| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 09:30:40 +0700
From: Ammar Faizi <ammarfaizi2@...weeb.org>
To: Hillf Danton <hdanton@...a.com>
Cc: Lin Ma <linma@....edu.cn>, Marcel Holtmann <marcel@...tmann.org>,
"Anand K. Mistry" <amistry@...gle.com>,
Ammar Faizi <ammarfaizi2@...il.com>,
Bluez <linux-bluetooth@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: WARNING: possible circular locking dependency detected
(hci_sock_dev_event+0x17d/0x1f0)
On Sat, Aug 7, 2021 at 7:45 PM Hillf Danton <hdanton@...a.com> wrote:
>
> On Sat, 7 Aug 2021 18:28:45 +0800 Ammar Faizi wrote:
>>Hi Hillf,
>>Hi Lin,
>>
>>Sorry for the delay, my infrastructure is small, can't do fast build.
>>
>>So, I have tried to comprehend and test the UAF bug. But I couldn't
>>reproduce it on my machine. However, I found another warning.
>>
>
> Thanks again for sharing it.
>
>>Here I want to tell the detailed story again:
>>
>>I found the deadlock warning at 5.14.0-rc3 with commit hash
>>c7d102232649226a69dddd58a4942cf13cff4f7c ("Merge tag 'net-5.14-rc4' of
>>git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net").
>>
>>After I reported the deadlock warning, Hillf Danton <hdanton@...a.com>
>>asked me to revert this commit hash and test again:
>>e305509e678b3a4af2b3cfd410f409f7cdaabb52
>>("Bluetooth: use correct lock to prevent UAF of hdev object")
>>
>>After I reverted that commit, the deadlock warning is gone. That's good.
>>
>>See the original report here:
>>https://lore.kernel.org/lkml/2c40741c-8c8f-a105-1846-aa1ed15a6c7e@gnuweeb.org/
>>
>>But reverting your commit may lead to UAF bug come back. So I CC'ed you
>>the other day.
>>
>>Now I am at 5.14.0-rc3 51207ee38ab65db86554655300a912e8c661525e
>>("Revert "Bluetooth: use correct lock to prevent UAF of hdev object"")
>>this is my local revert commit.
>>
>>And then I tried to reproduce the UAF bug as the link you sent explains.
>>But I couldn't reproduce it. I found another warning while playing
>>around with the POC. Here is the warning I found:
>>
>>I attached full kernel log (dmesg.txt) and kernel config (config) for
>>further reading. Any instruction what should I do next?
>
> In the mainline tree, I see
> e04480920d1e ("Bluetooth: defer cleanup of resources in
hci_unregister_dev()")
> 0ea9fd001a14 ("Bluetooth: Shutdown controller after workqueues are
flushed or cancelled")
>
> check and revert both in your local tree, then play around with the POC
> again and see what will happen.
>
Hi Hillf,
Hi Lin,
Sorry for the delay, I had a bit busy time lately.
So, I was at 5.14.0-rc4 (mainline) with commit hash
85a90500f9a1717c4e142ce92e6c1cb1a339ec78 ("Merge tag
'io_uring-5.14-2021-08-07' of git://git.kernel.dk/linux-block")
And then I reverted these two commits:
e04480920d1e ("Bluetooth: defer cleanup of resources in
hci_unregister_dev()")
0ea9fd001a14 ("Bluetooth: Shutdown controller after workqueues are
flushed or cancelled")
Then playing around with the POC, here is what I got.
Summary:
- The warning at kernel/workqueue.c:1419 still occurs.
- I got a NULL pointer dereference in __queue_work+0x237/0x700
I attached full kernel log (dmesg.txt) and (config) for further reading.
Warning here:
<4>[ 656.457258][ T5406] ------------[ cut here ]------------
<4>[ 656.457269][ T5406] WARNING: CPU: 3 PID: 5406 at
kernel/workqueue.c:1419 __queue_work+0x641/0x700
<4>[ 656.457300][ T5406] Modules linked in: hci_uart btqca rfcomm
xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4
xt_tcpudp nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 nft_counter nf_tables nfnetlink bridge stp llc bfq cmac
algif_hash algif_skcipher af_alg bnep dm_multipath scsi_dh_rdac
scsi_dh_emc scsi_dh_alua snd_hda_codec_realtek snd_hda_codec_generic
ledtrig_audio snd_hda_codec_hdmi snd_hda_intel btusb snd_intel_dspcfg
snd_intel_sdw_acpi uvcvideo btrtl snd_hda_codec btbcm btintel
snd_hda_core videobuf2_vmalloc bluetooth videobuf2_memops edac_mce_amd
videobuf2_v4l2 snd_hwdep kvm_amd videobuf2_common snd_pcm ecdh_generic
ecc videodev kvm snd_seq_midi snd_seq_midi_event mc snd_rawmidi
input_leds acer_wmi sparse_keymap wmi_bmof serio_raw snd_seq wl(OE)
snd_seq_device snd_timer cfg80211 snd soundcore mac_hid ccp fam15h_power
k10temp sch_fq_codel msr ip_tables x_tables autofs4 btrfs
blake2b_generic raid10 raid456 async_raid6_recov
<4>[ 656.458197][ T5406] async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c raid1 raid0 multipath linear amdgpu iommu_v2
gpu_sched radeon i2c_algo_bit drm_ttm_helper hid_generic ttm usbhid
drm_kms_helper hid rtsx_pci_sdmmc syscopyarea sysfillrect
crct10dif_pclmul sysimgblt crc32_pclmul ghash_clmulni_intel fb_sys_fops
cec rc_core aesni_intel crypto_simd sdhci_pci cryptd cqhci drm r8169
xhci_pci psmouse xhci_pci_renesas ahci realtek sdhci i2c_piix4 rtsx_pci
wmi libahci video
<4>[ 656.458709][ T5406] CPU: 3 PID: 5406 Comm: kworker/3:15 Tainted: G
OE 5.14.0-rc4-bluetea-test-uaf-00261-gec54afa78398-dirty #10
<4>[ 656.458732][ T5406] Hardware name: Acer Aspire ES1-421/OLVIA_BE,
BIOS V1.05 07/02/2015
<4>[ 656.458747][ T5406] Workqueue: events hci_cmd_timeout [bluetooth]
<4>[ 656.459040][ T5406] RIP: 0010:__queue_work+0x641/0x700
<4>[ 656.459061][ T5406] Code: fc ff ff 65 8b 05 ff cb ef 7e a9 00 01
ff 00 75 19 65 4c 8b 2c 25 00 fe 01 00 49 8d 7d 2c e8 36 e6 3a 00 41 f6
45 2c 20 75 25 <0f> 0b 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f
0b e9 d9 fc
<4>[ 656.459080][ T5406] RSP: 0018:ffff88814d58fcd0 EFLAGS: 00010006
<4>[ 656.459103][ T5406] RAX: 0000000000000000 RBX: ffff8882acdbca00
RCX: ffffffff8112322c
<4>[ 656.459118][ T5406] RDX: dffffc0000000000 RSI: ffff888194a66000
RDI: ffff8882acdbca08
<4>[ 656.459133][ T5406] RBP: ffff88814a7c0b30 R08: ffffffff8112f432
R09: ffff88814a7c0b37
<4>[ 656.459148][ T5406] R10: ffffed10294f8166 R11: 0000000000000001
R12: ffff888194a66000
<4>[ 656.459164][ T5406] R13: ffff88816fa6c640 R14: ffff888194a661c0
R15: ffff8882acdbca00
<4>[ 656.459179][ T5406] FS: 0000000000000000(0000)
GS:ffff8882acd80000(0000) knlGS:0000000000000000
<4>[ 656.459195][ T5406] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 656.459210][ T5406] CR2: 00007ff1d51a5ef8 CR3: 0000000193804000
CR4: 00000000000406e0
<4>[ 656.459225][ T5406] Call Trace:
<4>[ 656.459287][ T5406] queue_work_on+0xa0/0xb0
<4>[ 656.459328][ T5406] process_one_work+0x4ce/0x980
<4>[ 656.459401][ T5406] ? pwq_dec_nr_in_flight+0x110/0x110
<4>[ 656.459456][ T5406] ? rwlock_bug.part.0+0x60/0x60
<4>[ 656.459536][ T5406] worker_thread+0x2d4/0x6e0
<4>[ 656.459602][ T5406] ? process_one_work+0x980/0x980
<4>[ 656.459641][ T5406] kthread+0x1e0/0x210
<4>[ 656.459667][ T5406] ? set_kthread_struct+0x80/0x80
<4>[ 656.459709][ T5406] ret_from_fork+0x1f/0x30
<4>[ 656.459822][ T5406] irq event stamp: 18116
<4>[ 656.459833][ T5406] hardirqs last enabled at (18115):
[<ffffffff811c537f>] console_unlock+0x64f/0x760
<4>[ 656.459858][ T5406] hardirqs last disabled at (18116):
[<ffffffff811234e1>] queue_work_on+0x71/0xb0
<4>[ 656.459878][ T5406] softirqs last enabled at (17176):
[<ffffffff810f748a>] __irq_exit_rcu+0xea/0x110
<4>[ 656.459898][ T5406] softirqs last disabled at (17135):
[<ffffffff810f748a>] __irq_exit_rcu+0xea/0x110
<4>[ 656.459917][ T5406] ---[ end trace d4d4690a9f53f886 ]---
NULL pointer dereference here:
<3>[ 660.170484][ T2728]
==================================================================
<3>[ 660.189475][ T2728] BUG: KASAN: null-ptr-deref in
__queue_work+0x237/0x700
<3>[ 660.189528][ T2728] Read of size 8 at addr 0000000000000000 by
task bluetoothd/2728
<3>[ 660.189558][ T2728]
<3>[ 660.189583][ T2728] CPU: 1 PID: 2728 Comm: bluetoothd Tainted: G
W OE 5.14.0-rc4-bluetea-test-uaf-00261-gec54afa78398-dirty #10
<3>[ 660.189618][ T2728] Hardware name: Acer Aspire ES1-421/OLVIA_BE,
BIOS V1.05 07/02/2015
<3>[ 660.189645][ T2728] Call Trace:
<3>[ 660.189677][ T2728] dump_stack_lvl+0x6a/0x9a
<3>[ 660.189717][ T2728] ? __queue_work+0x237/0x700
<3>[ 660.189748][ T2728] kasan_report.cold+0x116/0x11b
<3>[ 660.189807][ T2728] ? __queue_work+0x237/0x700
<3>[ 660.189866][ T2728] __queue_work+0x237/0x700
<3>[ 660.189949][ T2728] queue_work_on+0xa0/0xb0
<3>[ 660.190012][ T2728] remove_device+0x361/0x7d0 [bluetooth]
<3>[ 660.190364][ T2728] ?
read_local_oob_ext_data_complete+0x5b0/0x5b0 [bluetooth]
<3>[ 660.190674][ T2728] ? lock_is_held_type+0xed/0x120
<3>[ 660.190779][ T2728] hci_sock_sendmsg+0xd80/0xf50 [bluetooth]
<3>[ 660.191108][ T2728] ? hci_sock_compat_ioctl+0x20/0x20 [bluetooth]
<3>[ 660.191373][ T2728] ? aa_file_perm+0x2a2/0x830
<3>[ 660.191435][ T2728] ? hci_sock_compat_ioctl+0x20/0x20 [bluetooth]
<3>[ 660.191718][ T2728] sock_sendmsg+0x6c/0x80
<3>[ 660.191769][ T2728] sock_write_iter+0x130/0x1e0
<3>[ 660.191807][ T2728] ? sock_sendmsg+0x80/0x80
<3>[ 660.191836][ T2728] ? aa_file_perm+0x2c4/0x830
<3>[ 660.191917][ T2728] ? aa_path_link+0x1d0/0x1d0
<3>[ 660.191959][ T2728] ? __lock_acquire+0x847/0x2ca0
<3>[ 660.192046][ T2728] do_iter_readv_writev+0x26b/0x330
<3>[ 660.192106][ T2728] ? new_sync_write+0x360/0x360
<3>[ 660.192191][ T2728] ? apparmor_file_permission+0xda/0x180
<3>[ 660.192277][ T2728] do_iter_write+0xd9/0x2c0
<3>[ 660.192380][ T2728] vfs_writev+0x170/0x370
<3>[ 660.192433][ T2728] ? vfs_iter_write+0x60/0x60
<3>[ 660.192470][ T2728] ? _raw_spin_unlock_irq+0x24/0x40
<3>[ 660.192512][ T2728] ? fsnotify+0x779/0x7f0
<3>[ 660.192547][ T2728] ? _raw_spin_unlock_irq+0x24/0x40
<3>[ 660.192690][ T2728] ? apparmor_file_permission+0xda/0x180
<3>[ 660.192807][ T2728] ? do_writev+0x18b/0x1d0
<3>[ 660.192846][ T2728] do_writev+0x18b/0x1d0
<3>[ 660.192878][ T2728] ? ksys_write+0xde/0x160
<3>[ 660.192920][ T2728] ? vfs_writev+0x370/0x370
<3>[ 660.192978][ T2728] ? lockdep_hardirqs_on_prepare+0x178/0x220
<3>[ 660.193018][ T2728] ? syscall_enter_from_user_mode+0x1d/0x50
<3>[ 660.193083][ T2728] do_syscall_64+0x35/0xb0
<3>[ 660.193127][ T2728] entry_SYSCALL_64_after_hwframe+0x44/0xae
<3>[ 660.193161][ T2728] RIP: 0033:0x7f5bcafb0fa7
<3>[ 660.193197][ T2728] Code: 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff
ff eb b8 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 14
00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48
89 74 24 10
<3>[ 660.193230][ T2728] RSP: 002b:00007ffe2dfea138 EFLAGS: 00000246
ORIG_RAX: 0000000000000014
<3>[ 660.193271][ T2728] RAX: ffffffffffffffda RBX: 00007ffe2dfea160
RCX: 00007f5bcafb0fa7
<3>[ 660.193299][ T2728] RDX: 0000000000000001 RSI: 00007ffe2dfea160
RDI: 0000000000000008
<3>[ 660.193326][ T2728] RBP: 0000000000000008 R08: 0000555ab78511f0
R09: 00007f5bcb21c3a0
<3>[ 660.193352][ T2728] R10: 000000000000000b R11: 0000000000000246
R12: 0000555ab783ca60
<3>[ 660.193379][ T2728] R13: 0000000000000000 R14: 00007f5bcb18f650
R15: 0000555ab78354d0
<3>[ 660.193508][ T2728]
==================================================================
<4>[ 660.193532][ T2728] Disabling lock debugging due to kernel taint
<1>[ 660.193548][ T2728] BUG: kernel NULL pointer dereference, address:
0000000000000000
<1>[ 660.193563][ T2728] #PF: supervisor read access in kernel mode
<1>[ 660.193578][ T2728] #PF: error_code(0x0000) - not-present page
<6>[ 660.193594][ T2728] PGD 0 P4D 0
<4>[ 660.193619][ T2728] Oops: 0000 [#1] SMP KASAN NOPTI
<4>[ 660.193639][ T2728] CPU: 1 PID: 2728 Comm: bluetoothd Tainted: G
B W OE 5.14.0-rc4-bluetea-test-uaf-00261-gec54afa78398-dirty #10
<4>[ 660.193662][ T2728] Hardware name: Acer Aspire ES1-421/OLVIA_BE,
BIOS V1.05 07/02/2015
<4>[ 660.193677][ T2728] RIP: 0010:__queue_work+0x237/0x700
<4>[ 660.193703][ T2728] Code: f6 84 24 c0 01 00 00 02 0f 84 b2 04 00
00 48 89 df e8 8d eb 3a 00 48 8b 3b e8 25 37 30 01 f3 90 e9 94 fe ff ff
e8 79 eb 3a 00 <4c> 8b 2b 4c 89 ef e8 4e 35 30 01 48 8d 7b 18 e8 25 ea
3a 00 8b 43
<4>[ 660.193723][ T2728] RSP: 0018:ffff88815024f7f8 EFLAGS: 00010086
<4>[ 660.193743][ T2728] RAX: 0000000000000001 RBX: 0000000000000000
RCX: dffffc0000000000
<4>[ 660.193758][ T2728] RDX: 0000000000000003 RSI: 0000000000000004
RDI: ffffffff837fd5c0
<4>[ 660.193773][ T2728] RBP: ffff888100bf8c50 R08: ffffffff811b52c6
R09: ffffffff837fd5c3
<4>[ 660.193789][ T2728] R10: fffffbfff06ffab8 R11: 0000000000000001
R12: ffff8881994fd800
<4>[ 660.193805][ T2728] R13: 0000000000000000 R14: ffff8881994fd9c0
R15: ffff888100bf9238
<4>[ 660.193821][ T2728] FS: 00007f5bca9877c0(0000)
GS:ffff8882acc80000(0000) knlGS:0000000000000000
<4>[ 660.193838][ T2728] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 660.193853][ T2728] CR2: 0000000000000000 CR3: 00000001aadf2000
CR4: 00000000000406e0
<4>[ 660.193869][ T2728] Call Trace:
<4>[ 660.193890][ T2728] queue_work_on+0xa0/0xb0
<4>[ 660.193917][ T2728] remove_device+0x361/0x7d0 [bluetooth]
<4>[ 660.194208][ T2728] ?
read_local_oob_ext_data_complete+0x5b0/0x5b0 [bluetooth]
<4>[ 660.194486][ T2728] ? lock_is_held_type+0xed/0x120
<4>[ 660.194517][ T2728] hci_sock_sendmsg+0xd80/0xf50 [bluetooth]
<4>[ 660.194802][ T2728] ? hci_sock_compat_ioctl+0x20/0x20 [bluetooth]
<4>[ 660.195080][ T2728] ? aa_file_perm+0x2a2/0x830
<4>[ 660.195109][ T2728] ? hci_sock_compat_ioctl+0x20/0x20 [bluetooth]
<4>[ 660.195387][ T2728] sock_sendmsg+0x6c/0x80
<4>[ 660.195415][ T2728] sock_write_iter+0x130/0x1e0
<4>[ 660.195438][ T2728] ? sock_sendmsg+0x80/0x80
<4>[ 660.195459][ T2728] ? aa_file_perm+0x2c4/0x830
<4>[ 660.195487][ T2728] ? aa_path_link+0x1d0/0x1d0
<4>[ 660.195508][ T2728] ? __lock_acquire+0x847/0x2ca0
<4>[ 660.195538][ T2728] do_iter_readv_writev+0x26b/0x330
<4>[ 660.195565][ T2728] ? new_sync_write+0x360/0x360
<4>[ 660.195593][ T2728] ? apparmor_file_permission+0xda/0x180
<4>[ 660.195620][ T2728] do_iter_write+0xd9/0x2c0
<4>[ 660.195651][ T2728] vfs_writev+0x170/0x370
<4>[ 660.195675][ T2728] ? vfs_iter_write+0x60/0x60
<4>[ 660.195697][ T2728] ? _raw_spin_unlock_irq+0x24/0x40
<4>[ 660.195719][ T2728] ? fsnotify+0x779/0x7f0
<4>[ 660.195738][ T2728] ? _raw_spin_unlock_irq+0x24/0x40
<4>[ 660.195771][ T2728] ? apparmor_file_permission+0xda/0x180
<4>[ 660.195801][ T2728] ? do_writev+0x18b/0x1d0
<4>[ 660.195823][ T2728] do_writev+0x18b/0x1d0
<4>[ 660.195844][ T2728] ? ksys_write+0xde/0x160
<4>[ 660.195867][ T2728] ? vfs_writev+0x370/0x370
<4>[ 660.195891][ T2728] ? lockdep_hardirqs_on_prepare+0x178/0x220
<4>[ 660.195914][ T2728] ? syscall_enter_from_user_mode+0x1d/0x50
<4>[ 660.195939][ T2728] do_syscall_64+0x35/0xb0
<4>[ 660.195962][ T2728] entry_SYSCALL_64_after_hwframe+0x44/0xae
<4>[ 660.195985][ T2728] RIP: 0033:0x7f5bcafb0fa7
<4>[ 660.196004][ T2728] Code: 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff
ff eb b8 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 14
00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48
89 74 24 10
<4>[ 660.196025][ T2728] RSP: 002b:00007ffe2dfea138 EFLAGS: 00000246
ORIG_RAX: 0000000000000014
<4>[ 660.196048][ T2728] RAX: ffffffffffffffda RBX: 00007ffe2dfea160
RCX: 00007f5bcafb0fa7
<4>[ 660.196064][ T2728] RDX: 0000000000000001 RSI: 00007ffe2dfea160
RDI: 0000000000000008
<4>[ 660.196079][ T2728] RBP: 0000000000000008 R08: 0000555ab78511f0
R09: 00007f5bcb21c3a0
<4>[ 660.196093][ T2728] R10: 000000000000000b R11: 0000000000000246
R12: 0000555ab783ca60
<4>[ 660.196108][ T2728] R13: 0000000000000000 R14: 00007f5bcb18f650
R15: 0000555ab78354d0
<4>[ 660.196135][ T2728] Modules linked in: hci_uart btqca rfcomm
xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4
xt_tcpudp nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 nft_counter nf_tables nfnetlink bridge stp llc bfq cmac
algif_hash algif_skcipher af_alg bnep dm_multipath scsi_dh_rdac
scsi_dh_emc scsi_dh_alua snd_hda_codec_realtek snd_hda_codec_generic
ledtrig_audio snd_hda_codec_hdmi snd_hda_intel btusb snd_intel_dspcfg
snd_intel_sdw_acpi uvcvideo btrtl snd_hda_codec btbcm btintel
snd_hda_core videobuf2_vmalloc bluetooth videobuf2_memops edac_mce_amd
videobuf2_v4l2 snd_hwdep kvm_amd videobuf2_common snd_pcm ecdh_generic
ecc videodev kvm snd_seq_midi snd_seq_midi_event mc snd_rawmidi
input_leds acer_wmi sparse_keymap wmi_bmof serio_raw snd_seq wl(OE)
snd_seq_device snd_timer cfg80211 snd soundcore mac_hid ccp fam15h_power
k10temp sch_fq_codel msr ip_tables x_tables autofs4 btrfs
blake2b_generic raid10 raid456 async_raid6_recov
<4>[ 660.196643][ T2728] async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c raid1 raid0 multipath linear amdgpu iommu_v2
gpu_sched radeon i2c_algo_bit drm_ttm_helper hid_generic ttm usbhid
drm_kms_helper hid rtsx_pci_sdmmc syscopyarea sysfillrect
crct10dif_pclmul sysimgblt crc32_pclmul ghash_clmulni_intel fb_sys_fops
cec rc_core aesni_intel crypto_simd sdhci_pci cryptd cqhci drm r8169
xhci_pci psmouse xhci_pci_renesas ahci realtek sdhci i2c_piix4 rtsx_pci
wmi libahci video
<4>[ 660.196952][ T2728] CR2: 0000000000000000
<4>[ 660.196976][ T2728] ---[ end trace d4d4690a9f53f887 ]---
<4>[ 660.196989][ T2728] RIP: 0010:__queue_work+0x237/0x700
<4>[ 660.197011][ T2728] Code: f6 84 24 c0 01 00 00 02 0f 84 b2 04 00
00 48 89 df e8 8d eb 3a 00 48 8b 3b e8 25 37 30 01 f3 90 e9 94 fe ff ff
e8 79 eb 3a 00 <4c> 8b 2b 4c 89 ef e8 4e 35 30 01 48 8d 7b 18 e8 25 ea
3a 00 8b 43
<4>[ 660.197029][ T2728] RSP: 0018:ffff88815024f7f8 EFLAGS: 00010086
<4>[ 660.197047][ T2728] RAX: 0000000000000001 RBX: 0000000000000000
RCX: dffffc0000000000
<4>[ 660.197060][ T2728] RDX: 0000000000000003 RSI: 0000000000000004
RDI: ffffffff837fd5c0
<4>[ 660.197073][ T2728] RBP: ffff888100bf8c50 R08: ffffffff811b52c6
R09: ffffffff837fd5c3
<4>[ 660.197088][ T2728] R10: fffffbfff06ffab8 R11: 0000000000000001
R12: ffff8881994fd800
<4>[ 660.197102][ T2728] R13: 0000000000000000 R14: ffff8881994fd9c0
R15: ffff888100bf9238
<4>[ 660.197116][ T2728] FS: 00007f5bca9877c0(0000)
GS:ffff8882acc80000(0000) knlGS:0000000000000000
<4>[ 660.197132][ T2728] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 660.197145][ T2728] CR2: 0000000000000000 CR3: 00000001aadf2000
CR4: 00000000000406e0
<6>[ 660.197161][ T2728] note: bluetoothd[2728] exited with preempt_count 1
<3>[ 660.274602][ T5812] Bluetooth: hci32: command 0x0c16 tx timeout
--
Ammar
View attachment "config" of type "text/plain" (258654 bytes)
View attachment "dmesg.txt" of type "text/plain" (262033 bytes)
Powered by blists - more mailing lists