Kernel panics in ipts when shutting down

Description of the bug or feature

As the title says, but this only happened once. Possible use-after-free?

Environment

Hardware model: Surface Pro 5
Kernel version: Linux SurfacePro-6846 6.3.7-surface #1 SMP PREEMPT_DYNAMIC Wed Jun 14 12:57:39 UTC 2023 x86_64 GNU/Linux
Distribution: Debian GNU/Linux trixie/sid x86_64

`dmesg` output

[dmesg.txt](https://github.com/linux-surface/linux-surface/files/11988807/dmesg.txt) ``` ... truncated, see attached file for full dmesg [ 23.291185] surface_serial_hub serial0-0: rx: parser: invalid start of frame, skipping [ 23.292266] surface_serial_hub serial0-0: rx: parser: invalid start of frame, skipping [ 23.293346] surface_serial_hub serial0-0: rx: parser: invalid start of frame, skipping [ 23.294473] surface_serial_hub serial0-0: rx: parser: invalid start of frame, skipping [ 23.304661] dptf_power INT3407:00: Unsupported event [0x82] [ 312.066874] warning: `kded5' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 317.815595] Bluetooth: RFCOMM TTY layer initialized [ 317.815619] Bluetooth: RFCOMM socket layer initialized [ 317.815638] Bluetooth: RFCOMM ver 1.11 [ 320.539537] audit: type=1400 audit(1688735077.901:49): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/sys/devices/system/node/" pid=4960 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 320.541239] audit: type=1400 audit(1688735077.905:50): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/home/ishland/" pid=4960 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [ 320.541650] audit: type=1400 audit(1688735077.905:51): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/sys/bus/nd/devices/" pid=4960 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 320.741156] audit: type=1400 audit(1688735078.104:52): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/sys/devices/system/node/" pid=4968 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 320.741584] audit: type=1400 audit(1688735078.104:53): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/home/ishland/" pid=4968 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [ 320.741605] audit: type=1400 audit(1688735078.104:54): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/sys/bus/nd/devices/" pid=4968 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 320.962424] audit: type=1400 audit(1688735078.324:55): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/sys/block/" pid=4968 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 321.001830] audit: type=1400 audit(1688735078.364:56): apparmor="DENIED" operation="open" class="file" profile="mariadbd_akonadi" name="/sys/devices/pci0000:00/0000:00:1d.0/0000:02:00.0/nvme/nvme0/nvme0n1/queue/physical_block_size" pid=4968 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 3966.439837] hid-generic 0005:045E:0921.0004: item fetching failed at offset 43/44 [ 3966.439850] hid-generic: probe of 0005:045E:0921.0004 failed with error -22 [ 4203.091503] hid-generic 0005:045E:0921.0005: item fetching failed at offset 43/44 [ 4203.091522] hid-generic: probe of 0005:045E:0921.0005 failed with error -22 [ 4869.902978] hid-generic 0005:045E:0921.0006: item fetching failed at offset 43/44 [ 4869.902998] hid-generic: probe of 0005:045E:0921.0006 failed with error -22 [ 5370.147697] hid-generic 0005:045E:0921.0007: item fetching failed at offset 43/44 [ 5370.147735] hid-generic: probe of 0005:045E:0921.0007 failed with error -22 [ 5644.721181] hid-generic 0005:045E:0921.0008: item fetching failed at offset 43/44 [ 5644.721238] hid-generic: probe of 0005:045E:0921.0008 failed with error -22 [10844.874897] audit: type=1400 audit(1688745601.983:57): apparmor="DENIED" operation="capable" class="cap" profile="/usr/sbin/cupsd" pid=15742 comm="cupsd" capability=12 capname="net_admin" [12436.682599] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS [12436.696060] ------------[ cut here ]------------ [12436.696067] refcount_t: addition on 0; use-after-free. [12436.696081] WARNING: CPU: 1 PID: 1049 at lib/refcount.c:25 refcount_warn_saturate+0x7a/0x110 [12436.696093] Modules linked in: uhid rfcomm tls snd_seq_dummy snd_hrtimer snd_seq snd_seq_device xt_nat veth xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter nft_masq nft_chain_nat nf_nat bridge stp llc qrtr overlay cmac algif_hash algif_skcipher af_alg bnep zstd btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence input_leds snd_sof_intel_hda snd_sof_pci ip6t_REJECT snd_sof_xtensa_dsp nf_reject_ipv6 snd_sof xt_hl snd_sof_utils ip6_tables soundwire_bus intel_tcc_cooling ip6t_rt x86_pkg_temp_thermal snd_soc_avs intel_powerclamp snd_soc_hda_codec coretemp snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core kvm_intel snd_soc_sst_ipc ipt_REJECT nf_reject_ipv4 snd_soc_sst_dsp kvm hid_multitouch xt_LOG snd_soc_acpi_intel_match nf_log_syslog snd_soc_acpi snd_hda_codec_hdmi xt_multiport snd_soc_core irqbypass crct10dif_pclmul snd_hda_codec_realtek snd_hda_codec_generic nft_limit snd_compress [12436.696189] polyval_clmulni ledtrig_audio ac97_bus polyval_generic snd_pcm_dmaengine ghash_clmulni_intel sha512_ssse3 snd_hda_intel xt_limit snd_intel_dspcfg aesni_intel snd_intel_sdw_acpi xt_addrtype crypto_simd snd_hda_codec xt_tcpudp joydev cryptd snd_hda_core xt_conntrack snd_hwdep surface_platform_profile dw9719 rapl mei_pxp mei_hdcp nf_conntrack ipts binfmt_misc platform_profile snd_pcm intel_rapl_msr hid_sensor_rotation hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_als mwifiex_pcie processor_thermal_device_pci_legacy intel_cstate nf_defrag_ipv6 gpio_keys tcp_bbr ipu3_imgu(C) ipu3_cio2 snd_timer hid_sensor_trigger processor_thermal_device mwifiex nf_defrag_ipv4 pcspkr videobuf2_dma_sg surface_gpe snd industrialio_triggered_buffer processor_thermal_rfim ov8865 ov5693 ov7251 mei_me nft_compat intel_skl_int3472_tps68470 msr cfg80211 videobuf2_memops soundcore kfifo_buf 8250_dw processor_thermal_mbox v4l2_fwnode mei tps68470_regulator parport_pc nf_tables videobuf2_v4l2 hid_sensor_iio_common [12436.696285] processor_thermal_rapl intel_rapl_common v4l2_async ppdev intel_pch_thermal clk_tps68470 industrialio nfnetlink videobuf2_common intel_soc_dts_iosf videodev intel_xhci_usb_role_switch mc intel_skl_int3472_discrete int3400_thermal lp int3403_thermal surfacepro3_button nls_iso8859_1 surface_acpi_notify surface_aggregator_registry soc_button_array acpi_tad acpi_pad dptf_power acpi_thermal_rel int340x_thermal_zone mac_hid parport efi_pstore dmi_sysfs ip_tables x_tables autofs4 btrfs xor raid6_pq libcrc32c hid_sensor_hub uas usb_storage intel_ishtp_hid hid_generic usbhid hid i915 drm_buddy i2c_algo_bit ttm drm_display_helper cec rc_core drm_kms_helper syscopyarea sysfillrect sysimgblt intel_lpss_pci nvme intel_ish_ipc intel_lpss xhci_pci video crc32_pclmul nvme_core drm intel_ishtp idma64 xhci_pci_renesas wmi nvme_common surface_aggregator pinctrl_sunrisepoint [12436.696369] CPU: 1 PID: 1049 Comm: iptsd Kdump: loaded Tainted: G C 6.3.7-surface #1 [12436.696375] Hardware name: Microsoft Corporation Surface Pro/Surface Pro, BIOS 238.167.768 05.07.2014 [12436.696377] RIP: 0010:refcount_warn_saturate+0x7a/0x110 [12436.696386] Code: 01 e8 ca 6f 9e ff 0f 0b 5d c3 cc cc cc cc 80 3d 9a 90 5e 01 00 75 c9 48 c7 c7 a8 0c 36 9b c6 05 8a 90 5e 01 01 e8 a6 6f 9e ff <0f> 0b 5d c3 cc cc cc cc 80 3d 78 90 5e 01 00 75 a5 48 c7 c7 80 0c [12436.696390] RSP: 0018:ffffacee00f87cc0 EFLAGS: 00010282 [12436.696394] RAX: 0000000000000000 RBX: ffff93618c9415e8 RCX: 0000000000000027 [12436.696398] RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9362e74a0548 [12436.696401] RBP: ffffacee00f87cc0 R08: 0000000000000000 R09: ffffacee00f87b28 [12436.696404] R10: 0000000000000001 R11: 0000000000000001 R12: ffff9361aa1e9a00 [12436.696407] R13: ffff9361aa1e9a28 R14: ffff93619411fdf8 R15: 0000000000000002 [12436.696409] FS: 00007fd55f6a5740(0000) GS:ffff9362e7480000(0000) knlGS:0000000000000000 [12436.696413] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [12436.696416] CR2: 000055b72c7b8370 CR3: 000000010ce46002 CR4: 00000000003706e0 [12436.696419] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [12436.696422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [12436.696425] Call Trace: [12436.696427] [12436.696431] ? show_regs+0x68/0x70 [12436.696436] ? refcount_warn_saturate+0x7a/0x110 [12436.696441] ? __warn+0x8f/0x150 [12436.696447] ? refcount_warn_saturate+0x7a/0x110 [12436.696452] ? report_bug+0x1c2/0x1d0 [12436.696458] ? console_unlock+0x74/0xd0 [12436.696462] ? irq_work_queue+0x10/0x50 [12436.696467] ? handle_bug+0x46/0x80 [12436.696473] ? exc_invalid_op+0x19/0x70 [12436.696478] ? asm_exc_invalid_op+0x1b/0x20 [12436.696484] ? refcount_warn_saturate+0x7a/0x110 [12436.696490] kthread_stop+0x18d/0x1a0 [12436.696496] ipts_thread_stop+0x32/0x60 [ipts] [12436.696505] ipts_receiver_stop+0x22/0x60 [ipts] [12436.696514] _ipts_control_stop+0x2f/0xd0 [ipts] [12436.696522] ipts_control_restart+0x13/0x40 [ipts] [12436.696529] ipts_hid_raw_request+0x1cd/0x250 [ipts] [12436.696537] hid_hw_raw_request+0x3d/0x50 [hid] [12436.696549] hidraw_send_report+0xa2/0x150 [hid] [12436.696563] hidraw_ioctl+0x25a/0x3a0 [hid] [12436.696575] __x64_sys_ioctl+0x92/0xd0 [12436.696581] do_syscall_64+0x59/0x90 [12436.696587] ? syscall_exit_to_user_mode+0x26/0x50 [12436.696592] ? do_syscall_64+0x69/0x90 [12436.696596] ? exit_to_user_mode_prepare+0x3d/0x190 [12436.696602] ? do_user_addr_fault+0x1e5/0x6e0 [12436.696607] ? irqentry_exit_to_user_mode+0x9/0x20 [12436.696611] ? irqentry_exit+0x3b/0x50 [12436.696616] ? exc_page_fault+0x87/0x180 [12436.696620] entry_SYSCALL_64_after_hwframe+0x72/0xdc [12436.696625] RIP: 0033:0x7fd55f23c4eb [12436.696629] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [12436.696633] RSP: 002b:00007ffe7fcb4ab0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [12436.696637] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd55f23c4eb [12436.696639] RDX: 00007ffe7fcb4b38 RSI: 00000000c0024806 RDI: 0000000000000003 [12436.696642] RBP: 0000000000a54f80 R08: 0000000000000007 R09: 0000000000a553c0 [12436.696644] R10: 71b550f12e327857 R11: 0000000000000246 R12: 0000000000a553c0 [12436.696647] R13: 00007ffe7fcb4c20 R14: 0000000000a553c1 R15: 0000000000000042 [12436.696653] [12436.696655] ---[ end trace 0000000000000000 ]--- [12436.696660] BUG: kernel NULL pointer dereference, address: 0000000000000000 [12436.696663] #PF: supervisor write access in kernel mode [12436.696666] #PF: error_code(0x0002) - not-present page [12436.696668] PGD 800000012a6b4067 P4D 800000012a6b4067 PUD 12a6b5067 PMD 0 [12436.696675] Oops: 0002 [#1] PREEMPT SMP PTI [12436.696679] CPU: 1 PID: 1049 Comm: iptsd Kdump: loaded Tainted: G WC 6.3.7-surface #1 [12436.696684] Hardware name: Microsoft Corporation Surface Pro/Surface Pro, BIOS 238.167.768 05.07.2014 [12436.696686] RIP: 0010:kthread_stop+0x54/0x1a0 [12436.696691] Code: c0 0f 84 4f 01 00 00 0f 88 17 01 00 00 83 c0 01 0f 88 0e 01 00 00 41 f6 44 24 2e 20 0f 84 1b 01 00 00 49 8b 9c 24 80 0a 00 00 80 0b 02 4c 89 e7 e8 00 fc ff ff f0 41 80 4c 24 02 02 4c 89 e7 [12436.696695] RSP: 0018:ffffacee00f87cd0 EFLAGS: 00010202 [12436.696698] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027 [12436.696701] RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9362e74a0548 [12436.696704] RBP: ffffacee00f87cf0 R08: 0000000000000000 R09: ffffacee00f87b28 [12436.696706] R10: 0000000000000001 R11: 0000000000000001 R12: ffff9361aa1e9a00 [12436.696709] R13: ffff9361aa1e9a28 R14: ffff93619411fdf8 R15: 0000000000000002 [12436.696711] FS: 00007fd55f6a5740(0000) GS:ffff9362e7480000(0000) knlGS:0000000000000000 [12436.696715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [12436.696717] CR2: 0000000000000000 CR3: 000000010ce46002 CR4: 00000000003706e0 [12436.696720] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [12436.696722] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [12436.696724] Call Trace: [12436.696726] [12436.696728] ? show_regs+0x68/0x70 [12436.696732] ? __die_body+0x20/0x70 [12436.696736] ? __die+0x2b/0x40 [12436.696740] ? page_fault_oops+0x154/0x4a0 [12436.696747] ? __warn+0xb5/0x150 [12436.696752] ? do_user_addr_fault+0x321/0x6e0 [12436.696756] ? irq_work_queue+0x10/0x50 [12436.696761] ? exc_page_fault+0x76/0x180 [12436.696766] ? asm_exc_page_fault+0x27/0x30 [12436.696773] ? kthread_stop+0x54/0x1a0 [12436.696779] ipts_thread_stop+0x32/0x60 [ipts] [12436.696787] ipts_receiver_stop+0x22/0x60 [ipts] [12436.696795] _ipts_control_stop+0x2f/0xd0 [ipts] [12436.696803] ipts_control_restart+0x13/0x40 [ipts] [12436.696810] ipts_hid_raw_request+0x1cd/0x250 [ipts] [12436.696819] hid_hw_raw_request+0x3d/0x50 [hid] [12436.696830] hidraw_send_report+0xa2/0x150 [hid] [12436.696843] hidraw_ioctl+0x25a/0x3a0 [hid] [12436.696855] __x64_sys_ioctl+0x92/0xd0 [12436.696862] do_syscall_64+0x59/0x90 [12436.696866] ? syscall_exit_to_user_mode+0x26/0x50 [12436.696871] ? do_syscall_64+0x69/0x90 [12436.696875] ? exit_to_user_mode_prepare+0x3d/0x190 [12436.696879] ? do_user_addr_fault+0x1e5/0x6e0 [12436.696883] ? irqentry_exit_to_user_mode+0x9/0x20 [12436.696888] ? irqentry_exit+0x3b/0x50 [12436.696892] ? exc_page_fault+0x87/0x180 [12436.696896] entry_SYSCALL_64_after_hwframe+0x72/0xdc [12436.696900] RIP: 0033:0x7fd55f23c4eb [12436.696903] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [12436.696906] RSP: 002b:00007ffe7fcb4ab0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [12436.696911] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd55f23c4eb [12436.696913] RDX: 00007ffe7fcb4b38 RSI: 00000000c0024806 RDI: 0000000000000003 [12436.696916] RBP: 0000000000a54f80 R08: 0000000000000007 R09: 0000000000a553c0 [12436.696919] R10: 71b550f12e327857 R11: 0000000000000246 R12: 0000000000a553c0 [12436.696921] R13: 00007ffe7fcb4c20 R14: 0000000000a553c1 R15: 0000000000000042 [12436.696927] [12436.696929] Modules linked in: uhid rfcomm tls snd_seq_dummy snd_hrtimer snd_seq snd_seq_device xt_nat veth xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter nft_masq nft_chain_nat nf_nat bridge stp llc qrtr overlay cmac algif_hash algif_skcipher af_alg bnep zstd btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence input_leds snd_sof_intel_hda snd_sof_pci ip6t_REJECT snd_sof_xtensa_dsp nf_reject_ipv6 snd_sof xt_hl snd_sof_utils ip6_tables soundwire_bus intel_tcc_cooling ip6t_rt x86_pkg_temp_thermal snd_soc_avs intel_powerclamp snd_soc_hda_codec coretemp snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core kvm_intel snd_soc_sst_ipc ipt_REJECT nf_reject_ipv4 snd_soc_sst_dsp kvm hid_multitouch xt_LOG snd_soc_acpi_intel_match nf_log_syslog snd_soc_acpi snd_hda_codec_hdmi xt_multiport snd_soc_core irqbypass crct10dif_pclmul snd_hda_codec_realtek snd_hda_codec_generic nft_limit snd_compress [12436.697023] polyval_clmulni ledtrig_audio ac97_bus polyval_generic snd_pcm_dmaengine ghash_clmulni_intel sha512_ssse3 snd_hda_intel xt_limit snd_intel_dspcfg aesni_intel snd_intel_sdw_acpi xt_addrtype crypto_simd snd_hda_codec xt_tcpudp joydev cryptd snd_hda_core xt_conntrack snd_hwdep surface_platform_profile dw9719 rapl mei_pxp mei_hdcp nf_conntrack ipts binfmt_misc platform_profile snd_pcm intel_rapl_msr hid_sensor_rotation hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_als mwifiex_pcie processor_thermal_device_pci_legacy intel_cstate nf_defrag_ipv6 gpio_keys tcp_bbr ipu3_imgu(C) ipu3_cio2 snd_timer hid_sensor_trigger processor_thermal_device mwifiex nf_defrag_ipv4 pcspkr videobuf2_dma_sg surface_gpe snd industrialio_triggered_buffer processor_thermal_rfim ov8865 ov5693 ov7251 mei_me nft_compat intel_skl_int3472_tps68470 msr cfg80211 videobuf2_memops soundcore kfifo_buf 8250_dw processor_thermal_mbox v4l2_fwnode mei tps68470_regulator parport_pc nf_tables videobuf2_v4l2 hid_sensor_iio_common [12436.697111] processor_thermal_rapl intel_rapl_common v4l2_async ppdev intel_pch_thermal clk_tps68470 industrialio nfnetlink videobuf2_common intel_soc_dts_iosf videodev intel_xhci_usb_role_switch mc intel_skl_int3472_discrete int3400_thermal lp int3403_thermal surfacepro3_button nls_iso8859_1 surface_acpi_notify surface_aggregator_registry soc_button_array acpi_tad acpi_pad dptf_power acpi_thermal_rel int340x_thermal_zone mac_hid parport efi_pstore dmi_sysfs ip_tables x_tables autofs4 btrfs xor raid6_pq libcrc32c hid_sensor_hub uas usb_storage intel_ishtp_hid hid_generic usbhid hid i915 drm_buddy i2c_algo_bit ttm drm_display_helper cec rc_core drm_kms_helper syscopyarea sysfillrect sysimgblt intel_lpss_pci nvme intel_ish_ipc intel_lpss xhci_pci video crc32_pclmul nvme_core drm intel_ishtp idma64 xhci_pci_renesas wmi nvme_common surface_aggregator pinctrl_sunrisepoint [12436.697192] CR2: 0000000000000000 ```

Seems like it happens on other distros too. Encountered this bug 3 times already. Once on 6.3.7 and twice on 6.3.9.

Environment

Model: Surface Book 2
Kernel 6.3.9
Distribution: Fedora Workstation 38

This time it crashed at system startup for kernel 6.4.2-surface. The kernel log is mostly the same: dmesg.txt

Could you try out if this commit and see if it fixes the issue? https://github.com/linux-surface/intel-precise-touch/commit/0e9e07d096efb57e3719441d5e8c03b9d50de7ba

You need to clone the ipts repo, check out the disable-hid-on-stop branch, build the module and then load it. For this to work, you must disable secureboot. You also must install the package that provides kernel headers on your distribution (kernel-surface-devel on Fedora, linux-surface-headers on Arch and linux-headers-surface on Debian).

$ git clone https://github.com/linux-surface/intel-precise-touch
$ cd intel-precise-touch
$ git checkout disable-hid-on-stop
$ make
$ sudo rmmod ipts
$ sudo insmod src/ipts.ko

My system went straight into kdump when that revision of ipts loaded.

dmesg.txt

... truncated
[  496.900369] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS
[  502.454193] ipts: loading out-of-tree module taints kernel.
[  502.468179] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS
[  502.470058] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1
[  502.472657] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode
[  502.473046] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to add HID device: -19
[  502.516040] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to initialize HID device: -19
[  502.516063] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to start IPTS: -19
[  502.523823] BUG: kernel NULL pointer dereference, address: 0000000000000010
[  502.523845] #PF: supervisor read access in kernel mode
[  502.523857] #PF: error_code(0x0000) - not-present page
[  502.523867] PGD 0 P4D 0 
[  502.523883] Oops: 0000 [#1] PREEMPT SMP PTI
[  502.523899] CPU: 1 PID: 7553 Comm: ipts_event Kdump: loaded Tainted: G         C O       6.4.2-surface #1
[  502.523918] Hardware name: Microsoft Corporation Surface Pro/Surface Pro, BIOS 238.167.768 05.07.2014
[  502.523927] RIP: 0010:ipts_mei_search+0x5f/0x160 [ipts]
[  502.523971] Code: 48 89 c7 48 89 45 d0 4d 8d 77 08 e8 fb 6e e3 ca 49 8b 5f 08 4c 39 f3 75 11 e9 e1 00 00 00 48 8b 1b 4c 39 f3 0f 84 d5 00 00 00 <44> 39 6b 10 75 ee 48 8b 7d d0 e8 72 41 0d ca 4c 39 f3 0f 84 c6 00
[  502.523986] RSP: 0018:ffffb9af67537d78 EFLAGS: 00010213
[  502.524001] RAX: ffff95a5d0724e01 RBX: 0000000000000000 RCX: 0000000000000000
[  502.524012] RDX: ffff95a5d0724e00 RSI: 0000000000000100 RDI: ffff95a3d0dd9860
[  502.524023] RBP: ffffb9af67537da8 R08: 0000007500c0d52a R09: 0000000000000000
[  502.524033] R10: 0000000000000080 R11: 0000000000000000 R12: ffffb9af67537e50
[  502.524043] R13: 0000000080000005 R14: ffff95a3d0dd9838 R15: ffff95a3d0dd9830
[  502.524054] FS:  0000000000000000(0000) GS:ffff95a627480000(0000) knlGS:0000000000000000
[  502.524069] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  502.524082] CR2: 0000000000000010 CR3: 000000016d232002 CR4: 00000000003706e0
[  502.524094] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  502.524104] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  502.524115] Call Trace:
[  502.524124]  <TASK>
[  502.524138]  ? show_regs+0x68/0x70
[  502.524160]  ? __die_body+0x20/0x70
[  502.524178]  ? __die+0x2b/0x40
[  502.524194]  ? page_fault_oops+0x154/0x4a0
[  502.524221]  ? do_user_addr_fault+0x434/0x7b0
[  502.524239]  ? update_load_avg+0x82/0x760
[  502.524260]  ? psi_group_change+0x1a5/0x390
[  502.524281]  ? exc_page_fault+0x79/0x180
[  502.524306]  ? asm_exc_page_fault+0x27/0x30
[  502.524342]  ? ipts_mei_search+0x5f/0x160 [ipts]
[  502.524381]  ? ipts_mei_search+0x45/0x160 [ipts]
[  502.524414]  ? __pfx_ipts_thread_runner+0x10/0x10 [ipts]
[  502.524450]  ipts_mei_recv+0x123/0x150 [ipts]
[  502.524481]  ? hrtimer_try_to_cancel+0x2c/0x110
[  502.524502]  ? __pfx_ipts_thread_runner+0x10/0x10 [ipts]
[  502.524539]  ipts_cmd_recv_timeout+0x30/0x90 [ipts]
[  502.524576]  ipts_control_wait_data+0x46/0xd0 [ipts]
[  502.524616]  ipts_receiver_event_loop+0xbb/0x230 [ipts]
[  502.524650]  ipts_thread_runner+0x1f/0x50 [ipts]
[  502.524681]  kthread+0xf7/0x130
[  502.524697]  ? __pfx_kthread+0x10/0x10
[  502.524713]  ret_from_fork+0x29/0x50
[  502.524736]  </TASK>
[  502.524743] Modules linked in: ipts(O) tls uhid rfcomm xt_connmark xt_mark iptable_mangle xt_comment iptable_raw bpfilter wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel snd_seq_dummy snd_hrtimer snd_seq snd_seq_device xt_nat veth xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter nft_masq nft_chain_nat nf_nat qrtr bridge stp llc overlay cmac algif_hash algif_skcipher af_alg bnep zstd btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc input_leds snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel soundwire_cadence snd_sof_intel_hda_mlink snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof ip6t_REJECT snd_sof_utils nf_reject_ipv6 soundwire_generic_allocation soundwire_bus xt_hl snd_soc_avs ip6t_rt snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core ipt_REJECT snd_soc_sst_ipc nf_reject_ipv4 intel_tcc_cooling snd_soc_sst_dsp xt_LOG x86_pkg_temp_thermal snd_hda_codec_hdmi
[  502.525102]  hid_multitouch snd_soc_acpi_intel_match nf_log_syslog intel_powerclamp snd_soc_acpi coretemp xt_multiport snd_soc_core kvm_intel snd_hda_codec_realtek nft_limit snd_compress snd_hda_codec_generic kvm ledtrig_audio ac97_bus snd_pcm_dmaengine xt_limit snd_hda_intel xt_addrtype irqbypass snd_intel_dspcfg xt_tcpudp crct10dif_pclmul polyval_clmulni polyval_generic xt_conntrack ghash_clmulni_intel nf_conntrack sha512_ssse3 snd_intel_sdw_acpi aesni_intel snd_hda_codec nf_defrag_ipv6 joydev crypto_simd nf_defrag_ipv4 dw9719 snd_hda_core snd_hwdep hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_als hid_sensor_rotation cryptd surface_platform_profile rapl nft_compat mei_pxp snd_pcm mei_hdcp hid_sensor_trigger platform_profile ipu3_imgu(C) ipu3_cio2 intel_rapl_msr binfmt_misc intel_cstate processor_thermal_device_pci_legacy nf_tables processor_thermal_device mwifiex_pcie surface_gpe snd_timer industrialio_triggered_buffer gpio_keys ov7251 videobuf2_dma_sg ov5693 ov8865 tcp_bbr pcspkr nfnetlink
[  502.525353]  processor_thermal_rfim kfifo_buf snd videobuf2_memops mwifiex v4l2_fwnode mei_me intel_skl_int3472_tps68470 tps68470_regulator processor_thermal_mbox hid_sensor_iio_common soundcore videobuf2_v4l2 8250_dw v4l2_async mei processor_thermal_rapl clk_tps68470 msr cfg80211 industrialio videobuf2_common nls_iso8859_1 videodev intel_pch_thermal intel_rapl_common parport_pc intel_xhci_usb_role_switch intel_soc_dts_iosf mc intel_skl_int3472_discrete ppdev int3403_thermal lp int3400_thermal surfacepro3_button surface_acpi_notify surface_aggregator_registry int340x_thermal_zone dptf_power acpi_thermal_rel acpi_pad soc_button_array acpi_tad mac_hid parport efi_pstore dmi_sysfs ip_tables x_tables autofs4 btrfs xor raid6_pq libcrc32c hid_sensor_hub hid_generic uas usbhid intel_ishtp_hid usb_storage hid i915 drm_buddy i2c_algo_bit ttm drm_display_helper cec rc_core drm_kms_helper syscopyarea sysfillrect nvme intel_lpss_pci sysimgblt nvme_core intel_ish_ipc intel_lpss drm xhci_pci crc32_pclmul video intel_ishtp
[  502.525587]  nvme_common idma64 xhci_pci_renesas wmi pinctrl_sunrisepoint surface_aggregator [last unloaded: ipts]
[  502.525618] CR2: 0000000000000010

Looks like it might have solved the problem on Fedora though. I haven't seen a single kernel panic during shutdown so far. Gonna test it for a few more days.

My system went straight into kdump when that revision of ipts loaded.

I am not quite sure why it dereferences an invalid pointer, but I hope that fixing the error that was printed before will also fix that. I updated the commit on my branch, so please try it again. Since I force pushed, you need to run these commands:

$ git fetch
$ git reset --hard origin/disable-hid-on-stop

It appears to be loaded just fine and it did not panic during shutdown. I'm going to daily drive with this module for a few days and see if it happens again.

There are some errors in the system log during shutdown last night. It did not panic but this might worth noting:

`sudo journalctl -b -2 -n1000 | grep ipts`

``` Jul 13 00:30:07 systemd[1]: Stopping iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon... Jul 13 00:30:07 iptsd[34360]: [00:30:07.118] [warning] Interrupted system call Jul 13 00:30:07 iptsd[34360]: [00:30:07.220] [info] Stopping Jul 13 00:30:07 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Jul 13 00:30:07 sddm[1276]: Running display stop script ("/usr/share/sddm/scripts/Xstop") Jul 13 00:30:08 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: QUIESCE_IO: recv failed: -11 Jul 13 00:30:08 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to wait for flush: -11 Jul 13 00:30:09 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 13 00:30:10 iptsd[34360]: [00:30:10.318] [error] Resource temporarily unavailable Jul 13 00:30:10 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: GET_DEVICE_INFO: recv failed: -11 Jul 13 00:30:10 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to get device info: -11 Jul 13 00:30:10 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to switch modes: -11 Jul 13 00:30:10 systemd[1]: iptsd@dev-hidraw0.service: Deactivated successfully. Jul 13 00:30:10 systemd[1]: Stopped iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon. Jul 13 00:30:10 systemd[1]: Removed slice system-iptsd.slice - Slice /system/iptsd. Jul 13 00:30:10 systemd[1]: system-iptsd.slice: Consumed 2.026s CPU time. ```

But that did not happen on another reboot attempt.

`sudo journalctl -b -1 -n10000 | grep ipts`

``` Jul 13 10:19:14 kernel: ipts: loading out-of-tree module taints kernel. Jul 13 10:19:14 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 13 10:19:14 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Jul 13 10:19:14 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode Jul 13 10:19:15 systemd[1]: Created slice system-iptsd.slice - Slice /system/iptsd. Jul 13 10:19:18 systemd[1]: Started iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon. Jul 13 10:19:18 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Jul 13 10:19:18 iptsd[1037]: [10:19:18.412] [info] Connected to device 045E:001F Jul 13 10:19:19 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 13 10:19:19 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Jul 13 10:19:19 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in poll mode Jul 13 10:19:23 sddm[1354]: Running display setup script "/usr/share/sddm/scripts/Xsetup" Jul 13 10:24:09 systemd[1]: Stopping iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon... Jul 13 10:24:09 iptsd[1037]: [10:24:09.861] [warning] Interrupted system call Jul 13 10:24:09 iptsd[1037]: [10:24:09.961] [info] Stopping Jul 13 10:24:09 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Jul 13 10:24:10 sddm[1354]: Running display stop script ("/usr/share/sddm/scripts/Xstop") Jul 13 10:24:11 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 13 10:24:11 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Jul 13 10:24:11 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode Jul 13 10:24:11 systemd[1]: iptsd@dev-hidraw0.service: Deactivated successfully. Jul 13 10:24:11 systemd[1]: Stopped iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon. Jul 13 10:24:11 systemd[1]: Removed slice system-iptsd.slice - Slice /system/iptsd. ```

There are no panics so far, but today the touchscreen have completely stopped working.

Jul 15 07:26:02 <hostname> kernel: ipts: loading out-of-tree module taints kernel.
Jul 15 07:26:02 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS
Jul 15 07:26:02 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1
Jul 15 07:26:02 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode
Jul 15 07:26:03 <hostname> systemd[1]: Created slice system-iptsd.slice - Slice /system/iptsd.
Jul 15 07:26:06 <hostname> systemd[1]: Started iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon.
Jul 15 07:26:06 <hostname> iptsd[1018]: [07:26:06.454] [info] Connected to device 045E:001F
Jul 15 07:26:06 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS
Jul 15 07:26:07 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: QUIESCE_IO: recv failed: -11
Jul 15 07:26:07 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to wait for flush: -11
Jul 15 07:26:07 <hostname> kernel: bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
Jul 15 07:26:08 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS
Jul 15 07:26:09 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: GET_DEVICE_INFO: recv failed: -11
Jul 15 07:26:09 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to get device info: -11
Jul 15 07:26:09 <hostname> kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to switch modes: -11
Jul 15 07:26:09 <hostname> iptsd[1018]: [07:26:09.645] [error] Resource temporarily unavailable
Jul 15 07:26:09 <hostname> systemd[1]: iptsd@dev-hidraw0.service: Main process exited, code=exited, status=1/FAILURE
Jul 15 07:26:09 <hostname> systemd[1]: iptsd@dev-hidraw0.service: Failed with result 'exit-code'.

Reloading the module fixes the problem.

Both these errors are the same: The hardware starts to time out when it is shut down. And this also seems to affect restarting it again.

I dont really know what could cause this. But you could try changing this line https://github.com/linux-surface/intel-precise-touch/blob/master/src/control.c#L211 to:

ret = ipts_cmd_recv_timeout(ipts, IPTS_CMD_QUIESCE_IO, &rsp, 10000);

That will make the driver wait 10 seconds for the response instead of just one.

The issue still exists but it is a lot rarer than before. Only happened once after that single-line change.

`sudo journalctl -b | grep ipts`

``` Jul 25 07:17:21 kernel: ipts: loading out-of-tree module taints kernel. Jul 25 07:17:21 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 25 07:17:21 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Jul 25 07:17:21 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode Jul 25 07:17:21 systemd[1]: Created slice system-iptsd.slice - Slice /system/iptsd. Jul 25 07:17:24 systemd[1]: Started iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon. Jul 25 07:17:24 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Jul 25 07:17:24 iptsd[1045]: [07:17:24.801] [info] Connected to device 045E:001F Jul 25 07:17:25 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: QUIESCE_IO: recv failed: -11 Jul 25 07:17:25 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to wait for flush: -11 Jul 25 07:17:26 kernel: bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this. Jul 25 07:17:26 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 25 07:17:30 sddm[1269]: Running display setup script "/usr/share/sddm/scripts/Xsetup" Jul 25 07:17:37 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: GET_DEVICE_INFO: recv failed: -11 Jul 25 07:17:37 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to get device info: -11 Jul 25 07:17:37 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to switch modes: -11 Jul 25 07:17:37 iptsd[1045]: [07:17:37.227] [error] Resource temporarily unavailable Jul 25 07:17:37 systemd[1]: iptsd@dev-hidraw0.service: Main process exited, code=exited, status=1/FAILURE Jul 25 07:17:37 systemd[1]: iptsd@dev-hidraw0.service: Failed with result 'exit-code'. Jul 25 09:00:29 sudo[11823]: ishland : TTY=pts/3 ; PWD=/home/ishland ; USER=root ; COMMAND=/usr/sbin/modprobe -r ipts Jul 25 09:00:29 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Jul 25 09:00:32 sudo[11851]: ishland : TTY=pts/3 ; PWD=/home/ishland ; USER=root ; COMMAND=/usr/sbin/modprobe ipts Jul 25 09:00:32 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 25 09:00:32 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Jul 25 09:00:32 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode Jul 25 09:00:32 systemd[1]: Started iptsd@dev-hidraw0.service - Intel Precise Touch & Stylus Daemon. Jul 25 09:00:32 iptsd[11858]: [09:00:32.235] [info] Connected to device 045E:001F Jul 25 09:00:32 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Jul 25 09:00:33 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Jul 25 09:00:33 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Jul 25 09:00:33 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in poll mode ```

But this looks like a separate issue. The system runs smoothly without any panics in the last 2 weeks with the replaced ipts module.

I redid my installation to use full disk encryption months ago and haven't been able to use the dkms module, since there isn't a good way to pair shim and systemd-boot in debian.

The above issue just happened again yesterday with the builtin ipts when I explicitly restart the iptsd service, but reinserting the module doesn't help. Only suspend then resume fixes this.

journal when `systemctl restart iptsd@dev-hidraw2.service`

``` Dec 23 22:39:59 sudo[32229]: ishland : TTY=pts/2 ; PWD=/home/ishland ; USER=root ; COMMAND=/usr/bin/systemctl restart iptsd@dev-hidraw2.service Dec 23 22:39:59 sudo[32229]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) Dec 23 22:39:59 systemd[1]: Stopping iptsd@dev-hidraw2.service - Intel Precise Touch & Stylus Daemon... Dec 23 22:39:59 iptsd[3504]: [22:39:59.965] [warning] Interrupted system call Dec 23 22:40:00 iptsd[3504]: [22:40:00.066] [info] Stopping Dec 23 22:40:00 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Dec 23 22:40:01 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Dec 23 22:40:01 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Dec 23 22:40:01 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode Dec 23 22:40:01 systemd[1]: iptsd@dev-hidraw2.service: Deactivated successfully. Dec 23 22:40:01 systemd[1]: Stopped iptsd@dev-hidraw2.service - Intel Precise Touch & Stylus Daemon. Dec 23 22:40:01 systemd[1]: Started iptsd@dev-hidraw2.service - Intel Precise Touch & Stylus Daemon. Dec 23 22:40:01 sudo[32229]: pam_unix(sudo:session): session closed for user root Dec 23 22:40:01 iptsd[32242]: [22:40:01.378] [info] Connected to device 045E:001F Dec 23 22:40:01 kernel: input: IPTS Touch as /devices/virtual/input/input60 Dec 23 22:40:01 kernel: input: IPTS Stylus as /devices/virtual/input/input61 Dec 23 22:40:01 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Dec 23 22:40:02 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: QUIESCE_IO: recv failed: -11 Dec 23 22:40:02 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to wait for flush: -11 Dec 23 22:40:03 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Dec 23 22:40:04 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: GET_DEVICE_INFO: recv failed: -11 Dec 23 22:40:04 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to get device info: -11 Dec 23 22:40:04 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to switch modes: -11 Dec 23 22:40:04 iptsd[32242]: [22:40:04.560] [error] Resource temporarily unavailable Dec 23 22:40:04 systemd[1]: iptsd@dev-hidraw2.service: Main process exited, code=exited, status=1/FAILURE Dec 23 22:40:04 systemd[1]: iptsd@dev-hidraw2.service: Failed with result 'exit-code'. ```

journal when reinserting the module

``` Dec 23 22:40:22 sudo[32310]: ishland : TTY=pts/2 ; PWD=/home/ishland ; USER=root ; COMMAND=/usr/sbin/modprobe -r ipts Dec 23 22:40:22 sudo[32310]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) Dec 23 22:40:22 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Dec 23 22:40:22 sudo[32310]: pam_unix(sudo:session): session closed for user root Dec 23 22:40:24 sudo[32325]: ishland : TTY=pts/2 ; PWD=/home/ishland ; USER=root ; COMMAND=/usr/sbin/modprobe ipts Dec 23 22:40:24 sudo[32325]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) Dec 23 22:40:24 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Dec 23 22:40:24 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Dec 23 22:40:24 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode Dec 23 22:40:24 kernel: input: IPTS 045E:001F Touchscreen as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:0> Dec 23 22:40:24 kernel: input: IPTS 045E:001F as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:045E:001F.000> Dec 23 22:40:24 systemd[1]: Started iptsd@dev-hidraw2.service - Intel Precise Touch & Stylus Daemon. Dec 23 22:40:24 kernel: input: IPTS Touch as /devices/virtual/input/input66 Dec 23 22:40:24 kernel: input: IPTS Stylus as /devices/virtual/input/input67 Dec 23 22:40:24 iptsd[32332]: [22:40:24.873] [info] Connected to device 045E:001F Dec 23 22:40:24 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Dec 23 22:40:24 sudo[32325]: pam_unix(sudo:session): session closed for user root Dec 23 22:40:24 kernel: hid-generic 0000:045E:001F.0005: input,hidraw2: HID v0.00 Device [IPTS 045E:001F] on Dec 23 22:40:25 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: QUIESCE_IO: recv failed: -11 Dec 23 22:40:25 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to wait for flush: -11 Dec 23 22:40:26 sudo[32374]: ishland : TTY=pts/2 ; PWD=/home/ishland ; USER=root ; COMMAND=/usr/bin/journalctl -fn1000 Dec 23 22:40:26 sudo[32374]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) Dec 23 22:40:26 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Dec 23 22:40:27 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: GET_DEVICE_INFO: recv failed: -11 Dec 23 22:40:27 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to get device info: -11 Dec 23 22:40:27 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to switch modes: -11 Dec 23 22:40:28 iptsd[32332]: [22:40:28.024] [error] Resource temporarily unavailable Dec 23 22:40:28 systemd[1]: iptsd@dev-hidraw2.service: Main process exited, code=exited, status=1/FAILURE Dec 23 22:40:28 systemd[1]: iptsd@dev-hidraw2.service: Failed with result 'exit-code'. Dec 23 22:40:28 sudo[32374]: pam_unix(sudo:session): session closed for user root Dec 23 22:40:30 sudo[32394]: ishland : TTY=pts/2 ; PWD=/home/ishland ; USER=root ; COMMAND=/usr/bin/journalctl -fn1000 Dec 23 22:40:30 sudo[32394]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) Dec 23 22:40:32 sudo[32394]: pam_unix(sudo:session): session closed for user root ```

journal when suspend then resume

``` Dec 23 22:40:57 systemd-logind[3523]: The system will suspend now! ... (omitted a lot of other stuff) Dec 23 22:40:58 systemd[1]: Reached target sleep.target - Sleep. Dec 23 22:40:58 systemd[1]: Starting systemd-suspend.service - System Suspend... Dec 23 22:40:58 systemd-sleep[32572]: Entering sleep state 'suspend'... Dec 23 22:40:58 kernel: PM: suspend entry (s2idle) Dec 23 22:40:58 kernel: Filesystems sync: 0.118 seconds Dec 23 22:41:03 kernel: Freezing user space processes Dec 23 22:41:03 kernel: Freezing user space processes completed (elapsed 0.020 seconds) Dec 23 22:41:03 kernel: OOM killer disabled. Dec 23 22:41:03 kernel: Freezing remaining freezable tasks Dec 23 22:41:03 kernel: Freezing remaining freezable tasks completed (elapsed 0.224 seconds) Dec 23 22:41:03 kernel: printk: Suspending console(s) (use no_console_suspend to debug) Dec 23 22:41:03 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Dec 23 22:41:03 kernel: intel_pch_thermal 0000:00:14.2: CPU-PCH is cool [28C] Dec 23 22:41:03 kernel: OOM killer enabled. Dec 23 22:41:03 kernel: Restarting tasks ... Dec 23 22:41:03 kernel: mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915]) Dec 23 22:41:03 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Dec 23 22:41:03 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Dec 23 22:41:03 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode Dec 23 22:41:03 kernel: input: IPTS 045E:001F Touchscreen as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:0> Dec 23 22:41:03 systemd-logind[3523]: Power key pressed short. Dec 23 22:41:03 systemd-resolved[2878]: Clock change detected. Flushing caches. Dec 23 22:41:03 kernel: input: IPTS 045E:001F as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:045E:001F.000> Dec 23 22:41:03 kernel: done. Dec 23 22:41:03 kernel: random: crng reseeded on system resumption Dec 23 22:41:03 systemd-sleep[32572]: System returned from sleep state. Dec 23 22:41:03 bluetoothd[3631]: Controller resume with wake event 0x0 Dec 23 22:41:03 kernel: PM: suspend exit Dec 23 22:41:03 kernel: hid-generic 0000:045E:001F.0007: input,hidraw2: HID v0.00 Device [IPTS 045E:001F] on Dec 23 22:41:03 systemd[1]: Started iptsd@dev-hidraw2.service - Intel Precise Touch & Stylus Daemon. Dec 23 22:41:03 iptsd[32755]: [22:41:03.603] [info] Connected to device 045E:001F Dec 23 22:41:03 kernel: input: IPTS Touch as /devices/virtual/input/input74 Dec 23 22:41:03 kernel: input: IPTS Stylus as /devices/virtual/input/input75 Dec 23 22:41:03 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS Dec 23 22:41:04 systemd[1]: systemd-suspend.service: Deactivated successfully. Dec 23 22:41:04 systemd[1]: Finished systemd-suspend.service - System Suspend. Dec 23 22:41:04 systemd[1]: Stopped target sleep.target - Sleep. Dec 23 22:41:04 systemd[1]: Reached target suspend.target - Suspend. Dec 23 22:41:04 systemd[1]: Stopped target suspend.target - Suspend. Dec 23 22:41:04 systemd-logind[3523]: Operation 'sleep' finished. Dec 23 22:41:04 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS Dec 23 22:41:04 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 Dec 23 22:41:04 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in poll mode ```

The original problem happened again on my machine:

`dmesg` output

[dmesg.txt](https://github.com/linux-surface/linux-surface/files/14229301/dmesg.txt) ``` [ 0.000000] Linux version 6.7.2-surface-1 (root@54111bd9ee83) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #1 SMP PREEMPT_DYNAMIC Tue Jan 30 00:35:58 UTC 2024 ... truncated [ 185.911584] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS [ 185.967633] ------------[ cut here ]------------ [ 185.967758] refcount_t: addition on 0; use-after-free. [ 185.967902] WARNING: CPU: 1 PID: 3533 at lib/refcount.c:25 refcount_warn_saturate+0x7a/0x110 [ 185.968106] Modules linked in: tls xt_connmark xt_mark iptable_mangle xt_comment iptable_raw bpfilter wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel tcp_bbr xt_nat snd_seq_dummy snd_hrtimer snd_seq snd_seq_device veth nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter bridge stp llc input_leds overlay cmac algif_hash qrtr algif_skcipher af_alg bnep btusb btrtl btintel btbcm btmtk bluetooth zstd ecdh_generic ecc snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match intel_tcc_cooling snd_soc_acpi x86_pkg_temp_thermal intel_powerclamp snd_soc_core snd_hda_codec_hdmi ip6t_REJECT coretemp nf_reject_ipv6 [ 185.968313] snd_compress snd_hda_codec_realtek ac97_bus xt_hl snd_hda_codec_generic snd_pcm_dmaengine ledtrig_audio ip6t_rt kvm_intel snd_hda_intel ipt_REJECT nf_reject_ipv4 snd_intel_dspcfg xt_LOG snd_intel_sdw_acpi nf_log_syslog kvm surface_platform_profile xt_multiport snd_hda_codec processor_thermal_device_pci_legacy platform_profile nft_limit snd_hda_core dw9719 joydev processor_thermal_device irqbypass intel_rapl_msr 8250_dw xt_limit snd_hwdep mei_pxp mei_hdcp hid_sensor_gyro_3d hid_sensor_rotation hid_sensor_accel_3d processor_thermal_wt_hint rapl processor_thermal_rfim xt_addrtype gpio_keys ipts snd_pcm hid_sensor_als ipu3_cio2 hid_sensor_trigger intel_cstate processor_thermal_rapl xt_tcpudp ipu3_imgu(C) snd_timer ipu_bridge industrialio_triggered_buffer snd mwifiex_pcie intel_rapl_common xt_conntrack pcspkr kfifo_buf videobuf2_dma_sg soundcore ov8865 mwifiex ov7251 processor_thermal_wt_req ov5693 intel_lpss_pci v4l2_cci nf_conntrack hid_sensor_iio_common mei_me videobuf2_memops intel_skl_int3472_tps68470 [ 185.970366] processor_thermal_power_floor v4l2_fwnode videobuf2_v4l2 sunrpc intel_lpss cfg80211 nf_defrag_ipv6 industrialio mei tps68470_regulator clk_tps68470 processor_thermal_mbox v4l2_async videobuf2_common videodev intel_xhci_usb_role_switch idma64 nf_defrag_ipv4 intel_pch_thermal intel_soc_dts_iosf intel_skl_int3472_discrete mc nft_compat nf_tables binfmt_misc int3400_thermal acpi_pad int3403_thermal int340x_thermal_zone soc_button_array dptf_power acpi_thermal_rel nls_iso8859_1 acpi_tad mac_hid parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables dm_crypt hid_multitouch hid_sensor_hub usbhid hid_generic intel_ishtp_hid hid uas usb_storage i915 drm_buddy crct10dif_pclmul i2c_algo_bit crc32_pclmul drm_display_helper polyval_clmulni cec polyval_generic ghash_clmulni_intel rc_core nvme sha256_ssse3 drm_kms_helper nvme_core ttm surface_gpe xhci_pci sha1_ssse3 intel_ish_ipc nvme_auth video drm xhci_pci_renesas pinctrl_sunrisepoint intel_ishtp wmi surfacepro3_button surface_acpi_notify [ 185.972455] surface_aggregator_registry surface_aggregator btrfs blake2b_generic xor raid6_pq libcrc32c dm_mirror dm_region_hash dm_log msr autofs4 aesni_intel crypto_simd cryptd [ 185.974679] CPU: 1 PID: 3533 Comm: iptsd Kdump: loaded Tainted: G C 6.7.2-surface-1 #1 [ 185.974887] Hardware name: Microsoft Corporation Surface Pro/Surface Pro, BIOS 238.167.768 05.07.2014 [ 185.975086] RIP: 0010:refcount_warn_saturate+0x7a/0x110 [ 185.975216] Code: 01 e8 5a f8 99 ff 0f 0b 5d c3 cc cc cc cc 80 3d a7 d2 59 01 00 75 c9 48 c7 c7 f8 e0 7a b3 c6 05 97 d2 59 01 01 e8 36 f8 99 ff <0f> 0b 5d c3 cc cc cc cc 80 3d 85 d2 59 01 00 75 a5 48 c7 c7 d0 e0 [ 185.975620] RSP: 0018:ffffb38640e27d90 EFLAGS: 00010282 [ 185.975745] RAX: 0000000000000000 RBX: ffff93b1c03655f0 RCX: 0000000000000027 [ 185.975904] RDX: 0000000000000027 RSI: 0000000000000000 RDI: ffff93b3274a05c8 [ 185.976061] RBP: ffffb38640e27d90 R08: 0000000000000000 R09: ffffb38640e27bf8 [ 185.976218] R10: 0000000000000001 R11: 0000000000000001 R12: ffff93b1e1933400 [ 185.976375] R13: ffff93b1e1933428 R14: ffff93b1c184aef0 R15: ffff93b1c3d3e000 [ 185.976532] FS: 00007ba4ca8e4740(0000) GS:ffff93b327480000(0000) knlGS:0000000000000000 [ 185.976710] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 185.976841] CR2: 00005bea82dec0a8 CR3: 0000000102b44003 CR4: 00000000003706f0 [ 185.976999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 185.977156] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 185.977313] Call Trace: [ 185.977375] [ 185.977431] ? show_regs+0x68/0x70 [ 185.977521] ? refcount_warn_saturate+0x7a/0x110 [ 185.977642] ? __warn+0x8f/0x150 [ 185.977723] ? refcount_warn_saturate+0x7a/0x110 [ 185.977834] ? report_bug+0x1c2/0x1d0 [ 185.977924] ? console_unlock+0x4c/0xf0 [ 185.978020] ? handle_bug+0x46/0x80 [ 185.978111] ? exc_invalid_op+0x19/0x70 [ 185.978208] ? asm_exc_invalid_op+0x1b/0x20 [ 185.978319] ? refcount_warn_saturate+0x7a/0x110 [ 185.978432] kthread_stop+0x18d/0x1a0 [ 185.978531] ipts_thread_stop+0x32/0x60 [ipts] [ 185.978653] ipts_receiver_stop+0x22/0x60 [ipts] [ 185.988529] _ipts_control_stop+0x36/0xb0 [ipts] [ 185.998351] ipts_control_restart+0x13/0x40 [ipts] [ 186.008142] ipts_eds1_raw_request+0x53/0xc0 [ipts] [ 186.008172] ipts_hid_raw_request+0x4f/0x70 [ipts] [ 186.008193] hid_hw_raw_request+0x3d/0x50 [hid] [ 186.008228] hidraw_send_report+0xa5/0x150 [hid] [ 186.008267] hidraw_ioctl+0x25d/0x3a0 [hid] [ 186.008304] __x64_sys_ioctl+0x95/0xd0 [ 186.008317] do_syscall_64+0x5c/0xe0 [ 186.008328] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 186.008339] RIP: 0033:0x7ba4ca43c5cb [ 186.008347] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 186.008354] RSP: 002b:00007ffc82aa5260 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 186.008362] RAX: ffffffffffffffda RBX: 00007ffc82aa5400 RCX: 00007ba4ca43c5cb [ 186.008367] RDX: 00007ffc82aa52e8 RSI: 00000000c0024806 RDI: 0000000000000003 [ 186.008372] RBP: 0000000000000000 R08: 0000000065c7615e R09: 00000000021191c0 [ 186.008376] R10: 00007ffc82ae3080 R11: 0000000000000246 R12: 00007ffc82aa5460 [ 186.008380] R13: 8e38e38e38e38e39 R14: 0000000000000001 R15: 00007ffc82aa5400 [ 186.008393] [ 186.008396] ---[ end trace 0000000000000000 ]--- [ 186.008405] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 186.008408] #PF: supervisor write access in kernel mode [ 186.008413] #PF: error_code(0x0002) - not-present page [ 186.008417] PGD 800000010ce3d067 P4D 800000010ce3d067 PUD 10ce3c067 PMD 0 [ 186.008428] Oops: 0002 [#1] PREEMPT SMP PTI [ 186.008436] CPU: 1 PID: 3533 Comm: iptsd Kdump: loaded Tainted: G WC 6.7.2-surface-1 #1 [ 186.008445] Hardware name: Microsoft Corporation Surface Pro/Surface Pro, BIOS 238.167.768 05.07.2014 [ 186.008449] RIP: 0010:kthread_stop+0x54/0x1a0 [ 186.008460] Code: c0 0f 84 4f 01 00 00 0f 88 17 01 00 00 83 c0 01 0f 88 0e 01 00 00 41 f6 44 24 2e 20 0f 84 1b 01 00 00 49 8b 9c 24 78 0a 00 00 80 0b 02 4c 89 e7 e8 40 fe ff ff f0 41 80 4c 24 02 02 4c 89 e7 [ 186.008466] RSP: 0018:ffffb38640e27da0 EFLAGS: 00010202 [ 186.008472] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027 [ 186.008477] RDX: 0000000000000027 RSI: 0000000000000000 RDI: ffff93b3274a05c8 [ 186.008481] RBP: ffffb38640e27dc0 R08: 0000000000000000 R09: ffffb38640e27bf8 [ 186.008485] R10: 0000000000000001 R11: 0000000000000001 R12: ffff93b1e1933400 [ 186.008488] R13: ffff93b1e1933428 R14: ffff93b1c184aef0 R15: ffff93b1c3d3e000 [ 186.008493] FS: 00007ba4ca8e4740(0000) GS:ffff93b327480000(0000) knlGS:0000000000000000 [ 186.008499] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.008504] CR2: 0000000000000000 CR3: 0000000102b44003 CR4: 00000000003706f0 [ 186.008509] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 186.008512] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 186.008516] Call Trace: [ 186.008519] [ 186.008522] ? show_regs+0x68/0x70 [ 186.008534] ? __die_body+0x20/0x70 [ 186.008544] ? __die+0x2b/0x40 [ 186.008554] ? page_fault_oops+0x154/0x4a0 [ 186.008571] ? do_user_addr_fault+0x45f/0x870 [ 186.008577] ? report_bug+0x1c2/0x1d0 [ 186.008584] ? console_unlock+0x4c/0xf0 [ 186.008596] ? exc_page_fault+0x79/0x180 [ 186.008607] ? asm_exc_page_fault+0x27/0x30 [ 186.008624] ? kthread_stop+0x54/0x1a0 [ 186.008636] ipts_thread_stop+0x32/0x60 [ipts] [ 186.008655] ipts_receiver_stop+0x22/0x60 [ipts] [ 186.008674] _ipts_control_stop+0x36/0xb0 [ipts] [ 186.008692] ipts_control_restart+0x13/0x40 [ipts] [ 186.008709] ipts_eds1_raw_request+0x53/0xc0 [ipts] [ 186.008727] ipts_hid_raw_request+0x4f/0x70 [ipts] [ 186.008745] hid_hw_raw_request+0x3d/0x50 [hid] [ 186.008778] hidraw_send_report+0xa5/0x150 [hid] [ 186.008815] hidraw_ioctl+0x25d/0x3a0 [hid] [ 186.008850] __x64_sys_ioctl+0x95/0xd0 [ 186.008861] do_syscall_64+0x5c/0xe0 [ 186.008870] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 186.008881] RIP: 0033:0x7ba4ca43c5cb [ 186.008887] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 186.008893] RSP: 002b:00007ffc82aa5260 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 186.008901] RAX: ffffffffffffffda RBX: 00007ffc82aa5400 RCX: 00007ba4ca43c5cb [ 186.008906] RDX: 00007ffc82aa52e8 RSI: 00000000c0024806 RDI: 0000000000000003 [ 186.008910] RBP: 0000000000000000 R08: 0000000065c7615e R09: 00000000021191c0 [ 186.008914] R10: 00007ffc82ae3080 R11: 0000000000000246 R12: 00007ffc82aa5460 [ 186.008918] R13: 8e38e38e38e38e39 R14: 0000000000000001 R15: 00007ffc82aa5400 [ 186.008930] [ 186.008933] Modules linked in: tls xt_connmark xt_mark iptable_mangle xt_comment iptable_raw bpfilter wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel tcp_bbr xt_nat snd_seq_dummy snd_hrtimer snd_seq snd_seq_device veth nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter bridge stp llc input_leds overlay cmac algif_hash qrtr algif_skcipher af_alg bnep btusb btrtl btintel btbcm btmtk bluetooth zstd ecdh_generic ecc snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match intel_tcc_cooling snd_soc_acpi x86_pkg_temp_thermal intel_powerclamp snd_soc_core snd_hda_codec_hdmi ip6t_REJECT coretemp nf_reject_ipv6 [ 186.009099] snd_compress snd_hda_codec_realtek ac97_bus xt_hl snd_hda_codec_generic snd_pcm_dmaengine ledtrig_audio ip6t_rt kvm_intel snd_hda_intel ipt_REJECT nf_reject_ipv4 snd_intel_dspcfg xt_LOG snd_intel_sdw_acpi nf_log_syslog kvm surface_platform_profile xt_multiport snd_hda_codec processor_thermal_device_pci_legacy platform_profile nft_limit snd_hda_core dw9719 joydev processor_thermal_device irqbypass intel_rapl_msr 8250_dw xt_limit snd_hwdep mei_pxp mei_hdcp hid_sensor_gyro_3d hid_sensor_rotation hid_sensor_accel_3d processor_thermal_wt_hint rapl processor_thermal_rfim xt_addrtype gpio_keys ipts snd_pcm hid_sensor_als ipu3_cio2 hid_sensor_trigger intel_cstate processor_thermal_rapl xt_tcpudp ipu3_imgu(C) snd_timer ipu_bridge industrialio_triggered_buffer snd mwifiex_pcie intel_rapl_common xt_conntrack pcspkr kfifo_buf videobuf2_dma_sg soundcore ov8865 mwifiex ov7251 processor_thermal_wt_req ov5693 intel_lpss_pci v4l2_cci nf_conntrack hid_sensor_iio_common mei_me videobuf2_memops intel_skl_int3472_tps68470 [ 186.009255] processor_thermal_power_floor v4l2_fwnode videobuf2_v4l2 sunrpc intel_lpss cfg80211 nf_defrag_ipv6 industrialio mei tps68470_regulator clk_tps68470 processor_thermal_mbox v4l2_async videobuf2_common videodev intel_xhci_usb_role_switch idma64 nf_defrag_ipv4 intel_pch_thermal intel_soc_dts_iosf intel_skl_int3472_discrete mc nft_compat nf_tables binfmt_misc int3400_thermal acpi_pad int3403_thermal int340x_thermal_zone soc_button_array dptf_power acpi_thermal_rel nls_iso8859_1 acpi_tad mac_hid parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables dm_crypt hid_multitouch hid_sensor_hub usbhid hid_generic intel_ishtp_hid hid uas usb_storage i915 drm_buddy crct10dif_pclmul i2c_algo_bit crc32_pclmul drm_display_helper polyval_clmulni cec polyval_generic ghash_clmulni_intel rc_core nvme sha256_ssse3 drm_kms_helper nvme_core ttm surface_gpe xhci_pci sha1_ssse3 intel_ish_ipc nvme_auth video drm xhci_pci_renesas pinctrl_sunrisepoint intel_ishtp wmi surfacepro3_button surface_acpi_notify [ 186.009427] surface_aggregator_registry surface_aggregator btrfs blake2b_generic xor raid6_pq libcrc32c dm_mirror dm_region_hash dm_log msr autofs4 aesni_intel crypto_simd cryptd [ 186.009461] CR2: 0000000000000000 ```

The problem has been happening randomly recently for at least 5 times in 2 weeks.

`dmesg` output for the latest crash

[dmesg1.txt](https://github.com/linux-surface/linux-surface/files/15172576/dmesg1.txt) ``` [ 83.242793] [ T9027] ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS [ 83.384172] [ T9027] ------------[ cut here ]------------ [ 83.384180] [ T9027] refcount_t: addition on 0; use-after-free. [ 83.384211] [ T9027] WARNING: CPU: 0 PID: 9027 at lib/refcount.c:25 refcount_warn_saturate+0x7a/0x110 [ 83.384231] [ T9027] Modules linked in: xt_connmark xt_mark iptable_mangle xt_comment iptable_raw wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel tcp_bbr snd_seq_dummy snd_hrtimer snd_seq snd_seq_device xt_nat veth nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter bridge stp llc overlay qrtr zstd cmac algif_skcipher bnep algif_hash af_alg input_leds btusb btrtl btintel btbcm btmtk bluetooth ecdh_generic ecc snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_hda_codec_hdmi snd_soc_sst_dsp intel_uncore_frequency snd_soc_acpi_intel_match ip6t_REJECT intel_uncore_frequency_common snd_soc_acpi nf_reject_ipv6 snd_soc_core xt_hl intel_tcc_cooling [ 83.384391] [ T9027] ip6t_rt snd_hda_codec_realtek snd_compress x86_pkg_temp_thermal snd_hda_codec_generic ac97_bus ipt_REJECT intel_powerclamp snd_pcm_dmaengine nf_reject_ipv4 coretemp snd_hda_intel surface_platform_profile joydev xt_LOG platform_profile nf_log_syslog snd_intel_dspcfg snd_intel_sdw_acpi kvm_intel xt_multiport dw9719 nft_limit snd_hda_codec kvm 8250_dw ipts intel_rapl_msr mei_pxp snd_hda_core processor_thermal_device_pci_legacy xt_limit irqbypass mei_hdcp snd_hwdep processor_thermal_device snd_pcm xt_addrtype rapl processor_thermal_wt_hint gpio_keys ipu3_cio2 xt_tcpudp snd_timer intel_cstate ipu3_imgu(C) processor_thermal_rfim xt_conntrack ipu_bridge nf_conntrack ov5693 snd hid_sensor_als hid_sensor_accel_3d hid_sensor_gyro_3d processor_thermal_rapl pcspkr nf_defrag_ipv6 videobuf2_dma_sg ov7251 ov8865 v4l2_cci hid_sensor_rotation soundcore hid_sensor_trigger intel_rapl_common mwifiex_pcie nf_defrag_ipv4 videobuf2_memops v4l2_fwnode industrialio_triggered_buffer processor_thermal_wt_req binfmt_misc nft_compat [ 83.384550] [ T9027] intel_skl_int3472_tps68470 mei_me intel_lpss_pci mwifiex kfifo_buf sunrpc processor_thermal_power_floor videobuf2_v4l2 v4l2_async cfg80211 tps68470_regulator nf_tables intel_lpss hid_sensor_iio_common processor_thermal_mbox mei intel_pmc_core videodev clk_tps68470 videobuf2_common idma64 intel_xhci_usb_role_switch industrialio intel_pch_thermal intel_soc_dts_iosf intel_vsec nls_iso8859_1 mc intel_skl_int3472_discrete int3403_thermal pmt_telemetry int3400_thermal soc_button_array dptf_power int340x_thermal_zone pmt_class acpi_thermal_rel acpi_tad acpi_pad mac_hid parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables dm_crypt hid_sensor_hub hid_multitouch uas hid_generic intel_ishtp_hid usbhid usb_storage hid i915 drm_buddy crct10dif_pclmul i2c_algo_bit crc32_pclmul polyval_clmulni drm_display_helper polyval_generic ghash_clmulni_intel cec nvme sha256_ssse3 nvme_core surface_gpe xhci_pci rc_core intel_ish_ipc sha1_ssse3 nvme_auth video xhci_pci_renesas ttm intel_ishtp [ 83.384709] [ T9027] pinctrl_sunrisepoint wmi surface_acpi_notify surfacepro3_button surface_aggregator_registry surface_aggregator crc_itu_t btrfs blake2b_generic xor raid6_pq libcrc32c dm_mirror dm_region_hash dm_log msr autofs4 aesni_intel crypto_simd cryptd [ 83.384752] [ T9027] CPU: 0 PID: 9027 Comm: iptsd Kdump: loaded Tainted: G C 6.8.8-surface-1 #1 [ 83.384762] [ T9027] Hardware name: Microsoft Corporation Surface Pro/Surface Pro, BIOS 238.167.768 05.07.2014 [ 83.384769] [ T9027] RIP: 0010:refcount_warn_saturate+0x7a/0x110 [ 83.384796] [ T9027] Code: 01 e8 7a eb 98 ff 0f 0b 5d c3 cc cc cc cc 80 3d 83 cb 58 01 00 75 c9 48 c7 c7 80 b0 3d 9f c6 05 73 cb 58 01 01 e8 56 eb 98 ff <0f> 0b 5d c3 cc cc cc cc 80 3d 61 cb 58 01 00 75 a5 48 c7 c7 58 b0 [ 83.384804] [ T9027] RSP: 0018:ffffbc5d0105fbc8 EFLAGS: 00010286 [ 83.384811] [ T9027] RAX: 0000000000000000 RBX: ffff93ef94e06df0 RCX: 0000000000000027 [ 83.384817] [ T9027] RDX: 0000000000000027 RSI: 0000000000000002 RDI: ffff93f0e7421888 [ 83.384821] [ T9027] RBP: ffffbc5d0105fbc8 R08: 000000000000002a R09: ffffbc5d0105f8f0 [ 83.384826] [ T9027] R10: 0000000000000001 R11: 0000000000000001 R12: ffff93efb187d280 [ 83.384831] [ T9027] R13: ffff93efb187d2a8 R14: ffff93ef835b3dc8 R15: ffff93ef96fb6000 [ 83.384836] [ T9027] FS: 000075a07587b740(0000) GS:ffff93f0e7400000(0000) knlGS:0000000000000000 [ 83.384843] [ T9027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.384848] [ T9027] CR2: 00005fec8fc99000 CR3: 0000000116572001 CR4: 00000000003706f0 [ 83.384854] [ T9027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.384858] [ T9027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.384863] [ T9027] Call Trace: [ 83.384866] [ T9027] [ 83.384872] [ T9027] ? show_regs+0x68/0x70 [ 83.384885] [ T9027] ? refcount_warn_saturate+0x7a/0x110 [ 83.384894] [ T9027] ? __warn+0x8f/0x150 [ 83.384903] [ T9027] ? refcount_warn_saturate+0x7a/0x110 [ 83.384912] [ T9027] ? report_bug+0x1c2/0x1d0 [ 83.384924] [ T9027] ? handle_bug+0x46/0x80 [ 83.384933] [ T9027] ? exc_invalid_op+0x19/0x70 [ 83.384943] [ T9027] ? asm_exc_invalid_op+0x1b/0x20 [ 83.384960] [ T9027] ? refcount_warn_saturate+0x7a/0x110 [ 83.384970] [ T9027] ? refcount_warn_saturate+0x7a/0x110 [ 83.384977] [ T9027] kthread_stop+0x18d/0x1a0 [ 83.384992] [ T9027] ipts_thread_stop+0x32/0x60 [ipts] [ 83.385013] [ T9027] ipts_receiver_stop+0x22/0x60 [ipts] [ 83.385032] [ T9027] _ipts_control_stop+0x36/0xb0 [ipts] [ 83.385050] [ T9027] ipts_control_restart+0x13/0x40 [ipts] [ 83.385069] [ T9027] ipts_eds1_raw_request+0x53/0xc0 [ipts] [ 83.385088] [ T9027] ipts_hid_raw_request+0x4f/0x70 [ipts] [ 83.385107] [ T9027] hid_hw_raw_request+0x3d/0x50 [hid] [ 83.385145] [ T9027] hidraw_send_report+0xa5/0x150 [hid] [ 83.385188] [ T9027] hidraw_ioctl+0x25d/0x3a0 [hid] [ 83.385228] [ T9027] __x64_sys_ioctl+0x95/0xd0 [ 83.385239] [ T9027] x64_sys_call+0x1209/0x20c0 [ 83.385247] [ T9027] do_syscall_64+0x80/0x160 [ 83.385254] [ T9027] ? vfs_write+0x3b9/0x440 [ 83.385269] [ T9027] ? ksys_write+0xb5/0xf0 [ 83.385279] [ T9027] ? syscall_exit_to_user_mode+0x8b/0x230 [ 83.385289] [ T9027] ? do_syscall_64+0x8c/0x160 [ 83.385296] [ T9027] ? do_user_addr_fault+0x633/0x870 [ 83.385303] [ T9027] ? syscall_exit_to_user_mode+0x8b/0x230 [ 83.385310] [ T9027] ? irqentry_exit_to_user_mode+0x80/0x230 [ 83.385320] [ T9027] ? irqentry_exit+0x3b/0x50 [ 83.385327] [ T9027] ? exc_page_fault+0x8a/0x180 [ 83.385335] [ T9027] entry_SYSCALL_64_after_hwframe+0x78/0x80 [ 83.385344] [ T9027] RIP: 0033:0x75a07543c5cb [ 83.385352] [ T9027] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 83.385359] [ T9027] RSP: 002b:00007ffc87cbfb90 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.385367] [ T9027] RAX: ffffffffffffffda RBX: 00007ffc87cbfd30 RCX: 000075a07543c5cb [ 83.385372] [ T9027] RDX: 00007ffc87cbfc18 RSI: 00000000c0024806 RDI: 0000000000000003 [ 83.385376] [ T9027] RBP: 0000000000000000 R08: 0000000066319379 R09: 00000000011431c0 [ 83.385381] [ T9027] R10: 00007ffc87dc5080 R11: 0000000000000246 R12: 00007ffc87cbfd90 [ 83.385385] [ T9027] R13: 8e38e38e38e38e39 R14: 0000000000000001 R15: 00007ffc87cbfd30 [ 83.385397] [ T9027] [ 83.385400] [ T9027] ---[ end trace 0000000000000000 ]--- [ 83.385409] [ T9027] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 83.385413] [ T9027] #PF: supervisor write access in kernel mode [ 83.385418] [ T9027] #PF: error_code(0x0002) - not-present page [ 83.385422] [ T9027] PGD 80000001355b5067 P4D 80000001355b5067 PUD 1355b6067 PMD 0 [ 83.385433] [ T9027] Oops: 0002 [#1] PREEMPT SMP PTI [ 83.385441] [ T9027] CPU: 0 PID: 9027 Comm: iptsd Kdump: loaded Tainted: G WC 6.8.8-surface-1 #1 [ 83.385449] [ T9027] Hardware name: Microsoft Corporation Surface Pro/Surface Pro, BIOS 238.167.768 05.07.2014 [ 83.385453] [ T9027] RIP: 0010:kthread_stop+0x54/0x1a0 [ 83.385463] [ T9027] Code: c0 0f 84 4f 01 00 00 0f 88 17 01 00 00 83 c0 01 0f 88 0e 01 00 00 41 f6 44 24 2e 20 0f 84 1b 01 00 00 49 8b 9c 24 78 0a 00 00 80 0b 02 4c 89 e7 e8 40 fe ff ff f0 41 80 4c 24 02 02 4c 89 e7 [ 83.385469] [ T9027] RSP: 0018:ffffbc5d0105fbd8 EFLAGS: 00010202 [ 83.385475] [ T9027] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027 [ 83.385479] [ T9027] RDX: 0000000000000027 RSI: 0000000000000002 RDI: ffff93f0e7421888 [ 83.385484] [ T9027] RBP: ffffbc5d0105fbf8 R08: 000000000000002a R09: ffffbc5d0105f8f0 [ 83.385489] [ T9027] R10: 0000000000000001 R11: 0000000000000001 R12: ffff93efb187d280 [ 83.385493] [ T9027] R13: ffff93efb187d2a8 R14: ffff93ef835b3dc8 R15: ffff93ef96fb6000 [ 83.385498] [ T9027] FS: 000075a07587b740(0000) GS:ffff93f0e7400000(0000) knlGS:0000000000000000 [ 83.385505] [ T9027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.385509] [ T9027] CR2: 0000000000000000 CR3: 0000000116572001 CR4: 00000000003706f0 [ 83.385515] [ T9027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.385518] [ T9027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.385523] [ T9027] Call Trace: [ 83.385525] [ T9027] [ 83.385528] [ T9027] ? show_regs+0x68/0x70 [ 83.385539] [ T9027] ? __die_body+0x20/0x70 [ 83.385550] [ T9027] ? __die+0x2b/0x40 [ 83.385560] [ T9027] ? page_fault_oops+0x154/0x4a0 [ 83.385571] [ T9027] ? do_user_addr_fault+0x45f/0x870 [ 83.385577] [ T9027] ? report_bug+0x1c2/0x1d0 [ 83.385589] [ T9027] ? exc_page_fault+0x79/0x180 [ 83.385598] [ T9027] ? asm_exc_page_fault+0x27/0x30 [ 83.385612] [ T9027] ? kthread_stop+0x54/0x1a0 [ 83.385621] [ T9027] ? kthread_stop+0x18d/0x1a0 [ 83.385631] [ T9027] ipts_thread_stop+0x32/0x60 [ipts] [ 83.385650] [ T9027] ipts_receiver_stop+0x22/0x60 [ipts] [ 83.385669] [ T9027] _ipts_control_stop+0x36/0xb0 [ipts] [ 83.385687] [ T9027] ipts_control_restart+0x13/0x40 [ipts] [ 83.385706] [ T9027] ipts_eds1_raw_request+0x53/0xc0 [ipts] [ 83.385724] [ T9027] ipts_hid_raw_request+0x4f/0x70 [ipts] [ 83.385742] [ T9027] hid_hw_raw_request+0x3d/0x50 [hid] [ 83.385780] [ T9027] hidraw_send_report+0xa5/0x150 [hid] [ 83.385821] [ T9027] hidraw_ioctl+0x25d/0x3a0 [hid] [ 83.385861] [ T9027] __x64_sys_ioctl+0x95/0xd0 [ 83.385870] [ T9027] x64_sys_call+0x1209/0x20c0 [ 83.385877] [ T9027] do_syscall_64+0x80/0x160 [ 83.385885] [ T9027] ? vfs_write+0x3b9/0x440 [ 83.385899] [ T9027] ? ksys_write+0xb5/0xf0 [ 83.385909] [ T9027] ? syscall_exit_to_user_mode+0x8b/0x230 [ 83.385918] [ T9027] ? do_syscall_64+0x8c/0x160 [ 83.385925] [ T9027] ? do_user_addr_fault+0x633/0x870 [ 83.385930] [ T9027] ? syscall_exit_to_user_mode+0x8b/0x230 [ 83.385938] [ T9027] ? irqentry_exit_to_user_mode+0x80/0x230 [ 83.385947] [ T9027] ? irqentry_exit+0x3b/0x50 [ 83.385954] [ T9027] ? exc_page_fault+0x8a/0x180 [ 83.385962] [ T9027] entry_SYSCALL_64_after_hwframe+0x78/0x80 [ 83.385971] [ T9027] RIP: 0033:0x75a07543c5cb [ 83.385976] [ T9027] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 83.385982] [ T9027] RSP: 002b:00007ffc87cbfb90 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.385989] [ T9027] RAX: ffffffffffffffda RBX: 00007ffc87cbfd30 RCX: 000075a07543c5cb [ 83.385994] [ T9027] RDX: 00007ffc87cbfc18 RSI: 00000000c0024806 RDI: 0000000000000003 [ 83.385998] [ T9027] RBP: 0000000000000000 R08: 0000000066319379 R09: 00000000011431c0 [ 83.386003] [ T9027] R10: 00007ffc87dc5080 R11: 0000000000000246 R12: 00007ffc87cbfd90 [ 83.386007] [ T9027] R13: 8e38e38e38e38e39 R14: 0000000000000001 R15: 00007ffc87cbfd30 [ 83.386018] [ T9027] [ 83.386021] [ T9027] Modules linked in: xt_connmark xt_mark iptable_mangle xt_comment iptable_raw wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel tcp_bbr snd_seq_dummy snd_hrtimer snd_seq snd_seq_device xt_nat veth nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter bridge stp llc overlay qrtr zstd cmac algif_skcipher bnep algif_hash af_alg input_leds btusb btrtl btintel btbcm btmtk bluetooth ecdh_generic ecc snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_hda_codec_hdmi snd_soc_sst_dsp intel_uncore_frequency snd_soc_acpi_intel_match ip6t_REJECT intel_uncore_frequency_common snd_soc_acpi nf_reject_ipv6 snd_soc_core xt_hl intel_tcc_cooling [ 83.386177] [ T9027] ip6t_rt snd_hda_codec_realtek snd_compress x86_pkg_temp_thermal snd_hda_codec_generic ac97_bus ipt_REJECT intel_powerclamp snd_pcm_dmaengine nf_reject_ipv4 coretemp snd_hda_intel surface_platform_profile joydev xt_LOG platform_profile nf_log_syslog snd_intel_dspcfg snd_intel_sdw_acpi kvm_intel xt_multiport dw9719 nft_limit snd_hda_codec kvm 8250_dw ipts intel_rapl_msr mei_pxp snd_hda_core processor_thermal_device_pci_legacy xt_limit irqbypass mei_hdcp snd_hwdep processor_thermal_device snd_pcm xt_addrtype rapl processor_thermal_wt_hint gpio_keys ipu3_cio2 xt_tcpudp snd_timer intel_cstate ipu3_imgu(C) processor_thermal_rfim xt_conntrack ipu_bridge nf_conntrack ov5693 snd hid_sensor_als hid_sensor_accel_3d hid_sensor_gyro_3d processor_thermal_rapl pcspkr nf_defrag_ipv6 videobuf2_dma_sg ov7251 ov8865 v4l2_cci hid_sensor_rotation soundcore hid_sensor_trigger intel_rapl_common mwifiex_pcie nf_defrag_ipv4 videobuf2_memops v4l2_fwnode industrialio_triggered_buffer processor_thermal_wt_req binfmt_misc nft_compat [ 83.386321] [ T9027] intel_skl_int3472_tps68470 mei_me intel_lpss_pci mwifiex kfifo_buf sunrpc processor_thermal_power_floor videobuf2_v4l2 v4l2_async cfg80211 tps68470_regulator nf_tables intel_lpss hid_sensor_iio_common processor_thermal_mbox mei intel_pmc_core videodev clk_tps68470 videobuf2_common idma64 intel_xhci_usb_role_switch industrialio intel_pch_thermal intel_soc_dts_iosf intel_vsec nls_iso8859_1 mc intel_skl_int3472_discrete int3403_thermal pmt_telemetry int3400_thermal soc_button_array dptf_power int340x_thermal_zone pmt_class acpi_thermal_rel acpi_tad acpi_pad mac_hid parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables dm_crypt hid_sensor_hub hid_multitouch uas hid_generic intel_ishtp_hid usbhid usb_storage hid i915 drm_buddy crct10dif_pclmul i2c_algo_bit crc32_pclmul polyval_clmulni drm_display_helper polyval_generic ghash_clmulni_intel cec nvme sha256_ssse3 nvme_core surface_gpe xhci_pci rc_core intel_ish_ipc sha1_ssse3 nvme_auth video xhci_pci_renesas ttm intel_ishtp [ 83.386479] [ T9027] pinctrl_sunrisepoint wmi surface_acpi_notify surfacepro3_button surface_aggregator_registry surface_aggregator crc_itu_t btrfs blake2b_generic xor raid6_pq libcrc32c dm_mirror dm_region_hash dm_log msr autofs4 aesni_intel crypto_simd cryptd [ 83.386521] [ T9027] CR2: 0000000000000000 ```

It started happening to me too again, fresh install of Fedora 40 KDE. Same device as before, Surface Book 2 (no dgpu), kernel 6.8.8-1, secure boot off. Shutdown freezes shortly after iptsd@dev-hidraw2.service hangs and I have to force it with a power button. Happens every 2-3 boots.

Issue #1423 might also be related.

journaltcl.log

``` May 03 13:02:57.870434 surfacebook2 kernel: ------------[ cut here ]------------ May 03 13:02:57.870558 surfacebook2 kernel: memcpy: detected field-spanning write (size 73) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2240 (size 1) May 03 13:02:57.870618 surfacebook2 kernel: WARNING: CPU: 2 PID: 1098 at drivers/net/wireless/marvell/mwifiex/scan.c:2240 mwifiex_cmd_802_11_scan_ext+0x84/0x90 [mwifiex] May 03 13:02:57.870669 surfacebook2 kernel: Modules linked in: bnep btusb btrtl btintel btbcm btmtk bluetooth nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_soc_acpi uinput snd_soc_core snd_hda_codec_hdmi snd_compress ac97_bus snd_pcm_dmaengine snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel intel_uncore_frequency intel_uncore_frequency_common snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_core iTCO_wdt kvm_intel May 03 13:02:57.870883 surfacebook2 kernel: intel_pmc_bxt snd_hwdep iTCO_vendor_support snd_seq kvm mwifiex_pcie mwifiex mei_hdcp ipts mei_pxp snd_seq_device snd_pcm irqbypass intel_rapl_msr rapl surface_platform_profile snd_timer intel_cstate platform_profile cfg80211 sunrpc gpio_keys surface_gpe hid_sensor_gyro_3d hid_sensor_als hid_sensor_rotation snd intel_uncore hid_sensor_accel_3d i2c_i801 hid_sensor_trigger hid_sensor_iio_common industrialio_triggered_buffer kfifo_buf industrialio rfkill i2c_smbus soundcore mei_me mei idma64 intel_pch_thermal processor_thermal_device_pci_legacy processor_thermal_device processor_thermal_wt_hint processor_thermal_rfim ov5693 processor_thermal_rapl v4l2_cci intel_rapl_common v4l2_fwnode v4l2_async processor_thermal_wt_req processor_thermal_power_floor intel_xhci_usb_role_switch processor_thermal_mbox intel_soc_dts_iosf videodev intel_skl_int3472_tps68470 tps68470_regulator clk_tps68470 mc intel_pmc_core intel_skl_int3472_discrete surfacepro3_button surface_dtx surface_acpi_notify surface_hotplug May 03 13:02:57.871027 surfacebook2 kernel: int3400_thermal vfat intel_vsec fat surface_aggregator_registry pmt_telemetry soc_button_array int3403_thermal acpi_thermal_rel int340x_thermal_zone pmt_class acpi_pad dptf_power acpi_tad joydev loop nfnetlink zram hid_sensor_hub intel_ishtp_hid i915 crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic i2c_algo_bit nvme drm_buddy ghash_clmulni_intel ttm nvme_core sha512_ssse3 drm_display_helper sha256_ssse3 nvme_auth sha1_ssse3 intel_ish_ipc cec intel_ishtp video wmi pinctrl_sunrisepoint surface_aggregator crc_itu_t hid_multitouch fuse i2c_dev May 03 13:02:57.871139 surfacebook2 kernel: CPU: 2 PID: 1098 Comm: wpa_supplicant Not tainted 6.8.8-1.surface.fc40.x86_64 #1 May 03 13:02:57.871218 surfacebook2 kernel: Hardware name: Microsoft Corporation Surface Book 2/Surface Book 2, BIOS 392.178.768 05.18.2014 May 03 13:02:57.871272 surfacebook2 kernel: RIP: 0010:mwifiex_cmd_802_11_scan_ext+0x84/0x90 [mwifiex] May 03 13:02:57.871325 surfacebook2 kernel: Code: 3d 11 0e 04 00 00 75 c7 b9 01 00 00 00 48 c7 c2 40 ba 17 c1 4c 89 e6 48 c7 c7 70 b8 17 c1 c6 05 f2 0d 04 00 01 e8 2c 80 00 d2 <0f> 0b eb a1 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 May 03 13:02:57.871380 surfacebook2 kernel: RSP: 0018:ffffb13201263668 EFLAGS: 00010282 May 03 13:02:57.871428 surfacebook2 kernel: RAX: 0000000000000000 RBX: ffff8f20a4102800 RCX: 0000000000000027 May 03 13:02:57.871462 surfacebook2 kernel: RDX: ffff8f21e75218c8 RSI: 0000000000000001 RDI: ffff8f21e75218c0 May 03 13:02:57.871496 surfacebook2 kernel: RBP: ffff8f20d40c50c0 R08: 0000000000000000 R09: 6465746365746564 May 03 13:02:57.871544 surfacebook2 kernel: R10: 746564203a797063 R11: 6966206465746365 R12: 0000000000000049 May 03 13:02:57.871621 surfacebook2 kernel: R13: ffff8f20d40c50cc R14: ffff8f20a410280b R15: 0000000000000107 May 03 13:02:57.871674 surfacebook2 kernel: FS: 00007f6114acb840(0000) GS:ffff8f21e7500000(0000) knlGS:0000000000000000 May 03 13:02:57.871724 surfacebook2 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 03 13:02:57.871775 surfacebook2 kernel: CR2: 000055d000290298 CR3: 00000001541c6002 CR4: 00000000003706f0 May 03 13:02:57.871828 surfacebook2 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 03 13:02:57.871884 surfacebook2 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 03 13:02:57.871962 surfacebook2 kernel: Call Trace: May 03 13:02:57.871998 surfacebook2 kernel: May 03 13:02:57.872053 surfacebook2 kernel: ? mwifiex_cmd_802_11_scan_ext+0x84/0x90 [mwifiex] May 03 13:02:57.872106 surfacebook2 kernel: ? __warn+0x81/0x130 May 03 13:02:57.872167 surfacebook2 kernel: ? mwifiex_cmd_802_11_scan_ext+0x84/0x90 [mwifiex] May 03 13:02:57.872241 surfacebook2 kernel: ? report_bug+0x16f/0x1a0 May 03 13:02:57.872310 surfacebook2 kernel: ? handle_bug+0x3c/0x80 May 03 13:02:57.872364 surfacebook2 kernel: ? exc_invalid_op+0x17/0x70 May 03 13:02:57.872415 surfacebook2 kernel: ? asm_exc_invalid_op+0x1a/0x20 May 03 13:02:57.872469 surfacebook2 kernel: ? mwifiex_cmd_802_11_scan_ext+0x84/0x90 [mwifiex] May 03 13:02:57.872519 surfacebook2 kernel: ? mwifiex_cmd_802_11_scan_ext+0x84/0x90 [mwifiex] May 03 13:02:57.872553 surfacebook2 kernel: mwifiex_send_cmd+0x1db/0x400 [mwifiex] May 03 13:02:57.872587 surfacebook2 kernel: mwifiex_scan_networks+0x96f/0x1090 [mwifiex] May 03 13:02:57.872620 surfacebook2 kernel: mwifiex_cfg80211_scan+0x299/0x730 [mwifiex] May 03 13:02:57.872667 surfacebook2 kernel: ? __kmalloc+0x1a0/0x490 May 03 13:02:57.872719 surfacebook2 kernel: rdev_scan+0x25/0xd0 [cfg80211] May 03 13:02:57.872770 surfacebook2 kernel: nl80211_trigger_scan+0x3ec/0xa20 [cfg80211] May 03 13:02:57.872819 surfacebook2 kernel: genl_family_rcv_msg_doit+0xef/0x150 May 03 13:02:57.872885 surfacebook2 kernel: genl_rcv_msg+0x1b7/0x2c0 May 03 13:02:57.872940 surfacebook2 kernel: ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211] May 03 13:02:57.872991 surfacebook2 kernel: ? __pfx_nl80211_trigger_scan+0x10/0x10 [cfg80211] May 03 13:02:57.873042 surfacebook2 kernel: ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211] May 03 13:02:57.873087 surfacebook2 kernel: ? __pfx_genl_rcv_msg+0x10/0x10 May 03 13:02:57.873121 surfacebook2 kernel: netlink_rcv_skb+0x50/0x100 May 03 13:02:57.873163 surfacebook2 kernel: genl_rcv+0x28/0x40 May 03 13:02:57.873204 surfacebook2 kernel: netlink_unicast+0x249/0x370 May 03 13:02:57.873255 surfacebook2 kernel: netlink_sendmsg+0x21c/0x480 May 03 13:02:57.873305 surfacebook2 kernel: ____sys_sendmsg+0x396/0x3d0 May 03 13:02:57.873354 surfacebook2 kernel: ___sys_sendmsg+0x9a/0xe0 May 03 13:02:57.873401 surfacebook2 kernel: __sys_sendmsg+0xcc/0x100 May 03 13:02:57.873449 surfacebook2 kernel: do_syscall_64+0x83/0x170 May 03 13:02:57.873524 surfacebook2 kernel: ? __handle_mm_fault+0xca6/0xe90 May 03 13:02:57.873580 surfacebook2 kernel: ? __count_memcg_events+0x69/0x100 May 03 13:02:57.873632 surfacebook2 kernel: ? count_memcg_events.constprop.0+0x1a/0x30 May 03 13:02:57.873668 surfacebook2 kernel: ? handle_mm_fault+0x1f2/0x350 May 03 13:02:57.873708 surfacebook2 kernel: ? do_user_addr_fault+0x304/0x690 May 03 13:02:57.873760 surfacebook2 kernel: ? exc_page_fault+0x7f/0x180 May 03 13:02:57.873830 surfacebook2 kernel: entry_SYSCALL_64_after_hwframe+0x78/0x80 May 03 13:02:57.873882 surfacebook2 kernel: RIP: 0033:0x7f611452d764 May 03 13:02:57.873930 surfacebook2 kernel: Code: 15 b9 86 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 44 00 00 f3 0f 1e fa 80 3d e5 08 0d 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4c c3 0f 1f 00 55 48 89 e5 48 83 ec 20 89 55 May 03 13:02:57.873984 surfacebook2 kernel: RSP: 002b:00007fff705435a8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e May 03 13:02:57.874035 surfacebook2 kernel: RAX: ffffffffffffffda RBX: 000055d00021a6b0 RCX: 00007f611452d764 May 03 13:02:57.874118 surfacebook2 kernel: RDX: 0000000000000000 RSI: 00007fff705435e0 RDI: 0000000000000006 May 03 13:02:57.874171 surfacebook2 kernel: RBP: 00007fff705435d0 R08: 0000000000000004 R09: 0000000000000001 May 03 13:02:57.874212 surfacebook2 kernel: R10: 00007fff705436e0 R11: 0000000000000202 R12: 000055d00028f240 May 03 13:02:57.874281 surfacebook2 kernel: R13: 000055d00021a5c0 R14: 00007fff705435e0 R15: 0000000000000000 May 03 13:02:57.874336 surfacebook2 kernel: May 03 13:02:57.874390 surfacebook2 kernel: ---[ end trace 0000000000000000 ]--- May 03 13:02:58.757181 surfacebook2 kernel: Bluetooth: RFCOMM TTY layer initialized May 03 13:02:58.757281 surfacebook2 kernel: Bluetooth: RFCOMM socket layer initialized May 03 13:02:58.757308 surfacebook2 kernel: Bluetooth: RFCOMM ver 1.11 May 03 13:03:00.015178 surfacebook2 kernel: warning: `QSampleCache::L' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 May 03 13:03:01.010203 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: trying to associate to bssid 92:a2:f4:08:07:07 May 03 13:03:01.010719 surfacebook2 kernel: ------------[ cut here ]------------ May 03 13:03:01.010739 surfacebook2 kernel: memcpy: detected field-spanning write (size 6) of single field "domain->triplet" at drivers/net/wireless/marvell/mwifiex/sta_cmd.c:1048 (size 3) May 03 13:03:01.010781 surfacebook2 kernel: WARNING: CPU: 3 PID: 1098 at drivers/net/wireless/marvell/mwifiex/sta_cmd.c:1048 mwifiex_sta_prepare_cmd+0x1936/0x1d70 [mwifiex] May 03 13:03:01.010798 surfacebook2 kernel: Modules linked in: rfcomm snd_seq_dummy snd_hrtimer bnep btusb btrtl btintel btbcm btmtk bluetooth nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_soc_acpi uinput snd_soc_core snd_hda_codec_hdmi snd_compress ac97_bus snd_pcm_dmaengine snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel intel_uncore_frequency intel_uncore_frequency_common snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp coretemp May 03 13:03:01.010878 surfacebook2 kernel: snd_hda_core iTCO_wdt kvm_intel intel_pmc_bxt snd_hwdep iTCO_vendor_support snd_seq kvm mwifiex_pcie mwifiex mei_hdcp ipts mei_pxp snd_seq_device snd_pcm irqbypass intel_rapl_msr rapl surface_platform_profile snd_timer intel_cstate platform_profile cfg80211 sunrpc gpio_keys surface_gpe hid_sensor_gyro_3d hid_sensor_als hid_sensor_rotation snd intel_uncore hid_sensor_accel_3d i2c_i801 hid_sensor_trigger hid_sensor_iio_common industrialio_triggered_buffer kfifo_buf industrialio rfkill i2c_smbus soundcore mei_me mei idma64 intel_pch_thermal processor_thermal_device_pci_legacy processor_thermal_device processor_thermal_wt_hint processor_thermal_rfim ov5693 processor_thermal_rapl v4l2_cci intel_rapl_common v4l2_fwnode v4l2_async processor_thermal_wt_req processor_thermal_power_floor intel_xhci_usb_role_switch processor_thermal_mbox intel_soc_dts_iosf videodev intel_skl_int3472_tps68470 tps68470_regulator clk_tps68470 mc intel_pmc_core intel_skl_int3472_discrete surfacepro3_button surface_dtx May 03 13:03:01.010916 surfacebook2 kernel: surface_acpi_notify surface_hotplug int3400_thermal vfat intel_vsec fat surface_aggregator_registry pmt_telemetry soc_button_array int3403_thermal acpi_thermal_rel int340x_thermal_zone pmt_class acpi_pad dptf_power acpi_tad joydev loop nfnetlink zram hid_sensor_hub intel_ishtp_hid i915 crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic i2c_algo_bit nvme drm_buddy ghash_clmulni_intel ttm nvme_core sha512_ssse3 drm_display_helper sha256_ssse3 nvme_auth sha1_ssse3 intel_ish_ipc cec intel_ishtp video wmi pinctrl_sunrisepoint surface_aggregator crc_itu_t hid_multitouch fuse i2c_dev May 03 13:03:01.010944 surfacebook2 kernel: CPU: 3 PID: 1098 Comm: wpa_supplicant Tainted: G W 6.8.8-1.surface.fc40.x86_64 #1 May 03 13:03:01.010958 surfacebook2 kernel: Hardware name: Microsoft Corporation Surface Book 2/Surface Book 2, BIOS 392.178.768 05.18.2014 May 03 13:03:01.010971 surfacebook2 kernel: RIP: 0010:mwifiex_sta_prepare_cmd+0x1936/0x1d70 [mwifiex] May 03 13:03:01.010984 surfacebook2 kernel: Code: 00 00 0f 85 ff f7 ff ff b9 03 00 00 00 48 c7 c2 80 d8 17 c1 4c 89 ee 48 c7 c7 80 d1 17 c1 c6 05 7e 62 03 00 01 e8 aa d4 ff d1 <0f> 0b e9 d6 f7 ff ff 48 c7 c2 40 d3 17 c1 be 04 00 00 00 48 89 ef May 03 13:03:01.011010 surfacebook2 kernel: RSP: 0018:ffffb132012635a8 EFLAGS: 00010286 May 03 13:03:01.011043 surfacebook2 kernel: RAX: 0000000000000000 RBX: ffff8f20d40d3dc0 RCX: 0000000000000027 May 03 13:03:01.011069 surfacebook2 kernel: RDX: ffff8f21e75a18c8 RSI: 0000000000000001 RDI: ffff8f21e75a18c0 May 03 13:03:01.011092 surfacebook2 kernel: RBP: ffff8f20888d2000 R08: 0000000000000000 R09: 293320657a697328 May 03 13:03:01.011114 surfacebook2 kernel: R10: 20383430313a632e R11: 293320657a697328 R12: 0000000000000002 May 03 13:03:01.011136 surfacebook2 kernel: R13: 0000000000000006 R14: ffff8f20888d2c5e R15: ffff8f20d40d3dd1 May 03 13:03:01.011175 surfacebook2 kernel: FS: 00007f6114acb840(0000) GS:ffff8f21e7580000(0000) knlGS:0000000000000000 May 03 13:03:01.011204 surfacebook2 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 03 13:03:01.011219 surfacebook2 kernel: CR2: 000055d0002a2208 CR3: 00000001541c6001 CR4: 00000000003706f0 May 03 13:03:01.011231 surfacebook2 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 03 13:03:01.011244 surfacebook2 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 03 13:03:01.011256 surfacebook2 kernel: Call Trace: May 03 13:03:01.011269 surfacebook2 kernel: May 03 13:03:01.011299 surfacebook2 kernel: ? mwifiex_sta_prepare_cmd+0x1936/0x1d70 [mwifiex] May 03 13:03:01.011315 surfacebook2 kernel: ? __warn+0x81/0x130 May 03 13:03:01.011327 surfacebook2 kernel: ? mwifiex_sta_prepare_cmd+0x1936/0x1d70 [mwifiex] May 03 13:03:01.011340 surfacebook2 kernel: ? report_bug+0x16f/0x1a0 May 03 13:03:01.011353 surfacebook2 kernel: ? handle_bug+0x3c/0x80 May 03 13:03:01.011366 surfacebook2 kernel: ? exc_invalid_op+0x17/0x70 May 03 13:03:01.011380 surfacebook2 kernel: ? asm_exc_invalid_op+0x1a/0x20 May 03 13:03:01.011394 surfacebook2 kernel: ? mwifiex_sta_prepare_cmd+0x1936/0x1d70 [mwifiex] May 03 13:03:01.011407 surfacebook2 kernel: ? mwifiex_sta_prepare_cmd+0x1936/0x1d70 [mwifiex] May 03 13:03:01.011419 surfacebook2 kernel: mwifiex_send_cmd+0x1db/0x400 [mwifiex] May 03 13:03:01.011433 surfacebook2 kernel: mwifiex_bss_start+0x12f/0x560 [mwifiex] May 03 13:03:01.011445 surfacebook2 kernel: mwifiex_cfg80211_assoc+0x30d/0x400 [mwifiex] May 03 13:03:01.011459 surfacebook2 kernel: mwifiex_cfg80211_connect+0xbb/0x230 [mwifiex] May 03 13:03:01.011472 surfacebook2 kernel: cfg80211_connect+0x19d/0x8a0 [cfg80211] May 03 13:03:01.011485 surfacebook2 kernel: ? __check_object_size+0x26f/0x2e0 May 03 13:03:01.011508 surfacebook2 kernel: nl80211_connect+0x62a/0x8f0 [cfg80211] May 03 13:03:01.011524 surfacebook2 kernel: genl_family_rcv_msg_doit+0xef/0x150 May 03 13:03:01.011537 surfacebook2 kernel: genl_rcv_msg+0x1b7/0x2c0 May 03 13:03:01.011656 surfacebook2 kernel: ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211] May 03 13:03:01.011688 surfacebook2 kernel: ? __pfx_nl80211_connect+0x10/0x10 [cfg80211] May 03 13:03:01.011718 surfacebook2 kernel: ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211] May 03 13:03:01.011733 surfacebook2 kernel: ? __pfx_genl_rcv_msg+0x10/0x10 May 03 13:03:01.011747 surfacebook2 kernel: netlink_rcv_skb+0x50/0x100 May 03 13:03:01.011761 surfacebook2 kernel: genl_rcv+0x28/0x40 May 03 13:03:01.011774 surfacebook2 kernel: netlink_unicast+0x249/0x370 May 03 13:03:01.011788 surfacebook2 kernel: netlink_sendmsg+0x21c/0x480 May 03 13:03:01.011802 surfacebook2 kernel: ____sys_sendmsg+0x396/0x3d0 May 03 13:03:01.011816 surfacebook2 kernel: ___sys_sendmsg+0x9a/0xe0 May 03 13:03:01.011830 surfacebook2 kernel: __sys_sendmsg+0xcc/0x100 May 03 13:03:01.011846 surfacebook2 kernel: do_syscall_64+0x83/0x170 May 03 13:03:01.011873 surfacebook2 kernel: ? syscall_exit_to_user_mode+0x83/0x230 May 03 13:03:01.011891 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 13:03:01.011911 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 13:03:01.011931 surfacebook2 kernel: ? exc_page_fault+0x7f/0x180 May 03 13:03:01.011953 surfacebook2 kernel: entry_SYSCALL_64_after_hwframe+0x78/0x80 May 03 13:03:01.011977 surfacebook2 kernel: RIP: 0033:0x7f611452d764 May 03 13:03:01.011998 surfacebook2 kernel: Code: 15 b9 86 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 44 00 00 f3 0f 1e fa 80 3d e5 08 0d 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4c c3 0f 1f 00 55 48 89 e5 48 83 ec 20 89 55 May 03 13:03:01.012019 surfacebook2 kernel: RSP: 002b:00007fff705432c8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e May 03 13:03:01.012058 surfacebook2 kernel: RAX: ffffffffffffffda RBX: 000055d00021a6b0 RCX: 00007f611452d764 May 03 13:03:01.012079 surfacebook2 kernel: RDX: 0000000000000000 RSI: 00007fff70543300 RDI: 0000000000000006 May 03 13:03:01.012095 surfacebook2 kernel: RBP: 00007fff705432f0 R08: 0000000000000004 R09: 0000000000000001 May 03 13:03:01.012112 surfacebook2 kernel: R10: 00007fff70543400 R11: 0000000000000202 R12: 000055d00029cb50 May 03 13:03:01.012129 surfacebook2 kernel: R13: 000055d00021a5c0 R14: 00007fff70543300 R15: 0000000000000000 May 03 13:03:01.012216 surfacebook2 kernel: May 03 13:03:01.012305 surfacebook2 kernel: ---[ end trace 0000000000000000 ]--- May 03 13:03:01.125206 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: associated to bssid 92:a2:f4:08:07:07 successfully May 03 13:03:05.508429 surfacebook2 systemd-journald[595]: /var/log/journal/945db8c95dd94e55b438d23df33b3cbc/user-1000.journal: Journal file uses a different sequence number ID, rotating. May 03 13:19:13.655403 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: successfully disconnected from 92:a2:f4:08:07:07: reason code 3 May 03 13:19:14.296690 surfacebook2 kernel: PM: suspend entry (s2idle) May 03 13:19:14.664181 surfacebook2 kernel: Filesystems sync: 0.367 seconds May 03 15:53:15.286601 surfacebook2 kernel: Freezing user space processes May 03 15:53:15.286756 surfacebook2 kernel: Freezing user space processes completed (elapsed 0.002 seconds) May 03 15:53:15.286813 surfacebook2 kernel: OOM killer disabled. May 03 15:53:15.286977 surfacebook2 kernel: Freezing remaining freezable tasks May 03 15:53:15.287019 surfacebook2 kernel: Freezing remaining freezable tasks completed (elapsed 0.023 seconds) May 03 15:53:15.287079 surfacebook2 kernel: printk: Suspending console(s) (use no_console_suspend to debug) May 03 15:53:15.287116 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS May 03 15:53:15.287208 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Failed to process buffer: -19 May 03 15:53:15.287278 surfacebook2 kernel: PM: suspend devices took 0.387 seconds May 03 15:53:15.287320 surfacebook2 kernel: intel_pch_thermal 0000:00:14.2: CPU-PCH is cool [40C] May 03 15:53:15.288117 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: rqst: device is suspended, not executing May 03 15:53:15.288515 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: rqst: device is suspended, not executing May 03 15:53:15.288813 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: ETWL(0x01, 0x02): RQST(2, 13, 1) error: 5 May 03 15:53:15.289098 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: rqst: device is suspended, not executing May 03 15:53:15.289358 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: ETWL(0x01, 0x02): RQST(2, 13, 1) error: 5 May 03 15:53:15.289613 surfacebook2 kernel: PM: resume devices took 0.260 seconds May 03 15:53:15.289662 surfacebook2 kernel: OOM killer enabled. May 03 15:53:15.294091 surfacebook2 kernel: Restarting tasks ... May 03 15:53:15.294215 surfacebook2 kernel: mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915]) May 03 15:53:15.294318 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS May 03 15:53:15.304415 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 May 03 15:53:15.308053 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode May 03 15:53:15.309287 surfacebook2 kernel: input: IPTS 045E:0021 Touchscreen as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:045E:0021.0004/input/input32 May 03 15:53:15.309390 surfacebook2 kernel: dptf_power INT3407:00: Unsupported event [0x82] May 03 15:53:15.309893 surfacebook2 kernel: input: IPTS 045E:0021 as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:045E:0021.0004/input/input33 May 03 15:53:15.355058 surfacebook2 kernel: done. May 03 15:53:15.355191 surfacebook2 kernel: random: crng reseeded on system resumption May 03 15:53:15.414712 surfacebook2 kernel: PM: suspend exit May 03 15:53:15.430937 surfacebook2 kernel: hid-generic 0000:045E:0021.0004: input,hidraw3: HID v0.00 Device [IPTS 045E:0021] on May 03 15:53:15.662043 surfacebook2 kernel: input: IPTS Touch as /devices/virtual/input/input34 May 03 15:53:15.663120 surfacebook2 kernel: input: IPTS Stylus as /devices/virtual/input/input35 May 03 15:53:15.666066 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS May 03 15:53:16.722136 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS May 03 15:53:16.736141 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 May 03 15:53:16.740084 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in poll mode May 03 15:53:18.658134 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: trying to associate to bssid 92:a2:f4:08:07:07 May 03 15:53:18.738940 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: associated to bssid 92:a2:f4:08:07:07 successfully May 03 15:53:19.345146 surfacebook2 kernel: surface_serial_hub serial0-0: rx: parser: invalid start of frame, skipping May 03 15:53:22.593137 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: successfully disconnected from 92:a2:f4:08:07:07: reason code 3 May 03 15:53:23.132294 surfacebook2 kernel: PM: suspend entry (s2idle) May 03 17:19:05.419868 surfacebook2 kernel: Filesystems sync: 0.069 seconds May 03 17:19:05.420209 surfacebook2 kernel: Freezing user space processes May 03 17:19:05.420321 surfacebook2 kernel: Freezing user space processes completed (elapsed 0.003 seconds) May 03 17:19:05.420451 surfacebook2 kernel: OOM killer disabled. May 03 17:19:05.420552 surfacebook2 kernel: Freezing remaining freezable tasks May 03 17:19:05.420683 surfacebook2 kernel: Freezing remaining freezable tasks completed (elapsed 0.000 seconds) May 03 17:19:05.420819 surfacebook2 kernel: printk: Suspending console(s) (use no_console_suspend to debug) May 03 17:19:05.420924 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS May 03 17:19:05.421125 surfacebook2 kernel: PM: suspend devices took 0.363 seconds May 03 17:19:05.421254 surfacebook2 kernel: intel_pch_thermal 0000:00:14.2: CPU-PCH is cool [29C] May 03 17:19:05.422621 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: rqst: device is suspended, not executing May 03 17:19:05.425014 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: ETWL(0x01, 0x02): RQST(2, 13, 1) error: 5 May 03 17:19:05.425863 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: rqst: device is suspended, not executing May 03 17:19:05.426562 surfacebook2 kernel: surface_acpi_notify MSHW0091:00: ETWL(0x01, 0x02): RQST(2, 13, 1) error: 5 May 03 17:19:05.427254 surfacebook2 kernel: usb 1-1.3: reset full-speed USB device number 4 using xhci_hcd May 03 17:19:05.428939 surfacebook2 kernel: PM: resume devices took 0.393 seconds May 03 17:19:05.429121 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Starting IPTS May 03 17:19:05.429420 surfacebook2 kernel: OOM killer enabled. May 03 17:19:05.429557 surfacebook2 kernel: Restarting tasks ... May 03 17:19:05.429682 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS EDS Version: 1 May 03 17:19:05.436437 surfacebook2 kernel: done. May 03 17:19:05.436572 surfacebook2 kernel: random: crng reseeded on system resumption May 03 17:19:05.436691 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: IPTS running in event mode May 03 17:19:05.513912 surfacebook2 kernel: input: IPTS 045E:0021 Touchscreen as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:045E:0021.0005/input/input36 May 03 17:19:05.513964 surfacebook2 kernel: input: IPTS 045E:0021 as /devices/pci0000:00/0000:00:16.4/0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04/0000:045E:0021.0005/input/input37 May 03 17:19:05.513994 surfacebook2 kernel: PM: suspend exit May 03 17:19:05.539021 surfacebook2 kernel: hid-generic 0000:045E:0021.0005: input,hidraw2: HID v0.00 Device [IPTS 045E:0021] on May 03 17:19:05.539465 surfacebook2 kernel: mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915]) May 03 17:19:05.674970 surfacebook2 kernel: input: IPTS Touch as /devices/virtual/input/input38 May 03 17:19:05.675023 surfacebook2 kernel: input: IPTS Stylus as /devices/virtual/input/input39 May 03 17:19:05.678871 surfacebook2 kernel: ipts 0000:00:16.4-3e8d0870-271a-4208-8eb5-9acb9402ae04: Stopping IPTS May 03 17:19:05.694452 surfacebook2 kernel: ------------[ cut here ]------------ May 03 17:19:05.694546 surfacebook2 kernel: refcount_t: addition on 0; use-after-free. May 03 17:19:05.694580 surfacebook2 kernel: WARNING: CPU: 2 PID: 4530 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110 May 03 17:19:05.694608 surfacebook2 kernel: Modules linked in: binfmt_misc rfcomm snd_seq_dummy snd_hrtimer bnep btusb btrtl btintel btbcm btmtk bluetooth nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_soc_acpi uinput snd_soc_core snd_hda_codec_hdmi snd_compress ac97_bus snd_pcm_dmaengine snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel intel_uncore_frequency intel_uncore_frequency_common snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp May 03 17:19:05.694713 surfacebook2 kernel: coretemp snd_hda_core iTCO_wdt kvm_intel intel_pmc_bxt snd_hwdep iTCO_vendor_support snd_seq kvm mwifiex_pcie mwifiex mei_hdcp ipts mei_pxp snd_seq_device snd_pcm irqbypass intel_rapl_msr rapl surface_platform_profile snd_timer intel_cstate platform_profile cfg80211 sunrpc gpio_keys surface_gpe hid_sensor_gyro_3d hid_sensor_als hid_sensor_rotation snd intel_uncore hid_sensor_accel_3d i2c_i801 hid_sensor_trigger hid_sensor_iio_common industrialio_triggered_buffer kfifo_buf industrialio rfkill i2c_smbus soundcore mei_me mei idma64 intel_pch_thermal processor_thermal_device_pci_legacy processor_thermal_device processor_thermal_wt_hint processor_thermal_rfim ov5693 processor_thermal_rapl v4l2_cci intel_rapl_common v4l2_fwnode v4l2_async processor_thermal_wt_req processor_thermal_power_floor intel_xhci_usb_role_switch processor_thermal_mbox intel_soc_dts_iosf videodev intel_skl_int3472_tps68470 tps68470_regulator clk_tps68470 mc intel_pmc_core intel_skl_int3472_discrete surfacepro3_button surface_dtx May 03 17:19:05.694797 surfacebook2 kernel: surface_acpi_notify surface_hotplug int3400_thermal vfat intel_vsec fat surface_aggregator_registry pmt_telemetry soc_button_array int3403_thermal acpi_thermal_rel int340x_thermal_zone pmt_class acpi_pad dptf_power acpi_tad joydev loop nfnetlink zram hid_sensor_hub intel_ishtp_hid i915 crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic i2c_algo_bit nvme drm_buddy ghash_clmulni_intel ttm nvme_core sha512_ssse3 drm_display_helper sha256_ssse3 nvme_auth sha1_ssse3 intel_ish_ipc cec intel_ishtp video wmi pinctrl_sunrisepoint surface_aggregator crc_itu_t hid_multitouch fuse i2c_dev May 03 17:19:05.694862 surfacebook2 kernel: CPU: 2 PID: 4530 Comm: iptsd Tainted: G W 6.8.8-1.surface.fc40.x86_64 #1 May 03 17:19:05.694898 surfacebook2 kernel: Hardware name: Microsoft Corporation Surface Book 2/Surface Book 2, BIOS 392.178.768 05.18.2014 May 03 17:19:05.694934 surfacebook2 kernel: RIP: 0010:refcount_warn_saturate+0xe5/0x110 May 03 17:19:05.694970 surfacebook2 kernel: Code: 94 88 ff 0f 0b c3 cc cc cc cc 80 3d d9 d5 f0 01 00 0f 85 5e ff ff ff 48 c7 c7 48 90 b8 94 c6 05 c5 d5 f0 01 01 e8 8b 94 88 ff <0f> 0b c3 cc cc cc cc 48 c7 c7 a0 90 b8 94 c6 05 a9 d5 f0 01 01 e8 May 03 17:19:05.695005 surfacebook2 kernel: RSP: 0018:ffffb13206febc68 EFLAGS: 00010282 May 03 17:19:05.695039 surfacebook2 kernel: RAX: 0000000000000000 RBX: ffff8f21735b5280 RCX: 0000000000000027 May 03 17:19:05.695071 surfacebook2 kernel: RDX: ffff8f21e75218c8 RSI: 0000000000000001 RDI: ffff8f21e75218c0 May 03 17:19:05.695104 surfacebook2 kernel: RBP: 0000000000000002 R08: 0000000000000000 R09: 745f746e756f6366 May 03 17:19:05.695143 surfacebook2 kernel: R10: 3b30206e6f206e6f R11: 697469646461203a R12: ffff8f21735b52a8 May 03 17:19:05.695183 surfacebook2 kernel: R13: ffff8f218e244010 R14: ffff8f1f928e6000 R15: 0000000000000000 May 03 17:19:05.695221 surfacebook2 kernel: FS: 00007f45db870340(0000) GS:ffff8f21e7500000(0000) knlGS:0000000000000000 May 03 17:19:05.695266 surfacebook2 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 03 17:19:05.695299 surfacebook2 kernel: CR2: 00007fb310ae0f00 CR3: 000000014a2d8001 CR4: 00000000003706f0 May 03 17:19:05.695330 surfacebook2 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 03 17:19:05.695365 surfacebook2 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 03 17:19:05.695397 surfacebook2 kernel: Call Trace: May 03 17:19:05.695430 surfacebook2 kernel: May 03 17:19:05.695450 surfacebook2 kernel: ? refcount_warn_saturate+0xe5/0x110 May 03 17:19:05.695483 surfacebook2 kernel: ? __warn+0x81/0x130 May 03 17:19:05.695514 surfacebook2 kernel: ? refcount_warn_saturate+0xe5/0x110 May 03 17:19:05.695541 surfacebook2 kernel: ? report_bug+0x16f/0x1a0 May 03 17:19:05.695573 surfacebook2 kernel: ? handle_bug+0x3c/0x80 May 03 17:19:05.695607 surfacebook2 kernel: ? exc_invalid_op+0x17/0x70 May 03 17:19:05.695645 surfacebook2 kernel: ? asm_exc_invalid_op+0x1a/0x20 May 03 17:19:05.695673 surfacebook2 kernel: ? refcount_warn_saturate+0xe5/0x110 May 03 17:19:05.695701 surfacebook2 kernel: ? refcount_warn_saturate+0xe5/0x110 May 03 17:19:05.695727 surfacebook2 kernel: kthread_stop+0x174/0x180 May 03 17:19:05.695759 surfacebook2 kernel: ipts_thread_stop+0x32/0x60 [ipts] May 03 17:19:05.697042 surfacebook2 kernel: ipts_receiver_stop+0x22/0x60 [ipts] May 03 17:19:05.697102 surfacebook2 kernel: _ipts_control_stop+0x32/0xa0 [ipts] May 03 17:19:05.697140 surfacebook2 kernel: ipts_control_restart+0x12/0x30 [ipts] May 03 17:19:05.697168 surfacebook2 kernel: ipts_eds1_raw_request+0x51/0xc0 [ipts] May 03 17:19:05.697196 surfacebook2 kernel: hidraw_send_report.isra.0+0xc1/0x1c0 May 03 17:19:05.697223 surfacebook2 kernel: hidraw_ioctl+0x26f/0x3c0 May 03 17:19:05.697256 surfacebook2 kernel: __x64_sys_ioctl+0x94/0xd0 May 03 17:19:05.697288 surfacebook2 kernel: do_syscall_64+0x83/0x170 May 03 17:19:05.697327 surfacebook2 kernel: ? syscall_exit_to_user_mode+0x83/0x230 May 03 17:19:05.697362 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.697392 surfacebook2 kernel: ? ksys_write+0xb9/0xf0 May 03 17:19:05.697450 surfacebook2 kernel: ? do_sigaction+0x151/0x2d0 May 03 17:19:05.697479 surfacebook2 kernel: ? __x64_sys_rt_sigaction+0x118/0x140 May 03 17:19:05.697507 surfacebook2 kernel: ? syscall_exit_to_user_mode+0x83/0x230 May 03 17:19:05.697534 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.697557 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.697585 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.697613 surfacebook2 kernel: ? exc_page_fault+0x7f/0x180 May 03 17:19:05.697645 surfacebook2 kernel: entry_SYSCALL_64_after_hwframe+0x78/0x80 May 03 17:19:05.697673 surfacebook2 kernel: RIP: 0033:0x7f45db4f9d2d May 03 17:19:05.697700 surfacebook2 kernel: Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 May 03 17:19:05.697733 surfacebook2 kernel: RSP: 002b:00007ffec3ce1330 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 May 03 17:19:05.697767 surfacebook2 kernel: RAX: ffffffffffffffda RBX: 00007ffec3ce1f50 RCX: 00007f45db4f9d2d May 03 17:19:05.697825 surfacebook2 kernel: RDX: 00007ffec3ce1406 RSI: 00000000c0024806 RDI: 0000000000000003 May 03 17:19:05.697883 surfacebook2 kernel: RBP: 00007ffec3ce1380 R08: 0000000000000020 R09: 0000000000000001 May 03 17:19:05.697919 surfacebook2 kernel: R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 May 03 17:19:05.697956 surfacebook2 kernel: R13: 00007ffec3ce13b0 R14: 00007ffec3ce1c20 R15: 00007ffec3ce1f40 May 03 17:19:05.697993 surfacebook2 kernel: May 03 17:19:05.698027 surfacebook2 kernel: ---[ end trace 0000000000000000 ]--- May 03 17:19:05.700570 surfacebook2 kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000 May 03 17:19:05.700734 surfacebook2 kernel: #PF: supervisor write access in kernel mode May 03 17:19:05.700903 surfacebook2 kernel: #PF: error_code(0x0002) - not-present page May 03 17:19:05.704050 surfacebook2 kernel: PGD 0 P4D 0 May 03 17:19:05.719058 surfacebook2 kernel: Oops: 0002 [#1] PREEMPT SMP PTI May 03 17:19:05.719139 surfacebook2 kernel: CPU: 2 PID: 4530 Comm: iptsd Tainted: G W 6.8.8-1.surface.fc40.x86_64 #1 May 03 17:19:05.719189 surfacebook2 kernel: Hardware name: Microsoft Corporation Surface Book 2/Surface Book 2, BIOS 392.178.768 05.18.2014 May 03 17:19:05.719232 surfacebook2 kernel: RIP: 0010:kthread_stop+0x47/0x180 May 03 17:19:05.719280 surfacebook2 kernel: Code: 00 f0 0f c1 43 28 85 c0 0f 84 3c 01 00 00 8d 50 01 09 c2 0f 88 01 01 00 00 f6 43 2e 20 0f 84 0e 01 00 00 48 8b ab 78 0a 00 00 80 4d 00 02 48 89 df e8 5c f5 ff ff f0 80 4b 02 02 48 89 df e8 May 03 17:19:05.719322 surfacebook2 kernel: RSP: 0018:ffffb13206febc70 EFLAGS: 00010202 May 03 17:19:05.719367 surfacebook2 kernel: RAX: 0000000000000000 RBX: ffff8f21735b5280 RCX: 0000000000000027 May 03 17:19:05.719405 surfacebook2 kernel: RDX: ffff8f21e75218c8 RSI: 0000000000000001 RDI: ffff8f21e75218c0 May 03 17:19:05.719446 surfacebook2 kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 745f746e756f6366 May 03 17:19:05.719491 surfacebook2 kernel: R10: 3b30206e6f206e6f R11: 697469646461203a R12: ffff8f21735b52a8 May 03 17:19:05.719528 surfacebook2 kernel: R13: ffff8f218e244010 R14: ffff8f1f928e6000 R15: 0000000000000000 May 03 17:19:05.719562 surfacebook2 kernel: FS: 00007f45db870340(0000) GS:ffff8f21e7500000(0000) knlGS:0000000000000000 May 03 17:19:05.719601 surfacebook2 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 03 17:19:05.719632 surfacebook2 kernel: CR2: 0000000000000000 CR3: 000000014a2d8001 CR4: 00000000003706f0 May 03 17:19:05.719677 surfacebook2 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 03 17:19:05.719718 surfacebook2 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 03 17:19:05.719755 surfacebook2 kernel: Call Trace: May 03 17:19:05.721687 surfacebook2 kernel: May 03 17:19:05.721743 surfacebook2 kernel: ? __die+0x23/0x70 May 03 17:19:05.721798 surfacebook2 kernel: ? page_fault_oops+0x174/0x540 May 03 17:19:05.721835 surfacebook2 kernel: ? refcount_warn_saturate+0xe5/0x110 May 03 17:19:05.721863 surfacebook2 kernel: ? exc_page_fault+0x7f/0x180 May 03 17:19:05.721896 surfacebook2 kernel: ? asm_exc_page_fault+0x26/0x30 May 03 17:19:05.721928 surfacebook2 kernel: ? kthread_stop+0x47/0x180 May 03 17:19:05.721959 surfacebook2 kernel: ipts_thread_stop+0x32/0x60 [ipts] May 03 17:19:05.721991 surfacebook2 kernel: ipts_receiver_stop+0x22/0x60 [ipts] May 03 17:19:05.722020 surfacebook2 kernel: _ipts_control_stop+0x32/0xa0 [ipts] May 03 17:19:05.722047 surfacebook2 kernel: ipts_control_restart+0x12/0x30 [ipts] May 03 17:19:05.722068 surfacebook2 kernel: ipts_eds1_raw_request+0x51/0xc0 [ipts] May 03 17:19:05.722095 surfacebook2 kernel: hidraw_send_report.isra.0+0xc1/0x1c0 May 03 17:19:05.722121 surfacebook2 kernel: hidraw_ioctl+0x26f/0x3c0 May 03 17:19:05.722149 surfacebook2 kernel: __x64_sys_ioctl+0x94/0xd0 May 03 17:19:05.722181 surfacebook2 kernel: do_syscall_64+0x83/0x170 May 03 17:19:05.722208 surfacebook2 kernel: ? syscall_exit_to_user_mode+0x83/0x230 May 03 17:19:05.722235 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.722257 surfacebook2 kernel: ? ksys_write+0xb9/0xf0 May 03 17:19:05.722283 surfacebook2 kernel: ? do_sigaction+0x151/0x2d0 May 03 17:19:05.722309 surfacebook2 kernel: ? __x64_sys_rt_sigaction+0x118/0x140 May 03 17:19:05.722336 surfacebook2 kernel: ? syscall_exit_to_user_mode+0x83/0x230 May 03 17:19:05.722362 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.722384 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.722410 surfacebook2 kernel: ? do_syscall_64+0x8f/0x170 May 03 17:19:05.722436 surfacebook2 kernel: ? exc_page_fault+0x7f/0x180 May 03 17:19:05.722462 surfacebook2 kernel: entry_SYSCALL_64_after_hwframe+0x78/0x80 May 03 17:19:05.722489 surfacebook2 kernel: RIP: 0033:0x7f45db4f9d2d May 03 17:19:05.722521 surfacebook2 kernel: Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 May 03 17:19:05.722550 surfacebook2 kernel: RSP: 002b:00007ffec3ce1330 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 May 03 17:19:05.722578 surfacebook2 kernel: RAX: ffffffffffffffda RBX: 00007ffec3ce1f50 RCX: 00007f45db4f9d2d May 03 17:19:05.722609 surfacebook2 kernel: RDX: 00007ffec3ce1406 RSI: 00000000c0024806 RDI: 0000000000000003 May 03 17:19:05.722639 surfacebook2 kernel: RBP: 00007ffec3ce1380 R08: 0000000000000020 R09: 0000000000000001 May 03 17:19:05.722703 surfacebook2 kernel: R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 May 03 17:19:05.722733 surfacebook2 kernel: R13: 00007ffec3ce13b0 R14: 00007ffec3ce1c20 R15: 00007ffec3ce1f40 May 03 17:19:05.722760 surfacebook2 kernel: May 03 17:19:05.722819 surfacebook2 kernel: Modules linked in: binfmt_misc rfcomm snd_seq_dummy snd_hrtimer bnep btusb btrtl btintel btbcm btmtk bluetooth nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr snd_sof_pci_intel_skl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils soundwire_generic_allocation soundwire_bus snd_soc_avs snd_soc_hda_codec snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_soc_acpi uinput snd_soc_core snd_hda_codec_hdmi snd_compress ac97_bus snd_pcm_dmaengine snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel intel_uncore_frequency intel_uncore_frequency_common snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp May 03 17:19:05.722927 surfacebook2 kernel: coretemp snd_hda_core iTCO_wdt kvm_intel intel_pmc_bxt snd_hwdep iTCO_vendor_support snd_seq kvm mwifiex_pcie mwifiex mei_hdcp ipts mei_pxp snd_seq_device snd_pcm irqbypass intel_rapl_msr rapl surface_platform_profile snd_timer intel_cstate platform_profile cfg80211 sunrpc gpio_keys surface_gpe hid_sensor_gyro_3d hid_sensor_als hid_sensor_rotation snd intel_uncore hid_sensor_accel_3d i2c_i801 hid_sensor_trigger hid_sensor_iio_common industrialio_triggered_buffer kfifo_buf industrialio rfkill i2c_smbus soundcore mei_me mei idma64 intel_pch_thermal processor_thermal_device_pci_legacy processor_thermal_device processor_thermal_wt_hint processor_thermal_rfim ov5693 processor_thermal_rapl v4l2_cci intel_rapl_common v4l2_fwnode v4l2_async processor_thermal_wt_req processor_thermal_power_floor intel_xhci_usb_role_switch processor_thermal_mbox intel_soc_dts_iosf videodev intel_skl_int3472_tps68470 tps68470_regulator clk_tps68470 mc intel_pmc_core intel_skl_int3472_discrete surfacepro3_button surface_dtx May 03 17:19:05.722972 surfacebook2 kernel: surface_acpi_notify surface_hotplug int3400_thermal vfat intel_vsec fat surface_aggregator_registry pmt_telemetry soc_button_array int3403_thermal acpi_thermal_rel int340x_thermal_zone pmt_class acpi_pad dptf_power acpi_tad joydev loop nfnetlink zram hid_sensor_hub intel_ishtp_hid i915 crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic i2c_algo_bit nvme drm_buddy ghash_clmulni_intel ttm nvme_core sha512_ssse3 drm_display_helper sha256_ssse3 nvme_auth sha1_ssse3 intel_ish_ipc cec intel_ishtp video wmi pinctrl_sunrisepoint surface_aggregator crc_itu_t hid_multitouch fuse i2c_dev May 03 17:19:05.723019 surfacebook2 kernel: CR2: 0000000000000000 May 03 17:19:05.723061 surfacebook2 kernel: ---[ end trace 0000000000000000 ]--- May 03 17:19:05.723095 surfacebook2 kernel: RIP: 0010:kthread_stop+0x47/0x180 May 03 17:19:05.723131 surfacebook2 kernel: Code: 00 f0 0f c1 43 28 85 c0 0f 84 3c 01 00 00 8d 50 01 09 c2 0f 88 01 01 00 00 f6 43 2e 20 0f 84 0e 01 00 00 48 8b ab 78 0a 00 00 80 4d 00 02 48 89 df e8 5c f5 ff ff f0 80 4b 02 02 48 89 df e8 May 03 17:19:05.723168 surfacebook2 kernel: RSP: 0018:ffffb13206febc70 EFLAGS: 00010202 May 03 17:19:05.723191 surfacebook2 kernel: RAX: 0000000000000000 RBX: ffff8f21735b5280 RCX: 0000000000000027 May 03 17:19:05.723227 surfacebook2 kernel: RDX: ffff8f21e75218c8 RSI: 0000000000000001 RDI: ffff8f21e75218c0 May 03 17:19:05.723265 surfacebook2 kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 745f746e756f6366 May 03 17:19:05.723304 surfacebook2 kernel: R10: 3b30206e6f206e6f R11: 697469646461203a R12: ffff8f21735b52a8 May 03 17:19:05.723342 surfacebook2 kernel: R13: ffff8f218e244010 R14: ffff8f1f928e6000 R15: 0000000000000000 May 03 17:19:05.723381 surfacebook2 kernel: FS: 00007f45db870340(0000) GS:ffff8f21e7500000(0000) knlGS:0000000000000000 May 03 17:19:05.723420 surfacebook2 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 03 17:19:05.723455 surfacebook2 kernel: CR2: 0000000000000000 CR3: 000000014a2d8001 CR4: 00000000003706f0 May 03 17:19:05.723490 surfacebook2 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 03 17:19:05.723529 surfacebook2 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 03 17:19:05.723567 surfacebook2 kernel: note: iptsd[4530] exited with irqs disabled May 03 17:19:08.797955 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: trying to associate to bssid 92:a2:f4:08:07:07 May 03 17:19:08.887378 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: associated to bssid 92:a2:f4:08:07:07 successfully May 03 17:31:09.968783 surfacebook2 kernel: mwifiex_pcie 0000:01:00.0: info: successfully disconnected from 92:a2:f4:08:07:07: reason code 3 May 03 17:35:37.767819 surfacebook2 kernel: kauditd_printk_skb: 30 callbacks suppressed May 03 17:35:37.767891 surfacebook2 kernel: audit: type=1305 audit(1714750537.766:307): op=set audit_pid=0 old=783 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 May 03 17:35:37.768818 surfacebook2 kernel: audit: type=1131 audit(1714750537.767:308): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.768859 surfacebook2 kernel: audit: type=1131 audit(1714750537.768:309): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.789795 surfacebook2 kernel: audit: type=1131 audit(1714750537.788:310): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-fsck@dev-disk-by\x2duuid-7DFB\x2d9205 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.798812 surfacebook2 kernel: EXT4-fs (nvme0n1p2): unmounting filesystem c11bfc3d-900b-494c-ab0a-8e94038628f9. May 03 17:35:37.818073 surfacebook2 kernel: zram0: detected capacity change from 16078848 to 0 May 03 17:35:37.818781 surfacebook2 kernel: audit: type=1131 audit(1714750537.817:311): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-fsck@dev-disk-by\x2duuid-c11bfc3d\x2d900b\x2d494c\x2dab0a\x2d8e94038628f9 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.820795 surfacebook2 kernel: audit: type=1131 audit(1714750537.819:312): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-remount-fs comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.820844 surfacebook2 kernel: audit: type=1131 audit(1714750537.819:313): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setup-dev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.820872 surfacebook2 kernel: audit: type=1131 audit(1714750537.819:314): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setup-dev-early comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.837797 surfacebook2 kernel: audit: type=1131 audit(1714750537.836:315): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-zram-setup@zram0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:37.866784 surfacebook2 kernel: audit: type=1131 audit(1714750537.865:316): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lvm2-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' May 03 17:35:38.049800 surfacebook2 kernel: watchdog: watchdog0: watchdog did not stop! May 03 17:35:38.073822 surfacebook2 systemd-shutdown[1]: Using hardware watchdog 'iTCO_wdt', version 4, device /dev/watchdog0 May 03 17:35:38.075120 surfacebook2 systemd-shutdown[1]: Watchdog running with a timeout of 10min. May 03 17:35:38.080807 surfacebook2 systemd-shutdown[1]: Syncing filesystems and block devices. May 03 17:35:38.099827 surfacebook2 systemd-shutdown[1]: Sending SIGTERM to remaining processes... May 03 17:35:38.099960 surfacebook2 systemd-journald[595]: Received SIGTERM from PID 1 (systemd-shutdow). ```

linux-surface / linux-surface