125604 – turning off Sony Vaio combo wireless causes an exception in the kernel and makes Bluetooth unusable

Bug 125604 - turning off Sony Vaio combo wireless causes an exception in the kernel and makes Bluetooth unusable

Summary: turning off Sony Vaio combo wireless causes an exception in the kernel and ma...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	2
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Arjan van de Ven
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-06-09 09:15 UTC by x1
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-06-14 16:09:46 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description x1 2004-06-09 09:15:19 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
I have a Sony Vaio Z1VA laptop. It has a switch that allows to turn
on/off 2.4 GHz wireless - 802.11b and Bluetooth. If I use this switch
to turn off 802.11/BT, a long error message is printed into
/var/log/messages and Bluetooth becomes unusable untill the next reboot.

Version-Release number of selected component (if applicable):
2.6.5-1.358

How reproducible:
Always

Steps to Reproduce:
1. turn on the computer with wireless ON
2. service bluetooth start
3. hciconfig hci0 up
4. turn off the wireless switch
5. turn it on again
    

Actual Results:  AFTER SWITCHING OFF:
--------------------

Jun  9 12:54:05 localhost kernel: eth1: New link status: Disconnected
(0002) ## (This is 802.11 disconnecting, it's fine)
Jun  9 12:54:08 localhost kernel: usb 3-2: USB disconnect, address 2
Jun  9 12:54:08 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000068
Jun  9 12:54:08 localhost kernel:  printing eip:
Jun  9 12:54:08 localhost kernel: c016ae5c
Jun  9 12:54:08 localhost kernel: *pde = 00000000
Jun  9 12:54:08 localhost kernel: Oops: 0002 [#1]
Jun  9 12:54:08 localhost kernel: CPU:    0
Jun  9 12:54:08 localhost kernel: EIP:    0060:[<c016ae5c>]   
Tainted: P  
Jun  9 12:54:08 localhost kernel: EFLAGS: 00010246  
(2.6.5-1.358.8kstacks) 
Jun  9 12:54:08 localhost kernel: EIP is at
sysfs_hash_and_remove+0x1f/0x6f
Jun  9 12:54:08 localhost kernel: eax: 00000000   ebx: 00000068   ecx:
00000068   edx: 00000077
Jun  9 12:54:08 localhost kernel: esi: 00000000   edi: c02a835a   ebp:
df152780   esp: c155bef4
Jun  9 12:54:08 localhost hcid[2270]: HCI dev 0 unregistered
Jun  9 12:54:08 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun  9 12:54:08 localhost kernel: Process khubd (pid: 5,
threadinfo=c155a000 task=dfee4030)
Jun  9 12:54:08 localhost kernel: Stack: e0917100 e09170a0 de6b3d30
0000000a c01d9474 de6b3c00 de6b3c00 ded4e864 
Jun  9 12:54:08 localhost kernel:        e0910662 ded4e254 e08ca3f1
ded4e854 e08cb2a0 c0210e71 ded4e864 e08cb2c0 
Jun  9 12:54:08 localhost kernel:        c01d8bdc c02e28a0 c02e28ec
c01d8cdc ded4e864 c02daae8 c15644cc c01d804a 
Jun  9 12:54:08 localhost kernel: Call Trace:
Jun  9 12:54:08 localhost kernel:  [<c01d9474>] class_device_del+0x81/0xa2
Jun  9 12:54:08 localhost kernel:  [<e0910662>]
hci_unregister_dev+0x8/0x5b [bluetooth]
Jun  9 12:54:08 localhost kernel:  [<e08ca3f1>]
hci_usb_disconnect+0x30/0x53 [hci_usb]
Jun  9 12:54:08 localhost kernel:  [<c0210e71>]
usb_unbind_interface+0x2c/0x50
Jun  9 12:54:08 localhost kernel:  [<c01d8bdc>]
device_release_driver+0x3c/0x46
Jun  9 12:54:08 localhost kernel:  [<c01d8cdc>]
bus_remove_device+0x47/0x80
Jun  9 12:54:08 localhost kernel:  [<c01d804a>] device_del+0x66/0x87
Jun  9 12:54:08 localhost kernel:  [<c01d8073>] device_unregister+0x8/0x10
Jun  9 12:54:08 localhost kernel:  [<c0215660>]
usb_disable_device+0x62/0x8a
Jun  9 12:54:08 localhost kernel:  [<c02117a6>] usb_disconnect+0x9d/0xd2
Jun  9 12:54:08 localhost kernel:  [<c0212feb>]
hub_port_connect_change+0x4b/0x210
Jun  9 12:54:08 localhost kernel:  [<c0213286>] hub_events+0xd6/0x296
Jun  9 12:54:08 localhost kernel:  [<c0213464>] hub_thread+0x1e/0xd0
Jun  9 12:54:08 localhost kernel:  [<c0115cc9>]
default_wake_function+0x0/0xc
Jun  9 12:54:08 localhost kernel:  [<c0213446>] hub_thread+0x0/0xd0
Jun  9 12:54:08 localhost kernel:  [<c01041d9>]
kernel_thread_helper+0x5/0xb
Jun  9 12:54:08 localhost kernel: 
Jun  9 12:54:08 localhost kernel: Code: ff 4e 68 78 4b 89 fa 89 e8 e8
80 ff ff ff 3d 18 fc ff ff 89 

AFTER SWITCHING ON: 
Jun  9 12:54:12 localhost kernel:  <6>eth1: New link status: Connected
(0001) # 802.11 starts working again

But Bluetooth doesn't work anymore :-(


Expected Results:  Bluetooth should be working again

Additional info:

Comment 1 x1 2004-06-09 09:44:16 UTC

It seems that this doesn't have much to do with the Sony wireless
power switch itself. The problem seems to be with
the way hci_usb.ko is unloaded:
The following sequence produce the same results:

# hciconfig hci0 down
# rmmod hci_usb
Segmentation fault

In /var/log/messages:

Jun  9 13:40:37 localhost kernel: usbcore: deregistering driver hci_usb
Jun  9 13:40:37 localhost hcid[2264]: HCI dev 0 unregistered
Jun  9 13:40:37 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000068
Jun  9 13:40:37 localhost kernel:  printing eip:
Jun  9 13:40:37 localhost kernel: c016ae5c
Jun  9 13:40:37 localhost kernel: *pde = 0e4e9067
Jun  9 13:40:37 localhost kernel: Oops: 0002 [#1]
Jun  9 13:40:37 localhost kernel: CPU:    0
Jun  9 13:40:37 localhost kernel: EIP:    0060:[<c016ae5c>]   
Tainted: P  
Jun  9 13:40:37 localhost kernel: EFLAGS: 00210246  
(2.6.5-1.358.8kstacks) 
Jun  9 13:40:37 localhost kernel: EIP is at
sysfs_hash_and_remove+0x1f/0x6f
Jun  9 13:40:37 localhost kernel: eax: 00001000   ebx: 00000068   ecx:
00000068   edx: 00000077
Jun  9 13:40:37 localhost kernel: esi: 00000000   edi: c02a835a   ebp:
df237c80   esp: d17c7ee4
Jun  9 13:40:37 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun  9 13:40:37 localhost kernel: Process rmmod (pid: 3273,
threadinfo=d17c6000 task=d118c330)
Jun  9 13:40:37 localhost kernel: Stack: e0917100 e09170a0 df07cd30
d17c6000 c01d9474 df07cc00 df07cc00 e08cb2c0 
Jun  9 13:40:37 localhost kernel:        e0910662 de7f3354 e08ca3f1
de7f3854 e08cb2a0 c0210e71 de7f3864 e08cb2c0 
Jun  9 13:40:37 localhost kernel:        c01d8bdc e08cb2c0 e08cb30c
c01d8bfe c02e28ec c02e28a0 c01d8dcd e08cb2c8 
Jun  9 13:40:37 localhost kernel: Call Trace:
Jun  9 13:40:37 localhost kernel:  [<c01d9474>] class_device_del+0x81/0xa2
Jun  9 13:40:37 localhost kernel:  [<e0910662>]
hci_unregister_dev+0x8/0x5b [bluetooth]
Jun  9 13:40:37 localhost kernel:  [<e08ca3f1>]
hci_usb_disconnect+0x30/0x53 [hci_usb]
Jun  9 13:40:37 localhost kernel:  [<c0210e71>]
usb_unbind_interface+0x2c/0x50
Jun  9 13:40:37 localhost kernel:  [<c01d8bdc>]
device_release_driver+0x3c/0x46
Jun  9 13:40:37 localhost kernel:  [<c01d8bfe>] driver_detach+0x18/0x26
Jun  9 13:40:37 localhost kernel:  [<c01d8dcd>]
bus_remove_driver+0x37/0x64
Jun  9 13:40:37 localhost kernel:  [<c01d9077>] driver_unregister+0xc/0x2a
Jun  9 13:40:37 localhost kernel:  [<c0210f2b>] usb_deregister+0x20/0x29
Jun  9 13:40:37 localhost kernel:  [<c0126745>]
sys_delete_module+0x122/0x162
Jun  9 13:40:37 localhost kernel:  [<c01378c3>] unmap_vma_list+0xe/0x17
Jun  9 13:40:37 localhost kernel:  [<c0137c1e>] do_munmap+0xfe/0x108
Jun  9 13:40:37 localhost kernel:  [<c01141f3>] do_page_fault+0x0/0x434
Jun  9 13:40:37 localhost kernel:  [<c0105e63>] syscall_call+0x7/0xb
Jun  9 13:40:37 localhost kernel: 
Jun  9 13:40:37 localhost kernel: Code: ff 4e 68 78 4b 89 fa 89 e8 e8
80 ff ff ff 3d 18 fc ff ff 89

Comment 2 Rasmus Back 2004-06-10 11:46:49 UTC

Same problem here on a HP compaq nc8000. Flipping the bluetooth switch
on and off will eventually crash the bluetooth driver.

Jun  8 11:01:57 localhost kernel: usb 4-1: USB disconnect, address 2
Jun  8 11:01:57 localhost hcid[1868]: HCI dev 0 down
Jun  8 11:01:57 localhost hcid[1868]: Stoping security manager 0
Jun  8 11:01:58 localhost hcid[1868]: HCI dev 0 unregistered
Jun  8 11:01:58 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000068
Jun  8 11:01:58 localhost kernel:  printing eip:
Jun  8 11:01:58 localhost kernel: 0216b824
Jun  8 11:01:58 localhost kernel: *pde = 00000000
Jun  8 11:01:58 localhost kernel: Oops: 0002 [#1]
Jun  8 11:01:58 localhost kernel: CPU:    0
Jun  8 11:01:58 localhost kernel: EIP:    0060:[<0216b824>]    Not tainted
Jun  8 11:01:58 localhost kernel: EFLAGS: 00010246   (2.6.5-1.358)
Jun  8 11:01:58 localhost kernel: EIP is at
sysfs_hash_and_remove+0x1f/0x6f
Jun  8 11:01:58 localhost kernel: eax: 00000000   ebx: 00000068   ecx:
00000068   edx: 00000077
Jun  8 11:01:58 localhost kernel: esi: 00000000   edi: 022a8be7   ebp:
1d417580   esp: 035beef4
Jun  8 11:01:58 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun  8 11:01:58 localhost kernel: Process khubd (pid: 5,
threadinfo=035be000 task=21f46030)
Jun  8 11:01:58 localhost kernel: Stack: 22a47080 22a47020 1f685530
0000000a 021d9ec0 1f685400 1f685400 150dc964
Jun  8 11:01:58 localhost kernel:        22a40674 150dc254 22a7b3f1
150dc954 22a7c2a0 022117f5 150dc964 22a7c2c0
Jun  8 11:01:58 localhost kernel:        021d9628 022e28a0 022e28ec
021d9728 150dc964 022daae8 20e264cc 021d8a96
Jun  8 11:01:58 localhost kernel: Call Trace:
Jun  8 11:01:58 localhost kernel:  [<021d9ec0>] class_device_del+0x81/0xa2
Jun  8 11:01:58 localhost kernel:  [<22a40674>]
hci_unregister_dev+0x8/0x5b [bluetooth]
Jun  8 11:01:58 localhost kernel:  [<22a7b3f1>]
hci_usb_disconnect+0x30/0x53 [hci_usb]
Jun  8 11:01:58 localhost kernel:  [<022117f5>]
usb_unbind_interface+0x2c/0x50
Jun  8 11:01:58 localhost kernel:  [<021d9628>]
device_release_driver+0x3c/0x46
Jun  8 11:01:58 localhost kernel:  [<021d9728>]
bus_remove_device+0x47/0x80
Jun  8 11:01:58 localhost kernel:  [<021d8a96>] device_del+0x66/0x87
Jun  8 11:01:58 localhost kernel:  [<021d8abf>] device_unregister+0x8/0x10
Jun  8 11:01:58 localhost kernel:  [<02215fe4>]
usb_disable_device+0x62/0x8a
Jun  8 11:01:58 localhost kernel:  [<0221212a>] usb_disconnect+0x9d/0xd2
Jun  8 11:01:58 localhost kernel:  [<0221396f>]
hub_port_connect_change+0x4b/0x210
Jun  8 11:01:58 localhost kernel:  [<02213c0a>] hub_events+0xd6/0x296
Jun  8 11:01:58 localhost kernel:  [<02213de8>] hub_thread+0x1e/0xd0
Jun  8 11:01:58 localhost kernel:  [<02115e97>]
default_wake_function+0x0/0xc
Jun  8 11:01:58 localhost kernel:  [<02213dca>] hub_thread+0x0/0xd0
Jun  8 11:01:58 localhost kernel:  [<021041d9>]
kernel_thread_helper+0x5/0xb
Jun  8 11:01:58 localhost kernel:
Jun  8 11:01:58 localhost kernel: Code: ff 4e 68 78 4b 89 fa 89 e8 e8
80 ff ff ff 3d 18 fc ff ff 89

Comment 3 Luca 2004-06-12 14:40:10 UTC

Very similar problem here with a DELL Latitude D800. 
When I switch the bluetooth off via keyboard I get a kernell oops very
similar to what seen above.

Comment 4 x1 2004-06-12 15:30:18 UTC

In seems the problem is not related to any particular hardware -
It seems to be a bug either in bluetooth module or in the kernel itself.

Comment 5 Luca 2004-06-12 19:40:06 UTC

Ok, just one minute after committing my comment I discovered that a
new kernel version came out for fedora core2: 2.6.6-1.427
It solves the problem completely for me. It includes the last patch
from Marcel Holtmann for kernel 2.6.6.

Good luck!

Comment 6 Rasmus Back 2004-06-14 10:16:06 UTC

Seems like 2.6.6-1.427 fixes the problem here as well. I turned the
bluetooth module on and of 11 times with no oops. Previously it would
crash almost immediately.

Note You need to log in before you can comment on or make changes to this bug.