102061 – 4.1 panics intermittently if BT mouse is connected via intel 7260 Wifi/BT combo and then disconnected

Bug 102061 - 4.1 panics intermittently if BT mouse is connected via intel 7260 Wifi/BT combo and then disconnected

Summary: 4.1 panics intermittently if BT mouse is connected via intel 7260 Wifi/BT com...

Status:	ASSIGNED

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Bluetooth (show other bugs)
Hardware:	x86-64 Linux

Importance:	P1 high
Assignee:	linux-bluetooth@vger.kernel.org

URL:	https://bugs.gentoo.org/show_bug.cgi?...
Keywords:

Depends on:
Blocks:

Reported:	2015-07-27 21:18 UTC by Anton Gubarkov
Modified:	2015-09-02 08:55 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	4.1
Subsystem:
Regression:	Yes
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anton Gubarkov 2015-07-27 21:18:29 UTC

when my BT mouse goes standby or disconnects (by power off switch), I get the following panic (captured via /dev/pstore):

Jun 23 12:27:33 r9-008cln kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
Jun 23 12:27:33 r9-008cln kernel: IP: [<ffffffff817613be>] hidinput_disconnect+0x2e/0xd0
Jun 23 12:27:33 r9-008cln kernel: PGD 0 
Jun 23 12:27:33 r9-008cln kernel: Oops: 0000 [#1] PREEMPT SMP 
Jun 23 12:27:33 r9-008cln kernel: Modules linked in: rndis_host cdc_ether usbnet mii acpi_call(O) ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat snd_hda_co
Jun 23 12:27:33 r9-008cln kernel: CPU: 2 PID: 22431 Comm: kworker/u17:1 Tainted: P           O    4.1.0-gentoo #4
Jun 23 12:27:33 r9-008cln kernel: Hardware name: LENOVO 20BEA008RT/20BEA008RT, BIOS GMET70WW (2.18 ) 03/05/2015
Jun 23 12:27:33 r9-008cln kernel: Workqueue: hci0 hci_rx_work
Jun 23 12:27:33 r9-008cln kernel: task: ffff8802d630be20 ti: ffff8802d54e4000 task.ti: ffff8802d54e4000
Jun 23 12:27:33 r9-008cln kernel: RIP: 0010:[<ffffffff817613be>]  [<ffffffff817613be>] hidinput_disconnect+0x2e/0xd0
Jun 23 12:27:33 r9-008cln kernel: RSP: 0018:ffff8802d54e7a28  EFLAGS: 00010292
Jun 23 12:27:33 r9-008cln kernel: RAX: 0000000000000000 RBX: ffff8803d7d54000 RCX: 0000000180800073
Jun 23 12:27:33 r9-008cln kernel: RDX: 0000000180800074 RSI: 0000000000000001 RDI: ffff88042d803c00
Jun 23 12:27:33 r9-008cln kernel: RBP: ffff8802d54e7a48 R08: 0000000000000000 R09: ffffea0010a7d740
Jun 23 12:27:33 r9-008cln kernel: R10: ffffffff81420000 R11: 0000000000000000 R12: ffff8803d7d558e8
Jun 23 12:27:33 r9-008cln kernel: R13: ffff8803d7d54000 R14: ffff8803d7d54000 R15: ffff8803d7d558d0
Jun 23 12:27:33 r9-008cln kernel: FS:  0000000000000000(0000) GS:ffff88043e280000(0000) knlGS:0000000000000000
Jun 23 12:27:33 r9-008cln kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 23 12:27:33 r9-008cln kernel: CR2: 0000000000000000 CR3: 0000000002cf7000 CR4: 00000000001407e0
Jun 23 12:27:33 r9-008cln kernel: Stack:
Jun 23 12:27:33 r9-008cln kernel:  ffff8803d7d54000 ffff8803d7d558e8 ffff8803d7d54000 ffff8803d7d558b8
Jun 23 12:27:33 r9-008cln kernel:  ffff8802d54e7a68 ffffffff8175e270 00000000fffffffc ffff8803d7d558e8
Jun 23 12:27:33 r9-008cln kernel:  ffff8802d54e7aa8 ffffffff8175e445 ffff8802d54e7aa8 ffff8803d7d558e8
Jun 23 12:27:33 r9-008cln kernel: Call Trace:
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8175e270>] hid_disconnect+0x80/0x90
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8175e445>] hid_device_remove+0xc5/0xe0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81622de7>] __device_release_driver+0x87/0x120
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81622ea3>] device_release_driver+0x23/0x30
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81622748>] bus_remove_device+0x108/0x180
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8161ec71>] device_del+0x141/0x270
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8175e4e7>] hid_destroy_device+0x27/0x60
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8192e9a2>] hidp_session_remove+0x52/0xc0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8190a776>] l2cap_conn_del+0xb6/0x220
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8190a91e>] l2cap_disconn_cfm+0x3e/0x70
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff818e6f29>] hci_disconn_complete_evt.isra.58+0x189/0x2c0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff818ee420>] hci_event_packet+0x1590/0x3630
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff810947f8>] ? cpuacct_charge+0x58/0x70
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff819e4cea>] ? _raw_spin_unlock_irqrestore+0x2a/0x60
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff818dbc98>] hci_rx_work+0x1c8/0x400
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8106f9b7>] process_one_work+0x147/0x410
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8106fceb>] worker_thread+0x6b/0x4a0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8106fc80>] ? process_one_work+0x410/0x410
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8107574b>] kthread+0xdb/0x100
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81070000>] ? worker_thread+0x380/0x4a0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81075670>] ? kthread_create_on_node+0x180/0x180
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff819e5882>] ret_from_fork+0x42/0x70
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81075670>] ? kthread_create_on_node+0x180/0x180
Jun 23 12:27:33 r9-008cln kernel: Code: 00 00 55 48 89 e5 41 56 49 89 fe 41 55 41 54 53 48 8b bf 88 1b 00 00 48 85 ff 74 31 e8 bc d7 fb ff 49 8b 86 88 1b 00 0

Jun 23 12:27:33 r9-008cln kernel: RIP  [<ffffffff817613be>] hidinput_disconnect+0x2e/0xd0
Jun 23 12:27:33 r9-008cln kernel:  RSP <ffff8802d54e7a28>
Jun 23 12:27:33 r9-008cln kernel: CR2: 0000000000000000
Jun 23 12:27:33 r9-008cln kernel: ---[ end trace 538104341aa92af7 ]---
Jun 23 12:27:33 r9-008cln kernel: BUG: unable to handle kernel paging request at ffffffffffffffd8
Jun 23 12:27:33 r9-008cln kernel: IP: [<ffffffff81075dc1>] kthread_data+0x11/0x20
Jun 23 12:27:33 r9-008cln kernel: PGD 2cf8067 PUD 2cfa067 PMD 0 
Jun 23 12:27:33 r9-008cln kernel: Oops: 0000 [#2] PREEMPT SMP 
Jun 23 12:27:33 r9-008cln kernel: Modules linked in: rndis_host cdc_ether usbnet mii acpi_call(O) ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat snd_hda_co
Jun 23 12:27:33 r9-008cln kernel: CPU: 6 PID: 22431 Comm: kworker/u17:1 Tainted: P      D    O    4.1.0-gentoo #4
Jun 23 12:27:33 r9-008cln kernel: Hardware name: LENOVO 20BEA008RT/20BEA008RT, BIOS GMET70WW (2.18 ) 03/05/2015
Jun 23 12:27:33 r9-008cln kernel: task: ffff8802d630be20 ti: ffff8802d54e4000 task.ti: ffff8802d54e4000
Jun 23 12:27:33 r9-008cln kernel: RIP: 0010:[<ffffffff81075dc1>]  [<ffffffff81075dc1>] kthread_data+0x11/0x20
Jun 23 12:27:33 r9-008cln kernel: RSP: 0018:ffff8802d54e76d0  EFLAGS: 00210096
Jun 23 12:27:33 r9-008cln kernel: RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000000002
Jun 23 12:27:33 r9-008cln kernel: RDX: 0000000000000001 RSI: 0000000000000006 RDI: ffff8802d630be20
Jun 23 12:27:33 r9-008cln kernel: RBP: ffff8802d54e76e8 R08: ffffffffffffffff R09: 0000000000000000
Jun 23 12:27:33 r9-008cln kernel: R10: 0000000000000176 R11: ffffea0010736800 R12: 0000000000016080
Jun 23 12:27:33 r9-008cln kernel: R13: ffff8802d630be20 R14: 0000000000000006 R15: 0000000000000000
Jun 23 12:27:33 r9-008cln kernel: FS:  0000000000000000(0000) GS:ffff88043e380000(0000) knlGS:0000000000000000
Jun 23 12:27:33 r9-008cln kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 23 12:27:33 r9-008cln kernel: CR2: 0000000000000028 CR3: 0000000002cf7000 CR4: 00000000001407e0
Jun 23 12:27:33 r9-008cln kernel: Stack:
Jun 23 12:27:33 r9-008cln kernel:  ffffffff81070955 ffff8802d54e76e8 ffff88043e396080 ffff8802d54e7748
Jun 23 12:27:33 r9-008cln kernel:  ffffffff819e143c ffff8802d54e7768 ffff8802d630be20 0000000000000000
Jun 23 12:27:33 r9-008cln kernel:  00000000ffffffff ffff8802d630c4b0 ffff8802d54e8000 ffff8802d630c4b0
Jun 23 12:27:33 r9-008cln kernel: Call Trace:
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81070955>] ? wq_worker_sleeping+0x15/0xa0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff819e143c>] __schedule+0x58c/0xa30
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff819e1917>] schedule+0x37/0x90
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8105a7e6>] do_exit+0x796/0xae0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff810068cd>] oops_end+0x8d/0xd0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81048aaf>] no_context+0x14f/0x3a0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81048e0d>] __bad_area_nosemaphore+0x10d/0x230
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81048f43>] bad_area_nosemaphore+0x13/0x20
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff810491fe>] __do_page_fault+0xae/0x4c0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8161e25e>] ? device_release+0x3e/0xb0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81420000>] ? kobject_release+0x40/0x1c0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8104961c>] do_page_fault+0xc/0x10
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff819e70d2>] page_fault+0x22/0x30
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81420000>] ? kobject_release+0x40/0x1c0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff817613be>] ? hidinput_disconnect+0x2e/0xd0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff817613b4>] ? hidinput_disconnect+0x24/0xd0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8175e270>] hid_disconnect+0x80/0x90
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8175e445>] hid_device_remove+0xc5/0xe0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81622de7>] __device_release_driver+0x87/0x120
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81622ea3>] device_release_driver+0x23/0x30
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81622748>] bus_remove_device+0x108/0x180
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8161ec71>] device_del+0x141/0x270
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8175e4e7>] hid_destroy_device+0x27/0x60
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8192e9a2>] hidp_session_remove+0x52/0xc0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8190a776>] l2cap_conn_del+0xb6/0x220
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8190a91e>] l2cap_disconn_cfm+0x3e/0x70
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff818e6f29>] hci_disconn_complete_evt.isra.58+0x189/0x2c0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff818ee420>] hci_event_packet+0x1590/0x3630
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff810947f8>] ? cpuacct_charge+0x58/0x70
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff819e4cea>] ? _raw_spin_unlock_irqrestore+0x2a/0x60
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff818dbc98>] hci_rx_work+0x1c8/0x400
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8106f9b7>] process_one_work+0x147/0x410
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8106fceb>] worker_thread+0x6b/0x4a0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8106fc80>] ? process_one_work+0x410/0x410
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff8107574b>] kthread+0xdb/0x100
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81070101>] ? worker_thread+0x481/0x4a0
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81075670>] ? kthread_create_on_node+0x180/0x180
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff819e5882>] ret_from_fork+0x42/0x70
Jun 23 12:27:33 r9-008cln kernel:  [<ffffffff81075670>] ? kthread_create_on_node+0x180/0x180
Jun 23 12:27:33 r9-008cln kernel: Code: 48 89 e5 5d 48 8b 40 c8 48 c1 e8 02 83 e0 01 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 87 28 04 00 00 55 4
Jun 23 12:27:33 r9-008cln kernel: RIP  [<ffffffff81075dc1>] kthread_data+0x11/0x20

Comment 1 Anton Gubarkov 2015-07-27 21:27:35 UTC

As it is a regression, v4.0.6 works ok, v4.1 doesn't, I tried a bisect between them. The problem is masked by another regression fixed with 1f5014d6a77513fa7cefe30eb7791d5856c04384. A lot of my tests ended with non-funcioning bt mouse. So I attempted a second bisect between v4.0.6 and 1f5014d6a77513fa7cefe30eb7791d5856c04384.

This time I landed on 297d716f6260cc9421d971b124ca196b957ee458. My bt mouse works fine before this commit and my system is stable.

When I apply this commit, I get a panic within 30 minutes of the 1st disconnect of my bt mouse, either because it goes standby to save its battery or if I switch it off by a hardware switch. 

I have no kernel devel experience so I couldn't even dare to look for a possible reason myself, the commit is 10500 lines.

Here is my bisect log:

r9-008cln linux-stable # git bisect log
git bisect start
# bad: [5939d9dfe4406a49d8688eb827d88abcaf233c42] power: twl4030_madc_battery: Add missing MODULE_ALIAS
git bisect bad 5939d9dfe4406a49d8688eb827d88abcaf233c42
# good: [a0ce889438e8204b87d1f30f941646636e26837e] Linux 4.0.6
git bisect good a0ce889438e8204b87d1f30f941646636e26837e
# good: [c517d838eb7d07bbe9507871fab3931deccff539] Linux 4.0-rc1
git bisect good c517d838eb7d07bbe9507871fab3931deccff539
# good: [0595439a0a8740f776a0ae367a4c7f243add24ec] power: generic-adc-battery: Fix power_supply_property returned value
git bisect good 0595439a0a8740f776a0ae367a4c7f243add24ec
# bad: [ed6dad52298152a5c493223234e431f206c5a46b] x86/olpc/xo1/sci: Use newly added power_supply_put API
git bisect bad ed6dad52298152a5c493223234e431f206c5a46b
# good: [15077fc1f78488169ee5b87f553d17c1afcb1255] power_supply: ab8500: Use power_supply_*() API for accessing function attrs
git bisect good 15077fc1f78488169ee5b87f553d17c1afcb1255
# good: [b70229bca127283c3d30e5f471d30b1acccd7096] power_supply: charger-manager: Use power_supply_*() API for accessing function attrs
git bisect good b70229bca127283c3d30e5f471d30b1acccd7096
# bad: [1a352462b5377ac68f5955d674b3460c7bac52a3] power_supply: Add power_supply_put for decrementing device reference counter
git bisect bad 1a352462b5377ac68f5955d674b3460c7bac52a3
# bad: [297d716f6260cc9421d971b124ca196b957ee458] power_supply: Change ownership from driver to core
git bisect bad 297d716f6260cc9421d971b124ca196b957ee458
# first bad commit: [297d716f6260cc9421d971b124ca196b957ee458] power_supply: Change ownership from driver to core

Comment 2 Aaron Lu 2015-07-29 03:02:29 UTC

Drivers/bluetooth seems to be a better place for this bug.

Comment 3 Anton Gubarkov 2015-09-02 08:55:31 UTC

It seems that 4.2 works ok. I continue testing this newest kernel will report back.

Note You need to log in before you can comment on or make changes to this bug.