[Bug 216686] BUG: kernel NULL pointer dereference, address: 0000000000000680

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.kernel.org/show_bug.cgi?id=216686

Paul Menzel (pmenzel+bugzilla.kernel.org@xxxxxxxxxxxxx) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pmenzel+bugzilla.kernel.org
                   |                            |@molgen.mpg.de

--- Comment #5 from Paul Menzel (pmenzel+bugzilla.kernel.org@xxxxxxxxxxxxx) ---
In * linux-headers-6.0.0-2-amd64: bluetooth crashes after returning from
suspend* [1] you write:

> I installed 6.0.5-1 and during the past few days seems to be working okay.

Just to avoid misunderstandings, is that outdated information?

The trace from attachment 6.1-rc3 oops is:

```
[  459.240547] usb 5-4: USB disconnect, device number 3
[  459.241253] BUG: kernel NULL pointer dereference, address: 0000000000000680
[  459.241265] #PF: supervisor read access in kernel mode
[  459.241270] #PF: error_code(0x0000) - not-present page
[  459.241275] PGD 0 P4D 0 
[  459.241282] Oops: 0000 [#1] PREEMPT SMP NOPTI
[  459.241288] CPU: 12 PID: 973 Comm: bluetoothd Not tainted 6.1.0-0-amd64 #1 
Debian 6.1~rc3-1~exp1
[  459.241296] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21
) 09/15/2022
[  459.241300] RIP: 0010:hci_send_acl+0x21/0x2f0 [bluetooth]
[  459.241515] Code: cc cc 0f 1f 80 00 00 00 00 0f 1f 44 00 00 41 57 49 89 ff
41 56 41 55 41 54 55 48 89 f5 53 48 83 ec 28 4c 8b 67 18 89 54 24 0c <4d> 8b 8c
24 80 06 00 00 4c 89 4c 24 18 66 90 0f b7 da 8b 4d 70 2b
[  459.241521] RSP: 0018:ffffa29981eafc00 EFLAGS: 00010286
[  459.241526] RAX: ffff9119fabab400 RBX: 0000000000000004 RCX:
0000000000000000
[  459.241530] RDX: 0000000000000000 RSI: ffff9119cb626f00 RDI:
ffff9119c68cfc00
[  459.241533] RBP: ffff9119cb626f00 R08: ffff911ac574fec0 R09:
000000000000000c
[  459.241535] R10: 0000000000000028 R11: 0000000000000000 R12:
0000000000000000
[  459.241538] R13: ffffa29981eafd40 R14: ffff9119cb626f00 R15:
ffff9119c68cfc00
[  459.241542] FS:  00007feffba587c0(0000) GS:ffff911fd2100000(0000)
knlGS:0000000000000000
[  459.241546] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  459.241549] CR2: 0000000000000680 CR3: 000000012219c000 CR4:
0000000000750ee0
[  459.241554] PKRU: 55555554
[  459.241557] Call Trace:
[  459.241568]  <TASK>
[  459.241573]  ? mutex_lock+0xe/0x30
[  459.241605]  l2cap_chan_send+0x12f/0xc60 [bluetooth]
[  459.241670]  ? remove_wait_queue+0x20/0x60
[  459.241677]  ? _raw_spin_unlock_irqrestore+0x23/0x40
[  459.241682]  ? bt_sock_wait_ready+0x128/0x1a0 [bluetooth]
[  459.241731]  l2cap_sock_sendmsg+0x9a/0x100 [bluetooth]
[  459.241786]  sock_sendmsg+0x5f/0x70
[  459.241796]  rfcomm_send_frame+0x62/0xa0 [rfcomm]
[  459.241814]  rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm]
[  459.241828]  __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm]
[  459.241843]  __rfcomm_dlc_close+0x60/0x200 [rfcomm]
[  459.241857]  rfcomm_dlc_close+0x6a/0xb0 [rfcomm]
[  459.241871]  __rfcomm_sock_close+0x2e/0xd0 [rfcomm]
[  459.241886]  rfcomm_sock_shutdown+0x54/0xb0 [rfcomm]
[  459.241899]  rfcomm_sock_release+0x2e/0x90 [rfcomm]
[  459.241914]  __sock_release+0x3d/0xb0
[  459.241920]  sock_close+0x11/0x20
[  459.241925]  __fput+0x91/0x250
[  459.241933]  task_work_run+0x59/0x90
[  459.241942]  exit_to_user_mode_prepare+0x1cd/0x1e0
[  459.241948]  syscall_exit_to_user_mode+0x17/0x40
[  459.241960]  do_syscall_64+0x46/0xc0
[  459.241974]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  459.241981] RIP: 0033:0x7feffc07a770
[  459.241986] Code: 0d 00 00 00 eb b2 e8 4f f7 01 00 66 2e 0f 1f 84 00 00 00
00 00 0f 1f 44 00 00 80 3d 71 1e 0e 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
[  459.241990] RSP: 002b:00007ffceb4d6ba8 EFLAGS: 00000202 ORIG_RAX:
0000000000000003
[  459.241995] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
00007feffc07a770
[  459.241998] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000028
[  459.242000] RBP: 0000000000000000 R08: 0000000000000000 R09:
0000000000000010
[  459.242003] R10: 0000000000000000 R11: 0000000000000202 R12:
0000000000000001
[  459.242005] R13: 0000555efbd88f30 R14: 00007feffc3691b0 R15:
0000555efbd7e350
[  459.242011]  </TASK>
```

Could you please attach all Linux messages, that means, the full output of
`dmesg`, and also have `sudo btmon -w /dev/shm/trace.log` running in parallel.

As you know it’s a regression, and you can reproduce it, it might be fastest to
do the following:

1.  Build bluetooth-next [2]. (Clone the source tree, copy the Debian
configuration from `/boot` to `.config`, run `make olddefconfig` and `make
localmodconfig`, disable debug info in `make menuconfig`, and then `make
bindeb-pkg` and install the generated `linux-image….deb` with `dpkg -i`.
2.  If it’s still happening, and you want faster test cycles, try to reproduce
it in QEMU by passing the USB device through.
3.  Bisect the issue with `git bisect`.

[1]: https://bugs.debian.org/1023076
[2]:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux