Description of problem: Problem is related to bluetooth audio device 'simonmusic' (https://www.simonelectric.com/intl/7501385-039-bluetooth-module-with-usb-charger.html). I listened music for few minutes, than it stoped playing. When I try to 'Disconnect' the device using KDE Bluetooth aplet, crash happened. To be exact system started to report crashes 2-3 times per minute. modprobe utilized 100% of cpu core. I had to do the hard reset because machine almost stopped responding. Additional info: reporter: libreport-2.9.5 kernel BUG at lib/list_debug.c:31! invalid opcode: 0000 [#1] SMP PTI Modules linked in: uinput rfcomm xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack devlink ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep sunrpc uvcvideo arc4 intel_rapl mei_wdt x86_pkg_temp_thermal intel_powerclamp videobuf2_vmalloc iwldvm gpio_ich coretemp videobuf2_memops snd_hda_codec_hdmi iTCO_wdt dell_wmi iTCO_vendor_support videobuf2_v4l2 wmi_bmof sparse_keymap mac80211 btusb btrtl kvm_intel btbcm snd_hda_codec_idt btintel ppdev snd_hda_codec_generic bluetooth videobuf2_common snd_hda_intel dell_laptop kvm videodev dell_smbios iwlwifi snd_hda_codec dell_wmi_descriptor dcdbas dell_smm_hwmon media ecdh_generic snd_hda_core irqbypass snd_hwdep intel_cstate snd_seq intel_uncore intel_rapl_perf cfg80211 snd_seq_device snd_pcm i2c_i801 snd_timer joydev snd soundcore mei_me shpchp mei lpc_ich wmi dell_rbtn parport_pc parport rfkill dm_crypt i915 crct10dif_pclmul crc32_pclmul crc32c_intel i2c_algo_bit drm_kms_helper sdhci_pci ghash_clmulni_intel cqhci sdhci drm mmc_core serio_raw e1000e video CPU: 1 PID: 4300 Comm: kworker/u9:0 Not tainted 4.17.6-200.fc28.x86_64 #1 Hardware name: Dell Inc. Latitude 6430U/044GCP, BIOS A14 02/21/2018 Workqueue: hci0 hci_rx_work [bluetooth] RIP: 0010:__list_add_valid+0x41/0x50 RSP: 0018:ffff9d2ec24b7c40 EFLAGS: 00010246 RAX: 0000000000000058 RBX: ffff89775ddcc278 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff89779e296938 RDI: ffff89779e296938 RBP: ffff89776034ac20 R08: 0000000000000005 R09: 000000000000039f R10: 0000000000000000 R11: ffffffff999981ad R12: ffff89778ba488a0 R13: ffff89775ddcc280 R14: ffff89775ddcc280 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff89779e280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f82b8054000 CR3: 000000023920a002 CR4: 00000000001606e0 Call Trace: kobject_add_internal+0x7c/0x270 kobject_add+0x7d/0xb0 device_add+0x125/0x630 hci_conn_add_sysfs+0x43/0xb0 [bluetooth] hci_conn_complete_evt.isra.45+0xbb/0x3f0 [bluetooth] hci_event_packet+0x1938/0x2690 [bluetooth] ? account_entity_dequeue+0xa4/0xd0 ? hci_rx_work+0x181/0x350 [bluetooth] hci_rx_work+0x181/0x350 [bluetooth] process_one_work+0x187/0x340 worker_thread+0x2e/0x380 ? pwq_unbound_release_workfn+0xd0/0xd0 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x35/0x40 Code: 0f 85 94 00 00 00 48 39 c7 74 0b 48 39 d7 74 06 b8 01 00 00 00 c3 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 38 83 10 99 e8 3d fe c9 ff <0f> 0b 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 48 8b 07 48 8b 57 RIP: __list_add_valid+0x41/0x50 RSP: ffff9d2ec24b7c40
Created attachment 1459800 [details] File: dmesg
Description of problem: I randomly get this error when using headphones (WH-1000XM2) via bluetooth. When it fails no sound is available, and bluetooth won't work untill i shutdown system and remove power cord for couple of seconds. If i try to 'pulseaudio -k' when sound is lost after bluetooth failure whole system hangs and hard reset is needed. After reboot I get around 4 kernel errors which can't be reported. Version-Release number of selected component: kernel-core-4.18.7-200.fc28 Additional info: reporter: libreport-2.9.5 cmdline: BOOT_IMAGE=/vmlinuz-4.18.7-200.fc28.x86_64 root=/dev/mapper/ssd-01 ro resume=/dev/mapper/ssd-00 rd.lvm.lv=ssd/01 rd.lvm.lv=ssd/00 rhgb quiet LANG=en_US.UTF-8 crash_function: kobject_add_internal kernel: 4.18.7-200.fc28.x86_64 runlevel: N 5 type: Kerneloops Truncated backtrace: kernel BUG at lib/list_debug.c:31! invalid opcode: 0000 [#1] SMP PTI CPU: 1 PID: 30266 Comm: kworker/u9:1 Not tainted 4.18.7-200.fc28.x86_64 #1 Hardware name: /NUC5i3RYB, BIOS RYBDWi35.86A.0370.2018.0604.1034 06/04/2018 Workqueue: hci0 hci_rx_work [bluetooth] RIP: 0010:__list_add_valid+0x41/0x50 Code: 85 94 00 00 00 48 39 c7 74 0b 48 39 d7 74 06 b8 01 00 00 00 c3 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 20 e8 10 ad e8 3d 69 c9 ff <0f> 0b 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 48 8b 07 48 8b 57 08 RSP: 0018:ffffb3c5cacabc40 EFLAGS: 00010246 RAX: 0000000000000058 RBX: ffff921c09168a78 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff921dd6c96938 RDI: ffff921dd6c96938 RBP: ffff921dc1262c20 R08: 0000000000000005 R09: 0000000000000004 R10: 0000000000000000 R11: ffffffffad9a11ee R12: ffff921dc41c6660 R13: ffff921c09168a80 R14: ffff921c09168a80 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff921dd6c80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2abfd92ccc CR3: 000000034420a004 CR4: 00000000003626e0 Call Trace: kobject_add_internal+0x7c/0x270 kobject_add+0x7d/0xb0 ? kobject_move+0x130/0x160 device_add+0x125/0x630 hci_conn_add_sysfs+0x43/0xb0 [bluetooth] hci_conn_complete_evt.isra.45+0xbb/0x3f0 [bluetooth] ? __switch_to_asm+0x40/0x70 hci_event_packet+0x1938/0x2690 [bluetooth] ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 ? hci_rx_work+0x181/0x350 [bluetooth] hci_rx_work+0x181/0x350 [bluetooth] process_one_work+0x1a1/0x350 worker_thread+0x30/0x380 ? pwq_unbound_release_workfn+0xd0/0xd0 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x35/0x40 Modules linked in: ccm vhost_net vhost tap uinput cmac fuse rfcomm xt_CHECKSUM ipt_MASQUERADE tun nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack devlink ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables bnep sunrpc vfat fat arc4 intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel iwlmvm mac80211 iTCO_wdt iTCO_vendor_support kvm iwlwifi irqbypass crct10dif_pclmul crc32_pclmul snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi ghash_clmulni_intel intel_cstate intel_uncore snd_hda_intel intel_rapl_perf snd_hda_codec btusb cfg80211 btrtl btbcm btintel snd_hda_core bluetooth snd_hwdep snd_seq snd_seq_device snd_pcm joydev mei_me snd_timer lpc_ich ecdh_generic i2c_i801 snd rfkill mei ir_rc6_decoder soundcore rc_rc6_mce nuvoton_cir rc_core acpi_pad pcc_cpufreq i915 i2c_algo_bit drm_kms_helper drm e1000e crc32c_intel video
We apologize for the inconvenience. There is a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 28 kernel bugs. Fedora 28 has now been rebased to 4.18.10-300.fc28. Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel. If you have moved on to Fedora 29, and are still experiencing this issue, please change the version to Fedora 29. If you experience different issues, please open a new bug report for those.
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 2 weeks. If you are still experiencing this issue, please reopen and let us know if the bug is still present on the latest kernel. (Please note: sometimes bugs get mistakenly closed during our mass closing. If you think your bug was closed in error please reopen)
I am experiencing this bug on F29 witn 4.20. 4.19.14-300 does not show this behavior. Feb 13 08:08:13 orange.eq.by kernel: Bluetooth: hci0: BCM: chip id 63 Feb 13 08:08:13 orange.eq.by kernel: Bluetooth: hci0: BCM: features 0x07 Feb 13 08:08:13 orange.eq.by kernel: Bluetooth: hci0: BCM20702A Feb 13 08:08:13 orange.eq.by kernel: Bluetooth: hci0: BCM20702A1 (001.002.014) build 0000 Feb 13 08:08:14 orange.eq.by kernel: Bluetooth: hci0: BCM20702A1 (001.002.014) build 1669 Feb 13 08:08:14 orange.eq.by kernel: Bluetooth: hci0: Broadcom Bluetooth Device Feb 13 08:08:14 orange.eq.by NetworkManager[1350]: <info> [1550034494.3819] bluez5: NAP: added interface 3C:77:E6:F0:45:63 Feb 13 08:08:14 orange.eq.by bluetoothd[1137]: Endpoint registered: sender=:1.73 path=/MediaEndpoint/A2DPSource Feb 13 08:08:14 orange.eq.by bluetoothd[1137]: Endpoint registered: sender=:1.73 path=/MediaEndpoint/A2DPSink Feb 13 08:08:18 orange.eq.by audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?> Feb 13 08:08:20 orange.eq.by bluetoothd[1137]: getpeername: Transport endpoint is not connected (107) Feb 13 08:08:20 orange.eq.by bluetoothd[1137]: getpeername: Transport endpoint is not connected (107) Feb 13 08:08:30 orange.eq.by bluetoothd[1137]: HUP or ERR on socket: Connection reset by peer (104) Feb 13 08:08:35 orange.eq.by kernel: list_add double add: new=ffff9ed6d5b23a80, prev=ffff9ed6d5b23a80, next=ffff9ed754f94780. Feb 13 08:08:35 orange.eq.by kernel: ------------[ cut here ]------------ Feb 13 08:08:35 orange.eq.by kernel: kernel BUG at lib/list_debug.c:31! Feb 13 08:08:35 orange.eq.by kernel: invalid opcode: 0000 [#1] SMP PTI Feb 13 08:08:35 orange.eq.by kernel: CPU: 0 PID: 704 Comm: kworker/u17:4 Tainted: G OE 4.20.6-200.fc29.x86_64 #1 Feb 13 08:08:35 orange.eq.by kernel: Hardware name: LENOVO 232578G/232578G, BIOS G2ETB0WW (2.70 ) 09/25/2017 Feb 13 08:08:35 orange.eq.by kernel: Workqueue: hci0 hci_rx_work [bluetooth] Feb 13 08:08:35 orange.eq.by kernel: RIP: 0010:__list_add_valid+0x41/0x50 Feb 13 08:08:35 orange.eq.by kernel: Code: 85 94 00 00 00 48 39 c7 74 0b 48 39 d7 74 06 b8 01 00 00 00 c3 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 a0 6a 11 99 e8 0d ca c8 ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 07 48> Feb 13 08:08:35 orange.eq.by kernel: RSP: 0018:ffffb90ec11dbc40 EFLAGS: 00010246 Feb 13 08:08:35 orange.eq.by kernel: RAX: 0000000000000058 RBX: ffff9ed6d5b23a78 RCX: 0000000000000000 Feb 13 08:08:35 orange.eq.by kernel: RDX: 0000000000000000 RSI: ffff9ed7564168c8 RDI: ffff9ed7564168c8 Feb 13 08:08:35 orange.eq.by kernel: RBP: ffff9ed70bfccc38 R08: 0000000000000068 R09: 0000000000000003 Feb 13 08:08:35 orange.eq.by kernel: R10: 0000000000000000 R11: 0000000000000001 R12: ffff9ed754f94780 Feb 13 08:08:35 orange.eq.by kernel: R13: ffff9ed6d5b23a80 R14: ffff9ed6d5b23a80 R15: 0000000000000003 Feb 13 08:08:35 orange.eq.by kernel: FS: 0000000000000000(0000) GS:ffff9ed756400000(0000) knlGS:0000000000000000 Feb 13 08:08:35 orange.eq.by kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Feb 13 08:08:35 orange.eq.by kernel: CR2: 0000131a154e3bc0 CR3: 000000018320a002 CR4: 00000000001606f0 Feb 13 08:08:35 orange.eq.by kernel: Call Trace: Feb 13 08:08:35 orange.eq.by kernel: kobject_add_internal+0x7c/0x270 Feb 13 08:08:35 orange.eq.by kernel: kobject_add+0x7d/0xb0 Feb 13 08:08:35 orange.eq.by kernel: ? kobject_get_ownership+0x10/0x20 Feb 13 08:08:35 orange.eq.by kernel: device_add+0x125/0x690 Feb 13 08:08:35 orange.eq.by kernel: hci_conn_add_sysfs+0x43/0xb0 [bluetooth] Feb 13 08:08:35 orange.eq.by kernel: hci_conn_complete_evt.isra.56+0xbb/0x3f0 [bluetooth] Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x40/0x70 Feb 13 08:08:35 orange.eq.by kernel: hci_event_packet+0x18d3/0x2610 [bluetooth] Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x40/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x34/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x40/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x34/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x40/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x40/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x34/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? __switch_to_asm+0x40/0x70 Feb 13 08:08:35 orange.eq.by kernel: ? hci_rx_work+0x181/0x350 [bluetooth] Feb 13 08:08:35 orange.eq.by kernel: hci_rx_work+0x181/0x350 [bluetooth] Feb 13 08:08:35 orange.eq.by kernel: process_one_work+0x1a1/0x3a0 Feb 13 08:08:35 orange.eq.by kernel: worker_thread+0x30/0x380 Feb 13 08:08:35 orange.eq.by kernel: ? pwq_unbound_release_workfn+0xd0/0xd0 Feb 13 08:08:35 orange.eq.by kernel: kthread+0x112/0x130 Feb 13 08:08:35 orange.eq.by kernel: ? kthread_create_on_node+0x60/0x60 Feb 13 08:08:35 orange.eq.by kernel: ret_from_fork+0x35/0x40 Feb 13 08:08:35 orange.eq.by kernel: Modules linked in: ccm rfcomm xt_CHECKSUM ipt_MASQUERADE tun bridge stp llc fuse devlink nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conn> Feb 13 08:08:35 orange.eq.by kernel: snd_hwdep joydev snd_seq snd_seq_device snd_pcm wmi_bmof i2c_i801 thinkpad_acpi mei_me snd_timer mei lpc_ich snd soundcore rfkill pcc_cpufreq dm_crypt i915 mmc_block kvmgt mdev vfio kvm crc> Feb 13 08:08:35 orange.eq.by kernel: ---[ end trace 1c023dd3a3e7ce91 ]--- Feb 13 08:08:35 orange.eq.by kernel: RIP: 0010:__list_add_valid+0x41/0x50 Feb 13 08:08:35 orange.eq.by kernel: Code: 85 94 00 00 00 48 39 c7 74 0b 48 39 d7 74 06 b8 01 00 00 00 c3 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 a0 6a 11 99 e8 0d ca c8 ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 07 48> Feb 13 08:08:35 orange.eq.by kernel: RSP: 0018:ffffb90ec11dbc40 EFLAGS: 00010246 Feb 13 08:08:35 orange.eq.by kernel: RAX: 0000000000000058 RBX: ffff9ed6d5b23a78 RCX: 0000000000000000 Feb 13 08:08:35 orange.eq.by kernel: RDX: 0000000000000000 RSI: ffff9ed7564168c8 RDI: ffff9ed7564168c8 Feb 13 08:08:35 orange.eq.by kernel: RBP: ffff9ed70bfccc38 R08: 0000000000000068 R09: 0000000000000003 Feb 13 08:08:35 orange.eq.by kernel: R10: 0000000000000000 R11: 0000000000000001 R12: ffff9ed754f94780 Feb 13 08:08:35 orange.eq.by kernel: R13: ffff9ed6d5b23a80 R14: ffff9ed6d5b23a80 R15: 0000000000000003 Feb 13 08:08:35 orange.eq.by kernel: FS: 0000000000000000(0000) GS:ffff9ed756400000(0000) knlGS:0000000000000000 Feb 13 08:08:35 orange.eq.by kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Feb 13 08:08:35 orange.eq.by kernel: CR2: 0000131a154e3bc0 CR3: 000000018320a002 CR4: 00000000001606f0 Feb 13 08:08:38 orange.eq.by kernel: Bluetooth: hci0: failed to disable LE scan: status 0x1f