Open
Description
System Details:
- Hardware: MacBook Air 2020 (MacBookAir9,1)
- OS: Ubuntu 24.04 LTS (Noble Numbat)
- Kernel: 6.14.1-1-t2-noble (Tainted: G C)
Problem Description:
The system experiences a hard freeze requiring a forced reboot immediately after stopping the built-in webcam's video stream. This occurs consistently when using applications like VLC (vlc v4l2:///dev/video0) or ffplay (ffplay /dev/video0) to access the webcam.
Steps to Reproduce:
- Start webcam stream using VLC, ffplay, or similar V4L2 application. (Stream works fine).
- Stop the stream (e.g., close the capture window in VLC, press 'q' in ffplay, or terminate the application).
- The system freezes instantly upon stopping the stream.
Kernel Panic Details:
- A kernel panic occurs with the message:
Oops: general protection fault, probably for non-canonical address 0xdead000000000108. - The instruction pointer (RIP) at the time of the crash is within
usb_hcd_unlink_urb_from_ep + 0x2c/0x60. - The faulting memory address (
0xdead...) strongly suggests memory corruption, potentially a use-after-free or similar issue related to USB Request Block (URB) handling. - The fault occurred on CPU 2, triggered by PID 4210 (
video_decoder).
Call Trace Summary:
The call trace indicates the following sequence leading to the crash:
- The V4L2 device associated with the webcam is released (
v4l2_release). - The UVC video driver (
uvcvideo) stops the stream (uvc_video_stop_streaming->uvc_video_stop_transfer). - USB URBs associated with the stream are cancelled (
usb_poison_urb->usb_hcd_unlink_urb). - The cancellation process involves the Apple BCE VHCI driver (
bce_vhci_urb_dequeue->bce_vhci_urb_request_cancel[moduleapple_bce]). - The crash occurs when
bce_vhci_urb_request_cancelcalls into the core USB HCD functionusb_hcd_unlink_urb_from_ep.
Suspected Cause:
The bug seems related to the handling of URB cancellation when the webcam stream is stopped. The involvement of the tainted apple_bce module in the call stack just before the crash in the USB core suggests a potential issue within the apple_bce driver or its interaction with the standard USB stack's URB unlinking mechanism.
Logs:
Please find the relevant kernel Oops message and full call trace from journalctl below:
Apr 08 19:50:00 mnrl-MacBookAir kernel: Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] PREEMPT SMP NOPTI
Apr 08 19:50:00 mnrl-MacBookAir kernel: CPU: 2 UID: 1000 PID: 4210 Comm: video_decoder Tainted: G C 6.14.1-1-t2-noble #1
Apr 08 19:50:00 mnrl-MacBookAir kernel: Tainted: [C]=CRAP
Apr 08 19:50:00 mnrl-MacBookAir kernel: Hardware name: Apple Inc. MacBookAir9,1/Mac-0CFF9C7C2B63DF8D, BIOS 2075.101.2.0.0 (iBridge: 22.16.14248.0.0,0) 03/12/2025
Apr 08 19:50:00 mnrl-MacBookAir kernel: RIP: 0010:usb_hcd_unlink_urb_from_ep+0x2c/0x60
Apr 08 19:50:00 mnrl-MacBookAir kernel: Code: 44 00 00 55 48 c7 c7 ac 74 1d 9f 48 89 e5 53 48 89 f3 e8 a7 24 4a 00 48 8b 4b 18 48 8b 53 20 48 8d 43 18 48 c7 c7 ac 74 1d 9f <48> 89 51 08 48 89 0a 48 89 43 18 48 89 43 20 e8 c0 25 4a 00 48 8b
Apr 08 19:50:00 mnrl-MacBookAir kernel: RSP: 0018:ffffae33c66976e8 EFLAGS: 00010046
Apr 08 19:50:00 mnrl-MacBookAir kernel: RAX: ffff993e0b9da198 RBX: ffff993e0b9da180 RCX: dead000000000100
Apr 08 19:50:00 mnrl-MacBookAir kernel: RDX: dead000000000122 RSI: 0000000000000000 RDI: ffffffff9f1d74ac
Apr 08 19:50:00 mnrl-MacBookAir kernel: RBP: ffffae33c66976f0 R08: 0000000000000000 R09: 0000000000000000
Apr 08 19:50:00 mnrl-MacBookAir kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff993e0b9da180
Apr 08 19:50:00 mnrl-MacBookAir kernel: R13: 0000000000000000 R14: ffff993e033f8b78 R15: ffff993e070b0e80
Apr 08 19:50:00 mnrl-MacBookAir kernel: FS: 0000000000000000(0000) GS:ffff993f77f00000(0000) knlGS:0000000000000000
Apr 08 19:50:00 mnrl-MacBookAir kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 08 19:50:00 mnrl-MacBookAir kernel: CR2: 000058e79d08c000 CR3: 000000013f022005 CR4: 0000000000772ef0
Apr 08 19:50:00 mnrl-MacBookAir kernel: PKRU: 55555554
Apr 08 19:50:00 mnrl-MacBookAir kernel: Call Trace:
Apr 08 19:50:00 mnrl-MacBookAir kernel: <TASK>
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? show_regs+0x6c/0x80
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? die_addr+0x37/0xa0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? exc_general_protection+0x1d2/0x400
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? asm_exc_general_protection+0x27/0x30
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? usb_hcd_unlink_urb_from_ep+0x2c/0x60
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? usb_hcd_unlink_urb_from_ep+0x19/0x60
Apr 08 19:50:00 mnrl-MacBookAir kernel: bce_vhci_urb_request_cancel+0x6b/0x150 [apple_bce]
Apr 08 19:50:00 mnrl-MacBookAir kernel: bce_vhci_urb_dequeue+0x2c/0x60 [apple_bce]
Apr 08 19:50:00 mnrl-MacBookAir kernel: unlink1+0x34/0x160
Apr 08 19:50:00 mnrl-MacBookAir kernel: usb_hcd_unlink_urb+0x8a/0xf0
Apr 08 19:50:00 mnrl-MacBookAir kernel: usb_poison_urb+0x49/0xf0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? ktime_get+0x3e/0x100
Apr 08 19:50:00 mnrl-MacBookAir kernel: uvc_video_stop_transfer+0x4a/0xc0 [uvcvideo]
Apr 08 19:50:00 mnrl-MacBookAir kernel: uvc_video_stop_streaming+0x17/0xa0 [uvcvideo]
Apr 08 19:50:00 mnrl-MacBookAir kernel: uvc_stop_streaming+0x27/0xd0 [uvcvideo]
Apr 08 19:50:00 mnrl-MacBookAir kernel: __vb2_queue_cancel+0x33/0x320 [videobuf2_common]
Apr 08 19:50:00 mnrl-MacBookAir kernel: vb2_core_queue_release+0x23/0x90 [videobuf2_common]
Apr 08 19:50:00 mnrl-MacBookAir kernel: vb2_queue_release+0xe/0x20 [videobuf2_v4l2]
Apr 08 19:50:00 mnrl-MacBookAir kernel: uvc_queue_release+0x26/0x40 [uvcvideo]
Apr 08 19:50:00 mnrl-MacBookAir kernel: uvc_v4l2_release+0x9c/0xf0 [uvcvideo]
Apr 08 19:50:00 mnrl-MacBookAir kernel: v4l2_release+0x104/0x120 [videodev]
Apr 08 19:50:00 mnrl-MacBookAir kernel: __fput+0xea/0x2d0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ____fput+0x15/0x20
Apr 08 19:50:00 mnrl-MacBookAir kernel: task_work_run+0x5d/0xa0
Apr 08 19:50:00 mnrl-MacBookAir kernel: do_exit+0x31f/0xab0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? __pfx_futex_wake_mark+0x10/0x10
Apr 08 19:50:00 mnrl-MacBookAir kernel: do_group_exit+0x34/0x90
Apr 08 19:50:00 mnrl-MacBookAir kernel: get_signal+0x9e3/0x9f0
Apr 08 19:50:00 mnrl-MacBookAir kernel: arch_do_signal_or_restart+0x42/0x260
Apr 08 19:50:00 mnrl-MacBookAir kernel: syscall_exit_to_user_mode+0x146/0x1d0
Apr 08 19:50:00 mnrl-MacBookAir kernel: do_syscall_64+0x8a/0x170
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? wake_up_q+0x50/0xa0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? futex_wake+0x167/0x190
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? do_futex+0x18e/0x260
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? __x64_sys_futex+0x12a/0x200
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? arch_exit_to_user_mode_prepare.isra.0+0x22/0xd0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? syscall_exit_to_user_mode+0x38/0x1d0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? do_syscall_64+0x8a/0x170
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? futex_wake+0x89/0x190
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? do_futex+0x18e/0x260
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? __x64_sys_futex+0x12a/0x200
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? __rseq_handle_notify_resume+0xa4/0x520
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? arch_exit_to_user_mode_prepare.isra.0+0x22/0xd0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? syscall_exit_to_user_mode+0x38/0x1d0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? do_syscall_64+0x8a/0x170
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? arch_exit_to_user_mode_prepare.isra.0+0xc8/0xd0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? irqentry_exit_to_user_mode+0x2d/0x1d0
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? irqentry_exit+0x43/0x50
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? clear_bhb_loop+0x15/0x70
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? clear_bhb_loop+0x15/0x70
Apr 08 19:50:00 mnrl-MacBookAir kernel: ? clear_bhb_loop+0x15/0x70
Apr 08 19:50:00 mnrl-MacBookAir kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
Apr 08 19:50:00 mnrl-MacBookAir kernel: RIP: 0033:0x7b7b01498d71
Apr 08 19:50:00 mnrl-MacBookAir kernel: Code: Unable to access opcode bytes at 0x7b7b01498d47.
Apr 08 19:50:00 mnrl-MacBookAir kernel: RSP: 002b:00007b7ab57f9150 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
Apr 08 19:50:00 mnrl-MacBookAir kernel: RAX: fffffffffffffe00 RBX: 00007b7ab801e080 RCX: 00007b7b01498d71
Apr 08 19:50:00 mnrl-MacBookAir kernel: RDX: 0000000000000000 RSI: 0000000000000189 RDI: 00007b7ab801e0a8
Apr 08 19:50:00 mnrl-MacBookAir kernel: RBP: 00007b7ab57f9190 R08: 0000000000000000 R09: 00000000ffffffff
Apr 08 19:50:00 mnrl-MacBookAir kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
Apr 08 19:50:00 mnrl-MacBookAir kernel: R13: 0000000000000000 R14: 00007b7ab801e058 R15: 00007b7ab801e0a8
Apr 08 19:50:00 mnrl-MacBookAir kernel: </TASK>
Apr 08 19:50:00 mnrl-MacBookAir kernel: Modules linked in: rfcomm snd_seq_dummy snd_hrtimer qrtr cmac algif_hash algif_skcipher af_alg bnep joydev input_leds hid_appletb_bl hid_magicmouse hid_sensor_als hid_sensor_trigger industrialio_triggered_buffer kfifo_buf hid_sensor_iio_common industrialio binfmt_misc hid_sensor_hub hid_apple nls_iso8859_1 cdc_mbim cdc_wdm hid_generic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common cdc_ncm videodev usbhid cdc_ether usbnet hid mc mii apple_mfi_fastcharge snd_sof_pci_intel_icl snd_sof_pci_intel_cnl snd_sof_intel_hda_generic soundwire_intel soundwire_cadence snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda snd_hda_codec_hdmi snd_sof_pci snd_sof_xtensa_dsp intel_uncore_frequency intel_uncore_frequency_common intel_pmc_core_pltdrv snd_sof intel_pmc_core pmt_telemetry snd_sof_utils pmt_class snd_soc_acpi_intel_match intel_vsec snd_soc_acpi_intel_sdca_quirks soundwire_generic_allocation snd_soc_acpi soundwire_bus snd_soc_sdca snd_soc_avs
Apr 08 19:50:00 mnrl-MacBookAir kernel: x86_pkg_temp_thermal intel_powerclamp snd_soc_hda_codec snd_hda_ext_core coretemp snd_soc_core kvm_intel brcmfmac_wcc processor_thermal_device_pci_legacy snd_compress mei_pxp intel_rapl_msr spi_nor i915 kvm processor_thermal_device mei_hdcp ac97_bus mtd processor_thermal_wt_hint iTCO_wdt polyval_clmulni polyval_generic ghash_clmulni_intel intel_pmc_bxt iTCO_vendor_support sha256_ssse3 sha1_ssse3 snd_pcm_dmaengine aesni_intel brcmfmac processor_thermal_rfim crypto_simd applesmc cryptd brcmutil snd_hda_intel drm_buddy snd_intel_dspcfg hci_bcm4377 processor_thermal_rapl snd_intel_sdw_acpi rapl ttm cfg80211 intel_cstate bluetooth intel_rapl_common snd_hda_codec drm_display_helper processor_thermal_wt_req processor_thermal_power_floor cec sbs processor_thermal_mbox rc_core spi_intel_pci i2c_i801 spi_intel int340x_thermal_zone mei_me snd_hda_core i2c_smbus mei i2c_algo_bit i2c_mux intel_soc_dts_iosf snd_hwdep sbshc intel_lpss_acpi intel_lpss acpi_tad idma64 mac_hid sch_fq_codel apple_bce(C) snd_pcm snd_seq_midi
Apr 08 19:50:00 mnrl-MacBookAir kernel: snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device snd_timer snd soundcore msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq nvme nvme_core thunderbolt nvme_auth video wmi
Apr 08 19:50:00 mnrl-MacBookAir kernel: ---[ end trace 0000000000000000 ]---
Apr 08 19:50:00 mnrl-MacBookAir kernel: RIP: 0010:usb_hcd_unlink_urb_from_ep+0x2c/0x60
Apr 08 19:50:00 mnrl-MacBookAir kernel: Code: 44 00 00 55 48 c7 c7 ac 74 1d 9f 48 89 e5 53 48 89 f3 e8 a7 24 4a 00 48 8b 4b 18 48 8b 53 20 48 8d 43 18 48 c7 c7 ac 74 1d 9f <48> 89 51 08 48 89 0a 48 89 43 18 48 89 43 20 e8 c0 25 4a 00 48 8b
Apr 08 19:50:00 mnrl-MacBookAir kernel: RSP: 0018:ffffae33c66976e8 EFLAGS: 00010046
Apr 08 19:50:00 mnrl-MacBookAir kernel: RAX: ffff993e0b9da198 RBX: ffff993e0b9da180 RCX: dead000000000100
Apr 08 19:50:00 mnrl-MacBookAir kernel: RDX: dead000000000122 RSI: 0000000000000000 RDI: ffffffff9f1d74ac
Apr 08 19:50:00 mnrl-MacBookAir kernel: RBP: ffffae33c66976f0 R08: 0000000000000000 R09: 0000000000000000
Apr 08 19:50:00 mnrl-MacBookAir kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff993e0b9da180
Apr 08 19:50:00 mnrl-MacBookAir kernel: R13: 0000000000000000 R14: ffff993e033f8b78 R15: ffff993e070b0e80
Apr 08 19:50:00 mnrl-MacBookAir kernel: FS: 0000000000000000(0000) GS:ffff993f77f00000(0000) knlGS:0000000000000000
Apr 08 19:50:00 mnrl-MacBookAir kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 08 19:50:00 mnrl-MacBookAir kernel: CR2: 000058e79d08c000 CR3: 000000013f022005 CR4: 0000000000772ef0
Apr 08 19:50:00 mnrl-MacBookAir kernel: PKRU: 55555554
Apr 08 19:50:00 mnrl-MacBookAir kernel: note: video_decoder[4210] exited with irqs disabled
Apr 08 19:50:00 mnrl-MacBookAir kernel: note: video_decoder[4210] exited with preempt_count 2
Apr 08 19:50:00 mnrl-MacBookAir kernel: Fixing recursive fault but reboot is needed!
I hope I can find a solution because this is very annoying :((((
Metadata
Metadata
Assignees
Labels
No labels