You are not logged in.
I'm having an issue on my Lenovo Z16 with kernel 6.5.7 where the bluetooth stack is crashing periodically. The Lenovo z16 uses a Qualcomm bluetooth chipset and I was wondering if any other folks are having issues with it and any known workarounds?
Here is the error I am seeing, searching for it doesn't turn up much other then one report of this on the Ubuntu bug list (https://bugs.launchpad.net/ubuntu/+sour … ug/2035028)
[ 5203.224394] input: ProClickM Mouse as /devices/virtual/misc/uhid/0005:1532:009B.000E/input/input68
[ 5203.224923] input: ProClickM Consumer Control as /devices/virtual/misc/uhid/0005:1532:009B.000E/input/input69
[ 5203.225304] input: ProClickM System Control as /devices/virtual/misc/uhid/0005:1532:009B.000E/input/input70
[ 5203.225429] input: ProClickM as /devices/virtual/misc/uhid/0005:1532:009B.000E/input/input71
[ 5203.225558] input: ProClickM Keyboard as /devices/virtual/misc/uhid/0005:1532:009B.000E/input/input72
[ 5203.225781] hid-generic 0005:1532:009B.000E: input,hidraw12: BLUETOOTH HID v0.01 Mouse [ProClickM] on 04:7b:cb:29:61:11
[ 5329.310102] Bluetooth: hci0: ACL memdump size(458752)
[ 5329.310143] ==================================================================
[ 5329.310146] BUG: KFENCE: use-after-free write in skb_queue_tail+0x35/0x50
[ 5329.310153] Use-after-free write at 0x0000000059227aba (in kfence-#128):
[ 5329.310155] skb_queue_tail+0x35/0x50
[ 5329.310158] hci_devcd_append+0x36/0x80 [bluetooth]
[ 5329.310196] handle_dump_pkt_qca+0x161/0x3a0 [btusb]
[ 5329.310201] btusb_recv_acl_qca+0x16/0x30 [btusb]
[ 5329.310205] btusb_rx_work+0x24/0x40 [btusb]
[ 5329.310209] process_one_work+0x1e1/0x3f0
[ 5329.310216] worker_thread+0x51/0x390
[ 5329.310217] kthread+0xe8/0x120
[ 5329.310220] ret_from_fork+0x34/0x50
[ 5329.310224] ret_from_fork_asm+0x1b/0x30
[ 5329.310228] kfence-#128: 0x0000000059227aba-0x000000002572e269, size=232, cache=skbuff_head_cache
[ 5329.310230] allocated by task 0 on cpu 11 at 5329.304552s:
[ 5329.310236] __alloc_skb+0x161/0x1a0
[ 5329.310239] btusb_recv_bulk+0x142/0x1b0 [btusb]
[ 5329.310243] btusb_bulk_complete+0xa5/0x140 [btusb]
[ 5329.310248] __usb_hcd_giveback_urb+0xa0/0x120
[ 5329.310251] usb_giveback_urb_bh+0xbc/0x140
[ 5329.310253] tasklet_action_common.isra.0+0xc7/0x240
[ 5329.310257] __do_softirq+0xd4/0x2c8
[ 5329.310262] __irq_exit_rcu+0xa3/0xc0
[ 5329.310263] common_interrupt+0x86/0xa0
[ 5329.310267] asm_common_interrupt+0x26/0x40
[ 5329.310270] cpuidle_enter_state+0xcc/0x440
[ 5329.310272] cpuidle_enter+0x2d/0x40
[ 5329.310275] do_idle+0x1d8/0x230
[ 5329.310278] cpu_startup_entry+0x2a/0x30
[ 5329.310280] start_secondary+0x11e/0x140
[ 5329.310283] secondary_startup_64_no_verify+0x17e/0x18b
[ 5329.310286] freed by task 151 on cpu 11 at 5329.310131s:
[ 5329.310307] hci_recv_frame+0xa8/0x130 [bluetooth]
[ 5329.310339] btusb_rx_work+0x24/0x40 [btusb]
[ 5329.310343] process_one_work+0x1e1/0x3f0
[ 5329.310344] worker_thread+0x51/0x390
[ 5329.310346] kthread+0xe8/0x120
[ 5329.310348] ret_from_fork+0x34/0x50
[ 5329.310349] ret_from_fork_asm+0x1b/0x30
[ 5329.310353] CPU: 11 PID: 151 Comm: kworker/11:1 Not tainted 6.5.7-arch1-1 #1 0f5c742c3372ed589b7098a21a0ff406fc2e7c9c
[ 5329.310357] Hardware name: LENOVO 21D4000KUS/21D4000KUS, BIOS N3GET47W (1.27 ) 12/08/2022
[ 5329.310358] Workqueue: events btusb_rx_work [btusb]
[ 5329.310364] ==================================================================
[ 5329.310370] ------------[ cut here ]------------
[ 5329.310372] kernel BUG at mm/slub.c:440!
[ 5329.310378] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 5329.310382] CPU: 10 PID: 13369 Comm: kworker/u33:2 Tainted: G B 6.5.7-arch1-1 #1 0f5c742c3372ed589b7098a21a0ff406fc2e7c9c
[ 5329.310385] Hardware name: LENOVO 21D4000KUS/21D4000KUS, BIOS N3GET47W (1.27 ) 12/08/2022
[ 5329.310387] Workqueue: hci0 hci_devcd_rx [bluetooth]
[ 5329.310417] RIP: 0010:__slab_free+0x152/0x330
[ 5329.310420] Code: 8b 06 48 89 0c 24 48 c1 e8 3b 48 8b 84 c3 d8 00 00 00 48 89 c7 48 89 44 24 20 e8 59 f0 9e 00 48 8b 0c 24 48 89 44 24 08 eb 87 <0f> 0b f7 43 08 00 0d 21 00 75 ca eb c3 f7 43 08 00 0d 21 00 0f 84
[ 5329.310422] RSP: 0018:ffffb9eccd683cd0 EFLAGS: 00010246
[ 5329.310425] RAX: ffff9e38753d1400 RBX: ffff9e3700042c00 RCX: 000000008010000f
[ 5329.310426] RDX: fffffffa39fd1000 RSI: ffff9e38753d1000 RDI: ffffb9eccd683d40
[ 5329.310428] RBP: ffffb9eccd683d68 R08: 0000000000000001 R09: ffffffffbb2fbd02
[ 5329.310429] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9e38753d1000
[ 5329.310430] R13: ffff9e38753d1000 R14: ffffe3ec49d4f400 R15: 0000000000000002
[ 5329.310432] FS: 0000000000000000(0000) GS:ffff9e3e3e880000(0000) knlGS:0000000000000000
[ 5329.310434] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5329.310435] CR2: 00007f1784b6b000 CR3: 00000004cb220000 CR4: 0000000000750ee0
[ 5329.310437] PKRU: 55555554
[ 5329.310438] Call Trace:
[ 5329.310440] <TASK>
[ 5329.310441] ? die+0x36/0x90
[ 5329.310446] ? do_trap+0xda/0x100
[ 5329.310449] ? __slab_free+0x152/0x330
[ 5329.310452] ? do_error_trap+0x6a/0x90
[ 5329.310454] ? __slab_free+0x152/0x330
[ 5329.310457] ? exc_invalid_op+0x50/0x70
[ 5329.310459] ? __slab_free+0x152/0x330
[ 5329.310461] ? asm_exc_invalid_op+0x1a/0x20
[ 5329.310465] ? skb_release_data+0x142/0x1c0
[ 5329.310470] ? __slab_free+0x152/0x330
[ 5329.310475] skb_release_data+0x142/0x1c0
[ 5329.310479] kfree_skb_reason+0x52/0x120
[ 5329.310482] hci_devcd_rx+0xad/0x7d0 [bluetooth f3ee55392116df47884d10e22172a9217c0901ac]
[ 5329.310506] process_one_work+0x1e1/0x3f0
[ 5329.310509] worker_thread+0x51/0x390
[ 5329.310511] ? __pfx_worker_thread+0x10/0x10
[ 5329.310513] kthread+0xe8/0x120
[ 5329.310516] ? __pfx_kthread+0x10/0x10
[ 5329.310518] ret_from_fork+0x34/0x50
[ 5329.310520] ? __pfx_kthread+0x10/0x10
[ 5329.310523] ret_from_fork_asm+0x1b/0x30
[ 5329.310528] </TASK>
[ 5329.310529] Modules linked in: ccm michael_mic rfcomm snd_seq_dummy snd_hrtimer snd_seq uhid cmac algif_hash algif_skcipher af_alg bnep qrtr_mhi snd_ctl_led intel_rapl_msr intel_rapl_common amdgpu snd_acp6x_pdm_dma snd_soc_acp6x_mach snd_soc_dmic snd_sof_amd_rembrandt snd_sof_amd_renoir snd_sof_amd_acp snd_sof_pci snd_sof_xtensa_dsp snd_sof qrtr snd_sof_utils snd_hda_codec_realtek ath11k_pci snd_hda_codec_generic edac_mce_amd snd_soc_core snd_hda_codec_hdmi snd_compress ath11k ac97_bus kvm_amd snd_pcm_dmaengine snd_hda_scodec_cs35l41_spi amdxcp snd_hda_intel qmi_helpers drm_buddy btusb snd_pci_ps uvcvideo snd_intel_dspcfg mac80211 snd_usb_audio snd_rpl_pci_acp6x gpu_sched btrtl videobuf2_vmalloc snd_intel_sdw_acpi kvm i2c_algo_bit btbcm snd_acp_pci uvc snd_usbmidi_lib drm_suballoc_helper snd_hda_codec snd_pci_acp6x videobuf2_memops btintel snd_ump snd_pci_acp5x drm_ttm_helper videobuf2_v4l2 snd_hda_scodec_cs35l41_i2c libarc4 btmtk wacom hid_multitouch snd_hda_core snd_rawmidi snd_hda_scodec_cs35l41 snd_rn_pci_acp3x
[ 5329.310597] irqbypass ttm bluetooth videodev snd_seq_device snd_hwdep snd_hda_cs_dsp_ctls ucsi_acpi rapl snd_acp_config cfg80211 thinkpad_acpi pcspkr cs_dsp drm_display_helper sp5100_tco think_lmi snd_pcm videobuf2_common snd_soc_acpi ledtrig_audio ecdh_generic typec_ucsi vfat psmouse typec fat thunderbolt snd_soc_cs35l41_lib firmware_attributes_class wmi_bmof rfkill k10temp i2c_piix4 snd_timer mc crc16 igc cec snd_pci_acp3x mhi snd roles mousedev joydev soundcore i2c_hid_acpi amd_pmf i2c_hid serial_multi_instantiate platform_profile amd_pmc acpi_tad mac_hid pkcs8_key_parser crypto_user fuse loop zram ip_tables x_tables usbhid dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic serio_raw gf128mul atkbd ghash_clmulni_intel sdhci_pci libps2 sha512_ssse3 vivaldi_fmap cqhci aesni_intel nvme sdhci crypto_simd cryptd nvme_core xhci_pci ccp mmc_core xhci_pci_renesas nvme_common i8042 video serio wmi btrfs blake2b_generic libcrc32c crc32c_generic
[ 5329.310677] crc32c_intel xor raid6_pq
[ 5329.310684] ---[ end trace 0000000000000000 ]---
[ 5329.310685] RIP: 0010:__slab_free+0x152/0x330
[ 5329.310688] Code: 8b 06 48 89 0c 24 48 c1 e8 3b 48 8b 84 c3 d8 00 00 00 48 89 c7 48 89 44 24 20 e8 59 f0 9e 00 48 8b 0c 24 48 89 44 24 08 eb 87 <0f> 0b f7 43 08 00 0d 21 00 75 ca eb c3 f7 43 08 00 0d 21 00 0f 84
[ 5329.310690] RSP: 0018:ffffb9eccd683cd0 EFLAGS: 00010246
[ 5329.310692] RAX: ffff9e38753d1400 RBX: ffff9e3700042c00 RCX: 000000008010000f
[ 5329.310693] RDX: fffffffa39fd1000 RSI: ffff9e38753d1000 RDI: ffffb9eccd683d40
[ 5329.310694] RBP: ffffb9eccd683d68 R08: 0000000000000001 R09: ffffffffbb2fbd02
[ 5329.310696] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9e38753d1000
[ 5329.310697] R13: ffff9e38753d1000 R14: ffffe3ec49d4f400 R15: 0000000000000002
[ 5329.310698] FS: 0000000000000000(0000) GS:ffff9e3e3e880000(0000) knlGS:0000000000000000
[ 5329.310700] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5329.310702] CR2: 00007f1784b6b000 CR3: 00000004cb220000 CR4: 0000000000750ee0
[ 5329.310703] PKRU: 55555554
[ 5329.780028] Bluetooth: hci0: memdump done: pkts(1881), total(458752)
[ 5330.193146] usb 3-2: USB disconnect, device number 2Last edited by gnunn (2023-10-13 21:01:15)
Offline