lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 25 Jun 2020 14:17:54 -0700
From:   Miao-chen Chou <mcchou@...omium.org>
To:     Marcel Holtmann <marcel@...tmann.org>
Cc:     Pavel Machek <pavel@....cz>,
        kernel list <linux-kernel@...r.kernel.org>,
        Johan Hedberg <johan.hedberg@...il.com>,
        BlueZ <linux-bluetooth@...r.kernel.org>,
        gregkh@...uxfoundation.org, linux-usb@...r.kernel.org
Subject: Re: next-20200623: oops in btusb_disconnect() at boot on thinkpad x60

Hi Marcel and all,

Thanks for the note here. 8208f5a9d435e58ee7f53a24d9ccbe7787944537 is
the cause of this, I will upload a fix shortly to address the
distinguishment between tearing down hdev and user space request.

Regards,
Miao


On Tue, Jun 23, 2020 at 11:44 PM Marcel Holtmann <marcel@...tmann.org> wrote:
>
> Hi Pavel,
>
> > I'm getting this at boot:
> >
> > [    7.984584] *pdpt = 0000000033a31001 *pde = 0000000000000000
> > [    7.984584] Oops: 0000 [#1] PREEMPT SMP PTI
> > [    7.984584] CPU: 1 PID: 2532 Comm: systemd-udevd Not tainted
> > 5.8.0-rc2-next-20200623+ #126
> > [    7.998580] Hardware name: LENOVO 17097HU/17097HU, BIOS 7BETD8WW
> > (2.19 ) 03/31/2011
> > [    8.000592] EIP: __queue_work+0x139/0x320
> > [    8.000592] Code: 90 83 7d f0 08 0f 84 b6 00 00 00 8b 45 ec 8b 9f
> > 04 01 00 00 03 1c 85 40 63 1f c5 89 f0 e8 df f8 ff ff 85 c0 0f 85 4f
> > ff ff ff <8b> 03 e9 50 ff ff ff 89 45 e4 e8 48 0a cb 00 8b 4d e8 8b 45
> > e4 8b
> > [    8.007883] EAX: 00000000 EBX: 00000000 ECX: 47d88848 EDX: 03ffffff
> > [    8.007883] ESI: f4a348bc EDI: f492a600 EBP: f3b1dd0c ESP: f3b1dcf0
> > [    8.019981] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS:
> > 00010046
> > [    8.023156] CR0: 80050033 CR2: 00000000 CR3: 33b1e000 CR4: 000006b0
> > [    8.028892] Call Trace:
> > [    8.034199]  queue_work_on+0x1d/0x30
> > [    8.034199]  hci_adv_monitors_clear+0x5c/0x80
> > [    8.042158]  hci_unregister_dev+0x161/0x2f0
> > [    8.042158]  ? usb_disable_endpoint+0x94/0xa0
> > [    8.042158]  btusb_disconnect+0x4b/0x120
> > [    8.057018]  usb_unbind_interface+0x64/0x230
> > [    8.057018]  device_release_driver_internal+0xc1/0x180
> > [    8.065196]  device_release_driver+0xc/0x10
> > [    8.068040]  bus_remove_device+0xa8/0x110
> > [    8.071767]  device_del+0x126/0x370
> > [    8.071767]  ? usb_remove_ep_devs+0x15/0x20
> > [    8.079199]  ? remove_intf_ep_devs+0x30/0x50
> > [    8.081371]  usb_disable_device+0x8e/0x240
> > [    8.087478]  usb_set_configuration+0x47c/0x800
> > [    8.087478]  usb_deauthorize_device+0x36/0x50
> > [    8.092662]  authorized_store+0x5d/0x70
> > [    8.096608]  ? authorized_default_store+0x60/0x60
> > [    8.096608]  dev_attr_store+0x13/0x20
> > [    8.096608]  ? component_bind_all.cold+0x52/0x52
> > [    8.106151]  sysfs_kf_write+0x2f/0x50
> > [    8.106151]  ? sysfs_file_ops+0x50/0x50
> > [    8.106151]  kernfs_fop_write+0x105/0x1a0
> > [    8.106151]  ? kernfs_fop_open+0x3c0/0x3c0
> > [    8.106151]  __vfs_write+0x2b/0x1e0
> > [    8.106151]  ? lock_acquire+0x3f/0x70
> > [    8.106151]  ? vfs_write+0x12a/0x180
> > [    8.106151]  ? __sb_start_write+0xd6/0x180
> > [    8.106151]  ? vfs_write+0x12a/0x180
> > [    8.106151]  vfs_write+0xa1/0x180
> > [    8.106151]  ksys_write+0x5c/0xd0
> > [    8.106151]  __ia32_sys_write+0x10/0x20
> > [    8.106151]  do_syscall_32_irqs_on+0x3a/0xf0
> > [    8.106151]  do_int80_syscall_32+0x9/0x20
> > [    8.106151]  entry_INT80_32+0x116/0x116
> > [    8.106151] EIP: 0xb7f45092
> > [    8.106151] Code: Bad RIP value.
> > [    8.146079] EAX: ffffffda EBX: 00000007 ECX: 004fb760 EDX: 00000001
> > [    8.146079] ESI: 004fb760 EDI: 00000001 EBP: 004c79f0 ESP: bfabc48c
> > [    8.146079] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS:
> > 00000246
> > [    8.150364] Modules linked in:
> > [    8.150364] CR2: 0000000000000000
> > [    8.150364] ---[ end trace 468d097aaf220284 ]---
>
> I assume this is caused by commit e5e1e7fd470ccf2eb38ab7fb5a3ab0fc4792fe53 and mainly because it triggers the background scan workqueue. I think we need to distinguish clearing the monitors when removing the controller compared to clearing the controllers from bluetoothd as a runtime operation.
>
> Regards
>
> Marcel
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ