Bug 1698276

Summary: [abrt] __hci_cmd_sync_ev: kernel BUG at mm/slub.c:305! [bluetooth]
Product: [Fedora] Fedora Reporter: krinkodot22
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: airlied, bskeggs, hdegoede, ichavero, itamar, jarodwilson, jeremy, jglisse, john.j5live, jonathan, josef, kernel-maint, linville, mchehab, mjg59, steved
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/98eb24cd304cfea4b63929468abe5c73ea68100a
Whiteboard: abrt_hash:b59032457d3e1964831f92cb3511ad13be52b465;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-09 04:25:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dmesg
none
The backtrace of the kernel error caused by the steps I just posted. none

Description krinkodot22 2019-04-10 02:35:48 UTC
Description of problem:
Turned off Bluetooth after doing a successful file transfer. Nothing bad visibly happened, so I was surprised to see this error report pop up.

Additional info:
reporter:       libreport-2.10.0
kernel BUG at mm/slub.c:305!
invalid opcode: 0000 [#1] SMP PTI
CPU: 1 PID: 8579 Comm: gsd-rfkill Not tainted 5.0.6-200.fc29.x86_64 #1
Hardware name: ASUSTeK COMPUTER INC. GL553VD/GL553VD, BIOS GL553VD.306 01/02/2018
RIP: 0010:__slab_free+0x1e2/0x3d0
Code: 8b 54 24 30 48 89 4c 24 28 e8 da fb ff ff 4c 8b 54 24 28 85 c0 0f 85 67 fe ff ff 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b 49 3b 5c 24 28 75 ab 48 8b 44 24 30 49 89 4c 24 28 49 89 44
RSP: 0018:ffffa2dd829afca0 EFLAGS: 00010246
RAX: ffff94fd5caddf00 RBX: 0000000080200017 RCX: ffff94fd5caddf00
RDX: ffff94fd5caddf00 RSI: ffffe6af4a72b700 RDI: ffff94fe32594480
RBP: ffffa2dd829afd50 R08: 0000000000000001 R09: ffffffffc0bf4c31
R10: ffff94fd5caddf00 R11: ffff94fe32a5fe24 R12: ffffe6af4a72b700
R13: ffff94fd5caddf00 R14: ffff94fe32594480 R15: ffffe6af4a72b720
FS:  00007f44f6f9f880(0000) GS:ffff94fe32a40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00001bbfed974000 CR3: 00000002f97d4002 CR4: 00000000003606e0
Call Trace:
 ? __hci_cmd_sync_ev.part.12+0x1b0/0x1d0 [bluetooth]
 ? __hci_cmd_sync_ev+0x99/0xf0 [bluetooth]
 kmem_cache_free+0x1b1/0x1e0
 btusb_shutdown_intel+0x31/0x90 [btusb]
 hci_dev_do_close+0x44a/0x570 [bluetooth]
 hci_rfkill_set_block+0x4a/0x90 [bluetooth]
 rfkill_set_block+0x94/0x140 [rfkill]
 rfkill_fop_write+0x12f/0x1d0 [rfkill]
 __vfs_write+0x36/0x1b0
 ? selinux_file_permission+0xf0/0x130
 ? security_file_permission+0x2e/0xf0
 vfs_write+0xa5/0x1a0
 ksys_write+0x4f/0xb0
 do_syscall_64+0x5b/0x160
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f44f7482fff
Code: 00 00 00 41 54 49 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 f3 cd 01 00 4c 89 e2 48 89 ee 89 df 41 89 c0 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 2c ce 01 00 48
RSP: 002b:00007fff6c328180 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f44f7482fff
RDX: 0000000000000008 RSI: 000055ee9b7c0220 RDI: 0000000000000007
RBP: 000055ee9b7c0220 R08: 0000000000000000 R09: 000055ee9b7940d0
R10: 000055ee9b7affd8 R11: 0000000000000293 R12: 0000000000000008
R13: 0000000000000001 R14: 00007fff6c328230 R15: 000055ee9b7a1c70
Modules linked in: uinput cmac rfcomm xt_CHECKSUM ipt_MASQUERADE tun bridge stp llc devlink nf_nat_ftp nf_conntrack_ftp nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ip6table_nat nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat_ipv4 nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables bnep sunrpc vfat fat fuse uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev media btusb btrtl btbcm btintel bluetooth arc4 ecdh_generic iwlmvm snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic mac80211 ledtrig_audio intel_rapl joydev snd_hda_intel snd_hda_codec iwlwifi iTCO_wdt x86_pkg_temp_thermal intel_powerclamp snd_hda_core hid_multitouch coretemp iTCO_vendor_support snd_hwdep snd_seq kvm_intel rtsx_pci_ms cfg80211 snd_seq_device
 asus_nb_wmi snd_pcm memstick crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate intel_uncore intel_rapl_perf mei_me snd_timer idma64 snd mei soundcore wmi_bmof intel_pch_thermal intel_lpss_pci intel_lpss i2c_i801 pcc_cpufreq asus_wireless acpi_pad binfmt_misc hid_asus asus_wmi sparse_keymap rfkill i915 kvmgt mdev vfio kvm irqbypass i2c_algo_bit rtsx_pci_sdmmc drm_kms_helper mmc_core mxm_wmi drm crc32c_intel r8169 serio_raw rtsx_pci i2c_hid wmi video

Comment 1 krinkodot22 2019-04-10 02:35:52 UTC
Created attachment 1554007 [details]
File: dmesg

Comment 2 krinkodot22 2019-04-10 03:39:07 UTC
On further inspection, something bad did happen: gnome-control-center is unable to detect the presence of a Bluetooth dongle, and rfkill hangs when invoked. Trying to disable Bluetooth from the panel has no effect either.

Comment 3 Justin M. Forbes 2019-08-20 17:41:53 UTC
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There are a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 29 kernel bugs.

Fedora 29 has now been rebased to 5.2.9-100.fc29.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 30, and are still experiencing this issue, please change the version to Fedora 30.

If you experience different issues, please open a new bug report for those.

Comment 4 Justin M. Forbes 2019-09-17 20:05:53 UTC
*********** MASS BUG UPDATE **************
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 3 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously.

Comment 5 krinkodot22 2019-10-22 04:22:45 UTC
My apologies for having missed the announcements for this bug. There are still issues with disabling Bluetooth after a file transfer.

I just tried doing the following:
1. Enabled Bluetooth on my laptop
2. Turned on Bluetooth on my phone
3. Sent a file from my phone to my laptop
4. Sent a file from my laptop to my phone
5. Disabled Bluetooth on my laptop

This resulted in the attached kernel error, and the same issue of gnome-control-center thinking that no Bluetooth dongle is present.

Comment 6 krinkodot22 2019-10-22 04:25:16 UTC
Created attachment 1627884 [details]
The backtrace of the kernel error caused by the steps I just posted.

Comment 7 krinkodot22 2019-10-22 04:29:51 UTC
Oops, forgot to update this bug to Fedora 30.

$ uname -r
5.3.6-200.fc30.x86_64

Comment 8 Justin M. Forbes 2020-03-03 16:29:38 UTC
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There are a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 30 kernel bugs.

Fedora 30 has now been rebased to 5.5.7-100.fc30.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 31, and are still experiencing this issue, please change the version to Fedora 31.

If you experience different issues, please open a new bug report for those.

Comment 9 krinkodot22 2020-03-09 04:24:48 UTC
Looks like this has been fixed, as I cannot reproduce it in F31. If something breaks, I'll open a new bug.