kernel NULL pointer dereference on USB-C dock disconnect & resume from sleep on 6.2.6

[MattF-NSIDC]

This "freezes" the machine (can move mouse, but executing any command in an open terminal stalls, new terminal windows don't display a prompt, other programs locked up, can't access virtual terminals with e.g. CTRL+ALT+F3) and the only way to resolve is a hard shutdown with the power button. I need to hard reboot for this issue 3-4 times a day 😭

This is reproducible 100% of the time (systemctl suspend or remove USB-C cable) on my Thinkpad T14 Gen3 (Intel) running 6.2.6-76060206-generic #202303130630~1681329778~22.04~d824cd4. I don't think it was happening last month, and my apt history log is telling me that I upgraded from 6.2.6-76060206.202303130630~1680814622~22.04~3850312 on April 18, which corresponds with when this started happening.

I believe that this bug report on kernel.org is the same issue: https://bugzilla.kernel.org/show_bug.cgi?id=217106. The address in the first line is always the same as well. Will 6.2.9 be available some time soon to hopefully resolve this issue?

BUG: kernel NULL pointer dereference, address: 0000000000000398
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0 
Oops: 0002 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 53749 Comm: kworker/0:0 Tainted: G           OE      6.2.6-76060206-generic #202303130630~1681329778~22.04~d824cd4
Hardware name: LENOVO 21AJSBQT00/21AJSBQT00, BIOS N3MET12W (1.11 ) 02/09/2023
Workqueue: kacpi_notify acpi_os_execute_deferred
RIP: 0010:queue_work_on+0x22/0x70
Code: 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 41 89 fb 49 89 f2 49 89 d0 48 89 e5 53 9c 58 0f 1f 40 00 48 89 c3 fa 0f 1f 44 00 00 <f0> 49 0f ba 28 00 73 2f 45 31 c9 80 e7 02 74 06 fb 0f 1f 44 00 00
RSP: 0018:ffff9a33cbe8bdf0 EFLAGS: 00010002
RAX: 0000000000000202 RBX: 0000000000000202 RCX: 0000000000000000
RDX: 0000000000000398 RSI: ffff8b9900051000 RDI: 0000000000002000
RBP: ffff9a33cbe8bdf8 R08: 0000000000000398 R09: 0000000000000000
R10: ffff8b9900051000 R11: 0000000000002000 R12: 0000000000000004
R13: 0000000000000000 R14: ffff8b9a6dbb46d0 R15: ffff8b99f0c6d600
FS:  0000000000000000(0000) GS:ffff8ba03f400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000398 CR3: 00000003a1410003 CR4: 0000000000770ef0
PKRU: 55555554
Call Trace:
 <TASK>
 ucsi_connector_change+0x56/0xa0 [typec_ucsi]
 ucsi_acpi_notify+0xa1/0xb0 [ucsi_acpi]
 acpi_ev_notify_dispatch+0x54/0x80
 acpi_os_execute_deferred+0x17/0x40
 process_one_work+0x222/0x430
 worker_thread+0x50/0x3e0
 ? __pfx_worker_thread+0x10/0x10
 kthread+0xe6/0x110
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x29/0x50
 </TASK>
Modules linked in: tls xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc nvme_fabrics rfcomm cmac algif_hash algif_skcipher af_alg zstd snd_seq_dummy snd_hrtimer overlay snd_ctl_led snd_soc_skl_hda_dsp snd_soc_intel_hda_dsp_common snd_soc_hdac_hdmi snd_sof_probes bnep zram snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi mei_hdcp mei_pxp soundwire_bus snd_soc_core snd_compress ac97_bus iwlmvm snd_pcm_dmaengine pmt_telemetry btusb pmt_class intel_tcc_cooling intel_rapl_msr snd_hda_intel uvcvideo btrtl x86_pkg_temp_thermal snd_intel_dspcfg
 intel_powerclamp mac80211 videobuf2_vmalloc btbcm snd_intel_sdw_acpi coretemp btintel videobuf2_memops videobuf2_v4l2 btmtk snd_hda_codec dm_crypt libarc4 nls_iso8859_1 bfq kvm_intel snd_usb_audio videodev snd_seq_midi bluetooth iwlwifi snd_hda_core videobuf2_common snd_usbmidi_lib joydev snd_seq_midi_event kvm snd_hwdep ecdh_generic mei_me spi_nor mc processor_thermal_device_pci ecc input_leds snd_rawmidi snd_pcm hid_multitouch thinkpad_acpi cfg80211 processor_thermal_device processor_thermal_rfim mei rapl nvram mtd think_lmi serio_raw intel_cstate ledtrig_audio firmware_attributes_class snd_seq wmi_bmof platform_profile processor_thermal_mbox intel_vsec processor_thermal_rapl ucsi_acpi intel_rapl_common igen6_edac snd_seq_device typec_ucsi snd_timer typec snd soundcore int3403_thermal int340x_thermal_zone int3400_thermal intel_hid acpi_thermal_rel sparse_keymap mac_hid acpi_pad acpi_tad sch_fq_codel kyber_iosched ipmi_devintf ipmi_msghandler msr parport_pc ppdev lp
 parport ramoops reed_solomon pstore_blk pstore_zone efi_pstore ip_tables x_tables autofs4 raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear system76_io(OE) system76_acpi(OE) usbhid i915 drm_buddy i2c_algo_bit ttm drm_display_helper cec rc_core hid_generic drm_kms_helper crct10dif_pclmul crc32_pclmul syscopyarea polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 aesni_intel sysfillrect crypto_simd spi_intel_pci sysimgblt nvme intel_lpss_pci cryptd psmouse drm thunderbolt e1000e nvme_core i2c_i801 intel_lpss spi_intel xhci_pci i2c_smbus idma64 xhci_pci_renesas nvme_common i2c_hid_acpi i2c_hid hid video wmi pinctrl_tigerlake
CR2: 0000000000000398
---[ end trace 0000000000000000 ]---
RIP: 0010:queue_work_on+0x22/0x70
Code: 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 41 89 fb 49 89 f2 49 89 d0 48 89 e5 53 9c 58 0f 1f 40 00 48 89 c3 fa 0f 1f 44 00 00 <f0> 49 0f ba 28 00 73 2f 45 31 c9 80 e7 02 74 06 fb 0f 1f 44 00 00
RSP: 0018:ffff9a33cbe8bdf0 EFLAGS: 00010002
RAX: 0000000000000202 RBX: 0000000000000202 RCX: 0000000000000000
RDX: 0000000000000398 RSI: ffff8b9900051000 RDI: 0000000000002000
RBP: ffff9a33cbe8bdf8 R08: 0000000000000398 R09: 0000000000000000
R10: ffff8b9900051000 R11: 0000000000002000 R12: 0000000000000004
R13: 0000000000000000 R14: ffff8b9a6dbb46d0 R15: ffff8b99f0c6d600
FS:  0000000000000000(0000) GS:ffff8ba03f400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000398 CR3: 0000000178a6c001 CR4: 0000000000770ef0
PKRU: 55555554
note: kworker/0:0[53749] exited with irqs disabled

[MattF-NSIDC]

Installed mainline 6.2.9 and was not able to reproduce the issue with a systemctl suspend or by disconnecting my USB-C cable! Huzzah 🎉