Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1933

Kernel panic (list_del corruption): hci_conn_cleanup

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • Critical
    • rhel-arch-hw
    • ssg_platform_enablement
    • 5
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • ---
    • None
    • 57,005

      Description of problem:

      ```
      [ 9700.520696] Bluetooth: hci0: Opcode 0x200d failed: -110
      [ 9700.520719] Bluetooth: hci0: request failed to create LE connection: err -110
      [ 9700.520746] list_del corruption, ffff8e6c04f2e000->prev is LIST_POISON2 (dead000000000122)
      [ 9700.520772] -----------[ cut here ]-----------
      [ 9700.520773] kernel BUG at lib/list_debug.c:48!
      [ 9700.520787] invalid opcode: 0000 1 PREEMPT SMP NOPTI
      [ 9700.520802] CPU: 15 PID: 15736 Comm: kworker/u65:0 Kdump: loaded Tainted: P OE --------- — 5.14.0-162.12.1.el9_1.x86_64 #1
      [ 9700.520833] Hardware name:
      [ 9700.520856] Workqueue: hci0 hci_cmd_sync_work [bluetooth]
      [ 9700.520894] RIP: 0010:__list_del_entry_valid.cold+0x45/0x47
      [ 9700.520912] Code: fe ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 58 60 19 ad e8 01 f4 fe ff 0f 0b 48 89 fe 4c 89 c2 48 c7 c7 20 60 19 ad e8 ed f3 fe ff <0f> 0b 48 89 ee 48 c7 c7 c0 66 19 ad e8 dc f3 fe ff e9 7a ea ab ff
      [ 9700.520957] RSP: 0018:ffffab329f19fd88 EFLAGS: 00010246
      [ 9700.520972] RAX: 000000000000004e RBX: ffff8e6c04f2e000 RCX: 0000000000000027
      [ 9700.520990] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e8aaedd9ca0
      [ 9700.521008] RBP: ffff8e6c00b20000 R08: 0000000000000000 R09: ffffab329f19fbd0
      [ 9700.521026] R10: ffffab329f19fbc8 R11: ffffffffadbe9128 R12: 0000000000000092
      [ 9700.521043] R13: ffff8e6c00b20000 R14: ffff8e6c04f2e014 R15: 0000000000000000
      [ 9700.521061] FS: 0000000000000000(0000) GS:ffff8e8aaedc0000(0000) knlGS:0000000000000000
      [ 9700.521082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 9700.521097] CR2: 00007ffda571a2b8 CR3: 00000001071d2000 CR4: 0000000000350ee0
      [ 9700.521115] Call Trace:
      [ 9700.521123] hci_conn_cleanup+0x33/0x180 [bluetooth]
      [ 9700.521154] hci_conn_del+0xd4/0x1c0 [bluetooth]
      [ 9700.521182] hci_le_conn_failed+0x165/0x200 [bluetooth]
      [ 9700.521213] create_le_conn_complete+0x45/0x70 [bluetooth]
      [ 9700.521243] hci_cmd_sync_work+0xc3/0x150 [bluetooth]
      [ 9700.521274] process_one_work+0x1e5/0x3c0
      [ 9700.521287] worker_thread+0x50/0x3b0
      [ 9700.521298] ? rescuer_thread+0x380/0x380
      [ 9700.521310] kthread+0x146/0x170
      [ 9700.521320] ? set_kthread_struct+0x50/0x50
      [ 9700.521332] ret_from_fork+0x1f/0x30
      ```

      Version-Release number of selected component (if applicable):

      5.14.0-162.12.1.el9_1.x86_64

      How reproducible:

      Repeatedly reconnect a BLE device

      Steps to Reproduce:
      1. Repeat sudo bluetoothctl connect <mac>

      Actual results:

      Kernel panic

      Expected results:

      Not panic

      Additional info:

      https://github.com/torvalds/linux/commit/9fa6b4cda3b414e990f008f45f9bcecbcb54d4d1 could be the fix.

              rhn-support-bnocera Bastien Nocera
              jira-bugzilla-migration RH Bugzilla Integration
              David Marlin David Marlin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: