Bug 609131

Summary: dell_laptop: wireless activation crashes kernel after hibernate and subsequent reboots
Product: [Fedora] Fedora Reporter: Dirk Hoffmann <hoffmann>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 12CC: anton, dougsland, gansalmon, itamar, jfeeney, jonathan, kernel-maint, madhu.chinakonda, matt_domsch, matthias
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-02 19:19:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dirk Hoffmann 2010-06-29 13:52:27 UTC 
Description of problem:
I am not sure, if this is a duplicate of Bug 595329 (and Bug 595330), which seem to concern the same or similar hardware (DELL) and usage of the RF component (except that I do not have bluetooth, but only a wireless 802.11 interface). Maybe even that it is related to Bug 511089?

After hibernation, I run into a critical situation: First the hotkey for the wireless interface activation does not seem to have an effect any more. This is independent of the state (active/inactive) right before the hibernation. The next symptom is that the kernel crashes with one or both of the following messages: "Trying to sleep while in wrong context" and "scheduling while atomic". 
After reboot, the situation does not improve, and using the hotkey for the interface (hardware) activation leads to complete blocking of the PC. At the same time, dual boot on Windows works without problem, as does usage of the WiFi interface.

Version-Release number of selected component (if applicable):
kernel-PAE.i686                         2.6.32.11-99.fc12
iwl3945-firmware.noarch                 15.32.2.9-2

How reproducible:
Rather regularly I get into the the situation after hibernation (not sleep!). There may be some rare hibernations which brought the system back correctly.

Steps to Reproduce:
1. activate wireless
2. connect to wireless network
3. use it for some time
4. (optional) disable wireless networking by h/w-hotkey
5. hibernate PC
6. wake up
7. try to use wireless networking (hotkey, activate, connect, ...)
8. does not work (otherwise the bug has not been reproduced)
9. reboot PC
10. go through fs recovery(!)
11. goto 7.
12. never get here (looping trough 7.-10.)
  
Actual results:
annoying loop in blocked situation

Expected results:
Wake-up without negative impact on wireless

Additional info:
Rather randomly (up to present experience) the PC recovers without visible relation to 
- reboot under linux
- boot and wireless h/w reset under windows
- power off
- reboot under Fedora live-CD
- ...?


Trace (Sorry, it was not easy to get it from the emergency system back into my emailer. So one of the abrt reports was lost. I promise to post it at the next opportunity. I hope references to microcode and dell_rf_kill_request will already help experts to prepare some analysis.):

n_atomic(): 1, irqs_disabled(): 1, pid: 0, name: swapper
Pid: 0, comm: swapper Not tainted 2.6.31.5-127.fc12.i686 #1
Call Trace:
 [<c042866a>] __might_sleep+0xc6/0xcb
 [<c0764fcf>] wait_for_common+0x24/0xe3
 [<c042bb91>] ? list_add+0xf/0x11
 [<c0765119>] wait_for_completion+0x17/0x19
 [<c0433164>] set_cpus_allowed_ptr+0xb8/0xd7
 [<f8c5e790>] dcdbas_smi_request+0x5c/0xdd [dcdbas]
 [<f8cba070>] dell_send_request+0x45/0x4d [dell_laptop]
 [<c0420d00>] ? __change_page_attr_set_clr+0x24a/0x606
 [<f8cba0aa>] dell_rfkill_query+0x32/0x63 [dell_laptop]
 [<f8cba104>] dell_input_filter+0x29/0x5b [dell_laptop]
 [<c068cf85>] input_pass_event+0x41/0x8b
 [<c068edb7>] input_handle_event+0x373/0x37c
 [<c068ee81>] input_event+0x54/0x67
 [<c06935c4>] atkbd_interrupt+0x3f9/0x4a5
 [<c068b610>] serio_interrupt+0x37/0x6a
 [<c068c098>] i8042_interrupt+0x1d9/0x1ea
 [<c0473fb8>] handle_IRQ_event+0x57/0xfd
 [<c0475665>] handle_edge_irq+0xb5/0xf5
 [<c04056cd>] handle_irq+0x40/0x4b
 [<c0404e91>] do_IRQ+0x46/0x9a
 [<c0403c50>] common_interrupt+0x30/0x38
 [<c044007b>] ? mod_timer_pending+0xc/0x16
 [<c05f1f96>] ? acpi_idle_enter_bm+0x24d/0x27e
 [<c06bba42>] cpuidle_idle_call+0x65/0x9b
 [<c04026ff>] cpu_idle+0x96/0xaf
 [<c0761353>] start_secondary+0x1f5/0x233
BUG: scheduling while atomic: swapper/0/0x10010000
Modules linked in: fuse ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq dm_multipath uinput snd_hda_codec_idt arc4 snd_hda_intel ecb snd_hda_codec snd_hwdep snd_seq iwl3945 snd_seq_device iwlcore snd_pcm mac80211 b44 firewire_ohci ssb snd_timer firewire_core iTCO_wdt snd cfg80211 mii iTCO_vendor_support crc_itu_t soundcore dell_laptop wmi i2c_i801 snd_page_alloc rfkill dcdbas joydev squashfs nls_utf8 yenta_socket rsrc_nonstatic i915 drm_kms_helper drm i2c_algo_bit i2c_core video output [last unloaded: microcode]

Pid: 0, comm: swapper Not tainted (2.6.31.5-127.fc12.i686 #1) Latitude D520                   
EIP: 0060:[<c05f1f96>] EFLAGS: 00000202 CPU: 1
EIP is at acpi_idle_enter_bm+0x24d/0x27e
EAX: c09efc2c EBX: 000007f8 ECX: 5f1a65d5 EDX: 01b50000
ESI: 00000000 EDI: f6d2ccc0 EBP: f6ca5f6c ESP: f6ca5f44
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: b776e000 CR3: 009fc000 CR4: 000006d0
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: ffff0ff0 DR7: 00000400
Call Trace:
 [<c06bba42>] cpuidle_idle_call+0x65/0x9b
 [<c04026ff>] cpu_idle+0x96/0xaf
 [<c0761353>] start_secondary+0x1f5/0x233
Comment 1 Dirk Hoffmann 2010-07-04 00:14:32 UTC 
As promised, here is a more complete trace. Both bugs seem to come in coincidence always:

-----

BUG: sleeping function called from invalid context at kernel/sched.c:5730
in_atomic(): 1, irqs_disabled(): 1, pid: 0, name: swapper
Pid: 0, comm: swapper Not tainted 2.6.31.5-127.fc12.i686 #1
Call Trace:
 [<c042866a>] __might_sleep+0xc6/0xcb
 [<c0764fcf>] wait_for_common+0x24/0xe3
 [<c042bb91>] ? list_add+0xf/0x11
 [<c0765119>] wait_for_completion+0x17/0x19
 [<c0433164>] set_cpus_allowed_ptr+0xb8/0xd7
 [<f8c5e790>] dcdbas_smi_request+0x5c/0xdd [dcdbas]
 [<f8cac070>] dell_send_request+0x45/0x4d [dell_laptop]
 [<c0420d00>] ? __change_page_attr_set_clr+0x24a/0x606
 [<f8cac0aa>] dell_rfkill_query+0x32/0x63 [dell_laptop]
 [<f8cac104>] dell_input_filter+0x29/0x5b [dell_laptop]
 [<c068cf85>] input_pass_event+0x41/0x8b
 [<c068edb7>] input_handle_event+0x373/0x37c
 [<c068ee81>] input_event+0x54/0x67
 [<c06935c4>] atkbd_interrupt+0x3f9/0x4a5
 [<c068b610>] serio_interrupt+0x37/0x6a
 [<c068c098>] i8042_interrupt+0x1d9/0x1ea
 [<c0473fb8>] handle_IRQ_event+0x57/0xfd
 [<c0475665>] handle_edge_irq+0xb5/0xf5
 [<c04056cd>] handle_irq+0x40/0x4b
 [<c0404e91>] do_IRQ+0x46/0x9a
 [<c0403c50>] common_interrupt+0x30/0x38
 [<c044007b>] ? mod_timer_pending+0xc/0x16
 [<c05f1f96>] ? acpi_idle_enter_bm+0x24d/0x27e
 [<c06bba42>] cpuidle_idle_call+0x65/0x9b
 [<c04026ff>] cpu_idle+0x96/0xaf
 [<c0761353>] start_secondary+0x1f5/0x233

BUG: scheduling while atomic: swapper/0/0x10010000
Modules linked in: ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq dm_multipath uinput snd_hda_codec_idt arc4 ecb snd_hda_intel snd_hda_codec iwl3945 snd_hwdep iwlcore snd_seq snd_seq_device b44 mac80211 snd_pcm ssb firewire_ohci snd_timer firewire_core iTCO_wdt snd mii iTCO_vendor_support cfg80211 crc_itu_t i2c_i801 soundcore dell_laptop snd_page_alloc rfkill wmi dcdbas joydev squashfs nls_utf8 yenta_socket rsrc_nonstatic i915 drm_kms_helper drm i2c_algo_bit i2c_core video output [last unloaded: microcode]

Pid: 0, comm: swapper Not tainted (2.6.31.5-127.fc12.i686 #1) Latitude D520      
EIP: 0060:[<c05f1f96>] EFLAGS: 00000282 CPU: 1
EIP is at acpi_idle_enter_bm+0x24d/0x27e
EAX: c09efc2c EBX: 0000088b ECX: 38d6fb17 EDX: 01b50000
ESI: 00000000 EDI: f6d2ccc0 EBP: f6ca5f6c ESP: f6ca5f44
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: b77b9000 CR3: 009fc000 CR4: 000006d0
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: ffff0ff0 DR7: 00000400
Call Trace:
 [<c06bba42>] cpuidle_idle_call+0x65/0x9b
 [<c04026ff>] cpu_idle+0x96/0xaf
 [<c0761353>] start_secondary+0x1f5/0x233
iwl3945 0000:0c:00.0: MAC is in deep sleep!.  CSR_GP_CNTRL = 0x040003DD
type=1305 audit(1278004627.548:26603): audit_enabled=0 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:readahead_t:s0 res=1
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
fuse init (API version 7.12)
SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[drm] TV-16: set mode NTSC 480i 0
[drm] TV-16: set mode NTSC 480i 0
SELinux: initialized (dev sda1, type fuseblk), uses genfs_contexts

-----
H/w concerned is a DELL Latitude D520.
Comment 2 Matthias Saou 2010-07-29 15:07:50 UTC 
This is a kernel related issue, reassigning.
Comment 3 Chuck Ebbert 2010-08-02 19:19:22 UTC 

*** This bug has been marked as a duplicate of bug 572827 ***