https://bugzilla.kernel.org/show_bug.cgi?id=213203 Bug ID: 213203 Summary: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] when ASUS USB-BT500 bluetooth dongle is connected Product: Drivers Version: 2.5 Kernel Version: 5.13-rc3 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Bluetooth Assignee: linux-bluetooth@xxxxxxxxxxxxxxx Reporter: erhard_f@xxxxxxxxxxx Regression: No Created attachment 296971 --> https://bugzilla.kernel.org/attachment.cgi?id=296971&action=edit kernel dmesg (5.13-rc3, AMD A10 PRO-7800B) Getting this at shutdown with my ASUS USB-BT500 bluetooth dongle connected: [...] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 110 Comm: kworker/u9:0 Not tainted 5.13.0-rc3-bdver3 #4 Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./FM2A88M Pro3+, BIOS P2.60 01/11/2016 Workqueue: hci0 hci_power_off [bluetooth] RIP: 0010:smp_del_chan+0x35/0x12f [bluetooth] Code: c1 ea 03 48 c1 e0 2a 55 48 89 fd 80 3c 02 00 74 05 e8 70 df 43 d2 4c 8b 65 00 b8 ff ff 37 00 48 c1 e0 2a 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 74 08 4c 89 e7 e8 4e df 43 d2 4d 8b 24 24 b8 ff ff 37 RSP: 0018:ffff88811896fca0 EFLAGS: 00010256 RAX: dffffc0000000000 RBX: ffff88811fb6a000 RCX: 1ffff1102312df86 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88816e770800 RBP: ffff88816e770800 R08: ffffed1023f6d403 R09: ffff88811fb6a017 R10: 0000000000000001 R11: ffffffff94fabad1 R12: 0000000000000000 R13: ffff88811fb6a0a8 R14: dffffc0000000000 R15: ffff88811fb6b758 FS: 0000000000000000(0000) GS:ffff888377f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6acdb50000 CR3: 000000012f1fc000 CR4: 00000000000506e0 Call Trace: smp_unregister+0x42/0x83 [bluetooth] hci_dev_do_close+0x455/0x7b1 [bluetooth] ? hci_inquiry+0x58f/0x58f [bluetooth] ? rcu_read_lock_sched_held+0x73/0xc8 process_one_work+0x625/0x99f ? rcu_read_unlock+0x59/0x59 ? cancel_delayed_work+0xe9/0xe9 ? __raw_spin_lock_init+0xf0/0xf0 worker_thread+0x47a/0x597 ? __kthread_parkme+0x6f/0xc3 kthread+0x2b6/0x2c5 ? drain_workqueue+0x268/0x268 ? kthread_unpark+0x82/0x82 ret_from_fork+0x22/0x30 Modules linked in: rfcomm cmac bnep dm_crypt nhpoly1305_sse2 nhpoly1305 chacha_generic chacha_x86_64 libchacha adiantum libpoly1305 algif_skcipher dm_mod input_leds joydev btusb btrtl btbcm hid_generic btintel bluetooth jitterentropy_rng usbhid hid drbg ansi_cprng ecdh_generic ecc rfkill raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx md_mod evdev amdgpu edac_mce_amd crc32_generic crc32_pclmul ohci_pci f2fs lz4hc_compress lz4_compress lz4_decompress aesni_intel libaes crypto_simd cryptd k10temp fam15h_power i2c_piix4 ext4 snd_hda_codec_realtek crc16 snd_hda_codec_generic mbcache ledtrig_audio drm_ttm_helper led_class jbd2 ttm snd_hda_codec_hdmi mfd_core snd_hda_intel gpu_sched i2c_algo_bit snd_intel_dspcfg xhci_pci snd_hda_codec drm_kms_helper ohci_hcd ehci_pci snd_hwdep cfbfillrect ehci_hcd syscopyarea cfbimgblt sysfillrect snd_hda_core xhci_hcd sysimgblt acpi_cpufreq fb_sys_fops cfbcopyarea snd_pcm snd_timer fb usbcore font video snd usb_common fbdev soundcore button processor zram zsmalloc nct6775 hwmon_vid hwmon nfsd auth_rpcgss lockd drm grace drm_panel_orientation_quirks fuse backlight configfs sunrpc efivarfs ---[ end trace ef1888241aeb31e2 ]--- RIP: 0010:smp_del_chan+0x35/0x12f [bluetooth] Code: c1 ea 03 48 c1 e0 2a 55 48 89 fd 80 3c 02 00 74 05 e8 70 df 43 d2 4c 8b 65 00 b8 ff ff 37 00 48 c1 e0 2a 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 74 08 4c 89 e7 e8 4e df 43 d2 4d 8b 24 24 b8 ff ff 37 RSP: 0018:ffff88811896fca0 EFLAGS: 00010256 RAX: dffffc0000000000 RBX: ffff88811fb6a000 RCX: 1ffff1102312df86 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88816e770800 RBP: ffff88816e770800 R08: ffffed1023f6d403 R09: ffff88811fb6a017 R10: 0000000000000001 R11: ffffffff94fabad1 R12: 0000000000000000 R13: ffff88811fb6a0a8 R14: dffffc0000000000 R15: ffff88811fb6b758 FS: 0000000000000000(0000) GS:ffff888377f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6acdb50000 CR3: 000000012f1fc000 CR4: 00000000000506e0 [...] # inxi -bZ System: Host: yea Kernel: 5.13.0-rc3-bdver3 x86_64 bits: 64 Console: tty 1 Distro: Gentoo Base System release 2.7 Machine: Type: Desktop Mobo: ASRock model: FM2A88M Pro3+ serial: N/A UEFI: American Megatrends v: P2.60 date: 01/11/2016 CPU: Info: Quad Core AMD A10 PRO-7800B R7 12 Compute Cores 4C+8G [MCP] speed: 1897 MHz min/max: 1400/3500 MHz Graphics: Device-1: Advanced Micro Devices [AMD/ATI] Kaveri [Radeon R7 Graphics] driver: amdgpu v: kernel Display: server: X.org 1.20.11 driver: amdgpu,ati unloaded: fbdev,modesetting tty: 211x54 Message: Advanced graphics data unavailable in console for root. Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet driver: r8169 # lsusb -s 007:002 -v Bus 007 Device 002: ID 0b05:190e ASUSTek Computer, Inc. ASUS USB-BT500 Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.10 bDeviceClass 224 Wireless bDeviceSubClass 1 Radio Frequency bDeviceProtocol 1 Bluetooth bMaxPacketSize0 64 idVendor 0x0b05 ASUSTek Computer, Inc. idProduct 0x190e bcdDevice 2.00 iManufacturer 1 Realtek iProduct 2 ASUS USB-BT500 iSerial 3 00E04C239987 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 0x00b1 bNumInterfaces 2 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xe0 Self Powered Remote Wakeup MaxPower 500mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 1 Bluetooth iInterface 4 Bluetooth Radio Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0010 1x 16 bytes bInterval 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 1 Bluetooth iInterface 4 Bluetooth Radio Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0000 1x 0 bytes bInterval 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0000 1x 0 bytes bInterval 1 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 1 bNumEndpoints 2 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 1 Bluetooth iInterface 4 Bluetooth Radio Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0009 1x 9 bytes bInterval 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0009 1x 9 bytes bInterval 1 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 2 bNumEndpoints 2 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 1 Bluetooth iInterface 4 Bluetooth Radio Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0011 1x 17 bytes bInterval 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0011 1x 17 bytes bInterval 1 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 3 bNumEndpoints 2 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 1 Bluetooth iInterface 4 Bluetooth Radio Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0019 1x 25 bytes bInterval 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0019 1x 25 bytes bInterval 1 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 4 bNumEndpoints 2 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 1 Bluetooth iInterface 4 Bluetooth Radio Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0021 1x 33 bytes bInterval 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0021 1x 33 bytes bInterval 1 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 5 bNumEndpoints 2 bInterfaceClass 224 Wireless bInterfaceSubClass 1 Radio Frequency bInterfaceProtocol 1 Bluetooth iInterface 4 Bluetooth Radio Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0031 1x 49 bytes bInterval 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 1 Transfer Type Isochronous Synch Type None Usage Type Data wMaxPacketSize 0x0031 1x 49 bytes bInterval 1 can't get debug descriptor: Resource temporarily unavailable Device Status: 0x0001 Self Powered -- You may reply to this email to add a comment. You are receiving this mail because: You are the assignee for the bug.
