Bug 2229631

1. Please describe the problem:
Attempted to remove a bluetooth device (a pair of wireless headphones). Got kernel trace and the machine hung. Had to turn it off/on to get the laptop back (T450s).

2. What is the Version-Release number of the kernel:
kernel-6.4.8-200.fc38.x86_64

3. Did it work previously in Fedora? If so, what kernel version did the issue
   *first* appear?  Old kernels are available for download at
   https://koji.fedoraproject.org/koji/packageinfo?packageID=8 :
Haven't tried with other kernels, to be honest.


4. Can you reproduce this issue? If so, please provide the steps to reproduce
   the issue below:
Happened once only.

5. Does this problem occur with the latest Rawhide kernel? To install the
   Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by
   ``sudo dnf update --enablerepo=rawhide kernel``:
Do not know.

6. Are you running any modules that not shipped with directly Fedora's kernel?:
No.

7. Please attach the kernel logs. You can get the complete kernel log
   for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the
   issue occurred on a previous boot, use the journalctl ``-b`` flag.

Aug 06 16:50:27 host kernel: ------------[ cut here ]------------
Aug 06 16:50:27 host kernel: kernel BUG at lib/list_debug.c:56!
Aug 06 16:50:27 host kernel: invalid opcode: 0000 [#1] PREEMPT SMP PTI
Aug 06 16:50:27 host kernel: CPU: 0 PID: 4425 Comm: kworker/u17:2 Tainted: G          I        6.4.8-200.fc38.x86_64 #1
Aug 06 16:50:27 host kernel: Hardware name: LENOVO 20BXCTO1WW/20BXCTO1WW, BIOS JBET73WW (1.37 ) 08/14/2019
Aug 06 16:50:27 host kernel: Workqueue: hci0 hci_cmd_sync_work [bluetooth]
Aug 06 16:50:27 host kernel: RIP: 0010:__list_del_entry_valid+0x93/0xc0
Aug 06 16:50:27 host kernel: Code: e8 22 48 9a ff 0f 0b 48 89 fe 48 c7 c7 e0 21 93 99 e8 11 48 9a ff 0f 0b 48 89 fe 48 89 ca 48 c7 c7 18 22 93 99 e8 fd 47 9a ff <0f> 0b 48 89 fe 48 89 c2 48 c7 c7 50 22 93 99 e8 e9 47 9a ff 0f 0b
Aug 06 16:50:27 host kernel: RSP: 0018:ffffb923c9c1fde8 EFLAGS: 00010246
Aug 06 16:50:27 host kernel: RAX: 000000000000004e RBX: ffff9b0fc94d1800 RCX: 0000000000000027
Aug 06 16:50:27 host kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff9b10a5c21540
Aug 06 16:50:27 host kernel: RBP: ffff9b0fc6cec000 R08: 0000000000000000 R09: ffffb923c9c1fc90
Aug 06 16:50:27 host kernel: R10: 0000000000000003 R11: ffffffff9a146508 R12: ffff9b0fc6cec770
Aug 06 16:50:27 host kernel: R13: ffff9b0fcb559f80 R14: dead000000000122 R15: dead000000000100
Aug 06 16:50:27 host kernel: FS:  0000000000000000(0000) GS:ffff9b10a5c00000(0000) knlGS:0000000000000000
Aug 06 16:50:27 host kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 06 16:50:27 host kernel: CR2: 00007f45259a2034 CR3: 0000000055022002 CR4: 00000000003706f0
Aug 06 16:50:27 host kernel: Call Trace:
Aug 06 16:50:27 host kernel:  <TASK>
Aug 06 16:50:27 host kernel:  ? die+0x36/0x90
Aug 06 16:50:27 host kernel:  ? do_trap+0xda/0x100
Aug 06 16:50:27 host kernel:  ? __list_del_entry_valid+0x93/0xc0
Aug 06 16:50:27 host kernel:  ? do_error_trap+0x6a/0x90
Aug 06 16:50:27 host kernel:  ? __list_del_entry_valid+0x93/0xc0
Aug 06 16:50:27 host kernel:  ? exc_invalid_op+0x50/0x70
Aug 06 16:50:27 host kernel:  ? __list_del_entry_valid+0x93/0xc0
Aug 06 16:50:27 host kernel:  ? asm_exc_invalid_op+0x1a/0x20
Aug 06 16:50:27 host kernel:  ? __list_del_entry_valid+0x93/0xc0
Aug 06 16:50:27 host kernel:  ? __list_del_entry_valid+0x93/0xc0
Aug 06 16:50:27 host kernel:  hci_conn_cleanup+0x43/0x1d0 [bluetooth]
Aug 06 16:50:27 host kernel:  hci_abort_conn_sync+0xae/0x230 [bluetooth]
Aug 06 16:50:27 host kernel:  ? unpair_device_sync+0x6d/0xe0 [bluetooth]
Aug 06 16:50:27 host kernel:  hci_cmd_sync_work+0xcb/0x190 [bluetooth]
Aug 06 16:50:27 host kernel:  process_one_work+0x1c7/0x3d0
Aug 06 16:50:27 host kernel:  worker_thread+0x51/0x390
Aug 06 16:50:27 host kernel:  ? __pfx_worker_thread+0x10/0x10
Aug 06 16:50:27 host kernel:  kthread+0xe8/0x120
Aug 06 16:50:27 host kernel:  ? __pfx_kthread+0x10/0x10
Aug 06 16:50:27 host kernel:  ret_from_fork+0x2c/0x50
Aug 06 16:50:27 host kernel:  </TASK>
Aug 06 16:50:27 host kernel: Modules linked in: rfcomm bnep snd_seq_dummy snd_hrtimer nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables qrtr rmi_smbus rmi_core intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm uvcvideo iwlmvm uvc videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 mac80211 videobuf2_common snd_ctl_led snd_hda_codec_realtek iTCO_wdt btusb snd_hda_codec_generic snd_hda_codec_hdmi videodev irqbypass libarc4 intel_pmc_bxt at24 btrtl snd_hda_intel mc mei_pxp mei_wdt rapl btbcm iTCO_vendor_support mei_hdcp snd_intel_dspcfg think_lmi btintel intel_cstate snd_intel_sdw_acpi snd_hda_codec intel_uncore iwlwifi btmtk
Aug 06 16:50:27 host kernel:  firmware_attributes_class bluetooth wmi_bmof cfg80211 snd_hda_core i2c_i801 intel_pch_thermal i2c_smbus vfat fat snd_hwdep snd_seq snd_seq_device snd_pcm thinkpad_acpi mei_me snd_timer ledtrig_audio platform_profile rfkill mei snd lpc_ich soundcore joydev auth_rpcgss sunrpc loop fuse zram i915 crct10dif_pclmul rtsx_pci_sdmmc crc32_pclmul crc32c_intel mmc_core polyval_clmulni polyval_generic i2c_algo_bit drm_buddy drm_display_helper ghash_clmulni_intel e1000e rtsx_pci sha512_ssse3 cec ttm video wmi serio_raw
Aug 06 16:50:27 host kernel: ---[ end trace 0000000000000000 ]---

Reproducible: Always