-
-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
linuxPackages_4_18 mouse pointer does not move when using USB mouse #45165
Comments
Reverting due to NixOS/nixpkgs#45165
hmm, that's a weird one. To my knowledge, there have not been any major USB-related changed merged into 4.18. It must be related to your device specifically, all my USB devices work just fine. |
@NeQuissimus it has always worked out of the box, with no specific drivers. |
hmm, so I don't know how much we can do there... May be a kernel thing that needs fixing upstream. Maybe somebody else has more insight into kernel drivers? |
@NeQuissimus I dual boot with Arch, I tried it there and got the same issue. This is definitely an upstream issue. I opened a bug on Arch as well: https://bugs.archlinux.org/task/59699 |
@NeQuissimus is there a guide on how can I git-bisect the kernel on NixOS to find the commit that broke my system? EDIT: I filed a bug upstream as well: https://bugzilla.kernel.org/show_bug.cgi?id=200847 |
Well, you'd have to build the kernel over and over... and we currently don't have a good way to do that anyways. You could build a derivation that pulls the kernel sources off GitHub and then change the target sha over and over. Not sure it's worth the effort :) |
That’s going to take a long while, I might bisect it in Arch. I’ll give it a week before I start on that. |
Someone else did the bisecting here and the root cause is torvalds/linux@f07b3c1. |
…on type" This partially reverts commit f07b3c1. It looks like some mice are not correctly treated by HID_QUIRK_INPUT_PER_APP. Those mice have the following report descriptor: 0x05, 0x01, // Usage Page (Generic Desktop) 0 0x09, 0x02, // Usage (Mouse) 2 0xa1, 0x01, // Collection (Application) 4 0x85, 0x01, // Report ID (1) 6 0x09, 0x01, // Usage (Pointer) 8 0xa1, 0x00, // Collection (Physical) 10 0x95, 0x05, // Report Count (5) 12 0x75, 0x01, // Report Size (1) 14 0x05, 0x09, // Usage Page (Button) 16 0x19, 0x01, // Usage Minimum (1) 18 0x29, 0x05, // Usage Maximum (5) 20 0x15, 0x00, // Logical Minimum (0) 22 0x25, 0x01, // Logical Maximum (1) 24 0x81, 0x02, // Input (Data,Var,Abs) 26 ... 0xc0, // End Collection 57 0x85, 0x02, // Report ID (2) 58 0x09, 0x01, // Usage (Consumer Control) 60 0xa1, 0x00, // Collection (Physical) 62 0x75, 0x0c, // Report Size (12) 64 0x95, 0x02, // Report Count (2) 66 0x05, 0x01, // Usage Page (Generic Desktop) 68 0x09, 0x30, // Usage (X) 70 0x09, 0x31, // Usage (Y) 72 0x16, 0x01, 0xf8, // Logical Minimum (-2047) 74 0x26, 0xff, 0x07, // Logical Maximum (2047) 77 0x81, 0x06, // Input (Data,Var,Rel) 80 0xc0, // End Collection 82 0xc0, // End Collection 83 ... Both the cursor position and the buttons are located in the same application collection (Mouse) and the kernel should only create one input device for those. However, for an undetermined reason, the kernel splits the device in 2, making systemd not tagging the second mouse with the coordinates only as a mouse. And then userspace ignores it which leads to a mouse where only the buttons are working. Until the quirk gets properly fixed, we should probably revert applying it to all of the generic devices and re-enable it when the root reason has been found. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
This patch fixes NixOS#45165 commit f07b3c1da92d ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
This patch fixes #45165 commit f07b3c1da92d ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: #45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Dede Dindin Qudsy <xtrymind@gmail.com>
GIT 96eddb8 commit 8f28b17 Author: Leon Romanovsky <leonro@mellanox.com> Date: Mon Sep 3 09:11:14 2018 +0300 RDMA/mlx4: Ensure that maximal send/receive SGE less than supported by HW In calculating the global maximum number of the Scatter/Gather elements supported, the following four maximum parameters must be taken into consideration: max_sg_rq, max_sg_sq, max_desc_sz_rq and max_desc_sz_sq. However instead of bringing this complexity to query_device, which still won't be sufficient anyway (the calculations are dependent on QP type), the safer approach will be to restore old code, which will give us 32 SGEs. Fixes: 33023fb ("IB/core: add max_send_sge and max_recv_sge attributes") Reported-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit 954a8e3 Author: Parav Pandit <parav@mellanox.com> Date: Thu Aug 30 08:35:19 2018 +0300 RDMA/cma: Protect cma dev list with lock When AF_IB addresses are used during rdma_resolve_addr() a lock is not held. A cma device can get removed while list traversal is in progress which may lead to crash. ie CPU0 CPU1 ==== ==== rdma_resolve_addr() cma_resolve_ib_dev() list_for_each() cma_remove_one() cur_dev->device mutex_lock(&lock) list_del(); mutex_unlock(&lock); cma_process_remove(); Therefore, hold a lock while traversing the list which avoids such situation. Cc: <stable@vger.kernel.org> # 3.10 Fixes: f17df3b ("RDMA/cma: Add support for AF_IB to rdma_resolve_addr()") Signed-off-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Daniel Jurgens <danielj@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit 52cf93e Author: Kai-Heng Feng <kai.heng.feng@canonical.com> Date: Thu Sep 6 10:55:18 2018 +0800 HID: i2c-hid: Don't reset device upon system resume Raydium touchscreen triggers interrupt storm after system-wide suspend: [ 179.085033] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/65535) According to Raydium, Windows driver does not reset the device after system resume. The HID over I2C spec does specify a reset should be used at intialization, but it doesn't specify if reset is required for system suspend. Tested this patch on other i2c-hid touchpanels I have and those touchpanels do work after S3 without doing reset. If any regression happens to other touchpanel vendors, we can use quirk for Raydium devices. There's still one device uses I2C_HID_QUIRK_RESEND_REPORT_DESCR so keep it there. Cc: Aaron Ma <aaron.ma@canonical.com> Cc: AceLan Kao <acelan.kao@canonical.com> Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit 08e74be Author: Parav Pandit <parav@mellanox.com> Date: Wed Sep 5 09:47:57 2018 +0300 RDMA/uverbs: Fix error cleanup path of ib_uverbs_add_one() If ib_uverbs_create_uapi() fails, dev_num should be freed from the bitmap. Fixes: 7d96c9b ("IB/uverbs: Have the core code create the uverbs_root_spec") Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit f40f299 Author: Somnath Kotur <somnath.kotur@broadcom.com> Date: Wed Sep 5 13:20:34 2018 +0530 bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces 1. DMA-able memory allocated for Shadow QP was not being freed. 2. bnxt_qplib_alloc_qp_hdr_buf() had a bug wherein the SQ pointer was erroneously pointing to the RQ. But since the corresponding free_qp_hdr_buf() was correct, memory being free was less than what was allocated. Fixes: 1ac5a40 ("RDMA/bnxt_re: Add bnxt_re RoCE driver") Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit 816e846 Author: Aaron Knister <aaron.s.knister@nasa.gov> Date: Fri Aug 24 08:42:46 2018 -0400 IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch acquires the netif tx lock in cm_rep_handler for the section where it sets the connection up and dequeues and retransmits deferred skb's. Fixes: 839fcab ("IPoIB: Connected mode experimental support") Cc: stable@vger.kernel.org Signed-off-by: Aaron Knister <aaron.s.knister@nasa.gov> Tested-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit ade573e Author: Hans de Goede <hdegoede@redhat.com> Date: Sat Aug 18 10:12:08 2018 +0200 HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Commit b0f847e ("HID: hid-sensor-hub: Force logical minimum to 1 for power and report state") not only replaced the descriptor fixup done for devices with the HID_SENSOR_HUB_ENUM_QUIRK with a generic fix, but also accidentally removed the unrelated descriptor fixup for the Lenovo ThinkPad Helix 2 sensor hub. This commit restores this fixup. Restoring this fixup not only fixes the Lenovo ThinkPad Helix 2's sensors, but also the Lenovo ThinkPad 8's sensors. Fixes: b0f847e ("HID: hid-sensor-hub: Force logical minimum ...") Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Cc: Fernando D S Lima <fernandodsl@gmail.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit b034ed5 Author: Gustavo A. R. Silva <gustavo@embeddedor.com> Date: Wed Aug 29 10:22:09 2018 -0500 HID: core: fix NULL pointer dereference There is a NULL pointer dereference in case memory resources for *parse* are not successfully allocated. Fix this by adding a new goto label and make the execution path jump to it in case vzalloc() fails. Addresses-Coverity-ID: 1473081 ("Dereference after null check") Fixes: b2dd9f2 ("HID: core: fix memory leak on probe") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit e866d3e Author: Guenter Roeck <linux@roeck-us.net> Date: Tue Aug 28 17:33:46 2018 -0700 riscv: Do not overwrite initrd_start and initrd_end setup_initrd() overwrites initrd_start and initrd_end if __initramfs_size is larger than 0, which is always true even if there is no embedded initramfs. This prevents booting qemu with "-initrd" parameter. Overwriting initrd_start and initrd_end is not necessary since __initramfs_start and __initramfs_size are used directly in populate_rootfs() to load the built-in initramfs, so just drop that code. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Palmer Dabbelt <palmer@sifive.com> commit 308aa2b Author: Steve Wise <swise@opengridcomputing.com> Date: Fri Aug 31 07:15:56 2018 -0700 iw_cxgb4: only allow 1 flush on user qps Once the qp has been flushed, it cannot be flushed again. The user qp flush logic wasn't enforcing it however. The bug can cause touch-after-free crashes like: Unable to handle kernel paging request for data at address 0x000001ec Faulting instruction address: 0xc008000016069100 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c008000016069100] flush_qp+0x80/0x480 [iw_cxgb4] LR [c00800001606cd6c] c4iw_modify_qp+0x71c/0x11d0 [iw_cxgb4] Call Trace: [c00800001606cd6c] c4iw_modify_qp+0x71c/0x11d0 [iw_cxgb4] [c00800001606e868] c4iw_ib_modify_qp+0x118/0x200 [iw_cxgb4] [c0080000119eae80] ib_security_modify_qp+0xd0/0x3d0 [ib_core] [c0080000119c4e24] ib_modify_qp+0xc4/0x2c0 [ib_core] [c008000011df0284] iwcm_modify_qp_err+0x44/0x70 [iw_cm] [c008000011df0fec] destroy_cm_id+0xcc/0x370 [iw_cm] [c008000011ed4358] rdma_destroy_id+0x3c8/0x520 [rdma_cm] [c0080000134b0540] ucma_close+0x90/0x1b0 [rdma_ucm] [c000000000444da4] __fput+0xe4/0x2f0 So fix flush_qp() to only flush the wq once. Cc: stable@vger.kernel.org Signed-off-by: Steve Wise <swise@opengridcomputing.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit e4ff3d2 Author: Artemy Kovalyov <artemyko@mellanox.com> Date: Tue Aug 28 14:40:32 2018 +0300 IB/core: Release object lock if destroy failed The object lock was supposed to always be released during destroy, but when the destruction retry series was integrated with the destroy series it created a failure path that missed the unlock. Keep with convention, if destroy fails the caller must undo all locking. Fixes: 87ad80a ("IB/uverbs: Consolidate uobject destruction") Signed-off-by: Artemy Kovalyov <artemyko@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit 0d23ba6 Author: Jann Horn <jannh@google.com> Date: Mon Sep 3 18:54:14 2018 +0200 RDMA/ucma: check fd type in ucma_migrate_id() The current code grabs the private_data of whatever file descriptor userspace has supplied and implicitly casts it to a `struct ucma_file *`, potentially causing a type confusion. This is probably fine in practice because the pointer is only used for comparisons, it is never actually dereferenced; and even in the comparisons, it is unlikely that a file from another filesystem would have a ->private_data pointer that happens to also be valid in this context. But ->private_data is not always guaranteed to be a valid pointer to an object owned by the file's filesystem; for example, some filesystems just cram numbers in there. Check the type of the supplied file descriptor to be safe, analogous to how other places in the kernel do it. Fixes: 88314e4 ("RDMA/cma: add support for rdma_migrate_id()") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> commit 0d6c301 Author: Benjamin Tissoires <benjamin.tissoires@redhat.com> Date: Tue Sep 4 15:31:14 2018 +0200 HID: core: fix grouping by application commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit ec6adef Author: Benjamin Tissoires <benjamin.tissoires@redhat.com> Date: Tue Sep 4 15:31:12 2018 +0200 HID: multitouch: fix Elan panels with 2 input modes declaration When implementing commit 7f81c8d ("HID: multitouch: simplify the settings of the various features"), I wrongly removed a test that made sure we never try to set the second InputMode feature to something else than 0. This broke badly some recent Elan panels that now forget to send the click button in some area of the touchpad. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200899 Fixes: 7f81c8d ("HID: multitouch: simplify the settings of the various features") Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit c77a2fa Author: Nilesh Javali <nilesh.javali@cavium.com> Date: Wed Aug 29 23:55:53 2018 -0700 scsi: qedi: Add the CRC size within iSCSI NVM image The QED driver commit, 1ac4329 ("qed: Add configuration information to register dump and debug data"), removes the CRC length validation causing nvm_get_image failure while loading qedi driver: [qed_mcp_get_nvm_image:2700(host_10-0)]Image [0] is too big - 00006008 bytes where only 00006004 are available [qedi_get_boot_info:2253]:10: Could not get NVM image. ret = -12 Hence add and adjust the CRC size to iSCSI NVM image to read boot info at qedi load time. Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> commit 05a86e7 Author: Mike Christie <mchristi@redhat.com> Date: Mon Aug 27 14:45:16 2018 -0500 scsi: iscsi: target: Fix conn_ops double free If iscsi_login_init_conn fails it can free conn_ops. __iscsi_target_login_thread will then call iscsi_target_login_sess_out which will also free it. This fixes the problem by organizing conn allocation/setup into parts that are needed through the life of the conn and parts that are only needed for the login. The free functions then release what was allocated in the alloc functions. With this patch we have: iscsit_alloc_conn/iscsit_free_conn - allocs/frees the conn we need for the entire life of the conn. iscsi_login_init_conn/iscsi_target_nego_release - allocs/frees the parts of the conn that are only needed during login. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> commit 7915919 Author: Vincent Pelletier <plr.vincent@gmail.com> Date: Mon Aug 27 14:45:15 2018 -0500 scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Fixes a use-after-free reported by KASAN when later iscsi_target_login_sess_out gets called and it tries to access conn->sess->se_sess: Disabling lock debugging due to kernel taint iSCSI Login timeout on Network Portal [::]:3260 iSCSI Login negotiation failed. ================================================================== BUG: KASAN: use-after-free in iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod] Read of size 8 at addr ffff880109d070c8 by task iscsi_np/980 CPU: 1 PID: 980 Comm: iscsi_np Tainted: G O 4.17.8kasan.sess.connops+ #4 Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 05/19/2014 Call Trace: dump_stack+0x71/0xac print_address_description+0x65/0x22e ? iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod] kasan_report.cold.6+0x241/0x2fd iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod] iscsi_target_login_thread+0x1086/0x1710 [iscsi_target_mod] ? __sched_text_start+0x8/0x8 ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod] ? __kthread_parkme+0xcc/0x100 ? parse_args.cold.14+0xd3/0xd3 ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod] kthread+0x1a0/0x1c0 ? kthread_bind+0x30/0x30 ret_from_fork+0x35/0x40 Allocated by task 980: kasan_kmalloc+0xbf/0xe0 kmem_cache_alloc_trace+0x112/0x210 iscsi_target_login_thread+0x816/0x1710 [iscsi_target_mod] kthread+0x1a0/0x1c0 ret_from_fork+0x35/0x40 Freed by task 980: __kasan_slab_free+0x125/0x170 kfree+0x90/0x1d0 iscsi_target_login_thread+0x1577/0x1710 [iscsi_target_mod] kthread+0x1a0/0x1c0 ret_from_fork+0x35/0x40 The buggy address belongs to the object at ffff880109d06f00 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 456 bytes inside of 512-byte region [ffff880109d06f00, ffff880109d07100) The buggy address belongs to the page: page:ffffea0004274180 count:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 flags: 0x17fffc000008100(slab|head) raw: 017fffc000008100 0000000000000000 0000000000000000 00000001000c000c raw: dead000000000100 dead000000000200 ffff88011b002e00 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880109d06f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880109d07000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff880109d07080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff880109d07100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880109d07180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com> [rebased against idr/ida changes and to handle ret review comments from Matthew] Signed-off-by: Mike Christie <mchristi@redhat.com> Cc: Matthew Wilcox <willy@infradead.org> Reviewed-by: Matthew Wilcox <willy@infradead.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> commit 43822c9 Author: Harry Mallon <hjmallon@gmail.com> Date: Tue Aug 28 22:51:29 2018 +0100 HID: hid-saitek: Add device ID for RAT 7 Contagion Signed-off-by: Harry Mallon <hjmallon@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit b2dd9f2 Author: Stefan Agner <stefan@agner.ch> Date: Tue Aug 28 13:29:54 2018 +0200 HID: core: fix memory leak on probe The dynamically allocted collection stack does not get freed in all situations. Make sure to also free the collection stack when using the parser in hid_open_report(). Fixes: 08a8a7c ("HID: core: do not upper bound the collection stack") Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit e38c0ac Author: Stefan Agner <stefan@agner.ch> Date: Tue Aug 28 13:29:55 2018 +0200 HID: input: fix leaking custom input node name Make sure to free the custom input node name on disconnect. Cc: stable@vger.kernel.org # v4.18+ Fixes: c554bb0 ("HID: input: append a suffix matching the application") Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit ee34549 Author: Sean O'Brien <seobrien@chromium.org> Date: Mon Aug 27 13:02:15 2018 -0700 HID: add support for Apple Magic Keyboards USB device Vendor 05ac (Apple) Device 026c (Magic Keyboard with Numeric Keypad) Bluetooth devices Vendor 004c (Apple) Device 0267 (Magic Keyboard) Device 026c (Magic Keyboard with Numeric Keypad) Support already exists for the Magic Keyboard over USB connection. Add support for the Magic Keyboard over Bluetooth connection, and for the Magic Keyboard with Numeric Keypad over Bluetooth and USB connection. Signed-off-by: Sean O'Brien <seobrien@chromium.org> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit fb6acf7 Author: AceLan Kao <acelan.kao@canonical.com> Date: Tue Aug 21 16:55:13 2018 +0800 HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen The incomplete report flooded after S3 and touchscreen becomes malfunctioned. [ 1367.646244] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/18785) [ 1367.649471] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/28743) [ 1367.651092] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/26757) [ 1367.652658] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/52280) [ 1367.654287] i2c_hid i2c-CUST0000:00: i2c_hid_get_input: incomplete report (58/56059) Adding device ID, 04F3:30CC, to the quirk to re-send report description after resume. Cc: stable@vger.kernel.org Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> commit e0ab8b2 Author: Andreas Bosch <linux@progandy.de> Date: Fri Aug 17 22:16:00 2018 +0200 HID: intel-ish-hid: Enable Sunrise Point-H ish driver Added PCI ID for Sunrise Point-H ISH. Signed-off-by: Andreas Bosch <linux@progandy.de> Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
commit 0d6c301 upstream. commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0d6c301 upstream. commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
BugLink: https://bugs.launchpad.net/bugs/1793682 commit 0d6c301 upstream. commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
commit f07b3c1 ("HID: generic: create one input report per application type") was effectively the same as MULTI_INPUT: hidinput->report was never set, so hidinput_match_application() always returned null. Fix that by testing against the real application. Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward compatibility on all non-Win8 touchscreens. link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 link: https://bugs.archlinux.org/task/59699 link: NixOS/nixpkgs#45165 Cc: stable@vger.kernel.org # v4.18+ Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Change-Id: Iefd7eba00764d7cf435db30e0f5b919d34026f89
Issue description
After rebuilding my system with on the latest master, my USB mouse stopped moving, although the buttons and the scrolling remained functional. The mouse moves if I use the touchpad.
I tracked it to the commit 9236990 which updated the kernel to 4.18.
Steps to reproduce
Setup your nixpkgs at 9236990 and run
nixos-rebuild boot
Technical details
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste theresults.
"x86_64-linux"
Linux 4.18.1, NixOS, 18.09.git.ed2148b5af8 (Jellyfish)
yes
yes
nix-env (Nix) 2.0.4
"nixos"
"nixos-18.09pre145679.dae9cf6106d"
/code/personal/base/src/github.com/kalbasit/system/external/nixpkgs
UDEV info about the device in question
cc @NeQuissimus
The text was updated successfully, but these errors were encountered: