[Bug 216686] BUG: kernel NULL pointer dereference, address: 0000000000000680

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: bugzilla-daemon@kernel.org
To: linux-bluetooth@vger.kernel.org
Subject: [Bug 216686] BUG: kernel NULL pointer dereference, address: 0000000000000680
Date: Sun, 13 Nov 2022 10:12:37 +0000	[thread overview]
Message-ID: <bug-216686-62941-eq3xE5dlPA@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-216686-62941@https.bugzilla.kernel.org/>

https://bugzilla.kernel.org/show_bug.cgi?id=216686

Paul Menzel (pmenzel+bugzilla.kernel.org@molgen.mpg.de) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pmenzel+bugzilla.kernel.org
                   |                            |@molgen.mpg.de

--- Comment #5 from Paul Menzel (pmenzel+bugzilla.kernel.org@molgen.mpg.de) ---
In * linux-headers-6.0.0-2-amd64: bluetooth crashes after returning from
suspend* [1] you write:

> I installed 6.0.5-1 and during the past few days seems to be working okay.

Just to avoid misunderstandings, is that outdated information?

The trace from attachment 6.1-rc3 oops is:

```
[  459.240547] usb 5-4: USB disconnect, device number 3
[  459.241253] BUG: kernel NULL pointer dereference, address: 0000000000000680
[  459.241265] #PF: supervisor read access in kernel mode
[  459.241270] #PF: error_code(0x0000) - not-present page
[  459.241275] PGD 0 P4D 0 
[  459.241282] Oops: 0000 [#1] PREEMPT SMP NOPTI
[  459.241288] CPU: 12 PID: 973 Comm: bluetoothd Not tainted 6.1.0-0-amd64 #1 
Debian 6.1~rc3-1~exp1
[  459.241296] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21
) 09/15/2022
[  459.241300] RIP: 0010:hci_send_acl+0x21/0x2f0 [bluetooth]
[  459.241515] Code: cc cc 0f 1f 80 00 00 00 00 0f 1f 44 00 00 41 57 49 89 ff
41 56 41 55 41 54 55 48 89 f5 53 48 83 ec 28 4c 8b 67 18 89 54 24 0c <4d> 8b 8c
24 80 06 00 00 4c 89 4c 24 18 66 90 0f b7 da 8b 4d 70 2b
[  459.241521] RSP: 0018:ffffa29981eafc00 EFLAGS: 00010286
[  459.241526] RAX: ffff9119fabab400 RBX: 0000000000000004 RCX:
0000000000000000
[  459.241530] RDX: 0000000000000000 RSI: ffff9119cb626f00 RDI:
ffff9119c68cfc00
[  459.241533] RBP: ffff9119cb626f00 R08: ffff911ac574fec0 R09:
000000000000000c
[  459.241535] R10: 0000000000000028 R11: 0000000000000000 R12:
0000000000000000
[  459.241538] R13: ffffa29981eafd40 R14: ffff9119cb626f00 R15:
ffff9119c68cfc00
[  459.241542] FS:  00007feffba587c0(0000) GS:ffff911fd2100000(0000)
knlGS:0000000000000000
[  459.241546] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  459.241549] CR2: 0000000000000680 CR3: 000000012219c000 CR4:
0000000000750ee0
[  459.241554] PKRU: 55555554
[  459.241557] Call Trace:
[  459.241568]  <TASK>
[  459.241573]  ? mutex_lock+0xe/0x30
[  459.241605]  l2cap_chan_send+0x12f/0xc60 [bluetooth]
[  459.241670]  ? remove_wait_queue+0x20/0x60
[  459.241677]  ? _raw_spin_unlock_irqrestore+0x23/0x40
[  459.241682]  ? bt_sock_wait_ready+0x128/0x1a0 [bluetooth]
[  459.241731]  l2cap_sock_sendmsg+0x9a/0x100 [bluetooth]
[  459.241786]  sock_sendmsg+0x5f/0x70
[  459.241796]  rfcomm_send_frame+0x62/0xa0 [rfcomm]
[  459.241814]  rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm]
[  459.241828]  __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm]
[  459.241843]  __rfcomm_dlc_close+0x60/0x200 [rfcomm]
[  459.241857]  rfcomm_dlc_close+0x6a/0xb0 [rfcomm]
[  459.241871]  __rfcomm_sock_close+0x2e/0xd0 [rfcomm]
[  459.241886]  rfcomm_sock_shutdown+0x54/0xb0 [rfcomm]
[  459.241899]  rfcomm_sock_release+0x2e/0x90 [rfcomm]
[  459.241914]  __sock_release+0x3d/0xb0
[  459.241920]  sock_close+0x11/0x20
[  459.241925]  __fput+0x91/0x250
[  459.241933]  task_work_run+0x59/0x90
[  459.241942]  exit_to_user_mode_prepare+0x1cd/0x1e0
[  459.241948]  syscall_exit_to_user_mode+0x17/0x40
[  459.241960]  do_syscall_64+0x46/0xc0
[  459.241974]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  459.241981] RIP: 0033:0x7feffc07a770
[  459.241986] Code: 0d 00 00 00 eb b2 e8 4f f7 01 00 66 2e 0f 1f 84 00 00 00
00 00 0f 1f 44 00 00 80 3d 71 1e 0e 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
[  459.241990] RSP: 002b:00007ffceb4d6ba8 EFLAGS: 00000202 ORIG_RAX:
0000000000000003
[  459.241995] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
00007feffc07a770
[  459.241998] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000028
[  459.242000] RBP: 0000000000000000 R08: 0000000000000000 R09:
0000000000000010
[  459.242003] R10: 0000000000000000 R11: 0000000000000202 R12:
0000000000000001
[  459.242005] R13: 0000555efbd88f30 R14: 00007feffc3691b0 R15:
0000555efbd7e350
[  459.242011]  </TASK>
```

Could you please attach all Linux messages, that means, the full output of
`dmesg`, and also have `sudo btmon -w /dev/shm/trace.log` running in parallel.

As you know it’s a regression, and you can reproduce it, it might be fastest to
do the following:

1.  Build bluetooth-next [2]. (Clone the source tree, copy the Debian
configuration from `/boot` to `.config`, run `make olddefconfig` and `make
localmodconfig`, disable debug info in `make menuconfig`, and then `make
bindeb-pkg` and install the generated `linux-image….deb` with `dpkg -i`.
2.  If it’s still happening, and you want faster test cycles, try to reproduce
it in QEMU by passing the USB device through.
3.  Bisect the issue with `git bisect`.

[1]: https://bugs.debian.org/1023076
[2]:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

next prev parent reply	other threads:[~2022-11-13 10:12 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-13  7:29 [Bug 216686] New: BUG: kernel NULL pointer dereference, address: 0000000000000680 bugzilla-daemon
2022-11-13  7:30 ` [Bug 216686] " bugzilla-daemon
2022-11-13  7:31 ` bugzilla-daemon
2022-11-13  7:31 ` bugzilla-daemon
2022-11-13  8:44 ` bugzilla-daemon
2022-11-13 10:12 ` bugzilla-daemon [this message]
2022-11-13 13:23 ` bugzilla-daemon
2022-11-13 13:38 ` bugzilla-daemon
2022-11-13 14:15 ` bugzilla-daemon
2022-11-14  5:39 ` bugzilla-daemon
2022-11-14  5:40 ` bugzilla-daemon
2022-11-14  5:45 ` bugzilla-daemon
2022-11-14  6:08 ` bugzilla-daemon
2022-11-14  6:09 ` bugzilla-daemon
2022-11-14  6:32 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-216686-62941-eq3xE5dlPA@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@kernel.org \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.