Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 228755 - hid2hci triggers kernel bug in drivers/usb/input/hid-core.c
Summary: hid2hci triggers kernel bug in drivers/usb/input/hid-core.c
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: bluez-utils
Version: 8
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Woodhouse
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 227598 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-14 20:30 UTC by Habeeb J. Dihu
Modified: 2008-10-14 20:50 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-10-14 20:50:49 UTC


Attachments (Terms of Use)

Description Habeeb J. Dihu 2007-02-14 20:30:14 UTC
I've only noticed this with the last few kernels...running hid2hci will cause
the kernel to spit out a BUG error.

My setup -- Logitech diNovo Bluetooth Desktop keyboard and bluetooth
receiver...I've been able to hid2hci in the past without any issues.

Running the latest kernel: kernel-2.6.19-1.2911.fc6

Bug is:

BUG: warning: (value > m) at drivers/usb/input/hid-core.c:793/implement()
(Tainted: P     )
 [<c0405018>] dump_trace+0x69/0x1b6
 [<c040517d>] show_trace_log_lvl+0x18/0x2c
 [<c0405778>] show_trace+0xf/0x11
 [<c0405875>] dump_stack+0x15/0x17
 [<c05993c0>] hid_output_report+0x23c/0x2e7
 [<c05994b7>] hid_submit_ctrl+0x4c/0x1d9
 [<c05997fd>] hid_submit_report+0x134/0x15f
 [<c059bd09>] hiddev_ioctl+0x327/0x88a
 [<c04802c8>] do_ioctl+0x4c/0x62
 [<c0480528>] vfs_ioctl+0x24a/0x25c
 [<c0480586>] sys_ioctl+0x4c/0x66
 [<c040404b>] syscall_call+0x7/0xb
 [<009bb402>] 0x9bb402

The above repeats for a total of 8 times when I invoke:

hid2hci --tohci

Please let me know if I can provide any more data.

Comment 3 Bastien Nocera 2007-02-22 10:45:23 UTC
*** Bug 227598 has been marked as a duplicate of this bug. ***

Comment 4 Bastien Nocera 2007-02-22 10:55:11 UTC
The hardware I'm seeing this on is a Logitech MX5000, as in one of the lkml
reports. Marcel, what's needed exactly to figure this out?

Comment 5 Marcel Holtmann 2007-02-22 15:46:10 UTC
Actually this is not a Bluetooth issue. This is an issue in the hiddev support
of the USB HID driver. We have to send a special HID report to tell the dongle
to switch into HCI mode. Prior to that it looks like a USB mouse and keyboard.
In case of the Logitech dongles we have no clue on how this report has to look
like. It came from a wild guessing and some USB-Snoopy dumps under Windows.


Comment 6 Bastien Nocera 2007-02-22 23:56:03 UTC
It's probably still working alright, as I see link requests from the keyboard
and mouse:
Feb 21 16:57:14 cookie hcid[2192]: link_key_request (sba=00:07:61:44:B9:55,
dba=00:07:61:3A:70:B9)
Feb 21 16:57:15 cookie hcid[2192]: link_key_request (sba=00:07:61:44:B9:55,
dba=00:07:61:3A:70:B9)
Feb 21 16:57:16 cookie hidd[2294]: Rejected connection from unknown device
00:07:61:39:A5:37


Comment 7 Th0ma7 2007-02-28 02:11:24 UTC
See more info at:
http://lkml.org/lkml/2007/2/27/257

Comment 8 Martin Ebourne 2007-06-08 23:27:48 UTC
I'm still seeing this on kernel-2.6.21-1.3194.fc7.

Looks to be duped by bug 237296 and bug 235419.


Comment 9 Kevin R. Page 2007-09-09 20:44:39 UTC
And 2.6.22.4-65.fc7:


Sep  9 20:11:12 yaffle kernel: WARNING: at drivers/hid/hid-core.c:777
implement() (Not tainted)
Sep  9 20:11:12 yaffle kernel:  [<c059594f>] hid_output_report+0x243/0x2ea
Sep  9 20:11:12 yaffle kernel:  [<c0599cc3>] hid_submit_ctrl+0x55/0x1c2
Sep  9 20:11:12 yaffle kernel:  [<c0599f6e>] usbhid_submit_report+0x13e/0x169
Sep  9 20:11:12 yaffle kernel:  [<c059be56>] hiddev_ioctl+0x343/0x8a9
Sep  9 20:11:12 yaffle kernel:  [<c04c3ceb>] avc_has_perm+0x4e/0x58
Sep  9 20:11:12 yaffle kernel:  [<c04c460c>] inode_has_perm+0x66/0x6e
Sep  9 20:11:12 yaffle kernel:  [<c047b7f9>] chrdev_open+0x0/0x14e
Sep  9 20:11:12 yaffle kernel:  [<c0477ce2>] __dentry_open+0xe4/0x178
Sep  9 20:11:12 yaffle kernel:  [<c04c469d>] file_has_perm+0x89/0x91
Sep  9 20:11:12 yaffle kernel:  [<c059bb13>] hiddev_ioctl+0x0/0x8a9
Sep  9 20:11:12 yaffle kernel:  [<c059bb13>] hiddev_ioctl+0x0/0x8a9
Sep  9 20:11:12 yaffle kernel:  [<c04835b0>] do_ioctl+0x88/0xa0
Sep  9 20:11:12 yaffle kernel:  [<c04837ff>] vfs_ioctl+0x237/0x249
Sep  9 20:11:12 yaffle kernel:  [<c048385d>] sys_ioctl+0x4c/0x67
Sep  9 20:11:12 yaffle kernel:  [<c0404f8e>] syscall_call+0x7/0xb
Sep  9 20:11:12 yaffle kernel:  [<c0600000>] xfrm_add_sa+0x15f/0x491
Sep  9 20:11:12 yaffle kernel:  =======================

(repeated another 7 times)

Comment 10 Kevin R. Page 2008-02-27 17:18:54 UTC
(component should be bluez-utils)

Fixed as of bluez-utils-3.26-1.f9, but still present on F8.

Looks like it was probably fixed in 3.24 :
http://bluez.cvs.sourceforge.net/bluez/utils/tools/hid2hci.c?view=log

(Testing on F9-Alpha without updated bluez-utils brought up a shiny kerneloops
notification to remind me, too ;) )

Comment 11 Bastien Nocera 2008-10-14 20:50:49 UTC
bluez-utils is at 3.35-3 in F-8, so closing.


Note You need to log in before you can comment on or make changes to this bug.