[regression] NULL dereference pointer in Bluetooth at boot

"Linux regression tracking (Thorsten Leemhuis)" <regressions@xxxxxxxxxxxxx> · Thu, 26 Sep 2024 11:16:28 +0200

Hi, Thorsten here, the Linux kernel's regression tracker.

I noticed a report about a regression in bugzilla.kernel.org apparently
related to the bluetooth code. As many (most?) kernel developers don't
keep an eye on the bug tracker, I decided to write this mail. To quote
from https://bugzilla.kernel.org/show_bug.cgi?id=219294 :

> Since Kernel 6.11 compiled from vanilla source, I get occasionnaly an Oops at boot on my Lenovo Slim 5.
> This is a regression.
> 
> Kernel 6.11 / Slackware 64 (Slackware 15 + recent Mesa).
> AMD 7840HS 16Go
> When the problem occurs, the boot doesn't finish, but I got the following in syslog:
> Sep 19 19:57:15 latile dnsmasq[924]: no servers found in /etc/dnsmasq.d/dnsmasq-resolv.conf, will retry
> Sep 20 22:22:29 latile kernel: ACPI BIOS Error (bug): Could not resolve symbol [\_SB.PCI0.GP18.SATA], AE_NOT_FOUND (20240322/dswload2-162)
> Sep 20 22:22:29 latile kernel: ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20240322/psobject-220)
> Sep 20 22:22:29 latile kernel: ACPI BIOS Error (bug): Failure creating named object [\_SB.PCI0.GPP6.WLAN._S0W], AE_ALREADY_EXISTS (20240322/dswload2-32
> 6)
> Sep 20 22:22:29 latile kernel: ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20240322/psobject-220)
> Sep 20 22:22:31 latile kernel: i8042: PNP: PS/2 appears to have AUX port disabled, if this is incorrect please boot with i8042.nopnp
> Sep 20 22:22:34 latile kernel: Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported.
> Sep 20 22:22:37 latile kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
> Sep 20 22:22:37 latile kernel: #PF: supervisor read access in kernel mode
> Sep 20 22:22:37 latile kernel: #PF: error_code(0x0000) - not-present page
> Sep 20 22:22:37 latile kernel: Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
> Sep 20 22:22:37 latile kernel: CPU: 2 UID: 0 PID: 153 Comm: kworker/2:1 Not tainted 6.11.0 #1
> Sep 20 22:22:37 latile kernel: Hardware name: LENOVO 82Y9/LNVNB161216, BIOS M3CN42WW 01/11/2024
> Sep 20 22:22:37 latile kernel: Workqueue: pm pm_runtime_work
> Sep 20 22:22:37 latile kernel: RIP: 0010:btusb_suspend+0x14/0x1b0
> Sep 20 22:22:37 latile kernel: Code: e4 10 00 83 80 d4 0a 00 00 01 eb db 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 48 8b 9f 
> c8 00 00 00 <48> 8b 13 8b 82 bc 09 00 00 03 82 b8 09 00 00 03 82 c4 09 00 00 03
> Sep 20 22:22:37 latile kernel: RSP: 0018:ffffbf1280b67ca0 EFLAGS: 00010206
> Sep 20 22:22:37 latile kernel: RAX: ffffffffa62de3b0 RBX: 0000000000000000 RCX: 0000000000000002
> Sep 20 22:22:37 latile kernel: RDX: 0000000000000003 RSI: 0000000000000402 RDI: ffff9bcc85e17000
> Sep 20 22:22:37 latile kernel: RBP: ffff9bcc85e17000 R08: ffff9bcc8930e800 R09: ffff9bcc85e174b0
> Sep 20 22:22:37 latile kernel: R10: 0000000000000003 R11: 0000000000000063 R12: 0000000000000402
> Sep 20 22:22:37 latile kernel: R13: 0000000000000003 R14: 0000000000000000 R15: ffff9bcc8930e800
> Sep 20 22:22:37 latile kernel: FS:  0000000000000000(0000) GS:ffff9bcfae480000(0000) knlGS:0000000000000000
> Sep 20 22:22:37 latile kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Sep 20 22:22:37 latile kernel: CR2: 0000000000000000 CR3: 000000035f82a000 CR4: 0000000000750ef0
> Sep 20 22:22:37 latile kernel: PKRU: 55555554
> Sep 20 22:22:37 latile kernel: Call Trace:
> Sep 20 22:22:37 latile kernel:  <TASK>
> Sep 20 22:22:37 latile kernel:  ? __die+0x23/0x70
> Sep 20 22:22:37 latile kernel:  ? page_fault_oops+0x159/0x520
> Sep 20 22:22:37 latile kernel:  ? exc_page_fault+0x404/0x740
> Sep 20 22:22:37 latile kernel:  ? asm_exc_page_fault+0x26/0x30
> Sep 20 22:22:37 latile kernel:  ? btusb_isoc_tx_complete+0x60/0x60
> Sep 20 22:22:37 latile kernel:  ? btusb_suspend+0x14/0x1b0
> Sep 20 22:22:37 latile kernel:  usb_suspend_both+0x94/0x280
> Sep 20 22:22:37 latile kernel:  usb_runtime_suspend+0x2e/0x70
> Sep 20 22:22:37 latile kernel:  ? usb_autoresume_device+0x50/0x50
> Sep 20 22:22:37 latile kernel:  __rpm_callback+0x41/0x170
> Sep 20 22:22:37 latile kernel:  ? usb_autoresume_device+0x50/0x50
> Sep 20 22:22:37 latile kernel:  rpm_callback+0x55/0x60
> Sep 20 22:22:37 latile kernel:  ? usb_autoresume_device+0x50/0x50
> Sep 20 22:22:37 latile kernel:  rpm_suspend+0xe8/0x5e0
> Sep 20 22:22:37 latile kernel:  ? srso_alias_return_thunk+0x5/0xfbef5
> Sep 20 22:22:37 latile last message buffered 1 times
> Sep 20 22:22:37 latile kernel:  ? finish_task_switch.isra.0+0x96/0x2a0
> Sep 20 22:22:37 latile kernel:  __pm_runtime_suspend+0x3c/0xd0
> Sep 20 22:22:37 latile kernel:  ? usb_runtime_resume+0x20/0x20
> Sep 20 22:22:37 latile kernel:  usb_runtime_idle+0x35/0x40
> Sep 20 22:22:37 latile kernel:  rpm_idle+0xbd/0x270
> Sep 20 22:22:37 latile kernel:  pm_runtime_work+0x84/0xb0
> Sep 20 22:22:37 latile kernel:  process_one_work+0x16d/0x380
> Sep 20 22:22:37 latile kernel:  worker_thread+0x2cb/0x3e0
> Sep 20 22:22:37 latile kernel:  ? _raw_spin_lock_irqsave+0x1b/0x50
> Sep 20 22:22:37 latile kernel:  ? cancel_delayed_work_sync+0x80/0x80
> Sep 20 22:22:37 latile kernel:  kthread+0xde/0x110
> Sep 20 22:22:37 latile kernel:  ? kthread_park+0x90/0x90
> Sep 20 22:22:37 latile kernel:  ret_from_fork+0x31/0x50
> Sep 20 22:22:37 latile kernel:  ? kthread_park+0x90/0x90
> Sep 20 22:22:37 latile kernel:  ret_from_fork_asm+0x11/0x20
> Sep 20 22:22:37 latile kernel:  </TASK>
> Sep 20 22:22:37 latile kernel: Modules linked in:
> Sep 20 22:22:37 latile kernel: CR2: 0000000000000000
> Sep 20 22:22:37 latile kernel: ---[ end trace 0000000000000000 ]---
> Sep 20 22:22:37 latile kernel: RIP: 0010:btusb_suspend+0x14/0x1b0
> Sep 20 22:22:37 latile kernel: Code: e4 10 00 83 80 d4 0a 00 00 01 eb db 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 48 8b 9f c8 00 00 00 <48> 8b 13 8b 82 bc 09 00 00 03 82 b8 09 00 00 03 82 c4 09 00 00 03
> Sep 20 22:22:37 latile kernel: RSP: 0018:ffffbf1280b67ca0 EFLAGS: 00010206
> Sep 20 22:22:37 latile kernel: RAX: ffffffffa62de3b0 RBX: 0000000000000000 RCX: 0000000000000002
> Sep 20 22:22:37 latile kernel: RDX: 0000000000000003 RSI: 0000000000000402 RDI: ffff9bcc85e17000
> Sep 20 22:22:37 latile kernel: RBP: ffff9bcc85e17000 R08: ffff9bcc8930e800 R09: ffff9bcc85e174b0
> Sep 20 22:22:37 latile kernel: R10: 0000000000000003 R11: 0000000000000063 R12: 0000000000000402
> Sep 20 22:22:37 latile kernel: R13: 0000000000000003 R14: 0000000000000000 R15: ffff9bcc8930e800
> Sep 20 22:22:37 latile kernel: FS:  0000000000000000(0000) GS:ffff9bcfae480000(0000) knlGS:0000000000000000
> Sep 20 22:22:37 latile kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Sep 20 22:22:37 latile kernel: CR2: 0000000000000000 CR3: 000000035f82a000 CR4: 0000000000750ef0
> Sep 20 22:22:37 latile kernel: PKRU: 55555554
> [...]

See the ticket for more details and another oops. Reporter is CCed.

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.

P.S.: let me use this mail to also add the report to the list of tracked
regressions to ensure it's doesn't fall through the cracks:

#regzbot introduced: v6.10..v6.11
#regzbot from: Christian Casteyde <casteyde.christian@xxxxxxx>
#regzbot duplicate: https://bugzilla.kernel.org/show_bug.cgi?id=219294
#regzbot title: net: bluetooth: NULL dereference pointer in Bluetooth at
boot
#regzbot ignore-activity