Bug 125604

Summary: turning off Sony Vaio combo wireless causes an exception in the kernel and makes Bluetooth unusable
Product: [Fedora] Fedora Reporter: x1 <x1>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: joback
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-14 16:09:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description x1 2004-06-09 09:15:19 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
I have a Sony Vaio Z1VA laptop. It has a switch that allows to turn
on/off 2.4 GHz wireless - 802.11b and Bluetooth. If I use this switch
to turn off 802.11/BT, a long error message is printed into
/var/log/messages and Bluetooth becomes unusable untill the next reboot.

Version-Release number of selected component (if applicable):
2.6.5-1.358

How reproducible:
Always

Steps to Reproduce:
1. turn on the computer with wireless ON
2. service bluetooth start
3. hciconfig hci0 up
4. turn off the wireless switch
5. turn it on again
    

Actual Results:  AFTER SWITCHING OFF:
--------------------

Jun  9 12:54:05 localhost kernel: eth1: New link status: Disconnected
(0002) ## (This is 802.11 disconnecting, it's fine)
Jun  9 12:54:08 localhost kernel: usb 3-2: USB disconnect, address 2
Jun  9 12:54:08 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000068
Jun  9 12:54:08 localhost kernel:  printing eip:
Jun  9 12:54:08 localhost kernel: c016ae5c
Jun  9 12:54:08 localhost kernel: *pde = 00000000
Jun  9 12:54:08 localhost kernel: Oops: 0002 [#1]
Jun  9 12:54:08 localhost kernel: CPU:    0
Jun  9 12:54:08 localhost kernel: EIP:    0060:[<c016ae5c>]   
Tainted: P  
Jun  9 12:54:08 localhost kernel: EFLAGS: 00010246  
(2.6.5-1.358.8kstacks) 
Jun  9 12:54:08 localhost kernel: EIP is at
sysfs_hash_and_remove+0x1f/0x6f
Jun  9 12:54:08 localhost kernel: eax: 00000000   ebx: 00000068   ecx:
00000068   edx: 00000077
Jun  9 12:54:08 localhost kernel: esi: 00000000   edi: c02a835a   ebp:
df152780   esp: c155bef4
Jun  9 12:54:08 localhost hcid[2270]: HCI dev 0 unregistered
Jun  9 12:54:08 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun  9 12:54:08 localhost kernel: Process khubd (pid: 5,
threadinfo=c155a000 task=dfee4030)
Jun  9 12:54:08 localhost kernel: Stack: e0917100 e09170a0 de6b3d30
0000000a c01d9474 de6b3c00 de6b3c00 ded4e864 
Jun  9 12:54:08 localhost kernel:        e0910662 ded4e254 e08ca3f1
ded4e854 e08cb2a0 c0210e71 ded4e864 e08cb2c0 
Jun  9 12:54:08 localhost kernel:        c01d8bdc c02e28a0 c02e28ec
c01d8cdc ded4e864 c02daae8 c15644cc c01d804a 
Jun  9 12:54:08 localhost kernel: Call Trace:
Jun  9 12:54:08 localhost kernel:  [<c01d9474>] class_device_del+0x81/0xa2
Jun  9 12:54:08 localhost kernel:  [<e0910662>]
hci_unregister_dev+0x8/0x5b [bluetooth]
Jun  9 12:54:08 localhost kernel:  [<e08ca3f1>]
hci_usb_disconnect+0x30/0x53 [hci_usb]
Jun  9 12:54:08 localhost kernel:  [<c0210e71>]
usb_unbind_interface+0x2c/0x50
Jun  9 12:54:08 localhost kernel:  [<c01d8bdc>]
device_release_driver+0x3c/0x46
Jun  9 12:54:08 localhost kernel:  [<c01d8cdc>]
bus_remove_device+0x47/0x80
Jun  9 12:54:08 localhost kernel:  [<c01d804a>] device_del+0x66/0x87
Jun  9 12:54:08 localhost kernel:  [<c01d8073>] device_unregister+0x8/0x10
Jun  9 12:54:08 localhost kernel:  [<c0215660>]
usb_disable_device+0x62/0x8a
Jun  9 12:54:08 localhost kernel:  [<c02117a6>] usb_disconnect+0x9d/0xd2
Jun  9 12:54:08 localhost kernel:  [<c0212feb>]
hub_port_connect_change+0x4b/0x210
Jun  9 12:54:08 localhost kernel:  [<c0213286>] hub_events+0xd6/0x296
Jun  9 12:54:08 localhost kernel:  [<c0213464>] hub_thread+0x1e/0xd0
Jun  9 12:54:08 localhost kernel:  [<c0115cc9>]
default_wake_function+0x0/0xc
Jun  9 12:54:08 localhost kernel:  [<c0213446>] hub_thread+0x0/0xd0
Jun  9 12:54:08 localhost kernel:  [<c01041d9>]
kernel_thread_helper+0x5/0xb
Jun  9 12:54:08 localhost kernel: 
Jun  9 12:54:08 localhost kernel: Code: ff 4e 68 78 4b 89 fa 89 e8 e8
80 ff ff ff 3d 18 fc ff ff 89 

AFTER SWITCHING ON: 
Jun  9 12:54:12 localhost kernel:  <6>eth1: New link status: Connected
(0001) # 802.11 starts working again

But Bluetooth doesn't work anymore :-(


Expected Results:  Bluetooth should be working again

Additional info:
Comment 1 x1 2004-06-09 09:44:16 UTC 
It seems that this doesn't have much to do with the Sony wireless
power switch itself. The problem seems to be with
the way hci_usb.ko is unloaded:
The following sequence produce the same results:

# hciconfig hci0 down
# rmmod hci_usb
Segmentation fault

In /var/log/messages:

Jun  9 13:40:37 localhost kernel: usbcore: deregistering driver hci_usb
Jun  9 13:40:37 localhost hcid[2264]: HCI dev 0 unregistered
Jun  9 13:40:37 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000068
Jun  9 13:40:37 localhost kernel:  printing eip:
Jun  9 13:40:37 localhost kernel: c016ae5c
Jun  9 13:40:37 localhost kernel: *pde = 0e4e9067
Jun  9 13:40:37 localhost kernel: Oops: 0002 [#1]
Jun  9 13:40:37 localhost kernel: CPU:    0
Jun  9 13:40:37 localhost kernel: EIP:    0060:[<c016ae5c>]   
Tainted: P  
Jun  9 13:40:37 localhost kernel: EFLAGS: 00210246  
(2.6.5-1.358.8kstacks) 
Jun  9 13:40:37 localhost kernel: EIP is at
sysfs_hash_and_remove+0x1f/0x6f
Jun  9 13:40:37 localhost kernel: eax: 00001000   ebx: 00000068   ecx:
00000068   edx: 00000077
Jun  9 13:40:37 localhost kernel: esi: 00000000   edi: c02a835a   ebp:
df237c80   esp: d17c7ee4
Jun  9 13:40:37 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun  9 13:40:37 localhost kernel: Process rmmod (pid: 3273,
threadinfo=d17c6000 task=d118c330)
Jun  9 13:40:37 localhost kernel: Stack: e0917100 e09170a0 df07cd30
d17c6000 c01d9474 df07cc00 df07cc00 e08cb2c0 
Jun  9 13:40:37 localhost kernel:        e0910662 de7f3354 e08ca3f1
de7f3854 e08cb2a0 c0210e71 de7f3864 e08cb2c0 
Jun  9 13:40:37 localhost kernel:        c01d8bdc e08cb2c0 e08cb30c
c01d8bfe c02e28ec c02e28a0 c01d8dcd e08cb2c8 
Jun  9 13:40:37 localhost kernel: Call Trace:
Jun  9 13:40:37 localhost kernel:  [<c01d9474>] class_device_del+0x81/0xa2
Jun  9 13:40:37 localhost kernel:  [<e0910662>]
hci_unregister_dev+0x8/0x5b [bluetooth]
Jun  9 13:40:37 localhost kernel:  [<e08ca3f1>]
hci_usb_disconnect+0x30/0x53 [hci_usb]
Jun  9 13:40:37 localhost kernel:  [<c0210e71>]
usb_unbind_interface+0x2c/0x50
Jun  9 13:40:37 localhost kernel:  [<c01d8bdc>]
device_release_driver+0x3c/0x46
Jun  9 13:40:37 localhost kernel:  [<c01d8bfe>] driver_detach+0x18/0x26
Jun  9 13:40:37 localhost kernel:  [<c01d8dcd>]
bus_remove_driver+0x37/0x64
Jun  9 13:40:37 localhost kernel:  [<c01d9077>] driver_unregister+0xc/0x2a
Jun  9 13:40:37 localhost kernel:  [<c0210f2b>] usb_deregister+0x20/0x29
Jun  9 13:40:37 localhost kernel:  [<c0126745>]
sys_delete_module+0x122/0x162
Jun  9 13:40:37 localhost kernel:  [<c01378c3>] unmap_vma_list+0xe/0x17
Jun  9 13:40:37 localhost kernel:  [<c0137c1e>] do_munmap+0xfe/0x108
Jun  9 13:40:37 localhost kernel:  [<c01141f3>] do_page_fault+0x0/0x434
Jun  9 13:40:37 localhost kernel:  [<c0105e63>] syscall_call+0x7/0xb
Jun  9 13:40:37 localhost kernel: 
Jun  9 13:40:37 localhost kernel: Code: ff 4e 68 78 4b 89 fa 89 e8 e8
80 ff ff ff 3d 18 fc ff ff 89
Comment 2 Rasmus Back 2004-06-10 11:46:49 UTC 
Same problem here on a HP compaq nc8000. Flipping the bluetooth switch
on and off will eventually crash the bluetooth driver.

Jun  8 11:01:57 localhost kernel: usb 4-1: USB disconnect, address 2
Jun  8 11:01:57 localhost hcid[1868]: HCI dev 0 down
Jun  8 11:01:57 localhost hcid[1868]: Stoping security manager 0
Jun  8 11:01:58 localhost hcid[1868]: HCI dev 0 unregistered
Jun  8 11:01:58 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000068
Jun  8 11:01:58 localhost kernel:  printing eip:
Jun  8 11:01:58 localhost kernel: 0216b824
Jun  8 11:01:58 localhost kernel: *pde = 00000000
Jun  8 11:01:58 localhost kernel: Oops: 0002 [#1]
Jun  8 11:01:58 localhost kernel: CPU:    0
Jun  8 11:01:58 localhost kernel: EIP:    0060:[<0216b824>]    Not tainted
Jun  8 11:01:58 localhost kernel: EFLAGS: 00010246   (2.6.5-1.358)
Jun  8 11:01:58 localhost kernel: EIP is at
sysfs_hash_and_remove+0x1f/0x6f
Jun  8 11:01:58 localhost kernel: eax: 00000000   ebx: 00000068   ecx:
00000068   edx: 00000077
Jun  8 11:01:58 localhost kernel: esi: 00000000   edi: 022a8be7   ebp:
1d417580   esp: 035beef4
Jun  8 11:01:58 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun  8 11:01:58 localhost kernel: Process khubd (pid: 5,
threadinfo=035be000 task=21f46030)
Jun  8 11:01:58 localhost kernel: Stack: 22a47080 22a47020 1f685530
0000000a 021d9ec0 1f685400 1f685400 150dc964
Jun  8 11:01:58 localhost kernel:        22a40674 150dc254 22a7b3f1
150dc954 22a7c2a0 022117f5 150dc964 22a7c2c0
Jun  8 11:01:58 localhost kernel:        021d9628 022e28a0 022e28ec
021d9728 150dc964 022daae8 20e264cc 021d8a96
Jun  8 11:01:58 localhost kernel: Call Trace:
Jun  8 11:01:58 localhost kernel:  [<021d9ec0>] class_device_del+0x81/0xa2
Jun  8 11:01:58 localhost kernel:  [<22a40674>]
hci_unregister_dev+0x8/0x5b [bluetooth]
Jun  8 11:01:58 localhost kernel:  [<22a7b3f1>]
hci_usb_disconnect+0x30/0x53 [hci_usb]
Jun  8 11:01:58 localhost kernel:  [<022117f5>]
usb_unbind_interface+0x2c/0x50
Jun  8 11:01:58 localhost kernel:  [<021d9628>]
device_release_driver+0x3c/0x46
Jun  8 11:01:58 localhost kernel:  [<021d9728>]
bus_remove_device+0x47/0x80
Jun  8 11:01:58 localhost kernel:  [<021d8a96>] device_del+0x66/0x87
Jun  8 11:01:58 localhost kernel:  [<021d8abf>] device_unregister+0x8/0x10
Jun  8 11:01:58 localhost kernel:  [<02215fe4>]
usb_disable_device+0x62/0x8a
Jun  8 11:01:58 localhost kernel:  [<0221212a>] usb_disconnect+0x9d/0xd2
Jun  8 11:01:58 localhost kernel:  [<0221396f>]
hub_port_connect_change+0x4b/0x210
Jun  8 11:01:58 localhost kernel:  [<02213c0a>] hub_events+0xd6/0x296
Jun  8 11:01:58 localhost kernel:  [<02213de8>] hub_thread+0x1e/0xd0
Jun  8 11:01:58 localhost kernel:  [<02115e97>]
default_wake_function+0x0/0xc
Jun  8 11:01:58 localhost kernel:  [<02213dca>] hub_thread+0x0/0xd0
Jun  8 11:01:58 localhost kernel:  [<021041d9>]
kernel_thread_helper+0x5/0xb
Jun  8 11:01:58 localhost kernel:
Jun  8 11:01:58 localhost kernel: Code: ff 4e 68 78 4b 89 fa 89 e8 e8
80 ff ff ff 3d 18 fc ff ff 89
Comment 3 Luca 2004-06-12 14:40:10 UTC 
Very similar problem here with a DELL Latitude D800. 
When I switch the bluetooth off via keyboard I get a kernell oops very
similar to what seen above.
Comment 4 x1 2004-06-12 15:30:18 UTC 
In seems the problem is not related to any particular hardware -
It seems to be a bug either in bluetooth module or in the kernel itself.
Comment 5 Luca 2004-06-12 19:40:06 UTC 
Ok, just one minute after committing my comment I discovered that a
new kernel version came out for fedora core2: 2.6.6-1.427
It solves the problem completely for me. It includes the last patch
from Marcel Holtmann for kernel 2.6.6.

Good luck!
Comment 6 Rasmus Back 2004-06-14 10:16:06 UTC 
Seems like 2.6.6-1.427 fixes the problem here as well. I turned the
bluetooth module on and of 11 times with no oops. Previously it would
crash almost immediately.