Ubuntu
linux package

Regression: kernel bug upon keyboard disconnect

Bug #2073001 reported by Kostadin Stoilov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Medium
En-Wei Wu

Bug Description

On a Dell Venue 7140 tablet with the keyboard/touchpad/battery dock when disconnecting the dock there is a kernel bug observed in dmesg:

[ 83.719050] usb 1-4: USB disconnect, device number 3
[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event
[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17
[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event
[ 83.861872] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17'
[ 83.861874] CPU: 2 PID: 1161 Comm: kworker/2:4 Not tainted 6.8.0-40-generic #40-Ubuntu
[ 83.861877] Hardware name: Dell Inc. Venue 11 Pro 7140/0XMVMH, BIOS A20 11/18/2019
[ 83.861879] Workqueue: kacpi_notify acpi_os_execute_deferred
[ 83.861885] Call Trace:
[ 83.861887] <TASK>
[ 83.861890] dump_stack_lvl+0x76/0xa0
[ 83.861894] dump_stack+0x10/0x20
[ 83.861897] sysfs_warn_dup+0x8a/0xb0
[ 83.861901] sysfs_create_dir_ns+0xe0/0x100
[ 83.861905] kobject_add_internal+0xa8/0x2f0
[ 83.861908] kobject_add+0x93/0x100
[ 83.861912] ? get_device_parent+0xd0/0x210
[ 83.861917] device_add+0xe0/0x740
[ 83.861919] input_register_device+0xe8/0x370
[ 83.861924] notify_handler+0x12e/0x1a0 [intel_vbtn]
[ 83.861930] acpi_ev_notify_dispatch+0x59/0xa0
[ 83.861934] acpi_os_execute_deferred+0x1a/0x40
[ 83.861937] process_one_work+0x16f/0x350
[ 83.861941] worker_thread+0x306/0x440
[ 83.861945] ? _raw_spin_lock_irqsave+0xe/0x20
[ 83.861948] ? __pfx_worker_thread+0x10/0x10
[ 83.861951] kthread+0xf2/0x120
[ 83.861954] ? __pfx_kthread+0x10/0x10
[ 83.861956] ret_from_fork+0x47/0x70
[ 83.861959] ? __pfx_kthread+0x10/0x10
[ 83.861962] ret_from_fork_asm+0x1b/0x30
[ 83.861965] </TASK>
[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don't try to register things with the same name in the same directory.
[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018
[ 83.877347] #PF: supervisor read access in kernel mode
[ 83.877350] #PF: error_code(0x0000) - not-present page
[ 83.877353] PGD 0 P4D 0
[ 83.877358] Oops: 0000 [#1] PREEMPT SMP PTI
[ 83.877362] CPU: 2 PID: 56 Comm: kworker/2:1 Not tainted 6.8.0-40-generic #40-Ubuntu
[ 83.877366] Hardware name: Dell Inc. Venue 11 Pro 7140/0XMVMH, BIOS A20 11/18/2019
[ 83.877369] Workqueue: kacpi_notify acpi_os_execute_deferred
[ 83.877378] RIP: 0010:klist_add_tail+0x2a/0x80
[ 83.877385] Code: 55 48 89 e5 41 55 4c 8d 6f 08 41 54 49 89 fc 53 48 89 f3 48 89 37 83 e6 01 4c 89 6f 08 4c 89 6f 10 c7 47 18 01 00 00 00 75 4d <48> 8b 43 18 48 85 c0 74 08 4c 89 e7 e8 85 38 0c 00 48 89 df e8 dd
[ 83.877389] RSP: 0018:ffffb6dec022bc98 EFLAGS: 00010246
[ 83.877393] RAX: ffff96b9c82fbc00 RBX: 0000000000000000 RCX: 0000000000000000
[ 83.877396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff96b9c82fbc28
[ 83.877399] RBP: ffffb6dec022bcb0 R08: 0000000000000000 R09: 0000000000000000
[ 83.877402] R10: 0000000000000000 R11: 0000000000000000 R12: ffff96b9c82fbc28
[ 83.877406] R13: ffff96b9c82fbc30 R14: 0000000000000000 R15: ffff96ba13371090
[ 83.877409] FS: 0000000000000000(0000) GS:ffff96bad6500000(0000) knlGS:0000000000000000
[ 83.877413] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 83.877416] CR2: 0000000000000018 CR3: 000000010d080005 CR4: 00000000003706f0
[ 83.877419] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 83.877422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 83.877424] Call Trace:
[ 83.877428] <TASK>
[ 83.877432] ? show_regs+0x6d/0x80
[ 83.877438] ? __die+0x24/0x80
[ 83.877442] ? page_fault_oops+0x99/0x1b0
[ 83.877448] ? do_user_addr_fault+0x2e2/0x670
[ 83.877453] ? exc_page_fault+0x83/0x1b0
[ 83.877459] ? asm_exc_page_fault+0x27/0x30
[ 83.877468] ? klist_add_tail+0x2a/0x80
[ 83.877473] device_add+0x590/0x740
[ 83.877479] cdev_device_add+0x4e/0xc0
[ 83.877483] ? cdev_init+0x56/0x70
[ 83.877488] evdev_connect+0x1a9/0x210
[ 83.877493] input_attach_handler.isra.0+0x84/0xc0
[ 83.877498] input_register_device+0x231/0x370
[ 83.877505] notify_handler+0x12e/0x1a0 [intel_vbtn]
[ 83.877514] acpi_ev_notify_dispatch+0x59/0xa0
[ 83.877520] acpi_os_execute_deferred+0x1a/0x40
[ 83.877525] process_one_work+0x16f/0x350
[ 83.877532] worker_thread+0x306/0x440
[ 83.877537] ? _raw_spin_lock_irqsave+0xe/0x20
[ 83.877542] ? __pfx_worker_thread+0x10/0x10
[ 83.877547] kthread+0xf2/0x120
[ 83.877551] ? __pfx_kthread+0x10/0x10
[ 83.877555] ret_from_fork+0x47/0x70
[ 83.877560] ? __pfx_kthread+0x10/0x10
[ 83.877564] ret_from_fork_asm+0x1b/0x30
[ 83.877571] </TASK>
[ 83.877572] Modules linked in: ccm rfcomm snd_seq_dummy snd_hrtimer qrtr cmac algif_hash algif_skcipher af_alg bnep lz4 lz4_compress zram x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_hdmi spi_nor kvm_intel mtd kvm dell_laptop spi_intel_platform btusb snd_soc_bdw_rt286 mei_hdcp mei_pxp intel_rapl_msr spi_intel dell_wmi btrtl irqbypass iwlmvm hid_sensor_gyro_3d hid_sensor_als i915 hid_sensor_incl_3d hid_sensor_accel_3d hid_sensor_magn_3d mac80211 dell_smbios hid_sensor_rotation hid_sensor_trigger industrialio_triggered_buffer rapl snd_sof_acpi_intel_bdw btintel dcdbas snd_sof_acpi ledtrig_audio btbcm libarc4 kfifo_buf dell_wmi_descriptor hid_sensor_iio_common drm_buddy btmtk intel_cstate snd_sof_xtensa_dsp uvcvideo wmi_bmof snd_soc_rt298 videobuf2_vmalloc industrialio snd_sof uvc iwlwifi bluetooth processor_thermal_device_pci_legacy videobuf2_memops ttm snd_sof_utils i2c_i801 videobuf2_v4l2 snd_soc_acpi_intel_match i2c_smbus drm_display_helper videodev processor_thermal_device cec snd_soc_catpt cfg80211
[ 83.877666] processor_thermal_wt_hint mei_me processor_thermal_rfim videobuf2_common processor_thermal_rapl ecdh_generic mei mc snd_soc_acpi ecc rc_core snd_hda_intel snd_soc_rt286 intel_rapl_common binfmt_misc snd_hda_codec snd_intel_dspcfg lpc_ich snd_intel_sdw_acpi snd_soc_rl6347a i2c_algo_bit processor_thermal_wt_req snd_soc_core snd_hda_core processor_thermal_power_floor snd_hwdep snd_compress ac97_bus snd_pcm_dmaengine processor_thermal_mbox intel_soc_dts_iosf snd_pcm snd_seq_midi snd_seq_midi_event nls_iso8859_1 snd_rawmidi intel_vbtn snd_seq sparse_keymap int3403_thermal soc_button_array int340x_thermal_zone snd_seq_device snd_timer snd soundcore intel_pmc_core intel_vsec pmt_telemetry int3400_thermal pmt_class acpi_pad acpi_thermal_rel input_leds joydev mac_hid serio_raw msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 usbhid dm_crypt hid_sensor_custom crct10dif_pclmul crc32_pclmul polyval_clmulni xhci_pci polyval_generic video ghash_clmulni_intel ahci hid_multitouch
[ 83.877753] hid_sensor_hub hid_generic sha256_ssse3 sha1_ssse3 xhci_pci_renesas libahci dw_dmac i2c_hid_acpi wmi i2c_hid hid dw_dmac_core aesni_intel crypto_simd cryptd
[ 83.877774] CR2: 0000000000000018
[ 83.877778] ---[ end trace 0000000000000000 ]---
[ 85.086831] i2c_designware INT3432:00: controller timed out
[ 85.638153] RIP: 0010:klist_add_tail+0x2a/0x80
[ 85.638174] Code: 55 48 89 e5 41 55 4c 8d 6f 08 41 54 49 89 fc 53 48 89 f3 48 89 37 83 e6 01 4c 89 6f 08 4c 89 6f 10 c7 47 18 01 00 00 00 75 4d <48> 8b 43 18 48 85 c0 74 08 4c 89 e7 e8 85 38 0c 00 48 89 df e8 dd
[ 85.638178] RSP: 0018:ffffb6dec022bc98 EFLAGS: 00010246
[ 85.638183] RAX: ffff96b9c82fbc00 RBX: 0000000000000000 RCX: 0000000000000000
[ 85.638186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff96b9c82fbc28
[ 85.638189] RBP: ffffb6dec022bcb0 R08: 0000000000000000 R09: 0000000000000000
[ 85.638191] R10: 0000000000000000 R11: 0000000000000000 R12: ffff96b9c82fbc28
[ 85.638193] R13: ffff96b9c82fbc30 R14: 0000000000000000 R15: ffff96ba13371090
[ 85.638196] FS: 0000000000000000(0000) GS:ffff96bad6500000(0000) knlGS:0000000000000000
[ 85.638198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.638201] CR2: 0000000000000018 CR3: 000000010d080005 CR4: 00000000003706f0
[ 85.638206] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 85.638208] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 85.638211] note: kworker/2:1[56] exited with irqs disabled

After unplugging the system the following things don't work at all:

1. Suspend to idle - the system simply hangs
2. Poweroff normally (the only way is forcing it via long press the power button)
3. USB ports: both the USB port on the tablet and also plugging in the keyboard again

If the system is booted with the keyboard attached and it is never disconnected, the issue is not observed.

This is a regression somewhere between versions 6.5.0-35 and 6.8.0-36.

The issue is observed on 6.8.0-36, 6.8.0.38 and 6.8.0-40

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linux-image-6.8.0-40-generic 6.8.0-40.40
ProcVersionSignature: Ubuntu 6.8.0-40.40-generic 6.8.12
Uname: Linux 6.8.0-40-generic x86_64
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/seq: kstoilov 2381 F.... pipewire
 /dev/snd/controlC1: kstoilov 2381 F.... pipewire
                      kstoilov 2389 F.... wireplumber
CRDA: N/A
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Fri Jul 12 21:39:21 2024
InstallationDate: Installed on 2021-12-11 (944 days ago)
InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
MachineType: Dell Inc. Venue 11 Pro 7140
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.8.0-40-generic root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-6.8.0-40-generic N/A
 linux-backports-modules-6.8.0-40-generic N/A
 linux-firmware 20240318.git3b128b60-0ubuntu2.1
SourcePackage: linux
UpgradeStatus: Upgraded to noble on 2024-05-22 (51 days ago)
dmi.bios.date: 11/18/2019
dmi.bios.release: 65.20
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A20
dmi.board.name: 0XMVMH
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 8
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA20:bd11/18/2019:br65.20:svnDellInc.:pnVenue11Pro7140:pvr:rvnDellInc.:rn0XMVMH:rvrA00:cvnDellInc.:ct8:cvr:sku066B:
dmi.product.name: Venue 11 Pro 7140
dmi.product.sku: 066B
dmi.sys.vendor: Dell Inc.

Revision history for this message
Kostadin Stoilov (kmstoilov) wrote :
Revision history for this message
AaronMa (mapengyu) wrote :

@kmstoilov
Could you try mainline build kernel version[1] to find out which is the first version that introduced the regression?

Like first try v6.8, v6.9 and v6.10-rc4.

Thanks.

[1] https://kernel.ubuntu.com/mainline/

Anthony Wong (anthonywong)
Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
AaronMa (mapengyu) wrote :

@En-Wei

Could you try check this issue too?

Revision history for this message
En-Wei Wu (rickywu) wrote :

@AaronMa Sure

Revision history for this message
AceLan Kao (acelankao) wrote :

From the log, looks like intel_vbtn driver treats the undock/disconnect event as a switch event, and then starts to register input-dev again.

[ 83.861917] device_add+0xe0/0x740
[ 83.861919] input_register_device+0xe8/0x370
[ 83.861924] notify_handler+0x12e/0x1a0 [intel_vbtn]

We need to check below commits after v6.5+ to see if there is any changes that may lead to this behavior.

41ab81ce8490 platform/x86/intel: add missing MODULE_DESCRIPTION() macros
ea5f6ad9ad96 Merge tag 'platform-drivers-x86-v6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
434e5781d8cd platform/x86: intel-vbtn: Update tablet mode switch at end of probe
868adf8a2917 platform/x86: intel-vbtn: Use acpi_has_method to check for switch
7ad58be75fcd platform/x86: intel-vbtn: Log event code on unexpected button events
84c16d01ff21 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
14c200b7ca46 platform/x86: intel-vbtn: Fix missing tablet-mode-switch events

Anthony Wong (anthonywong)
Changed in linux (Ubuntu):
assignee: nobody → En-Wei Wu (rickywu)
Revision history for this message
En-Wei Wu (rickywu) wrote (last edit ):

Seems like intel_vbtn didn't recognize the switch in the initial setup code. When switch disconnect event occurred, the code ran into the following block:

if (!priv->has_switches) {
    /* See dual_accel_detect.h for more info */
    if (priv->dual_accel)
        return;

    dev_info(&device->dev, "Registering Intel Virtual Switches input-dev after receiving a switch event\n");
    ret = input_register_device(priv->switches_dev);
    if (ret)
        return;
    priv->has_switches = true;
}

Revision history for this message
En-Wei Wu (rickywu) wrote (last edit ):

Hi @kmstoilov,

I have written a patch and built a kernel with the patch. Could you please try this kernel?
Link: https://people.canonical.com/~rickywu/lp:2073001/

Anthony Wong (anthonywong)
tags: added: regression-release
Anthony Wong (anthonywong)
Changed in linux (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Kostadin Stoilov (kmstoilov) wrote :

Hi @rickywu,

I tried your kernel and it works. No errors in dmesg all I get is:

usb 1-4: USB disconnect, device number 3

s2idle works fine.

poweroff also works fine.

Revision history for this message
En-Wei Wu (rickywu) wrote :

Hi @kmstoilov,

Thank you for testing. The upstream maintainer has a more general fix, and I have built a test kernel on top of 6.10 and the maintainer's patch (without my patch):

https://people.canonical.com/~rickywu/lp:2073001/maintainer_patch/

Could you please test this kernel? Thanks.

Revision history for this message
Kostadin Stoilov (kmstoilov) wrote :

Hi @rickywu,

The maintainer patch also works. I am attaching a dmesg log with several connect/disconnect and suspend/resumes.

There seems to be a separate issue, I will probably file another bug for that if you think it's more appropriate.

If you connect the dock, suspend and resume afterwards with the dock connected, the system thinks that it is in 'tablet' mode and the touchpad does not work. The 'autorotate' option in Gnome Shell is displayed.

The workaround is to disconnect the dock and reconnect it again - the system is in the correct mode.

Both the maintainer patch and your patch kernel exhibit the same behaviour.

Revision history for this message
Kostadin Stoilov (kmstoilov) wrote :

Can confirm the issue with going into 'tablet' mode after suspend/resume is also present in the 6.5 series, so I will file a separate issue for that.

The original kernel bug when disconnecting the keyboard dock is fixed with the maintainer patch.

Revision history for this message
En-Wei Wu (rickywu) wrote (last edit ):

Hi @kmstoilov,

Thank you for your quick reply and testing. Please file another bug and we'll work on it. Thanks.

En-Wei Wu (rickywu)
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.