lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAD=FV=Xt58+WGK_j_TvTxpUfXrm-=Cec1-oodkuf5xiDGrsKuA@mail.gmail.com>
Date: Mon, 17 Nov 2025 09:20:53 -0800
From: Doug Anderson <dianders@...omium.org>
To: Thorsten Leemhuis <regressions@...mhuis.info>
Cc: incogcyberpunk@...ton.me, 
	"regressions@...ts.linux.dev" <regressions@...ts.linux.dev>, "marcel@...tmann.org" <marcel@...tmann.org>, 
	"luiz.dentz@...il.com" <luiz.dentz@...il.com>, 
	"linux-bluetooth@...r.kernel.org" <linux-bluetooth@...r.kernel.org>, 
	"johan.hedberg@...il.com" <johan.hedberg@...il.com>, "sean.wang@...iatek.com" <sean.wang@...iatek.com>, 
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [REGRESSION] Bluetooth adapter provided by `btusb` not recognized
 since v6.13.2

Hi,

On Mon, Nov 17, 2025 at 8:48 AM Thorsten Leemhuis
<regressions@...mhuis.info> wrote:
>
> [Ccing Douglas Anderson, who might have an idea]
> [dropping stable from To, that is irrelevant there]
>
> On 11/17/25 11:55, Thorsten Leemhuis wrote:
> > On 11/17/25 10:42, Thorsten Leemhuis wrote:
> >> On 11/17/25 02:30, incogcyberpunk@...ton.me wrote:
> >>> Distro: Arch Linux
> >>> Kernel: since v6.13.2
> >> Lo! Thx for the report. It's unlikely that any developer will look into
> >> this report[1] as 6.13.y is ancient by kernel development standards and
> >> EOL for quite a while.
> >>
> >> Please check if the latest stable version is still affected; if it is,
> >> ideally try latest mainline (6.18-rc6), too. If that is as well, it
> >> would be great if you could bisect between 6.13.1 and 6.13.2.
> >
> > TWIMC, IncogCyberpunk replied in private to me and wrote:
> >
> > """
> > Sorry, if I was not clear but, the problem persists in both the stable
> > (v6.17.8) and the latest mainline (v6.18-rc6) linux kernels as of Nov 2025
> > """
> >
> > Please reply in public next time.
>
> IncogCyberpunk sent another reply in private. IncogCyberpunk, please
> just use "reply-to-all", I cannot forward each of your replies manually.
> Anyway, here it is:
>
> """
> The logs for the 6.18-rc6 mainline kernel are provided below Also, to
> make it clear, the regression has been observed in both the stable and
> the mainline kernels since the kernel 6.13.2.
>
> Logs for v6.18-rc6 kernel:
> https://pastebin.com/GeAzr56Z
> """
>
> To quote from that:
>
> """
> Nov 17 17:14:30 Incog kernel: BUG: kernel NULL pointer dereference, address: 00000000000000d0
> Nov 17 17:14:30 Incog kernel: fbcon: Taking over console
> Nov 17 17:14:30 Incog kernel: #PF: supervisor write access in kernel mode
> Nov 17 17:14:30 Incog kernel: #PF: error_code(0x0002) - not-present page
> Nov 17 17:14:30 Incog kernel: PGD 0 P4D 0
> Nov 17 17:14:30 Incog kernel: Oops: Oops: 0002 [#1] SMP NOPTI
> Nov 17 17:14:30 Incog kernel: CPU: 8 UID: 0 PID: 136 Comm: kworker/u49:0 Tainted: G S                  6.18.0-rc6-1-mainline #1 PREEMPT(full)  232968b2ab8c223687b1bdd5c39590a8f510b2d3
> Nov 17 17:14:30 Incog kernel: Tainted: [S]=CPU_OUT_OF_SPEC
> Nov 17 17:14:30 Incog kernel: Hardware name: Acer Aspire A315-59/Callisto_ADU, BIOS V1.16 08/16/2022
> Nov 17 17:14:30 Incog kernel: Workqueue: hci0 hci_power_on [bluetooth]
> Nov 17 17:14:30 Incog kernel: RIP: 0010:mutex_lock+0x1c/0x30
> Nov 17 17:14:30 Incog kernel: Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 53 48 89 fb 2e 2e 2e 31 c0 65 48 8b 15 de 07 d7 01 31 c0 <f0> 48 0f b1 13 75 06 5b c3 cc cc cc cc 48 89 df 5b eb b1 90 90 90
> Nov 17 17:14:30 Incog kernel: RSP: 0018:ffffcf12807fbd88 EFLAGS: 00010246
> Nov 17 17:14:30 Incog kernel: RAX: 0000000000000000 RBX: 00000000000000d0 RCX: 0000000000000001
> Nov 17 17:14:30 Incog kernel: RDX: ffff8c88c61f0000 RSI: 0000000000000002 RDI: 00000000000000d0
> Nov 17 17:14:30 Incog kernel: RBP: ffff8c88c7a20028 R08: 0000000000000000 R09: 0000000000000010
> Nov 17 17:14:30 Incog kernel: R10: 0000000000000000 R11: 0000000000000404 R12: ffff8c88c9fb4000
> Nov 17 17:14:30 Incog kernel: R13: ffff8c88c61c1a05 R14: 0000000000000000 R15: ffff8c88c9fb4408
> Nov 17 17:14:30 Incog kernel: FS:  0000000000000000(0000) GS:ffff8c8cd8f02000(0000) knlGS:0000000000000000
> Nov 17 17:14:30 Incog kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Nov 17 17:14:30 Incog kernel: CR2: 00000000000000d0 CR3: 000000010b106000 CR4: 0000000000f50ef0
> Nov 17 17:14:30 Incog kernel: PKRU: 55555554
> Nov 17 17:14:30 Incog kernel: Call Trace:
> Nov 17 17:14:30 Incog kernel:  <TASK>
> Nov 17 17:14:30 Incog kernel:  btusb_mtk_setup+0xa0/0x1a0 [btusb 3ead27e09a395fe31ca20705f760e78aab4d59d8]
> Nov 17 17:14:30 Incog kernel:  hci_dev_open_sync+0x102/0xb80 [bluetooth e25d49b4e9236169faf4970d9c81deaa8aed0e62]
> Nov 17 17:14:30 Incog kernel:  ? try_to_wake_up+0x35b/0x840
> Nov 17 17:14:30 Incog kernel:  hci_dev_do_open+0x23/0x60 [bluetooth e25d49b4e9236169faf4970d9c81deaa8aed0e62]
> Nov 17 17:14:30 Incog kernel:  hci_power_on+0x4d/0x250 [bluetooth e25d49b4e9236169faf4970d9c81deaa8aed0e62]
> Nov 17 17:14:30 Incog kernel:  process_one_work+0x193/0x350
> Nov 17 17:14:30 Incog kernel:  worker_thread+0x2d7/0x410
> Nov 17 17:14:30 Incog kernel:  ? __pfx_worker_thread+0x10/0x10
> Nov 17 17:14:30 Incog kernel:  kthread+0xfc/0x240
> Nov 17 17:14:30 Incog kernel:  ? __pfx_kthread+0x10/0x10
> Nov 17 17:14:30 Incog kernel:  ? __pfx_kthread+0x10/0x10
> Nov 17 17:14:30 Incog kernel:  ret_from_fork+0x1c2/0x1f0
> Nov 17 17:14:30 Incog kernel:  ? __pfx_kthread+0x10/0x10
> Nov 17 17:14:30 Incog kernel:  ret_from_fork_asm+0x1a/0x30
> Nov 17 17:14:30 Incog kernel:  </TASK>
> Nov 17 17:14:30 Incog kernel: Modules linked in: btusb intel_rapl_msr uvcvideo ghash_clmulni_intel snd_pcm_dmaengine processor_thermal_rfim iTCO_wdt mt76 btmtk processor_thermal_rapl videobuf2_vmalloc intel_pmc_bxt snd_pcm aesni_intel mei_pxp btrtl mei_hdcp iTCO_vendor_support ee1004 intel_rapl_common btbcm uvc rapl snd_timer videobuf2_memops btintel intel_cstate processor_thermal_wt_req mac80211 hid_multitouch(+) i2c_i801 spi_nor mei_me videobuf2_v4l2 acer_wmi snd i2c_smbus processor_thermal_power_floor bluetooth intel_uncore mtd videobuf2_common pcspkr wmi_bmof platform_profile libarc4 soundcore i2c_mux mei thunderbolt(+) processor_thermal_mbox igen6_edac intel_oc_wdt ov13858 i2c_hid_acpi v4l2_fwnode int3403_thermal int340x_thermal_zone v4l2_async i2c_hid intel_pmc_core videodev pmt_telemetry mc pmt_discovery intel_hid int3400_thermal pmt_class pinctrl_tigerlake acpi_thermal_rel sparse_keymap mousedev acpi_pad intel_pmc_ssram_telemetry joydev acer_wireless mac_hid cfg80211 rfkill usblp pkcs8_key_parser crypto_user ntsync dm_mod loop
> Nov 17 17:14:30 Incog kernel:  nfnetlink ip_tables x_tables xe intel_vsec drm_ttm_helper drm_suballoc_helper gpu_sched nvme drm_gpuvm nvme_core nvme_keyring drm_exec nvme_auth hkdf drm_gpusvm_helper i915 i2c_algo_bit drm_buddy ttm serio_raw video intel_gtt spi_intel_pci intel_lpss_pci drm_display_helper intel_lpss spi_intel wmi vmd cec idma64
> Nov 17 17:14:30 Incog kernel: CR2: 00000000000000d0
> Nov 17 17:14:30 Incog kernel: ---[ end trace 0000000000000000 ]---
> Nov 17 17:14:30 Incog kernel: RIP: 0010:mutex_lock+0x1c/0x30
> Nov 17 17:14:30 Incog kernel: Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 53 48 89 fb 2e 2e 2e 31 c0 65 48 8b 15 de 07 d7 01 31 c0 <f0> 48 0f b1 13 75 06 5b c3 cc cc cc cc 48 89 df 5b eb b1 90 90 90
> Nov 17 17:14:30 Incog kernel: RSP: 0018:ffffcf12807fbd88 EFLAGS: 00010246
> Nov 17 17:14:30 Incog kernel: RAX: 0000000000000000 RBX: 00000000000000d0 RCX: 0000000000000001
> Nov 17 17:14:30 Incog kernel: RDX: ffff8c88c61f0000 RSI: 0000000000000002 RDI: 00000000000000d0
> Nov 17 17:14:30 Incog kernel: RBP: ffff8c88c7a20028 R08: 0000000000000000 R09: 0000000000000010
> Nov 17 17:14:30 Incog kernel: R10: 0000000000000000 R11: 0000000000000404 R12: ffff8c88c9fb4000
> Nov 17 17:14:30 Incog kernel: R13: ffff8c88c61c1a05 R14: 0000000000000000 R15: ffff8c88c9fb4408
> Nov 17 17:14:30 Incog kernel: FS:  0000000000000000(0000) GS:ffff8c8cd8f02000(0000) knlGS:0000000000000000
> Nov 17 17:14:30 Incog kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Nov 17 17:14:30 Incog kernel: CR2: 00000000000000d0 CR3: 000000010b106000 CR4: 0000000000f50ef0
> Nov 17 17:14:30 Incog kernel: PKRU: 55555554
> Nov 17 17:14:30 Incog kernel: note: kworker/u49:0[136] exited with irqs disabled
> """
>
> A very quick a rough search on lore made me wonder if e9087e828827e5
> ("Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()")
> from Douglas might be the culprit, which was indeed added to 6.13.2:
> https://lore.kernel.org/all/20250205134516.957708847@linuxfoundation.org/
>
> IncogCyberpunk, you might want to try if reverting that one helps.

Certainly that seems plausible if the PC points to mutex_lock(). I
guess that means "btmtk_data->isopkt_intf" must be NULL? This would
probably fix you?

@@ -2714,6 +2714,11 @@ static void btusb_mtk_claim_iso_intf(struct
btusb_data *data)
        struct btmtk_data *btmtk_data = hci_get_priv(data->hdev);
        int err;

+       if (!btmtk_data->isopkt_intf) {
+               bt_dev_err(data->hdev, "Can't claim NULL iso interface");
+               return;
+       }
+

I don't personally know the driver well enough to know if that's
"safe" because we're checking w/ no locking, but it would at least be
as safe as the code was before my patch.

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ