Bug 228755 - hid2hci triggers kernel bug in drivers/usb/input/hid-core.c
hid2hci triggers kernel bug in drivers/usb/input/hid-core.c
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: bluez-utils (Show other bugs)
8
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: David Woodhouse
Fedora Extras Quality Assurance
:
: 227598 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-14 15:30 EST by Habeeb J. Dihu
Modified: 2008-10-14 16:50 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-14 16:50:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Habeeb J. Dihu 2007-02-14 15:30:14 EST
I've only noticed this with the last few kernels...running hid2hci will cause
the kernel to spit out a BUG error.

My setup -- Logitech diNovo Bluetooth Desktop keyboard and bluetooth
receiver...I've been able to hid2hci in the past without any issues.

Running the latest kernel: kernel-2.6.19-1.2911.fc6

Bug is:

BUG: warning: (value > m) at drivers/usb/input/hid-core.c:793/implement()
(Tainted: P     )
 [<c0405018>] dump_trace+0x69/0x1b6
 [<c040517d>] show_trace_log_lvl+0x18/0x2c
 [<c0405778>] show_trace+0xf/0x11
 [<c0405875>] dump_stack+0x15/0x17
 [<c05993c0>] hid_output_report+0x23c/0x2e7
 [<c05994b7>] hid_submit_ctrl+0x4c/0x1d9
 [<c05997fd>] hid_submit_report+0x134/0x15f
 [<c059bd09>] hiddev_ioctl+0x327/0x88a
 [<c04802c8>] do_ioctl+0x4c/0x62
 [<c0480528>] vfs_ioctl+0x24a/0x25c
 [<c0480586>] sys_ioctl+0x4c/0x66
 [<c040404b>] syscall_call+0x7/0xb
 [<009bb402>] 0x9bb402

The above repeats for a total of 8 times when I invoke:

hid2hci --tohci

Please let me know if I can provide any more data.
Comment 3 Bastien Nocera 2007-02-22 05:45:23 EST
*** Bug 227598 has been marked as a duplicate of this bug. ***
Comment 4 Bastien Nocera 2007-02-22 05:55:11 EST
The hardware I'm seeing this on is a Logitech MX5000, as in one of the lkml
reports. Marcel, what's needed exactly to figure this out?
Comment 5 Marcel Holtmann 2007-02-22 10:46:10 EST
Actually this is not a Bluetooth issue. This is an issue in the hiddev support
of the USB HID driver. We have to send a special HID report to tell the dongle
to switch into HCI mode. Prior to that it looks like a USB mouse and keyboard.
In case of the Logitech dongles we have no clue on how this report has to look
like. It came from a wild guessing and some USB-Snoopy dumps under Windows.
Comment 6 Bastien Nocera 2007-02-22 18:56:03 EST
It's probably still working alright, as I see link requests from the keyboard
and mouse:
Feb 21 16:57:14 cookie hcid[2192]: link_key_request (sba=00:07:61:44:B9:55,
dba=00:07:61:3A:70:B9)
Feb 21 16:57:15 cookie hcid[2192]: link_key_request (sba=00:07:61:44:B9:55,
dba=00:07:61:3A:70:B9)
Feb 21 16:57:16 cookie hidd[2294]: Rejected connection from unknown device
00:07:61:39:A5:37
Comment 7 Th0ma7 2007-02-27 21:11:24 EST
See more info at:
http://lkml.org/lkml/2007/2/27/257
Comment 8 Martin Ebourne 2007-06-08 19:27:48 EDT
I'm still seeing this on kernel-2.6.21-1.3194.fc7.

Looks to be duped by bug 237296 and bug 235419.
Comment 9 Kevin R. Page 2007-09-09 16:44:39 EDT
And 2.6.22.4-65.fc7:


Sep  9 20:11:12 yaffle kernel: WARNING: at drivers/hid/hid-core.c:777
implement() (Not tainted)
Sep  9 20:11:12 yaffle kernel:  [<c059594f>] hid_output_report+0x243/0x2ea
Sep  9 20:11:12 yaffle kernel:  [<c0599cc3>] hid_submit_ctrl+0x55/0x1c2
Sep  9 20:11:12 yaffle kernel:  [<c0599f6e>] usbhid_submit_report+0x13e/0x169
Sep  9 20:11:12 yaffle kernel:  [<c059be56>] hiddev_ioctl+0x343/0x8a9
Sep  9 20:11:12 yaffle kernel:  [<c04c3ceb>] avc_has_perm+0x4e/0x58
Sep  9 20:11:12 yaffle kernel:  [<c04c460c>] inode_has_perm+0x66/0x6e
Sep  9 20:11:12 yaffle kernel:  [<c047b7f9>] chrdev_open+0x0/0x14e
Sep  9 20:11:12 yaffle kernel:  [<c0477ce2>] __dentry_open+0xe4/0x178
Sep  9 20:11:12 yaffle kernel:  [<c04c469d>] file_has_perm+0x89/0x91
Sep  9 20:11:12 yaffle kernel:  [<c059bb13>] hiddev_ioctl+0x0/0x8a9
Sep  9 20:11:12 yaffle kernel:  [<c059bb13>] hiddev_ioctl+0x0/0x8a9
Sep  9 20:11:12 yaffle kernel:  [<c04835b0>] do_ioctl+0x88/0xa0
Sep  9 20:11:12 yaffle kernel:  [<c04837ff>] vfs_ioctl+0x237/0x249
Sep  9 20:11:12 yaffle kernel:  [<c048385d>] sys_ioctl+0x4c/0x67
Sep  9 20:11:12 yaffle kernel:  [<c0404f8e>] syscall_call+0x7/0xb
Sep  9 20:11:12 yaffle kernel:  [<c0600000>] xfrm_add_sa+0x15f/0x491
Sep  9 20:11:12 yaffle kernel:  =======================

(repeated another 7 times)
Comment 10 Kevin R. Page 2008-02-27 12:18:54 EST
(component should be bluez-utils)

Fixed as of bluez-utils-3.26-1.f9, but still present on F8.

Looks like it was probably fixed in 3.24 :
http://bluez.cvs.sourceforge.net/bluez/utils/tools/hid2hci.c?view=log

(Testing on F9-Alpha without updated bluez-utils brought up a shiny kerneloops
notification to remind me, too ;) )
Comment 11 Bastien Nocera 2008-10-14 16:50:49 EDT
bluez-utils is at 3.35-3 in F-8, so closing.

Note You need to log in before you can comment on or make changes to this bug.