On Mon, Dec 30, 2024 at 01:51:58PM +0300, Fedor Pchelkin wrote:
> On 6.12 there is a kernel crash during the release of btusb Mediatek
> device.
>
> list_del corruption, ffff8aae1f024000->next is LIST_POISON1 (dead000000000100)
> ------------[ cut here ]------------
> kernel BUG at lib/list_debug.c:56!
> Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
> CPU: 3 UID: 0 PID: 3770 Comm: qemu-system-x86 Tainted: G W 6.12.5-200.fc41.x86_64 #1
> Tainted: [W]=WARN
> Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024
> RIP: 0010:__list_del_entry_valid_or_report.cold+0x5c/0x6f
> Call Trace:
> <TASK>
> hci_unregister_dev+0x46/0x1f0 [bluetooth]
> btusb_disconnect+0x67/0x170 [btusb]
> usb_unbind_interface+0x95/0x2d0
> device_release_driver_internal+0x19c/0x200
> proc_ioctl+0x1be/0x230
> usbdev_ioctl+0x6bd/0x1430
> __x64_sys_ioctl+0x91/0xd0
> do_syscall_64+0x82/0x160
> entry_SYSCALL_64_after_hwframe+0x76/0x7e
>
> Note: Taint is due to the amdgpu warnings, totally unrelated to the
> issue.
>
> The bug has been fixed "silently" in upstream with the following series
> of 4 commits [1]:
>
> ad0c6f603bb0 ("Bluetooth: btusb: mediatek: move Bluetooth power off command position")
> cea1805f165c ("Bluetooth: btusb: mediatek: add callback function in btusb_disconnect")
> 489304e67087 ("Bluetooth: btusb: mediatek: add intf release flow when usb disconnect")
> defc33b5541e ("Bluetooth: btusb: mediatek: change the conditions for ISO interface")
>
> These commits can be cleanly cherry-picked to 6.12.y and I may confirm
> they fix the problem.
>
> FWIW, the offending commit is ceac1cb0259d ("Bluetooth: btusb: mediatek:
> add ISO data transmission functions") and it is present in 6.11.y and
> 6.12.y.
>
> 6.11.y is EOL, so please apply the patches to 6.12.y.
All now queued up, thanks.
greg k-h
