91108.797831] RDX: 0000000000000005 RSI: 0000000000000001 RDI: ffff9287d09c9000
[91108.797832] RBP: ffff92881be66920 R08: 0000000000000000 R09: 000000008015000c
[91108.797834] R10: 0000000000000000 R11: 0000000000000000 R12: ffff92881be62c00
[91108.797835] R13: ffff92881be66920 R14: ffff9287d09c9000 R15: ffff9287c4ebe000
[91108.797836] FS: 00007f444d99f640(0000) GS:ffff928f51580000(0000) knlGS:0000000000000000
[91108.797838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[91108.797840] CR2: 0000000000000000 CR3: 000000040ecc2005 CR4: 0000000000770ee0
[91108.797842] PKRU: 55555554
[91108.797843] Call Trace:
[91108.797845] <TASK>
[91108.797847] usb_hcd_alloc_bandwidth+0x245/0x370 [usbcore]
[91108.797862] usb_set_interface+0x127/0x360 [usbcore]
[91108.797877] uvc_video_start_transfer+0x181/0x4d0 [uvcvideo]
[91108.797883] uvc_video_start_streaming+0x7f/0xe0 [uvcvideo]
[91108.797889] uvc_start_streaming+0x2d/0xe0 [uvcvideo]
[91108.797895] vb2_start_streaming+0x60/0x100 [videobuf2_common]
[91108.797901] vb2_core_streamon+0x5c/0xd0 [videobuf2_common]
[91108.797905] uvc_queue_streamon+0x2a/0x50 [uvcvideo]
[91108.797910] uvc_ioctl_streamon+0x3a/0x60 [uvcvideo]
[91108.797915] __video_do_ioctl+0x19c/0x3f0 [videodev]
[91108.797927] ? mmap_region+0x281/0x600
[91108.797933] video_usercopy+0x171/0x710 [videodev]
[91108.797942] ? v4l_print_control+0x20/0x20 [videodev]
[91108.797951] v4l2_ioctl+0x46/0x50 [videodev]
[91108.797959] __x64_sys_ioctl+0x87/0xc0
[91108.797963] do_syscall_64+0x38/0x90
[91108.797968] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[91108.797972] RIP: 0033:0x7f44611e1e37
[91108.797975] Code: ff ff 48 89 d8 5b 5d 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb c9 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b1 0f 0f 00 f7 d8 64 89 01 48
[91108.797977] RSP: 002b:00007f444d99df38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[91108.797980] RAX: ffffffffffffffda RBX: 0000385c0021d7d0 RCX: 00007f44611e1e37
[91108.797981] RDX: 00007f444d99dfb4 RSI: 0000000040045612 RDI: 0000000000000019
[91108.797982] RBP: 00007f444d99df70 R08: 0000000000000019 R09: 0000000000bdf000
[91108.797984] R10: 0000000000000001 R11: 0000000000000246 R12: 0000385c00353b60
[91108.797985] R13: 0000385c00353a00 R14: 00007f444d99dfb4 R15: 0000000040045612
[91108.797988] </TASK>
[91108.797988] Modules linked in: snd_usb_audio snd_usbmidi_lib snd_rawmidi sd_mod uas usb_storage scsi_mod scsi_common pl2303 usbserial cdc_acm ccm rfcomm qrtr snd_seq_dummy snd_hrtimer snd_seq snd_seq_device af_packet snd_hda_codec_hdmi snd_sof_pci_intel_tgl snd_sof_intel_hda_common snd_soc_hdac_hda soundwire_intel soundwire_generic_allocation iwlmvm soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi soundwire_bus joydev cmac mousedev algif_hash snd_soc_core snd_hda_codec_realtek algif_skcipher af_alg snd_hda_codec_generic snd_compress iTCO_wdt ac97_bus hid_multitouch bnep cmdlinepart spi_nor ledtrig_audio mac80211 snd_pcm_dmaengine intel_rapl_msr intel_pmc_bxt mei_hdcp mei_pxp ee1004 mtd watchdog msr snd_hda_intel i2c_designware_platform pmt_telemetry snd_intel_dspcfg snd_intel_sdw_acpi i2c_designware_core pmt_class libarc4 wmi_bmof zstd intel_rapl_common zstd_compress snd_hda_codec snd_hda_core
[91108.798038] iwlwifi btusb intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp snd_hwdep coretemp iwlmei uvcvideo btrtl crc32_pclmul snd_pcm ghash_clmulni_intel videobuf2_vmalloc intel_cstate btbcm videobuf2_memops deflate intel_uncore r8169 btintel snd_timer btmtk cfg80211 videobuf2_v4l2 realtek psmouse snd mei_me i2c_i801 spi_intel_pci serio_raw efi_pstore spi_intel videobuf2_common i2c_smbus nls_iso8859_1 mdio_devres bluetooth soundcore nls_cp437 libphy videodev sch_fq_codel vfat mei ecdh_generic intel_lpss_pci fat rfkill intel_lpss uinput idma64 ecc mc ctr crc16 virt_dma ucsi_acpi loop typec_ucsi intel_vsec tap igen6_edac typec edac_core tiny_power_button macvlan roles thermal wmi button i2c_hid_acpi bridge battery i2c_hid tpm_crb stp evdev mac_hid llc tun tpm_tis tpm_tis_core intel_pmc_core ac acpi_pad pinctrl_tigerlake intel_hid clevo_acpi(O) kvm_intel zram zsmalloc kvm irqbypass tuxedo_io(O) tuxedo_keyboard(O) fuse sparse_keymap pstore configfs efivarfs ip_tables x_tables
[91108.798097] autofs4 xfs libcrc32c crc32c_generic dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core hid_generic usbhid hid nvme rtsx_pci_sdmmc xhci_pci xhci_pci_renesas mmc_core nvme_core xhci_hcd t10_pi crc64_rocksoft input_leds crc64 led_class crc_t10dif usbcore crc32c_intel aesni_intel rtsx_pci atkbd libps2 libaes crct10dif_generic vivaldi_fmap crypto_simd crct10dif_pclmul cryptd mfd_core thunderbolt usb_common crct10dif_common i8042 rtc_cmos serio dm_mod dax i915 i2c_algo_bit intel_gtt drm_buddy cec video drm_display_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm i2c_core backlight agpgart
[91108.798138] CR2: 0000000000000000
[91108.798141] ---[ end trace 0000000000000000 ]---
[91109.157025] RIP: 0010:usb_ifnum_to_if+0x3a/0x60 [usbcore]
[91109.157057] Code: 34 41 0f b6 50 04 84 d2 74 33 83 ea 01 49 8d 80 98 00 00 00 49 8d 8c d0 a0 00 00 00 eb 09 48 83 c0 08 48 39 c8 74 16 4c 8b 00 <49> 8b 10 0f b6 52 02 39 f2 75 e9 4c 89 c0 c3 cc cc cc cc 45 31 c0
[91109.157061] RSP: 0018:ffffa54807acfbb0 EFLAGS: 00010206
[91109.157065] RAX: ffff92881be64c98 RBX: 0000000000000000 RCX: ffff92881be64cc8
[91109.157068] RDX: 0000000000000005 RSI: 0000000000000001 RDI: ffff9287d09c9000
[91109.157070] RBP: ffff92881be66920 R08: 0000000000000000 R09: 000000008015000c
[91109.157072] R10: 0000000000000000 R11: 0000000000000000 R12: ffff92881be62c00
[91109.157074] R13: ffff92881be66920 R14: ffff9287d09c9000 R15: ffff9287c4ebe000
[91109.157076] FS: 00007f444d99f640(0000) GS:ffff928f51580000(0000) knlGS:0000000000000000
[91109.157079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[91109.157081] CR2: 0000000000000000 CR3: 000000040ecc2005 CR4: 0000000000770ee0
[91109.157084] PKRU: 55555554
[91160.087306] usb 4-1: new SuperSpeed USB device number 3 using xhci_hcd
[91160.101211] usb 4-1: New USB device found, idVendor=046d, idProduct=085e, bcdDevice= 3.17
[91160.101226] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[91160.101229] usb 4-1: Product: Logitech BRIO
[91160.101231] usb 4-1: SerialNumber: AF6E7894
[91160.103826] usb 4-1: Found UVC 1.00 device Logitech BRIO (046d:085e)