Bug 1250279 - BUG: unable to handle kernel NULL pointer dereference at....hidinput_disconnect
Summary: BUG: unable to handle kernel NULL pointer dereference at....hidinput_disconnect
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1244076 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-05 01:17 UTC by Robin Lee
Modified: 2015-08-19 08:11 UTC (History)
8 users (show)

Fixed In Version: kernel-4.1.5-100.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-19 08:04:01 UTC
Type: Bug


Attachments (Terms of Use)
Full call trace (5.28 KB, text/plain)
2015-08-05 01:19 UTC, Robin Lee
no flags Details
maybe fix (1.64 KB, application/mbox)
2015-08-07 23:44 UTC, Laura Abbott
no flags Details

Description Robin Lee 2015-08-05 01:17:32 UTC
Description of problem:
I have a USB bluetooth adapter and have a bluetooth keyboard connected. After about half an hour of inactive, the machine is not responsible for mouse and keyboard input with only Sysrq is responsible.
After cold rebooting, I found a call trace in the journal.

Aug 04 19:06:56 localhost.localdomain kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
Aug 04 19:06:56 localhost.localdomain kernel: IP: [<ffffffff81640a6e>] hidinput_disconnect+0x2e/0xb0
Aug 04 19:06:56 localhost.localdomain kernel: PGD 0 
Aug 04 19:06:56 localhost.localdomain kernel: Oops: 0000 [#1] SMP 
Aug 04 19:06:56 localhost.localdomain kernel: Modules linked in: joydev hid_lenovo hidp cmac rfcomm bnep intel_rapl ios
Aug 04 19:06:56 localhost.localdomain kernel: CPU: 1 PID: 1927 Comm: khidpd_17ef6048 Tainted: G           OE   4.1.3-20
Aug 04 19:06:56 localhost.localdomain kernel: Hardware name: LENOVO YangTianT4900v-00/ , BIOS FCKT58AUS 09/17/2014
Aug 04 19:06:56 localhost.localdomain kernel: task: ffff8801148fc520 ti: ffff8800a4890000 task.ti: ffff8800a4890000
Aug 04 19:06:56 localhost.localdomain kernel: RIP: 0010:[<ffffffff81640a6e>]  [<ffffffff81640a6e>] hidinput_disconnect+
Aug 04 19:06:56 localhost.localdomain kernel: RSP: 0018:ffff8800a4893be8  EFLAGS: 00010292
Aug 04 19:06:56 localhost.localdomain kernel: RAX: 0000000000000000 RBX: ffff8800c0c2e000 RCX: 000000010080002b
Aug 04 19:06:56 localhost.localdomain kernel: RDX: 000000010080002c RSI: ffffea0002df7300 RDI: 0000000040000000
Aug 04 19:06:56 localhost.localdomain kernel: RBP: ffff8800a4893c08 R08: 00000000b7dcc801 R09: 000000010080002b
Aug 04 19:06:56 localhost.localdomain kernel: R10: ffff8800b7dcc820 R11: 0000000000000000 R12: ffff8800c0c2f8e8
Aug 04 19:06:56 localhost.localdomain kernel: R13: ffff8800c0c2e000 R14: ffff8800c0c2e000 R15: ffff8800c0c2f8d0
Aug 04 19:06:56 localhost.localdomain kernel: FS:  0000000000000000(0000) GS:ffff88011fa80000(0000) knlGS:0000000000000
Aug 04 19:06:56 localhost.localdomain kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 04 19:06:56 localhost.localdomain kernel: CR2: 0000000000000000 CR3: 0000000001c0b000 CR4: 00000000001427e0
Aug 04 19:06:56 localhost.localdomain kernel: Stack:
Aug 04 19:06:56 localhost.localdomain kernel:  ffff8800c0c2e000 ffff8800c0c2f8e8 ffff8800c0c2e000 ffff8800c0c2f8b8
Aug 04 19:06:56 localhost.localdomain kernel:  ffff8800a4893c28 ffffffff8163d760 ffff8800c0c2e000 ffff8800c0c2f8e8
Aug 04 19:06:56 localhost.localdomain kernel:  ffff8800a4893c48 ffffffffa05f44c0 00000000fffffffc ffff8800c0c2f8e8
Aug 04 19:06:56 localhost.localdomain kernel: Call Trace:
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff8163d760>] hid_disconnect+0x80/0x90
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffffa05f44c0>] lenovo_remove+0x40/0xa0 [hid_lenovo]
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff8163d7df>] hid_device_remove+0x6f/0xe0
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff814ec167>] __device_release_driver+0x87/0x120
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff814ec223>] device_release_driver+0x23/0x30
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff814eba98>] bus_remove_device+0x108/0x180
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff814e7c21>] device_del+0x141/0x270
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff8163d8d7>] hid_destroy_device+0x27/0x60
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffffa0548b0b>] hidp_session_remove+0x4b/0xb0 [hidp]
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffffa04dbefb>] l2cap_unregister_user+0x5b/0x70 [bluetooth]
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffffa05484b0>] hidp_session_thread+0x560/0xaf0 [hidp]
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff810ce6f0>] ? wake_up_state+0x20/0x20
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff810ce6f0>] ? wake_up_state+0x20/0x20
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffffa0547f50>] ? hidp_open+0x10/0x10 [hidp]
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff810c0b88>] kthread+0xd8/0xf0
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff810c0ab0>] ? kthread_worker_fn+0x180/0x180
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff817a1e62>] ret_from_fork+0x42/0x70
Aug 04 19:06:56 localhost.localdomain kernel:  [<ffffffff810c0ab0>] ? kthread_worker_fn+0x180/0x180
Aug 04 19:06:56 localhost.localdomain kernel: Code: 00 00 55 48 89 e5 41 56 49 89 fe 41 55 41 54 53 48 8b bf b0 1b 00 0
Aug 04 19:06:56 localhost.localdomain kernel: RIP  [<ffffffff81640a6e>] hidinput_disconnect+0x2e/0xb0
Aug 04 19:06:56 localhost.localdomain kernel:  RSP <ffff8800a4893be8>
Aug 04 19:06:57 localhost.localdomain kernel: CR2: 0000000000000000
Aug 04 19:06:57 localhost.localdomain kernel: ---[ end trace bd9b3cd05a6d4871 ]---

Version-Release number of selected component (if applicable):
kernel-4.1.3-200.fc22.x86_64

How reproducible:
Seems always

Additional info:
The adapter: Bus 001 Device 002: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
The keyboard: ThinkPad Compact Bluetooth Keyboard with TrackPoint

Comment 1 Robin Lee 2015-08-05 01:19:44 UTC
Created attachment 1059290 [details]
Full call trace

Comment 2 Robin Lee 2015-08-06 01:44:28 UTC
The issue always occurs when my Bluetooth keyboard is disconnected.

Comment 3 Laura Abbott 2015-08-07 23:44:07 UTC
Created attachment 1060522 [details]
maybe fix

Can you test the attached patch? This fixes a known crash that can cause memory corruption

Comment 4 Robin Lee 2015-08-09 07:38:27 UTC
The patch fix the crash. Thank you!

Comment 5 Fedora Update System 2015-08-12 00:21:04 UTC
kernel-4.1.5-100.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/kernel-4.1.5-100.fc21

Comment 6 Fedora Update System 2015-08-12 00:23:00 UTC
kernel-4.1.5-200.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/kernel-4.1.5-200.fc22

Comment 7 H.J. Lu 2015-08-12 02:54:04 UTC
*** Bug 1244076 has been marked as a duplicate of this bug. ***

Comment 8 Fedora Update System 2015-08-13 16:54:15 UTC
Package kernel-4.1.5-100.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kernel-4.1.5-100.fc21'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-13391/kernel-4.1.5-100.fc21
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2015-08-19 08:04:01 UTC
kernel-4.1.5-200.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2015-08-19 08:11:56 UTC
kernel-4.1.5-100.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.