From Bugzilla Helper: User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-7 i686) Description of problem: When I try to use my USB webcam (Philips' ToUcam pro) the Kernel crashes. When loading the kernel module (drivers/usb/pwc.o) I get all the good messages, but when trying to read from the device (/dev/video0) the kernel panics leaving me reseting the system. I have added (the carefully written down) oops as an attachment. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. modprobe pwc 2. cat /dev/video0 > /dev/null or start a program that tries to read from the webcam Actual Results: System freezes. When done at the console, system freezes and displays the messages I added as an attachment (kernel panic, etc). Expected Results: The system should have shown a nice live feed of me ;) Additional info: USB Controller: Intel Corporation 82371AB PIIX4 USB (rev 01) When using the 2.2.19-7.0.1 kernel and the module version usb-pwc-6.3 it all works!
Created attachment 36303 [details] Kernel oops of crash.
This is with 2.4.9-7 ? We released an update kernel which has, amongst other things, a null pointer derefence in usb cameras fixed.... The version is 2.4.9-13..
Thanks for the oops trace, what about EIP? I cannot find it in the trace. Is in process_iso? Another thing that you can do is to download this: ftp.redhat.com:/pub/redhat/linux/rawhide/i386/RedHat/RPMS/kernel-2.4.13-0.3.i386.rpm It should work.
I installed the 2.4.9-13 kernel and that helped, thanks! About the EIP, I can't find it. The kernel crashed real hard, so the only way for me to get some info was by typing at the console $cat /dev/video0 > /dev/null Then the kernel messages started coming on screen, but only the end stays visible. I think the EIP must have scrolled of screen. If you have any ideas to get it in an other way, please tell me, I am willing to crash my system ones more;)
It seems to be the case of infamouse list_del() in usb-uhci - list_del (p); + p_tmp = p; p = p->next; + list_del (p_tmp); delete_desc (s, desc); It went into Linus tree at 2.4.10, so I thought that 2.4.7-ac would not be vulnerable. But apparently it was.
I was too hasty with the Rawhide, we do have an update out which fixes the problem within the 7.2 trunk. ftp://ftp.redhat.com/pub/redhat/linux/updates/7.2/en/os/kernel-2.4.9-13.i386.rpm I just verified that it does contain the fix (actually, I checked out the kernel_2_4_9-13 branch)