Bug 55640

Summary: Kernel crashes on USB webcam, kernel module pwc.o
Product: [Retired] Red Hat Linux Reporter: Tim Dijkstra <tdykstra>
Component: kernelAssignee: Pete Zaitcev <zaitcev>
Status: CLOSED ERRATA QA Contact: Brock Organ <borgan>
Severity: high Docs Contact:
Priority: medium    
Version: 7.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-11-04 23:46:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Kernel oops of crash. none

Description Tim Dijkstra 2001-11-03 19:54:14 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-7 i686)

Description of problem:
When I try to use my USB webcam (Philips' ToUcam pro) the Kernel crashes.
When loading the kernel module (drivers/usb/pwc.o) I get all the good
messages, but when trying to read from the device (/dev/video0) the kernel
panics leaving me reseting the system. I have added (the carefully written
down) oops as an attachment. 

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. modprobe pwc
2. cat /dev/video0 > /dev/null 
	or start a program that tries to read from the webcam

	

Actual Results:  System freezes. When done at the console, system freezes
and displays the messages I added as an attachment (kernel panic, etc).

Expected Results:  The system should have shown a nice live feed of me ;)

Additional info:

USB Controller: Intel Corporation 82371AB PIIX4 USB (rev 01)

When using the 2.2.19-7.0.1 kernel and the module version usb-pwc-6.3 it
all works!
Comment 1 Tim Dijkstra 2001-11-03 19:55:54 UTC 
Created attachment 36303 [details]
Kernel oops of crash.
Comment 2 Arjan van de Ven 2001-11-03 20:03:54 UTC 
This is with 2.4.9-7 ? We released an update kernel which has, amongst other
things, a null pointer derefence in usb cameras fixed.... The version is
2.4.9-13..
Comment 3 Pete Zaitcev 2001-11-03 23:06:12 UTC 
Thanks for the oops trace, what about EIP? I cannot
find it in the trace. Is in process_iso?

Another thing that you can do is to download this:

ftp.redhat.com:/pub/redhat/linux/rawhide/i386/RedHat/RPMS/kernel-2.4.13-0.3.i386.rpm

It should work.
Comment 4 Tim Dijkstra 2001-11-04 14:50:19 UTC 
I installed the 2.4.9-13 kernel and that helped, thanks! 

About the EIP, I can't find it. The kernel crashed real hard, so the only way
for me to get some info was by typing at the console 
$cat /dev/video0 > /dev/null 
Then the kernel messages started coming on screen, but only the end stays
visible. I think the EIP must have scrolled of screen. If you have any ideas to
get it in an other way, please tell me, I am willing to crash my system ones
more;)
Comment 5 Pete Zaitcev 2001-11-04 23:46:26 UTC 
It seems to be the case of infamouse list_del() in usb-uhci


-               list_del (p);
+               p_tmp = p;
                p = p->next;
+               list_del (p_tmp);
                delete_desc (s, desc);

It went into Linus tree at 2.4.10, so I thought that 2.4.7-ac
would not be vulnerable. But apparently it was.
Comment 6 Pete Zaitcev 2001-11-05 00:04:32 UTC 
I was too hasty with the Rawhide, we do have an update
out which fixes the problem within the 7.2 trunk.
ftp://ftp.redhat.com/pub/redhat/linux/updates/7.2/en/os/kernel-2.4.9-13.i386.rpm

I just verified that it does contain the fix
(actually, I checked out the kernel_2_4_9-13 branch)