From: bugzilla-daemon@kernel.org
To: linux-bluetooth@vger.kernel.org
Subject: [Bug 216686] BUG: kernel NULL pointer dereference, address: 0000000000000680
Date: Mon, 14 Nov 2022 06:08:13 +0000 [thread overview]
Message-ID: <bug-216686-62941-hyN7OTyDZF@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-216686-62941@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=216686
--- Comment #12 from frc.gabriel@gmail.com ---
Created attachment 303171
--> https://bugzilla.kernel.org/attachment.cgi?id=303171&action=edit
dmesg bluetooth-next master branch HEAD
Triggering the bug while running btmon with the HEAD of master branch from
bluetooth-next does not renders the computer unusable, but
disconnecting+connecting the the headset is not as smooth compared with
bluetooth-next branch (which freezes computer).
```
[ 301.300526] PM: suspend exit
[ 301.301469] Bluetooth: hci0: RTL: rom_version status=0 version=1
[ 301.301473] Bluetooth: hci0: RTL: loading rtl_bt/rtl8852au_fw.bin
[ 301.301583] Bluetooth: hci0: RTL: loading rtl_bt/rtl8852au_config.bin
[ 301.301640] Bluetooth: hci0: RTL: cfg_sz 6, total sz 47155
[ 301.393319] Generic FE-GE Realtek PHY r8169-0-200:00: attached PHY driver
(mii_bus:phy_addr=r8169-0-200:00, irq=MAC)
[ 301.429363] usb 5-3: new full-speed USB device number 5 using xhci_hcd
[ 301.508834] psmouse serio1: synaptics: queried max coordinates: x [..5678],
y [..4694]
[ 301.521632] r8169 0000:02:00.0 enp2s0f0: Link is Down
[ 301.547243] psmouse serio1: synaptics: queried min coordinates: x [1266..],
y [1162..]
[ 301.553423] Generic FE-GE Realtek PHY r8169-0-500:00: attached PHY driver
(mii_bus:phy_addr=r8169-0-500:00, irq=MAC)
[ 301.590802] usb 5-3: New USB device found, idVendor=06cb, idProduct=00bd,
bcdDevice= 0.00
[ 301.590815] usb 5-3: New USB device strings: Mfr=0, Product=0,
SerialNumber=1
[ 301.590821] usb 5-3: SerialNumber: f699a1169720
[ 301.700442] Bluetooth: hci0: RTL: fw version 0xd9b88207
[ 301.757826] r8169 0000:05:00.0 enp5s0: Link is Down
[ 301.824556] Bluetooth: MGMT ver 1.22
[ 305.674822] wlp3s0: authenticate with e4:bf:fa:cc:15:70
[ 305.674836] wlp3s0: Invalid HE elem, Disable HE
[ 305.800382] wlp3s0: send auth to e4:bf:fa:cc:15:70 (try 1/3)
[ 305.802262] wlp3s0: authenticated
[ 305.805269] wlp3s0: associate with e4:bf:fa:cc:15:70 (try 1/3)
[ 305.806658] wlp3s0: RX AssocResp from e4:bf:fa:cc:15:70 (capab=0x1011
status=0 aid=3)
[ 305.917751] wlp3s0: associated
[ 305.917962] wlp3s0: Limiting TX power to 23 (23 - 0) dBm as advertised by
e4:bf:fa:cc:15:70
[ 305.985550] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
[ 316.051610] audit: type=1400 audit(1668405359.412:35): apparmor="DENIED"
operation="open" profile="/usr/sbin/cups-browsed"
name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 316.101113] audit: type=1400 audit(1668405359.460:36): apparmor="DENIED"
operation="open" profile="/usr/sbin/cups-browsed"
name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 316.110480] audit: type=1400 audit(1668405359.472:37): apparmor="DENIED"
operation="open" profile="/usr/sbin/cups-browsed"
name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 316.119295] audit: type=1400 audit(1668405359.480:38): apparmor="DENIED"
operation="open" profile="/usr/sbin/cups-browsed"
name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 334.857310] Bluetooth: \x05: unknown dev_type 141
[ 334.857335] BUG: kernel NULL pointer dereference, address: 0000000000000102
[ 334.857339] #PF: supervisor read access in kernel mode
[ 334.857343] #PF: error_code(0x0000) - not-present page
[ 334.857346] PGD 0 P4D 0
[ 334.857351] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 334.857356] CPU: 12 PID: 1382 Comm: krfcommd Not tainted 6.0.0-rc7+ #1
[ 334.857360] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21
) 09/15/2022
[ 334.857364] RIP: 0010:__queue_work+0x1c/0x460
[ 334.857376] Code: 8f 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00
41 57 41 56 41 55 41 89 fd 41 54 49 89 f4 55 53 48 89 d3 48 83 ec 08 <f6> 86 02
01 00 00 01 0f 85 e1 02 00 00 e8 42 e4 06 00 45 89 ee 41
[ 334.857379] RSP: 0018:ffffc16dcc66fc40 EFLAGS: 00010082
[ 334.857383] RAX: 0000000000000282 RBX: ffff9ecde6f2b488 RCX:
0000000000000000
[ 334.857385] RDX: ffff9ecde6f2b488 RSI: 0000000000000000 RDI:
0000000000002000
[ 334.857387] RBP: ffffc16dcc66fd10 R08: 0000000000000000 R09:
ffffc16dcc66fa58
[ 334.857389] R10: 0000000000000003 R11: ffffffffa3ad16a8 R12:
0000000000000000
[ 334.857391] R13: 0000000000002000 R14: ffff9ecd809e4e00 R15:
ffff9ecdb3282400
[ 334.857393] FS: 0000000000000000(0000) GS:ffff9ed392100000(0000)
knlGS:0000000000000000
[ 334.857396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 334.857399] CR2: 0000000000000102 CR3: 000000042b410000 CR4:
0000000000750ee0
[ 334.857401] PKRU: 55555554
[ 334.857403] Call Trace:
[ 334.857408] <TASK>
[ 334.857416] queue_work_on+0x37/0x40
[ 334.857426] l2cap_chan_send+0x12f/0xc60 [bluetooth]
[ 334.857483] ? remove_wait_queue+0x20/0x60
[ 334.857489] ? _raw_spin_unlock_irqrestore+0x23/0x40
[ 334.857497] ? preempt_count_add+0x6a/0xa0
[ 334.857503] l2cap_sock_sendmsg+0x9a/0x100 [bluetooth]
[ 334.857539] sock_sendmsg+0x5f/0x70
[ 334.857548] rfcomm_send_frame+0x62/0xa0 [rfcomm]
[ 334.857562] rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm]
[ 334.857570] __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm]
[ 334.857577] __rfcomm_dlc_close+0x60/0x200 [rfcomm]
[ 334.857583] rfcomm_run+0x6f6/0x1900 [rfcomm]
[ 334.857591] ? _raw_spin_rq_lock_irqsave+0x20/0x20
[ 334.857596] ? rfcomm_check_accept+0xa0/0xa0 [rfcomm]
[ 334.857602] kthread+0xe9/0x110
[ 334.857608] ? kthread_complete_and_exit+0x20/0x20
[ 334.857613] ret_from_fork+0x22/0x30
[ 334.857622] </TASK>
[ 334.857623] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE
nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables libcrc32c nfnetlink
br_netfilter bridge stp llc nvme_fabrics uinput ctr ccm rfcomm snd_seq_dummy
snd_hrtimer snd_seq snd_seq_device qrtr overlay cpufreq_ondemand
cpufreq_powersave cpufreq_conservative cmac cpufreq_userspace algif_hash
algif_skcipher zstd af_alg zstd_compress bnep zram zsmalloc binfmt_misc
nls_ascii nls_cp437 vfat fat btusb btrtl btbcm btintel btmtk bluetooth
snd_ctl_led snd_hda_codec_realtek snd_hda_codec_generic rtw89_8852ae
rtw89_8852a snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common rtw89_pci
uvcvideo snd_soc_dmic snd_acp3x_pdm_dma snd_acp3x_rn jitterentropy_rng
rtw89_core snd_hda_intel videobuf2_vmalloc snd_soc_core videobuf2_memops
videobuf2_v4l2 snd_intel_dspcfg snd_hda_codec kvm_amd snd_pci_acp6x drbg
videobuf2_common snd_hwdep mac80211 wmi_bmof snd_pci_acp5x
[ 334.857705] ansi_cprng kvm libarc4 videodev irqbypass snd_rn_pci_acp3x
snd_hda_core ecdh_generic snd_acp_config mc rapl ecc pcspkr thinkpad_acpi
snd_soc_acpi ccp snd_pcm cfg80211 snd_pci_acp3x nvram rng_core ledtrig_audio
snd_timer sp5100_tco platform_profile ucsi_acpi k10temp watchdog snd typec_ucsi
roles soundcore rfkill typec wmi ac battery video button evdev joydev serio_raw
amd_pstate msr parport_pc ppdev lp parport fuse configfs efi_pstore efivarfs
ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 dm_crypt
dm_mod amdgpu crc32_pclmul crc32c_intel drm_ttm_helper ttm ghash_clmulni_intel
gpu_sched nvme i2c_algo_bit drm_buddy nvme_core rtsx_pci_sdmmc xhci_pci
drm_display_helper t10_pi mmc_core xhci_hcd r8169 drm_kms_helper realtek
crc64_rocksoft_generic aesni_intel crc64_rocksoft mdio_devres drm crc_t10dif
crypto_simd usbcore psmouse cec cryptd crct10dif_generic libphy rc_core
crct10dif_pclmul i2c_piix4 rtsx_pci usb_common crc64 crct10dif_common i2c_scmi
sha512_ssse3
[ 334.857807] sha512_generic
[ 334.857814] CR2: 0000000000000102
[ 334.857817] ---[ end trace 0000000000000000 ]---
[ 334.861275] RIP: 0010:__queue_work+0x1c/0x460
[ 334.861275] Code: 8f 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00
41 57 41 56 41 55 41 89 fd 41 54 49 89 f4 55 53 48 89 d3 48 83 ec 08 <f6> 86 02
01 00 00 01 0f 85 e1 02 00 00 e8 42 e4 06 00 45 89 ee 41
[ 334.861275] RSP: 0018:ffffc16dcc66fc40 EFLAGS: 00010082
[ 334.861275] RAX: 0000000000000282 RBX: ffff9ecde6f2b488 RCX:
0000000000000000
[ 334.861275] RDX: ffff9ecde6f2b488 RSI: 0000000000000000 RDI:
0000000000002000
[ 334.861275] RBP: ffffc16dcc66fd10 R08: 0000000000000000 R09:
ffffc16dcc66fa58
[ 334.959941] R10: 0000000000000003 R11: ffffffffa3ad16a8 R12:
0000000000000000
[ 334.959941] R13: 0000000000002000 R14: ffff9ecd809e4e00 R15:
ffff9ecdb3282400
[ 334.959941] FS: 0000000000000000(0000) GS:ffff9ed392100000(0000)
knlGS:0000000000000000
[ 334.959941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 334.959941] CR2: 0000000000000102 CR3: 0000000161a42000 CR4:
0000000000750ee0
[ 334.959941] PKRU: 55555554
[ 350.116698] BUG: unable to handle page fault for address: ffffc16dcc66feb0
[ 350.116706] #PF: supervisor read access in kernel mode
[ 350.116709] #PF: error_code(0x0000) - not-present page
[ 350.116712] PGD 100000067 P4D 100000067 PUD 1001a4067 PMD 106ffa067 PTE 0
[ 350.116717] Oops: 0000 [#2] PREEMPT SMP NOPTI
[ 350.116721] CPU: 4 PID: 860 Comm: kworker/u33:1 Tainted: G D
6.0.0-rc7+ #1
[ 350.116724] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21
) 09/15/2022
[ 350.116727] Workqueue: hci0 hci_rx_work [bluetooth]
[ 350.116759] RIP: 0010:__wake_up_common+0x4c/0x180
[ 350.116768] Code: 24 0c 89 4c 24 08 4d 85 c9 74 0a 41 f6 01 04 0f 85 a3 00
00 00 48 8b 43 08 4c 8d 40 e8 48 83 c3 08 49 8d 40 18 48 39 c3 74 5b <49> 8b 40
18 31 ed 4c 8d 70 e8 45 8b 28 41 f6 c5 04 75 5f 49 8b 40
[ 350.116770] RSP: 0018:ffffc16dc2777ce0 EFLAGS: 00010002
[ 350.116773] RAX: ffffc16dcc66feb0 RBX: ffffffffc18440a8 RCX:
0000000000000000
[ 350.116775] RDX: 0000000000000000 RSI: 0000000000000003 RDI:
ffffffffc18440a0
[ 350.116777] RBP: 0000000000000246 R08: ffffc16dcc66fe98 R09:
ffffc16dc2777d30
[ 350.116778] R10: ffff9ecdb3282421 R11: 00000000dd721946 R12:
ffffc16dc2777d30
[ 350.116780] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
[ 350.116781] FS: 0000000000000000(0000) GS:ffff9ed391f00000(0000)
knlGS:0000000000000000
[ 350.116784] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 350.116785] CR2: ffffc16dcc66feb0 CR3: 000000042b410000 CR4:
0000000000750ee0
[ 350.116787] PKRU: 55555554
[ 350.116789] Call Trace:
[ 350.116794] <TASK>
[ 350.116800] __wake_up_common_lock+0x7b/0xc0
[ 350.116805] hci_encrypt_change_evt+0x160/0x4e0 [bluetooth]
[ 350.116835] ? hci_cs_read_remote_features+0x1e0/0x1e0 [bluetooth]
[ 350.116859] hci_event_packet+0x3ad/0x570 [bluetooth]
[ 350.116884] hci_rx_work+0x9c/0x580 [bluetooth]
[ 350.116909] process_one_work+0x1c7/0x380
[ 350.116913] worker_thread+0x4d/0x380
[ 350.116916] ? rescuer_thread+0x3a0/0x3a0
[ 350.116918] kthread+0xe9/0x110
[ 350.116922] ? kthread_complete_and_exit+0x20/0x20
[ 350.116925] ret_from_fork+0x22/0x30
[ 350.116931] </TASK>
[ 350.116932] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE
nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables libcrc32c nfnetlink
br_netfilter bridge stp llc nvme_fabrics uinput ctr ccm rfcomm snd_seq_dummy
snd_hrtimer snd_seq snd_seq_device qrtr overlay cpufreq_ondemand
cpufreq_powersave cpufreq_conservative cmac cpufreq_userspace algif_hash
algif_skcipher zstd af_alg zstd_compress bnep zram zsmalloc binfmt_misc
nls_ascii nls_cp437 vfat fat btusb btrtl btbcm btintel btmtk bluetooth
snd_ctl_led snd_hda_codec_realtek snd_hda_codec_generic rtw89_8852ae
rtw89_8852a snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common rtw89_pci
uvcvideo snd_soc_dmic snd_acp3x_pdm_dma snd_acp3x_rn jitterentropy_rng
rtw89_core snd_hda_intel videobuf2_vmalloc snd_soc_core videobuf2_memops
videobuf2_v4l2 snd_intel_dspcfg snd_hda_codec kvm_amd snd_pci_acp6x drbg
videobuf2_common snd_hwdep mac80211 wmi_bmof snd_pci_acp5x
[ 350.116993] ansi_cprng kvm libarc4 videodev irqbypass snd_rn_pci_acp3x
snd_hda_core ecdh_generic snd_acp_config mc rapl ecc pcspkr thinkpad_acpi
snd_soc_acpi ccp snd_pcm cfg80211 snd_pci_acp3x nvram rng_core ledtrig_audio
snd_timer sp5100_tco platform_profile ucsi_acpi k10temp watchdog snd typec_ucsi
roles soundcore rfkill typec wmi ac battery video button evdev joydev serio_raw
amd_pstate msr parport_pc ppdev lp parport fuse configfs efi_pstore efivarfs
ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 dm_crypt
dm_mod amdgpu crc32_pclmul crc32c_intel drm_ttm_helper ttm ghash_clmulni_intel
gpu_sched nvme i2c_algo_bit drm_buddy nvme_core rtsx_pci_sdmmc xhci_pci
drm_display_helper t10_pi mmc_core xhci_hcd r8169 drm_kms_helper realtek
crc64_rocksoft_generic aesni_intel crc64_rocksoft mdio_devres drm crc_t10dif
crypto_simd usbcore psmouse cec cryptd crct10dif_generic libphy rc_core
crct10dif_pclmul i2c_piix4 rtsx_pci usb_common crc64 crct10dif_common i2c_scmi
sha512_ssse3
[ 350.117065] sha512_generic
[ 350.117069] CR2: ffffc16dcc66feb0
[ 350.117071] ---[ end trace 0000000000000000 ]---
[ 350.120656] RIP: 0010:__queue_work+0x1c/0x460
[ 350.120656] Code: 8f 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00
41 57 41 56 41 55 41 89 fd 41 54 49 89 f4 55 53 48 89 d3 48 83 ec 08 <f6> 86 02
01 00 00 01 0f 85 e1 02 00 00 e8 42 e4 06 00 45 89 ee 41
[ 350.120656] RSP: 0018:ffffc16dcc66fc40 EFLAGS: 00010082
[ 350.120656] RAX: 0000000000000282 RBX: ffff9ecde6f2b488 RCX:
0000000000000000
[ 350.120656] RDX: ffff9ecde6f2b488 RSI: 0000000000000000 RDI:
0000000000002000
[ 350.120656] RBP: ffffc16dcc66fd10 R08: 0000000000000000 R09:
ffffc16dcc66fa58
[ 350.120656] R10: 0000000000000003 R11: ffffffffa3ad16a8 R12:
0000000000000000
[ 350.120656] R13: 0000000000002000 R14: ffff9ecd809e4e00 R15:
ffff9ecdb3282400
[ 350.120656] FS: 0000000000000000(0000) GS:ffff9ed391f00000(0000)
knlGS:0000000000000000
[ 350.120656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 350.120656] CR2: ffffc16dcc66feb0 CR3: 0000000206866000 CR4:
0000000000750ee0
[ 350.120656] PKRU: 55555554
[ 350.120656] note: kworker/u33:1[860] exited with preempt_count 1
```
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
next prev parent reply other threads:[~2022-11-14 6:08 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-13 7:29 [Bug 216686] New: BUG: kernel NULL pointer dereference, address: 0000000000000680 bugzilla-daemon
2022-11-13 7:30 ` [Bug 216686] " bugzilla-daemon
2022-11-13 7:31 ` bugzilla-daemon
2022-11-13 7:31 ` bugzilla-daemon
2022-11-13 8:44 ` bugzilla-daemon
2022-11-13 10:12 ` bugzilla-daemon
2022-11-13 13:23 ` bugzilla-daemon
2022-11-13 13:38 ` bugzilla-daemon
2022-11-13 14:15 ` bugzilla-daemon
2022-11-14 5:39 ` bugzilla-daemon
2022-11-14 5:40 ` bugzilla-daemon
2022-11-14 5:45 ` bugzilla-daemon
2022-11-14 6:08 ` bugzilla-daemon [this message]
2022-11-14 6:09 ` bugzilla-daemon
2022-11-14 6:32 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-216686-62941-hyN7OTyDZF@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.