* [Bug 213203] New: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] when ASUS USB-BT500 bluetooth dongle is connected
@ 2021-05-24 19:40 bugzilla-daemon
2021-05-24 19:43 ` [Bug 213203] " bugzilla-daemon
2023-04-04 21:23 ` bugzilla-daemon
0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2021-05-24 19:40 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=213203
Bug ID: 213203
Summary: KASAN: null-ptr-deref in range
[0x0000000000000000-0x0000000000000007] when ASUS
USB-BT500 bluetooth dongle is connected
Product: Drivers
Version: 2.5
Kernel Version: 5.13-rc3
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Bluetooth
Assignee: linux-bluetooth@vger.kernel.org
Reporter: erhard_f@mailbox.org
Regression: No
Created attachment 296971
--> https://bugzilla.kernel.org/attachment.cgi?id=296971&action=edit
kernel dmesg (5.13-rc3, AMD A10 PRO-7800B)
Getting this at shutdown with my ASUS USB-BT500 bluetooth dongle connected:
[...]
general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 2 PID: 110 Comm: kworker/u9:0 Not tainted 5.13.0-rc3-bdver3 #4
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./FM2A88M Pro3+,
BIOS P2.60 01/11/2016
Workqueue: hci0 hci_power_off [bluetooth]
RIP: 0010:smp_del_chan+0x35/0x12f [bluetooth]
Code: c1 ea 03 48 c1 e0 2a 55 48 89 fd 80 3c 02 00 74 05 e8 70 df 43 d2 4c 8b
65 00 b8 ff ff 37 00 48 c1 e0 2a 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 74 08 4c 89
e7 e8 4e df 43 d2 4d 8b 24 24 b8 ff ff 37
RSP: 0018:ffff88811896fca0 EFLAGS: 00010256
RAX: dffffc0000000000 RBX: ffff88811fb6a000 RCX: 1ffff1102312df86
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88816e770800
RBP: ffff88816e770800 R08: ffffed1023f6d403 R09: ffff88811fb6a017
R10: 0000000000000001 R11: ffffffff94fabad1 R12: 0000000000000000
R13: ffff88811fb6a0a8 R14: dffffc0000000000 R15: ffff88811fb6b758
FS: 0000000000000000(0000) GS:ffff888377f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6acdb50000 CR3: 000000012f1fc000 CR4: 00000000000506e0
Call Trace:
smp_unregister+0x42/0x83 [bluetooth]
hci_dev_do_close+0x455/0x7b1 [bluetooth]
? hci_inquiry+0x58f/0x58f [bluetooth]
? rcu_read_lock_sched_held+0x73/0xc8
process_one_work+0x625/0x99f
? rcu_read_unlock+0x59/0x59
? cancel_delayed_work+0xe9/0xe9
? __raw_spin_lock_init+0xf0/0xf0
worker_thread+0x47a/0x597
? __kthread_parkme+0x6f/0xc3
kthread+0x2b6/0x2c5
? drain_workqueue+0x268/0x268
? kthread_unpark+0x82/0x82
ret_from_fork+0x22/0x30
Modules linked in: rfcomm cmac bnep dm_crypt nhpoly1305_sse2 nhpoly1305
chacha_generic chacha_x86_64 libchacha adiantum libpoly1305 algif_skcipher
dm_mod input_leds joydev btusb btrtl btbcm hid_generic btintel bluetooth
jitterentropy_rng usbhid hid drbg ansi_cprng ecdh_generic ecc rfkill raid456
async_raid6_recov async_memcpy async_pq async_xor async_tx md_mod evdev amdgpu
edac_mce_amd crc32_generic crc32_pclmul ohci_pci f2fs lz4hc_compress
lz4_compress lz4_decompress aesni_intel libaes crypto_simd cryptd k10temp
fam15h_power i2c_piix4 ext4 snd_hda_codec_realtek crc16 snd_hda_codec_generic
mbcache ledtrig_audio drm_ttm_helper led_class jbd2 ttm snd_hda_codec_hdmi
mfd_core snd_hda_intel gpu_sched i2c_algo_bit snd_intel_dspcfg xhci_pci
snd_hda_codec drm_kms_helper ohci_hcd ehci_pci snd_hwdep cfbfillrect ehci_hcd
syscopyarea cfbimgblt sysfillrect snd_hda_core xhci_hcd sysimgblt acpi_cpufreq
fb_sys_fops cfbcopyarea snd_pcm snd_timer fb usbcore font video snd usb_common
fbdev
soundcore button processor zram zsmalloc nct6775 hwmon_vid hwmon nfsd
auth_rpcgss lockd drm grace drm_panel_orientation_quirks fuse backlight
configfs sunrpc efivarfs
---[ end trace ef1888241aeb31e2 ]---
RIP: 0010:smp_del_chan+0x35/0x12f [bluetooth]
Code: c1 ea 03 48 c1 e0 2a 55 48 89 fd 80 3c 02 00 74 05 e8 70 df 43 d2 4c 8b
65 00 b8 ff ff 37 00 48 c1 e0 2a 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 74 08 4c 89
e7 e8 4e df 43 d2 4d 8b 24 24 b8 ff ff 37
RSP: 0018:ffff88811896fca0 EFLAGS: 00010256
RAX: dffffc0000000000 RBX: ffff88811fb6a000 RCX: 1ffff1102312df86
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88816e770800
RBP: ffff88816e770800 R08: ffffed1023f6d403 R09: ffff88811fb6a017
R10: 0000000000000001 R11: ffffffff94fabad1 R12: 0000000000000000
R13: ffff88811fb6a0a8 R14: dffffc0000000000 R15: ffff88811fb6b758
FS: 0000000000000000(0000) GS:ffff888377f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6acdb50000 CR3: 000000012f1fc000 CR4: 00000000000506e0
[...]
# inxi -bZ
System: Host: yea Kernel: 5.13.0-rc3-bdver3 x86_64 bits: 64 Console: tty 1
Distro: Gentoo Base System release 2.7
Machine: Type: Desktop Mobo: ASRock model: FM2A88M Pro3+ serial: N/A UEFI:
American Megatrends v: P2.60 date: 01/11/2016
CPU: Info: Quad Core AMD A10 PRO-7800B R7 12 Compute Cores 4C+8G [MCP]
speed: 1897 MHz min/max: 1400/3500 MHz
Graphics: Device-1: Advanced Micro Devices [AMD/ATI] Kaveri [Radeon R7
Graphics] driver: amdgpu v: kernel
Display: server: X.org 1.20.11 driver: amdgpu,ati unloaded:
fbdev,modesetting tty: 211x54
Message: Advanced graphics data unavailable in console for root.
Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
driver: r8169
# lsusb -s 007:002 -v
Bus 007 Device 002: ID 0b05:190e ASUSTek Computer, Inc. ASUS USB-BT500
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 224 Wireless
bDeviceSubClass 1 Radio Frequency
bDeviceProtocol 1 Bluetooth
bMaxPacketSize0 64
idVendor 0x0b05 ASUSTek Computer, Inc.
idProduct 0x190e
bcdDevice 2.00
iManufacturer 1 Realtek
iProduct 2 ASUS USB-BT500
iSerial 3 00E04C239987
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x00b1
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xe0
Self Powered
Remote Wakeup
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0000 1x 0 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0000 1x 0 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 1
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0009 1x 9 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0009 1x 9 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 2
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0011 1x 17 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0011 1x 17 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 3
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0019 1x 25 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0019 1x 25 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 4
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0021 1x 33 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0021 1x 33 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 5
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0031 1x 49 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0031 1x 49 bytes
bInterval 1
can't get debug descriptor: Resource temporarily unavailable
Device Status: 0x0001
Self Powered
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 213203] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] when ASUS USB-BT500 bluetooth dongle is connected
2021-05-24 19:40 [Bug 213203] New: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] when ASUS USB-BT500 bluetooth dongle is connected bugzilla-daemon
@ 2021-05-24 19:43 ` bugzilla-daemon
2023-04-04 21:23 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2021-05-24 19:43 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=213203
--- Comment #1 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 296973
--> https://bugzilla.kernel.org/attachment.cgi?id=296973&action=edit
kernel .config (5.13-rc3, AMD A10 PRO-7800B)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 213203] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] when ASUS USB-BT500 bluetooth dongle is connected
2021-05-24 19:40 [Bug 213203] New: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] when ASUS USB-BT500 bluetooth dongle is connected bugzilla-daemon
2021-05-24 19:43 ` [Bug 213203] " bugzilla-daemon
@ 2023-04-04 21:23 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2023-04-04 21:23 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=213203
Erhard F. (erhard_f@mailbox.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |OBSOLETE
--- Comment #2 from Erhard F. (erhard_f@mailbox.org) ---
No longer reproduceable on 6.3-rcs nor on current stable 6.2.x.
Closing here.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-04-04 21:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-24 19:40 [Bug 213203] New: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] when ASUS USB-BT500 bluetooth dongle is connected bugzilla-daemon
2021-05-24 19:43 ` [Bug 213203] " bugzilla-daemon
2023-04-04 21:23 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.