lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <08275279-7462-4f4a-a0ee-8aa015f829bc@leemhuis.info>
Date: Tue, 26 Mar 2024 09:44:28 +0100
From: Thorsten Leemhuis <linux@...mhuis.info>
To: Marcel Holtmann <marcel@...tmann.org>,
 Luiz Augusto von Dentz <luiz.dentz@...il.com>
Cc: Linux kernel regressions list <regressions@...ts.linux.dev>,
 "linux-bluetooth@...r.kernel.org" <linux-bluetooth@...r.kernel.org>,
 LKML <linux-kernel@...r.kernel.org>
Subject: [REGRESSION] Oops during init in btintel_read_debug_features with
 today's mainline

Lo! Just booted 6.9 for the first time and noticed the Bluetooth code
causes an Oops (see below) during boot that did not happen with 6.8 and
earlier. This is on Fedora 40 with a vanilla kernel on a Lenovo Thinkpad
T14s Gen1 AMD.

Do I need to bisect this? Or is this known already? Or does anyone by
chance an idea what might cause this? Or is there some other way to get
down to the problem?

Ciao, Thorsten

[Full dmesg: https://www.leemhuis.info/files/misc/dmesg-6.9-btprob]

[   19.903869] Bluetooth: hci0: Found device firmware: intel/ibt-20-1-3.sfi
[   19.903908] Bluetooth: hci0: Boot Address: 0x24800
[   19.903913] Bluetooth: hci0: Firmware Version: 255-255.255
[   19.906245] usb 6-4: USB disconnect, device number 3
[   19.906364] usb 2-2: Found UVC 1.50 device Integrated Camera (04f2:b6cb)
[   19.906583] Bluetooth: hci0: FW download error recovery failed (-19)
[   19.906649] Bluetooth: hci0: sending frame failed (-19)
[   19.906666] BUG: kernel NULL pointer dereference, address: 0000000000000070
[   19.906672] #PF: supervisor read access in kernel mode
[   19.906677] #PF: error_code(0x0000) - not-present page
[   19.906681] PGD 0 P4D 0
[   19.906688] Oops: 0000 [#1] PREEMPT SMP NOPTI
[   19.906701] Hardware name: LENOVO 20UH001HGE/20UH001HGE, BIOS R1CET77W(1.46 ) 10/26/2023
[   19.906706] Workqueue: hci0 hci_power_on [bluetooth]
[   19.906775] RIP: 0010:btintel_read_debug_features (/usr/src/debug/[...]/drivers/bluetooth/btintel.c:1306) btintel
[ 19.906789] Code: 00 00 00 48 89 6c 24 08 48 89 f5 48 8d 4c 24 07 be a6 fc 00 00 c6 44 24 07 01 e8 30 46 2a 00 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	00 48 89             	add    %cl,-0x77(%rax)
   5:	6c                   	insb   (%dx),%es:(%rdi)
   6:	24 08                	and    $0x8,%al
   8:	48 89 f5             	mov    %rsi,%rbp
   b:	48 8d 4c 24 07       	lea    0x7(%rsp),%rcx
  10:	be a6 fc 00 00       	mov    $0xfca6,%esi
  15:	c6 44 24 07 01       	movb   $0x1,0x7(%rsp)
  1a:	e8 30 46 2a 00       	call   0x2a464f
  1f:	48 89 c3             	mov    %rax,%rbx
  22:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
  28:	77 49                	ja     0x73
  2a:*	83 78 70 13          	cmpl   $0x13,0x70(%rax)		<-- trapping instruction
  2e:	75 67                	jne    0x97
  30:	48 8b 80 d0 00 00 00 	mov    0xd0(%rax),%rax
  37:	be 02 00 00 00       	mov    $0x2,%esi
  3c:	48 89 df             	mov    %rbx,%rdi
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	83 78 70 13          	cmpl   $0x13,0x70(%rax)
   4:	75 67                	jne    0x6d
   6:	48 8b 80 d0 00 00 00 	mov    0xd0(%rax),%rax
   d:	be 02 00 00 00       	mov    $0x2,%esi
  12:	48 89 df             	mov    %rbx,%rdi
  15:	48                   	rex.W
[   19.906795] RSP: 0018:ffffb2bd80797cc0 EFLAGS: 00010207
[   19.906801] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff903285506ab0
[   19.906806] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff903285506aa8
[   19.906810] RBP: ffffb2bd80797cf0 R08: ffff903285506ab0 R09: 0000000000000000
[   19.906814] R10: 000000000000000a R11: 0000000000000000 R12: ffff903285506000
[   19.906818] R13: ffffb2bd80797d3e R14: ffff9032855066c8 R15: 0000000000000000
[   19.906823] FS:  0000000000000000(0000) GS:ffff90357fb00000(0000) knlGS:0000000000000000
[   19.906828] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   19.906832] CR2: 0000000000000070 CR3: 0000000104fb4000 CR4: 0000000000350ef0
[   19.906837] Call Trace:
[   19.906842]  <TASK>
[   19.906846] ? __die_body.cold (/usr/src/debug/[...]/arch/x86/kernel/dumpstack.c:478 (discriminator 1) /usr/src/debug/[...]/arch/x86/kernel/dumpstack.c:465 (discriminator 1) /usr/src/debug/[...]/arch/x86/kernel/dumpstack.c:420 (discriminator 1)) 
[   19.906856] ? page_fault_oops (/usr/src/debug/[...]/arch/x86/mm/fault.c:709 (discriminator 1)) 
[   19.906869] ? exc_page_fault (/usr/src/debug/[...]/./arch/x86/include/asm/paravirt.h:693 /usr/src/debug/[...]/arch/x86/mm/fault.c:1513 /usr/src/debug/[...]/arch/x86/mm/fault.c:1563) 
[   19.906877] ? asm_exc_page_fault (/usr/src/debug/[...]/./arch/x86/include/asm/idtentry.h:623) 
[   19.906889] ? btintel_read_debug_features (/usr/src/debug/[...]/drivers/bluetooth/btintel.c:1306) btintel
[   19.906903] btintel_register_devcoredump_support.isra.0 (/usr/src/debug/[...]/drivers/bluetooth/btintel.c:1531) btintel
[   19.906917] btintel_setup_combined (/usr/src/debug/[...]/drivers/bluetooth/btintel.c:2993) btintel
[   19.906928] ? rpm_check_suspend_allowed (/usr/src/debug/[...]/drivers/base/power/runtime.c:277 (discriminator 1)) 
[   19.906943] hci_dev_open_sync (/usr/src/debug/[...]/net/bluetooth/hci_sync.c:4820 /usr/src/debug/[...]/net/bluetooth/hci_sync.c:4888 /usr/src/debug/[...]/net/bluetooth/hci_sync.c:4988) bluetooth
[   19.907012] ? ttwu_queue_wakelist (/usr/src/debug/[...]/kernel/sched/core.c:4036) 
[   19.907022] hci_dev_do_open (/usr/src/debug/[...]/net/bluetooth/hci_core.c:485) bluetooth
[   19.907078] hci_power_on (/usr/src/debug/[...]/net/bluetooth/hci_core.c:1016) bluetooth
[   19.907135] process_one_work (/usr/src/debug/[...]/./arch/x86/include/asm/jump_label.h:27 /usr/src/debug/[...]/./include/linux/jump_label.h:207 /usr/src/debug/[...]/./include/trace/events/workqueue.h:108 /usr/src/debug/[...]/kernel/workqueue.c:3259) 
[   19.907144] worker_thread (/usr/src/debug/[...]/kernel/workqueue.c:3329 (discriminator 2) /usr/src/debug/[...]/kernel/workqueue.c:3416 (discriminator 2)) 
[   19.907152] ? __pfx_worker_thread (/usr/src/debug/[...]/kernel/workqueue.c:3362) 
[   19.907157] kthread (/usr/src/debug/[...]/kernel/kthread.c:388) 
[   19.907164] ? __pfx_kthread (/usr/src/debug/[...]/kernel/kthread.c:341) 
[   19.907171] ret_from_fork (/usr/src/debug/[...]/arch/x86/kernel/process.c:153) 
[   19.907180] ? __pfx_kthread (/usr/src/debug/[...]/kernel/kthread.c:341) 
[   19.907186] ret_from_fork_asm (/usr/src/debug/[...]/arch/x86/entry/entry_64.S:256) 
[   19.907199]  </TASK>
[   19.907203] Modules linked in: amd_atl ac97_bus snd_intel_dspcfg snd_pcm_dmaengine intel_rapl_common snd_intel_sdw_acpi snd_rpl_pci_acp6x snd_acp_pci snd_hda_codec uvcvideo(+) edac_mce_amd uvc snd_hda_core snd_acp_legacy_common snd_pci_acp6x snd_hwdep kvm_amd videobuf2_vmalloc btusb videobuf2_memops snd_seq tps6598x videobuf2_v4l2 btrtl kvm videobuf2_common btintel btbcm snd_seq_device videodev ledtrig_audio btmtk iwlwifi snd_pci_acp5x vfat think_lmi(+) firmware_attributes_class rapl bluetooth mc pcspkr snd_pcm acpi_cpufreq fat wmi_bmof cfg80211 snd_rn_pci_acp3x snd_acp_config thinkpad_acpi snd_soc_acpi k10temp snd_timer platform_profile ipmi_devintf snd_pci_acp3x i2c_piix4 snd rfkill ipmi_msghandler soundcore serial_multi_instantiate i2c_scmi amd_pmc joydev loop dm_multipath nfnetlink zram dm_crypt r8152 uas mii usb_storage amdgpu crct10dif_pclmul crc32_pclmul crc32c_intel amdxcp polyval_clmulni i2c_algo_bit rtsx_pci_sdmmc drm_ttm_helper polyval_generic ttm ghash_clmulni_intel drm_exec mmc_core nvme sha512_ssse3
[   19.907365]  gpu_sched drm_suballoc_helper sha256_ssse3 drm_buddy sha1_ssse3 drm_display_helper nvme_core ucsi_acpi nvme_auth ccp typec_ucsi rtsx_pci cec r8169 sp5100_tco typec realtek video wmi serio_raw hid_microsoft ff_memless scsi_dh_rdac scsi_dh_emc scsi_dh_alua ip6_tables ip_tables pkcs8_key_parser fuse
[   19.907429] CR2: 0000000000000070
[   19.907435] ---[ end trace 0000000000000000 ]---
[   19.907439] RIP: 0010:btintel_read_debug_features (/usr/src/debug/[...]/drivers/bluetooth/btintel.c:1306) btintel
[ 19.907452] Code: 00 00 00 48 89 6c 24 08 48 89 f5 48 8d 4c 24 07 be a6 fc 00 00 c6 44 24 07 01 e8 30 46 2a 00 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	00 48 89             	add    %cl,-0x77(%rax)
   5:	6c                   	insb   (%dx),%es:(%rdi)
   6:	24 08                	and    $0x8,%al
   8:	48 89 f5             	mov    %rsi,%rbp
   b:	48 8d 4c 24 07       	lea    0x7(%rsp),%rcx
  10:	be a6 fc 00 00       	mov    $0xfca6,%esi
  15:	c6 44 24 07 01       	movb   $0x1,0x7(%rsp)
  1a:	e8 30 46 2a 00       	call   0x2a464f
  1f:	48 89 c3             	mov    %rax,%rbx
  22:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
  28:	77 49                	ja     0x73
  2a:*	83 78 70 13          	cmpl   $0x13,0x70(%rax)		<-- trapping instruction
  2e:	75 67                	jne    0x97
  30:	48 8b 80 d0 00 00 00 	mov    0xd0(%rax),%rax
  37:	be 02 00 00 00       	mov    $0x2,%esi
  3c:	48 89 df             	mov    %rbx,%rdi
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	83 78 70 13          	cmpl   $0x13,0x70(%rax)
   4:	75 67                	jne    0x6d
   6:	48 8b 80 d0 00 00 00 	mov    0xd0(%rax),%rax
   d:	be 02 00 00 00       	mov    $0x2,%esi
  12:	48 89 df             	mov    %rbx,%rdi
  15:	48                   	rex.W
[   19.907457] RSP: 0018:ffffb2bd80797cc0 EFLAGS: 00010207
[   19.907463] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff903285506ab0
[   19.907468] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff903285506aa8
[   19.907473] RBP: ffffb2bd80797cf0 R08: ffff903285506ab0 R09: 0000000000000000
[   19.907477] R10: 000000000000000a R11: 0000000000000000 R12: ffff903285506000
[   19.907481] R13: ffffb2bd80797d3e R14: ffff9032855066c8 R15: 0000000000000000
[   19.907486] FS:  0000000000000000(0000) GS:ffff90357fb00000(0000) knlGS:0000000000000000
[   19.907491] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   19.907496] CR2: 0000000000000070 CR3: 0000000104fb4000 CR4: 0000000000350ef0
[   19.907501] note: kworker/u51:0[158] exited with irqs disabled
[   19.911758] usbcore: registered new interface driver uvcvideo
[   19.921626] intel_rapl_common: Found RAPL domain package
[   19.921637] intel_rapl_common: Found RAPL domain core

-- 

#regzbot introduced v6.8..v6.9-rc1
#regzbot title bluetooth: oops during init in btintel_read_debug_features
#regzbot ignore-activity

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ