Bug 101461
Summary: | Kernel panic on shutdown when using broadcom module | ||
---|---|---|---|
Product: | Drivers | Reporter: | Bill Mair (bill) |
Component: | Bluetooth | Assignee: | linux-bluetooth (linux-bluetooth) |
Status: | NEW --- | ||
Severity: | blocking | CC: | bfrancom, hephooey, hjl.tools, mail, szg00000 |
Priority: | P1 | ||
Hardware: | Intel | ||
OS: | Linux | ||
Kernel Version: | 4.1.0 and 4.1.2 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: | kernel 4.1.3 log |
Description
Bill Mair
2015-07-13 20:17:25 UTC
Although I have not had a chance to test this, it has been reported that the following patch fixes the problem: https://github.com/torvalds/linux/commit/b8830a4e71b15d0364ac8e6c55301eea73f211da I have the almost the same kernel panic message with 4.1.x, I am using a MacBook 11.3 so I do not think the dell laptop patch would help me. It has a broadcom BT chip (05ac:8289), it does not require any special patches and with 4.1.x it only works when I do NOT compile btbcm into the kernel (because btbcm_read_verbose_config always return an "Read verbose config info failed" error thus interrupt the initiation of the module). The fastest way to trigger the panic is to unload the btusb module (it is loaded automatically by udev), then run something with heavy cpu/io, for me I just start kmail and the system will halt almost immediately everytime, on the other side if I only run some vim in the console the system seems can last forever. Created attachment 183771 [details]
kernel 4.1.3 log
After disabling btbcm, I got this kernel bug.
There are static void hidinput_cleanup_battery(struct hid_device *dev) { if (!dev->battery) return; power_supply_unregister(dev->battery); kfree(dev->battery->desc->name); kfree(dev->battery->desc); dev->battery = NULL; } Is it safe to access dev->battery->desc->name after power_supply_unregister? Does this patch make any senses: diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c index 008e89b..6e7f6c2 100644 --- a/drivers/hid/hid-input.c +++ b/drivers/hid/hid-input.c @@ -462,12 +462,14 @@ out: static void hidinput_cleanup_battery(struct hid_device *dev) { + struct power_supply_desc *desc; if (!dev->battery) return; + desc = (struct power_supply_desc *)dev->battery->desc; power_supply_unregister(dev->battery); - kfree(dev->battery->desc->name); - kfree(dev->battery->desc); + kfree(desc->name); + kfree(desc); dev->battery = NULL; } |