FS#45787 - [linux] Disconnecting a bluetooth HID device crashes the HID system.

Attached to Project: Arch Linux
Opened by Mika Norén (SysGhost) - Sunday, 26 July 2015, 17:38 GMT
Last edited by Doug Newgard (Scimmia) - Sunday, 20 September 2015, 03:32 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas Bächler (brain0)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 8
Private No

Details

Description:
Every time I disconnect (i.e. Turn off) a bluetooth HID device, such as a keyboard
or a mouse, the HID layer crashes. Some times it even hang the whole system.

Additional info:
* package version(s)
core/linux 4.1.2-2 (base)
core/linux-headers 4.1.2-2
core/linux-api-headers 4.0-1

extra/bluez 5.32-1
extra/bluez-libs 5.32-1
extra/bluez-utils 5.32-1
extra/bluedevil 1:5.3.2-1 (plasma)

* Hardware
Bluetooth dongle: (Internal laptop module, USB bus)
BT-183 Bluetooth 2.0+EDR adapter
Bluetooth mouse:
Logitech M557

* config and/or log files etc.
Default configuration as provided by packages. Nothing special.

dmesg output:

[ 2187.190063] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 2187.190073] IP: [<ffffffffa133b74e>] hidinput_disconnect+0x2e/0xd0 [hid]
[ 2187.190086] PGD b6df5067 PUD b7307067 PMD 0
[ 2187.190093] Oops: 0000 [#1] PREEMPT SMP
[ 2187.190100] Modules linked in: uas usb_storage hid_generic hidp hid fuse rfcomm asus_oled(O) ecb ecryptfs cbc sha256_ssse3 sha256_generic encrypted_keys mcryptd sha1_ssse3 sha1_generic hmac trusted tpm usbtest bnep joydev mousedev nvidia(PO) iTCO_wdt iTCO_vendor_support uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core v4l2_common videodev media btusb btbcm btintel bluetooth coretemp kvm_intel kvm pcspkr evdev mac_hid psmouse serio_raw ata_generic pata_acpi rtl8192ce r852 sm_common arc4 rtl_pci nand nand_ecc nand_ids lpc_ich mtd rtl8192c_common sdhci_pci rtlwifi snd_hda_codec_si3054 sdhci iwldvm r592 snd_hda_codec_realtek snd_hda_codec_generic mac80211 memstick mmc_core snd_hda_intel snd_hda_controller firewire_ohci snd_hda_codec iwlwifi snd_hda_core firewire_core snd_hwdep crc_itu_t snd_pcm
[ 2187.190203] drm snd_timer cfg80211 snd r8169 soundcore mii i2c_core thermal video asus_laptop ac sparse_keymap led_class intel_agp battery intel_gtt shpchp acpi_cpufreq rfkill input_polldev processor button sch_fq_codel pci_stub vboxpci(O) vboxnetflt(O) vboxnetadp(O) vboxdrv(O) nfs lockd grace sunrpc fscache ip_tables x_tables ext4 crc16 mbcache jbd2 sd_mod atkbd libps2 ata_piix ahci libahci libata scsi_mod ehci_pci uhci_hcd ehci_hcd usbcore usb_common i8042 serio
[ 2187.190275] CPU: 0 PID: 618 Comm: bluetoothd Tainted: P O 4.1.2-2-ARCH #1
[ 2187.190280] Hardware name: ASUSTeK Computer Inc. G1S /G1S , BIOS 300 12/25/2007
[ 2187.190285] task: ffff880036b2b2f0 ti: ffff8800b5c54000 task.ti: ffff8800b5c54000
[ 2187.190289] RIP: 0010:[<ffffffffa133b74e>] [<ffffffffa133b74e>] hidinput_disconnect+0x2e/0xd0 [hid]
[ 2187.190298] RSP: 0018:ffff8800b5c57b48 EFLAGS: 00010296
[ 2187.190302] RAX: 0000000000000000 RBX: ffff88005a292000 RCX: 0000000000ad2000
[ 2187.190305] RDX: 0000000000ad1f80 RSI: ffff88013fc195e0 RDI: ffff88013b001c00
[ 2187.190309] RBP: ffff8800b5c57b68 R08: 00000000000195e0 R09: ffffea000197fe80
[ 2187.190312] R10: ffffffff812cbf55 R11: 0000000000000000 R12: ffff88005a2938e8
[ 2187.190315] R13: ffff88005a292000 R14: ffff88005a292000 R15: ffff88005a2938d0
[ 2187.190320] FS: 00007f8ca6bfe700(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
[ 2187.190324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2187.190328] CR2: 0000000000000000 CR3: 00000000b6d72000 CR4: 00000000000007f0
[ 2187.190331] Stack:
[ 2187.190334] ffff88005a292000 ffff88005a2938e8 ffff88005a292000 ffff88005a2938b8
[ 2187.190340] ffff8800b5c57b88 ffffffffa13389c0 00000000fffffffc ffff88005a2938e8
[ 2187.190346] ffff8800b5c57bc8 ffffffffa1338b95 ffff8800b5c57bc8 ffff88005a2938e8
[ 2187.190353] Call Trace:
[ 2187.190362] [<ffffffffa13389c0>] hid_disconnect+0x80/0x90 [hid]
[ 2187.190369] [<ffffffffa1338b95>] hid_device_remove+0xc5/0xe0 [hid]
[ 2187.190378] [<ffffffff813f3d87>] __device_release_driver+0x87/0x120
[ 2187.190383] [<ffffffff813f3e43>] device_release_driver+0x23/0x30
[ 2187.190388] [<ffffffff813f36c8>] bus_remove_device+0x108/0x180
[ 2187.190393] [<ffffffff813ef911>] device_del+0x141/0x270
[ 2187.190399] [<ffffffffa1338d97>] hid_destroy_device+0x27/0x60 [hid]
[ 2187.190405] [<ffffffffa135b29b>] hidp_session_remove+0x4b/0xc0 [hidp]
[ 2187.190423] [<ffffffffa089abae>] l2cap_unregister_user+0x5e/0x80 [bluetooth]
[ 2187.190429] [<ffffffffa135c47d>] hidp_connection_del+0x3d/0x80 [hidp]
[ 2187.190434] [<ffffffffa135c917>] hidp_sock_ioctl+0x247/0x2d0 [hidp]
[ 2187.190443] [<ffffffff81466d59>] sock_do_ioctl+0x29/0x60
[ 2187.190448] [<ffffffff814672a0>] sock_ioctl+0x1e0/0x2b0
[ 2187.190455] [<ffffffff811f44d6>] do_vfs_ioctl+0x2c6/0x4d0
[ 2187.190460] [<ffffffff81466bf6>] ? sock_alloc_file+0xa6/0x140
[ 2187.190466] [<ffffffff811ff42d>] ? __fd_install+0x4d/0x70
[ 2187.190471] [<ffffffff811f4761>] SyS_ioctl+0x81/0xa0
[ 2187.190476] [<ffffffff811ff502>] ? __close_fd+0x82/0xa0
[ 2187.190483] [<ffffffff8158b56e>] system_call_fastpath+0x12/0x71
[ 2187.190486] Code: 66 90 55 48 89 e5 41 56 49 89 fe 41 55 41 54 53 48 8b bf a8 1b 00 00 48 85 ff 74 31 e8 ec 46 0f e0 49 8b 86 a8 1b 00 00 48 8b 00 <48> 8b 38 e8 aa 80 e8 df 49 8b 86 a8 1b 00 00 48 8b 38 e8 9b 80
[ 2187.190548] RIP [<ffffffffa133b74e>] hidinput_disconnect+0x2e/0xd0 [hid]
[ 2187.190555] RSP <ffff8800b5c57b48>
[ 2187.190558] CR2: 0000000000000000
[ 2187.190563] ---[ end trace 2742a132b43e9ad4 ]---



Steps to reproduce:
Activate bluetooth. (systemctl start bluetooth)
Pair any bluetooth HID device. (Mouse or keyboard)
Use as intended.
Switch the bluetooth HID device off.
HID layer stops working, or system stops responding.
This task depends upon

Closed by  Doug Newgard (Scimmia)
Sunday, 20 September 2015, 03:32 GMT
Reason for closing:  Fixed
Additional comments about closing:  linux 4.2.0-3
Comment by Diego Sanchez (dsminotauro) - Tuesday, 28 July 2015, 20:33 GMT
For you to have more information. I'm not using Bluetooth dongle, instead I'm using Bluetooth port. Also we share same configuration (I meant Default configuration). In my case the problem arose when a disconnect Logitech K750 keyboard, having as a result the kernel error listed bellow.

--- BEGINNING of journal dump ---
Jul 28 12:43:53 tao kernel: BUG: unable to handle kernel NULL pointer dereference at (null)
Jul 28 12:43:53 tao kernel: IP: [<ffffffffa010974e>] hidinput_disconnect+0x2e/0xd0 [hid]
Jul 28 12:43:53 tao kernel: PGD 98432067 PUD 98431067 PMD 0
Jul 28 12:43:53 tao kernel: Oops: 0000 [#1] PREEMPT SMP
Jul 28 12:43:53 tao kernel: Modules linked in: hid_logitech_hidpp hid_generic hidp bnep arc4 ath9k ath9k_common ath9k_hw ath amd_freq_sensitivity kvm_amd amdkfd amd_iommu
Jul 28 12:43:53 tao kernel: soundcore shpchp thermal battery wmi video ac acpi_cpufreq button processor sch_fq_codel ip_tables x_tables ext4 crc16 mbcache jbd2 hid_multi
Jul 28 12:43:53 tao kernel: CPU: 1 PID: 413 Comm: kworker/u9:1 Not tainted 4.1.2-2-ARCH #1
Jul 28 12:43:53 tao kernel: Hardware name: SAMSUNG ELECTRONICS CO., LTD. 905S3G/906S3G/915S3G/9305SG/NP915S3G-K03AR, BIOS P13RBV.083.140805.FL 08/05/2014
Jul 28 12:43:53 tao kernel: Workqueue: hci0 hci_rx_work [bluetooth]
Jul 28 12:43:53 tao kernel: task: ffff880098ec32f0 ti: ffff880089148000 task.ti: ffff880089148000
Jul 28 12:43:53 tao kernel: RIP: 0010:[<ffffffffa010974e>] [<ffffffffa010974e>] hidinput_disconnect+0x2e/0xd0 [hid]
Jul 28 12:43:53 tao kernel: RSP: 0018:ffff88008914ba98 EFLAGS: 00010292
Jul 28 12:43:53 tao kernel: RAX: 0000000000000000 RBX: ffff880089486000 RCX: 0000000180800076
Jul 28 12:43:53 tao kernel: RDX: 0000000180800077 RSI: ffffea0002600900 RDI: ffff88013a801c00
Jul 28 12:43:53 tao kernel: RBP: ffff88008914bab8 R08: 0000000000000000 R09: ffff88013a801c00
Jul 28 12:43:53 tao kernel: R10: ffffffff812cbf55 R11: 0000000000000000 R12: ffff8800894878e8
Jul 28 12:43:53 tao kernel: R13: ffff880089486000 R14: ffff880089486000 R15: ffff8800894878d0
Jul 28 12:43:53 tao kernel: FS: 00007f82afa22800(0000) GS:ffff88013ec80000(0000) knlGS:0000000000000000
Jul 28 12:43:53 tao kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 28 12:43:53 tao kernel: CR2: 0000000000000000 CR3: 00000000984cb000 CR4: 00000000000407e0
Jul 28 12:43:53 tao kernel: Stack:
Jul 28 12:43:53 tao kernel: ffff880089486000 ffff8800894878e8 ffff880089486000 ffff8800894878b8
Jul 28 12:43:53 tao kernel: ffff88008914bad8 ffffffffa01069c0 00000000fffffffc ffff8800894878e8
Jul 28 12:43:53 tao kernel: ffff88008914bb18 ffffffffa0106b95 ffff88008914bb18 ffff8800894878e8
Jul 28 12:43:53 tao kernel: Call Trace:
Jul 28 12:43:53 tao kernel: [<ffffffffa01069c0>] hid_disconnect+0x80/0x90 [hid]
Jul 28 12:43:53 tao kernel: [<ffffffffa0106b95>] hid_device_remove+0xc5/0xe0 [hid]
Jul 28 12:43:53 tao kernel: [<ffffffff813f3d87>] __device_release_driver+0x87/0x120
Jul 28 12:43:53 tao kernel: [<ffffffff813f3e43>] device_release_driver+0x23/0x30
Jul 28 12:43:53 tao kernel: [<ffffffff813f36c8>] bus_remove_device+0x108/0x180
Jul 28 12:43:53 tao kernel: [<ffffffff813ef911>] device_del+0x141/0x270
Jul 28 12:43:53 tao kernel: [<ffffffffa0106d97>] hid_destroy_device+0x27/0x60 [hid]
Jul 28 12:43:53 tao kernel: [<ffffffffa05bc29b>] hidp_session_remove+0x4b/0xc0 [hidp]
Jul 28 12:43:53 tao kernel: [<ffffffffa0533406>] l2cap_conn_del+0xb6/0x220 [bluetooth]
Jul 28 12:43:53 tao kernel: [<ffffffffa05335b1>] l2cap_disconn_cfm+0x41/0x70 [bluetooth]
Jul 28 12:43:53 tao kernel: [<ffffffffa0516ea5>] hci_event_packet+0x1d15/0x35d0 [bluetooth]
Jul 28 12:43:53 tao kernel: [<ffffffffa0503aa8>] hci_rx_work+0x1d8/0x430 [bluetooth]
Jul 28 12:43:53 tao kernel: [<ffffffff8109f5ed>] ? finish_task_switch+0x5d/0x100
Jul 28 12:43:53 tao kernel: [<ffffffff8109193b>] process_one_work+0x14b/0x470
Jul 28 12:43:53 tao kernel: [<ffffffff81091ca8>] worker_thread+0x48/0x4c0
Jul 28 12:43:53 tao kernel: [<ffffffff81091c60>] ? process_one_work+0x470/0x470
Jul 28 12:43:53 tao kernel: [<ffffffff810977f8>] kthread+0xd8/0xf0
Jul 28 12:43:53 tao kernel: [<ffffffff81097720>] ? kthread_worker_fn+0x170/0x170
Jul 28 12:43:53 tao kernel: [<ffffffff8158b962>] ret_from_fork+0x42/0x70
Jul 28 12:43:53 tao kernel: [<ffffffff81097720>] ? kthread_worker_fn+0x170/0x170
Jul 28 12:43:53 tao kernel: Code: 66 90 55 48 89 e5 41 56 49 89 fe 41 55 41 54 53 48 8b bf a8 1b 00 00 48 85 ff 74 31 e8 ec 66 32 e1 49 8b 86 a8 1b 00 00 48 8b 00 <48> 8b
Jul 28 12:43:53 tao kernel: RIP [<ffffffffa010974e>] hidinput_disconnect+0x2e/0xd0 [hid]

--- END of journal dump ---

What puzzles me is that I also connected/disconnected Logitech Rechargeable Trackpad T651 without experimenting a problem.


Additional info:
* package version(s)
(installed) core/linux 4.1.2-2 (base)
(installed) core/linux-headers 4.1.2-2
(installed) core/linux-api-headers 4.0-1

(installed) extra/bluez 5.32-1
(NOT installed) extra/bluez-libs 5.32-1
(installed) extra/bluez-utils 5.32-1
(NOT installed) extra/bluedevil 1:5.3.2-1 (plasma)
Comment by Carsten Feuls (CarstenF) - Wednesday, 29 July 2015, 08:35 GMT
Hello everybody,

I can confirm this bug.
I am running an Lenovo X230 Tablet.

dmesg | grep Bluetooth

[ 28.510959] Bluetooth: Core ver 2.20
[ 28.510977] Bluetooth: HCI device and connection manager initialized
[ 28.510981] Bluetooth: HCI socket layer initialized
[ 28.510983] Bluetooth: L2CAP socket layer initialized
[ 28.510988] Bluetooth: SCO socket layer initialized
[ 28.519759] Bluetooth: hci0: BCM: chip id 63
[ 28.520891] Bluetooth: hci0: BCM20702A1 (001.002.014) build 0000
[ 28.521078] Bluetooth: hci0: BCM: Patch brcm/BCM20702A1-0a5c-21e6.hcd not found
[ 30.278060] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 30.278063] Bluetooth: BNEP filters: protocol multicast
[ 30.278067] Bluetooth: BNEP socket layer initialized
[ 35.486627] Bluetooth: RFCOMM TTY layer initialized
[ 35.486634] Bluetooth: RFCOMM socket layer initialized
[ 35.486638] Bluetooth: RFCOMM ver 1.11
[ 44.515688] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 44.515694] Bluetooth: HIDP socket layer initialized
[ 44.518266] input: ThinkPad Bluetooth Laser Mouse as /devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.4/1-1.4:1.0/bluetooth/hci0/hci0:11/0005:17EF:6002.0003/input/input20
[ 44.518506] hid-generic 0005:17EF:6002.0003: input,hidraw2: BLUETOOTH HID v2.45 Mouse [ThinkPad Bluetooth Laser Mouse] on e0:06:e6:b6:0f:18
root@carsten-x230t (29.07.2015) 10:26:31

When I disconnect my Bluetooth Laser Mouth my system stops responding( no ping is possible ).

Additional info:
* package version(s)
(installed) core/linux 4.1.3-1 (base)
(installed) core/linux-headers 4.1.3-1
(installed) core/linux-api-headers 4.0-1

(installed) extra/bluez 5.32-1
(installed) extra/bluez-libs 5.32-1
(installed) extra/bluez-utils 5.32-1
(installed) extra/bluedevil 1:5.3.2-1 (plasma)



Comment by Mika Norén (SysGhost) - Thursday, 30 July 2015, 15:01 GMT
Some additional information I suspect can be related:

Not all bluetooth devices trigger this bug, but those that do, also have these particular lines in the log when they're connected:

[ 216.147722] hidraw: raw HID events driver (C) Jiri Kosina
[ 216.149453] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 216.149465] Bluetooth: HIDP socket layer initialized
[ 229.043078] hid-generic 0005:046D:B010.0001: unknown main item tag 0x0
[ 229.043610] input: Bluetooth Mouse M557 as /devices/pci0000:00/0000:00:1d.2/usb6/6-2/6-2:1.0/bluetooth/hci0/hci0:43/0005:046D:B010.0001/input/input14
[ 229.043892] hid-generic 0005:046D:B010.0001: input,hidraw0: BLUETOOTH HID v10.01 Mouse [Bluetooth Mouse M557] on 00:1b:fc:ef:56:42

...and I'm pointing at the lines that says: "unknown main item tag 0x0".
I also have to reconnect the devices that behaves like this twice each time.

Comment by Adriano M (Adry88) - Thursday, 06 August 2015, 21:30 GMT
Same problem on notebook with Intel 6235 and a generic Dongle on different machine,kernel panic occurs only when I connect a blueooth keyboard and with kernel 4.1.x

journal from notebook:

ago 04 09:26:13 arch-book kernel: general protection fault: 0000 [#1] PREEMPT SMP
ago 04 09:26:13 arch-book kernel: Modules linked in: tun hidp rfcomm cmac ecb bnep joydev uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core btusb v4l2_common btbcm btintel videodev bluetooth media crc16 zram lz4_compress tpm_inf
ago 04 09:26:13 arch-book kernel: tpm_tis snd_pcm snd_timer intel_gtt snd mei_me battery soundcore i2c_algo_bit mei i2c_core tpm video wmi button ac processor sch_fq_codel ip_tables x_tables btrfs xor raid6_pq sd_mod atkbd libps2 crc32c
ago 04 09:26:13 arch-book kernel: CPU: 0 PID: 1929 Comm: konsole Not tainted 4.1.4-1-ARCH #1
ago 04 09:26:13 arch-book kernel: Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P07AAC 11/18/2013
ago 04 09:26:13 arch-book kernel: task: ffff88006a0dbd20 ti: ffff8800097a0000 task.ti: ffff8800097a0000
ago 04 09:26:13 arch-book kernel: RIP: 0010:[<ffffffff810ab37e>] [<ffffffff810ab37e>] effective_load.isra.8+0xe/0xa0
ago 04 09:26:13 arch-book kernel: RSP: 0018:ffff8800097a3b80 EFLAGS: 00010046
ago 04 09:26:13 arch-book kernel: RAX: 0000000000000400 RBX: 0000000000000002 RCX: 0000000000000400
ago 04 09:26:13 arch-book kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 7774654e2e706f74
ago 04 09:26:13 arch-book kernel: RBP: ffff8800097a3c38 R08: 0000000000000400 R09: 000000000000f87c
ago 04 09:26:13 arch-book kernel: R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000010
ago 04 09:26:13 arch-book kernel: R13: ffff88011a88b600 R14: 0000000000000000 R15: ffff88004bf45400
ago 04 09:26:13 arch-book kernel: FS: 00007f8d75f75840(0000) GS:ffff88011f200000(0000) knlGS:0000000000000000
ago 04 09:26:13 arch-book kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
ago 04 09:26:13 arch-book kernel: CR2: 0000000002488e78 CR3: 00000000096cb000 CR4: 00000000001407f0
ago 04 09:26:13 arch-book kernel: Stack:
ago 04 09:26:13 arch-book kernel: ffffffff810aca0a ffff880000000001 ffffffff810bbfc5 ffff88006a0df010
ago 04 09:26:13 arch-book kernel: 00000000000000c3 ffff8800097a3c38 ffff880009670a80 0000000000000001
ago 04 09:26:13 arch-book kernel: 0000000000000010 0000000000000000 000000000000f87c 0000000000000400
ago 04 09:26:13 arch-book kernel: Call Trace:
ago 04 09:26:13 arch-book kernel: [<ffffffff810aca0a>] ? select_task_rq_fair+0x5fa/0x740
ago 04 09:26:13 arch-book kernel: [<ffffffff810bbfc5>] ? __wake_up_common+0x55/0x90
ago 04 09:26:13 arch-book kernel: [<ffffffff810a57e9>] try_to_wake_up+0x129/0x350
ago 04 09:26:13 arch-book kernel: [<ffffffff810a5a90>] wake_up_state+0x10/0x20
ago 04 09:26:13 arch-book kernel: [<ffffffff81085182>] signal_wake_up_state+0x22/0x40
ago 04 09:26:13 arch-book kernel: [<ffffffff81085790>] complete_signal+0x110/0x260
ago 04 09:26:13 arch-book kernel: [<ffffffff81085a91>] __send_signal+0x1b1/0x410
ago 04 09:26:13 arch-book kernel: [<ffffffff81085d2e>] send_signal+0x3e/0x80
ago 04 09:26:13 arch-book kernel: [<ffffffff810869b2>] do_send_sig_info+0x52/0xa0
ago 04 09:26:13 arch-book kernel: [<ffffffff81086caf>] group_send_sig_info+0x4f/0x60
ago 04 09:26:13 arch-book kernel: [<ffffffff81086deb>] kill_pid_info+0x3b/0x70
ago 04 09:26:13 arch-book kernel: [<ffffffff8108878a>] SyS_kill+0xaa/0x200
ago 04 09:26:13 arch-book kernel: [<ffffffff81066bef>] ? __do_page_fault+0x18f/0x4b0
ago 04 09:26:13 arch-book kernel: [<ffffffff8158beae>] system_call_fastpath+0x12/0x71
ago 04 09:26:13 arch-book kernel: Code: ff 48 c7 41 48 00 00 00 00 48 8b 90 48 01 00 00 48 85 d2 75 d8 e9 09 ff ff ff 0f 1f 00 0f 1f 44 00 00 48 63 d2 48 85 f6 48 89 c8 <48> 8b 3c d7 0f 84 82 00 00 00 48 85 ff 74 7d 55 41 bb 02 00 00
ago 04 09:26:13 arch-book kernel: RIP [<ffffffff810ab37e>] effective_load.isra.8+0xe/0xa0
-- Reboot --
Comment by Matt Leach (hexsun) - Friday, 07 August 2015, 16:42 GMT
I'm having the same issue. I managed to capture the crash using kdump:

[ 60.576808] BUG: unable to handle kernel paging request at 000000ab0101016c
[ 60.577890] IP: [<ffffffff811d27fe>] __kmalloc_node_track_caller+0x14e/0x200
[ 60.579060] PGD 0
[ 60.580155] Oops: 0000 [#1] PREEMPT SMP
[ 60.581249] CPU: 1 PID: 1208 Comm: nm-applet Tainted: G W 4.1.0-ARCH #24
[ 60.582371] Hardware name: LENOVO 20B7A0HL00/20B7A0HL00, BIOS GJET79WW (2.29 ) 09/03/2014
[ 60.583496] task: ffff88030d4eea80 ti: ffff880309c30000 task.ti: ffff880309c30000
[ 60.585586] RIP: 0010:[<ffffffff811d27fe>] [<ffffffff811d27fe>] __kmalloc_node_track_caller+0x14e/0x200
[ 60.585589] RSP: 0018:ffff880309c33a58 EFLAGS: 00010246
[ 60.585590] RAX: 0000000000000000 RBX: ffff8800c81db500 RCX: 0000000000084001
[ 60.585591] RDX: 0000000000083f81 RSI: 0000000000083f81 RDI: 0000000000016200
[ 60.585591] RBP: ffff880309c33a98 R08: ffffffff81a63a56 R09: 0000000000000003
[ 60.585592] R10: 0000000000004040 R11: 0000000000000293 R12: 000000ab0101016c
[ 60.585593] R13: 00000000ffffffff R14: ffff880311c03500 R15: 00000000000106d0
[ 60.585595] FS: 00007f0595fc8900(0000) GS:ffff88031e240000(0000) knlGS:0000000000000000
[ 60.585596] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.585597] CR2: 000000ab0101016c CR3: 00000000c835c000 CR4: 00000000001407e0
[ 60.585597] Stack:
[ 60.585600] ffff88030f872380 ffffffff81a63a82 ffff880309c33a88 ffff8800c81db500
[ 60.585602] ffff880309c33b0f 00000000000004d0 0000000000000280 00000000ffffffff
[ 60.585605] ffff880309c33ae8 ffffffff81a6337c 0000000109c33ac8 0000000000000046
[ 60.585605] Call Trace:
[ 60.585609] [<ffffffff81a63a82>] ? __alloc_skb+0x82/0x210
[ 60.585611] [<ffffffff81a6337c>] __kmalloc_reserve.isra.1+0x2c/0x90
[ 60.585613] [<ffffffff81a63a82>] __alloc_skb+0x82/0x210
[ 60.585615] [<ffffffff81a6a182>] alloc_skb_with_frags+0x52/0x1d0
[ 60.585618] [<ffffffff81a5ff56>] sock_alloc_send_pskb+0x1f6/0x270
[ 60.585621] [<ffffffff8111af5f>] ? __wake_up_sync_key+0x4f/0x60
[ 60.585624] [<ffffffff81bb8060>] unix_stream_sendmsg+0x280/0x410
[ 60.585626] [<ffffffff81a5b4d2>] sock_sendmsg+0x12/0x30
[ 60.585628] [<ffffffff81a5b8a3>] ___sys_sendmsg+0x2c3/0x2d0
[ 60.585631] [<ffffffff81189d60>] ? SyS_readahead+0xa0/0xa0
[ 60.585633] [<ffffffff8118b3d7>] ? __lru_cache_add+0x57/0xb0
[ 60.585635] [<ffffffff8118b496>] ? lru_cache_add_active_or_unevictable+0x26/0xa0
[ 60.585638] [<ffffffff81d74141>] ? _raw_spin_unlock+0x11/0x30
[ 60.585640] [<ffffffff811a7ccd>] ? handle_mm_fault+0xe1d/0x1860
[ 60.585642] [<ffffffff81207b6d>] ? __fget+0x6d/0xb0
[ 60.585644] [<ffffffff81a5d032>] __sys_sendmsg+0x52/0xa0
[ 60.585647] [<ffffffff81a5d08d>] SyS_sendmsg+0xd/0x20
[ 60.585649] [<ffffffff81d74817>] system_call_fastpath+0x12/0x6a
[ 60.585674] Code: 08 83 e1 04 0f 85 bf 00 00 00 48 89 c7 e8 8b eb 00 00 49 89 c6 e9 02 ff ff ff 0f 1f 00 49 63 46 20 49 8b 3e 48 8d 8a 80 00 00 00 <49> 8b 1c 04 4c 89 e0 65 48 0f c7 0f 0f 94 c0 84 c0 0f 84 e3 fe
[ 60.585677] RIP [<ffffffff811d27fe>] __kmalloc_node_track_caller+0x14e/0x200
[ 60.585678] RSP <ffff880309c33a58>
[ 60.585678] CR2: 000000ab0101016c
[ 60.601137] ---[ end trace a53f770918a072e5 ]---
Comment by Matt Leach (hexsun) - Wednesday, 12 August 2015, 13:23 GMT
A fix for this has just been merged:

http://www.spinics.net/lists/linux-input/msg40330.html
Comment by Luca Viggiani (lviggiani) - Wednesday, 02 September 2015, 08:39 GMT
@Matt: is that fix in kernel 4.1.6 or do we have to wait until 4.2? How to check that? I looked into the 4.1.6 changelog but it seems there's nothing about hid

EDIT: I've looked into kernel 4.1.6 source tree and the patch is not there. But I have found it into kernel 4.2 source:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/hid/hid-input.c?id=refs/tags/v4.2#n463

So let's wait for the 4.2 series to see if that actually works...
Comment by Mika Norén (SysGhost) - Monday, 14 September 2015, 14:27 GMT
@Luca Viggiani

I can confirm that the original problem (OP) has been fixed in kernel 4.2.0-3-ARCH
Comment by Luca Viggiani (lviggiani) - Monday, 14 September 2015, 14:52 GMT
I have built and installed kernel 4.1.7 using the Arch Build System (https://wiki.archlinux.org/index.php/Kernels/Compilation/Arch_Build_System) as I saw that the patch is also in 4.1.7 change log.
It seems to actually fix the issue so far with my logitech bt mouse. Tomorrow I'll try with the Apple Magic Mouse that was crashing my system much much more frequently.
I can provide PGKBUILD for linux 4.1.7 x86_64 (or even pre-build packages if someone needs them)

Loading...