Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp245484iob; Mon, 2 May 2022 18:22:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzpQWRHykVQxUwmHunWJUWm78QL2Us1mHBuYPQIRncbCfySmqG+/jbuQVj730mX1lNxPogX X-Received: by 2002:a17:90a:e517:b0:1da:3d42:7fb8 with SMTP id t23-20020a17090ae51700b001da3d427fb8mr2178278pjy.194.1651540964421; Mon, 02 May 2022 18:22:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651540964; cv=none; d=google.com; s=arc-20160816; b=MZ69ci43LEHQuJ15dl/XTxWb/V2PLjNfRsBH7pydCC0hZ54nSjP2JqZlepC83LqQJy s+3whQBTTKPXqUOVrQNscX/Z3zYb1cB25MQKKqVWo0kwhHZWnuuy7nbc8ZF4QjzdvgSR zNX3GV/2LNUb9w3sIK4oNa9bMHF1v5PLmJW1MrRsbhF1W+tlOj2wr5Q8gvyfC7y9xRXF c0OT4SCVQ8TNBV9+ZOac6lnT8dLi65WkSg9YIbKjdo6vbFlwkKKG+8XDnBHGO5DtEbuF 6pN12f7aaJNqwR9/sWhhv85taXalfm7yjFZtQR52jE6tJNHHxYz73hM1hfOHPMOCAaf/ Y2gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=gRNzQVx2xZYQ54iVOA1FbjjTrXHseT/PO6cWxyg/oC4=; b=0PPbomhe9bhXCdeizgRjVmVM8q+PFhP4vCHLCgnVvzhNHluajmB5Bt5WyitCT7hxMA FE+aYZBxhb7PgZ+civiz6LS6vyOh+tlSMr1MRkePp15ThrBiWE80+vnAuegsa5BPKhb9 acuCcDyBq2S3eWLKFb5SUxPJZb+mQkzK3xfQM1gVqdmdBpBgskhZXMp+bP4nSShH3L9j u53Eba1aOOtl8uiIU+3CfsUMmYiC2YYL+Q766b4/DCbuj1X5i62xK48z4/YZvwIEg/+J TCLL2Obt0hCenZakBC7vYQEgTMeTpSBfP+R3zFJdukPxdxFF3atrJar7J2B1tO81T8zW dQZA== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id i19-20020a631313000000b00382b764a7a9si15518512pgl.731.2022.05.02.18.22.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 18:22:44 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 06C1767D14; Mon, 2 May 2022 18:01:49 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234028AbiEBJTS (ORCPT + 99 others); Mon, 2 May 2022 05:19:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37612 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384160AbiEBJS5 (ORCPT ); Mon, 2 May 2022 05:18:57 -0400 X-Greylist: delayed 575 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Mon, 02 May 2022 02:15:28 PDT Received: from mail.aperture-lab.de (mail.aperture-lab.de [116.203.183.178]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C5D72BB3C; Mon, 2 May 2022 02:15:28 -0700 (PDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 80A1141139; Mon, 2 May 2022 11:05:45 +0200 (CEST) Date: Mon, 2 May 2022 11:05:42 +0200 From: Linus =?utf-8?Q?L=C3=BCssing?= To: linux-bluetooth@vger.kernel.org, linux-wireless@vger.kernel.org, Intel Linux Wireless Cc: Emmanuel Grumbach , Luiz Augusto von Dentz , Marcel Holtmann Subject: Re: Crash / Null pointer dereference in l2cap_chan_send() Message-ID: References: <20201110062039.GC2423@otheros> <20201110205950.GF2423@otheros> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20201110205950.GF2423@otheros> X-Last-TLS-Session-Version: TLSv1.3 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org On Tue, Nov 10, 2020 at 09:59:50PM +0100, Linus Lüssing wrote: > On Tue, Nov 10, 2020 at 07:20:39AM +0100, Linus Lüssing wrote: > > [...] > > > > The issue was introduced with the following commit: > > > > f4bfdc5e571e ("iwlwifi: mvm: stop supporting swcrypto and bt_coex_active module parameters") > > * first affected tag: v5.8-rc1 > > > > PS: As this commit mentioned bt_coex_active, I retried with a > vanilla 5.9.6 kernel while leaving bt_coex_active at its > default value. That is leaving it enabled while all previous tests > I did had it disabled. > > However I still get the Bluetooth A2DP freeze and subsequent > kernel panics. > [...] I did a few more tests and found out that it was the old iwlwifi firmware causing the kernel panics for me when Bluetooth co-existence is enabled. With firmware-iwlwifi_20170823-1_all.deb on Debian I can reproduce the issue, with firmware-iwlwifi_20180518-1~bpo9+1_all.deb or firmware-iwlwifi_20210818-1_all.deb I can't. Also, I can still reproduce the kernel panic with firmware-iwlwifi at version 20170823-1 and with a recent Linux kernel on Debian Sid (linux-image-5.17.0-1-amd64, 5.17.3-1). So nothing which has fixed it in the upstream kernel since v5.8-rc1. I'm a bit surprised that a non-free firmware can create kernel panics in "random" code paths. But maybe that's expected as whatever is running the iwlwifi firmware has access to more memory areas than I would like it to have? Let me know if I should dig deeper, if there is something that should/could be fixed in the upstream, opensource iwlwifi driver to prevent such kernel panics. Regards, Linus PS: firmware-iwlwifi_20170823-1_all.deb seems unavailable on Debian at the moment, even the archives. But I found a copy in the Kali Linux archives: http://old.kali.org/kali/pool/non-free/f/firmware-nonfree/firmware-iwlwifi_20170823-1_all.deb