Hi, good morning, I noticed few bluetooth crashes starting with kernel 6.0.0 release. With 5.19.x I didn't see this oops and bluetooth works ok. Kernel oops comes pretty randomly and/or takes some time to occur. I noticed it happens more frequently when returning from suspend or when trying to reconnect an already paired earphone headset. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021905 (kernel=6.0.0, firmware-linux=20210818, bios=1.19) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023076 (kernel=6.0.3, firmware-linux=20221012, bios=1.19) This kernel oops is also appearing with 6.0.8 and 6.1-rc3 from debian experimental + firmware-linux=20221012 and lenovo bios=1.21. Have a nice day, Gabriel Francisco
Created attachment 303162 [details] 6.1-rc3 oops
Created attachment 303163 [details] 6.0.8 oops
Created attachment 303164 [details] opcode failed
Created attachment 303165 [details] suspend after oops
In * linux-headers-6.0.0-2-amd64: bluetooth crashes after returning from suspend* [1] you write: > I installed 6.0.5-1 and during the past few days seems to be working okay. Just to avoid misunderstandings, is that outdated information? The trace from attachment 6 [details].1-rc3 oops is: ``` [ 459.240547] usb 5-4: USB disconnect, device number 3 [ 459.241253] BUG: kernel NULL pointer dereference, address: 0000000000000680 [ 459.241265] #PF: supervisor read access in kernel mode [ 459.241270] #PF: error_code(0x0000) - not-present page [ 459.241275] PGD 0 P4D 0 [ 459.241282] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 459.241288] CPU: 12 PID: 973 Comm: bluetoothd Not tainted 6.1.0-0-amd64 #1 Debian 6.1~rc3-1~exp1 [ 459.241296] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21 ) 09/15/2022 [ 459.241300] RIP: 0010:hci_send_acl+0x21/0x2f0 [bluetooth] [ 459.241515] Code: cc cc 0f 1f 80 00 00 00 00 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54 55 48 89 f5 53 48 83 ec 28 4c 8b 67 18 89 54 24 0c <4d> 8b 8c 24 80 06 00 00 4c 89 4c 24 18 66 90 0f b7 da 8b 4d 70 2b [ 459.241521] RSP: 0018:ffffa29981eafc00 EFLAGS: 00010286 [ 459.241526] RAX: ffff9119fabab400 RBX: 0000000000000004 RCX: 0000000000000000 [ 459.241530] RDX: 0000000000000000 RSI: ffff9119cb626f00 RDI: ffff9119c68cfc00 [ 459.241533] RBP: ffff9119cb626f00 R08: ffff911ac574fec0 R09: 000000000000000c [ 459.241535] R10: 0000000000000028 R11: 0000000000000000 R12: 0000000000000000 [ 459.241538] R13: ffffa29981eafd40 R14: ffff9119cb626f00 R15: ffff9119c68cfc00 [ 459.241542] FS: 00007feffba587c0(0000) GS:ffff911fd2100000(0000) knlGS:0000000000000000 [ 459.241546] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 459.241549] CR2: 0000000000000680 CR3: 000000012219c000 CR4: 0000000000750ee0 [ 459.241554] PKRU: 55555554 [ 459.241557] Call Trace: [ 459.241568] <TASK> [ 459.241573] ? mutex_lock+0xe/0x30 [ 459.241605] l2cap_chan_send+0x12f/0xc60 [bluetooth] [ 459.241670] ? remove_wait_queue+0x20/0x60 [ 459.241677] ? _raw_spin_unlock_irqrestore+0x23/0x40 [ 459.241682] ? bt_sock_wait_ready+0x128/0x1a0 [bluetooth] [ 459.241731] l2cap_sock_sendmsg+0x9a/0x100 [bluetooth] [ 459.241786] sock_sendmsg+0x5f/0x70 [ 459.241796] rfcomm_send_frame+0x62/0xa0 [rfcomm] [ 459.241814] rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm] [ 459.241828] __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm] [ 459.241843] __rfcomm_dlc_close+0x60/0x200 [rfcomm] [ 459.241857] rfcomm_dlc_close+0x6a/0xb0 [rfcomm] [ 459.241871] __rfcomm_sock_close+0x2e/0xd0 [rfcomm] [ 459.241886] rfcomm_sock_shutdown+0x54/0xb0 [rfcomm] [ 459.241899] rfcomm_sock_release+0x2e/0x90 [rfcomm] [ 459.241914] __sock_release+0x3d/0xb0 [ 459.241920] sock_close+0x11/0x20 [ 459.241925] __fput+0x91/0x250 [ 459.241933] task_work_run+0x59/0x90 [ 459.241942] exit_to_user_mode_prepare+0x1cd/0x1e0 [ 459.241948] syscall_exit_to_user_mode+0x17/0x40 [ 459.241960] do_syscall_64+0x46/0xc0 [ 459.241974] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 459.241981] RIP: 0033:0x7feffc07a770 [ 459.241986] Code: 0d 00 00 00 eb b2 e8 4f f7 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 80 3d 71 1e 0e 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c [ 459.241990] RSP: 002b:00007ffceb4d6ba8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 459.241995] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007feffc07a770 [ 459.241998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000028 [ 459.242000] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010 [ 459.242003] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 459.242005] R13: 0000555efbd88f30 R14: 00007feffc3691b0 R15: 0000555efbd7e350 [ 459.242011] </TASK> ``` Could you please attach all Linux messages, that means, the full output of `dmesg`, and also have `sudo btmon -w /dev/shm/trace.log` running in parallel. As you know it’s a regression, and you can reproduce it, it might be fastest to do the following: 1. Build bluetooth-next [2]. (Clone the source tree, copy the Debian configuration from `/boot` to `.config`, run `make olddefconfig` and `make localmodconfig`, disable debug info in `make menuconfig`, and then `make bindeb-pkg` and install the generated `linux-image….deb` with `dpkg -i`. 2. If it’s still happening, and you want faster test cycles, try to reproduce it in QEMU by passing the USB device through. 3. Bisect the issue with `git bisect`. [1]: https://bugs.debian.org/1023076 [2]: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git
Created attachment 303168 [details] all kernel messages from syslog I'm attaching a xz compressed file (via bugzilla), I hope that is okay. This file contains all kernel messages from syslog (grep kernel /var/log/syslog) from the past 2 days containing a bunch of oops for these versions: 2022-11-13T06:31:12.982846+01:00 computer kernel: [ 0.000000] Linux version 6.1.0-0-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-7) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39) #1 SMP PREEMPT_DYNAMIC Debian 6.1~rc3-1~exp1 (2022-11-02) 2022-11-13T07:06:50.955682+01:00 computer kernel: [ 0.000000] Linux version 6.0.0-3-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-9) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39) #1 SMP PREEMPT_DYNAMIC Debian 6.0.7-1 (2022-11-05) 2022-11-13T07:55:59.669994+01:00 computer kernel: [ 0.000000] Linux version 6.0.0-4-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-9) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39) #1 SMP PREEMPT_DYNAMIC Debian 6.0.8-1 (2022-11-11)
(In reply to Paul Menzel from comment #5) > In * linux-headers-6.0.0-2-amd64: bluetooth crashes after returning from > suspend* [1] you write: > > > I installed 6.0.5-1 and during the past few days seems to be working okay. > > Just to avoid misunderstandings, is that outdated information? Hi, thanks for the quick response, I think so, I used 6.0.5 only for a couple of days, then installed 6.1-rc3 as soon it landed in experimental. When writing this bug report (against 6.1-rc3) I noticed 6.0.8 was already in unstable and tried it as well. (full dmesg for 6.0.8 at https://bugzilla.kernel.org/attachment.cgi?id=303163&action=edit) Both links were added just for context (because they have similar call trace) > > The trace from attachment 6 [details].1-rc3 oops is: > > ``` > [ 459.240547] usb 5-4: USB disconnect, device number 3 > [ 459.241253] BUG: kernel NULL pointer dereference, address: > 0000000000000680 > [ 459.241265] #PF: supervisor read access in kernel mode > [ 459.241270] #PF: error_code(0x0000) - not-present page > [ 459.241275] PGD 0 P4D 0 > [ 459.241282] Oops: 0000 [#1] PREEMPT SMP NOPTI > [ 459.241288] CPU: 12 PID: 973 Comm: bluetoothd Not tainted 6.1.0-0-amd64 > #1 Debian 6.1~rc3-1~exp1 > [ 459.241296] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W > (1.21 ) 09/15/2022 > [ 459.241300] RIP: 0010:hci_send_acl+0x21/0x2f0 [bluetooth] > [ 459.241515] Code: cc cc 0f 1f 80 00 00 00 00 0f 1f 44 00 00 41 57 49 89 > ff 41 56 41 55 41 54 55 48 89 f5 53 48 83 ec 28 4c 8b 67 18 89 54 24 0c <4d> > 8b 8c 24 80 06 00 00 4c 89 4c 24 18 66 90 0f b7 da 8b 4d 70 2b > [ 459.241521] RSP: 0018:ffffa29981eafc00 EFLAGS: 00010286 > [ 459.241526] RAX: ffff9119fabab400 RBX: 0000000000000004 RCX: > 0000000000000000 > [ 459.241530] RDX: 0000000000000000 RSI: ffff9119cb626f00 RDI: > ffff9119c68cfc00 > [ 459.241533] RBP: ffff9119cb626f00 R08: ffff911ac574fec0 R09: > 000000000000000c > [ 459.241535] R10: 0000000000000028 R11: 0000000000000000 R12: > 0000000000000000 > [ 459.241538] R13: ffffa29981eafd40 R14: ffff9119cb626f00 R15: > ffff9119c68cfc00 > [ 459.241542] FS: 00007feffba587c0(0000) GS:ffff911fd2100000(0000) > knlGS:0000000000000000 > [ 459.241546] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 459.241549] CR2: 0000000000000680 CR3: 000000012219c000 CR4: > 0000000000750ee0 > [ 459.241554] PKRU: 55555554 > [ 459.241557] Call Trace: > [ 459.241568] <TASK> > [ 459.241573] ? mutex_lock+0xe/0x30 > [ 459.241605] l2cap_chan_send+0x12f/0xc60 [bluetooth] > [ 459.241670] ? remove_wait_queue+0x20/0x60 > [ 459.241677] ? _raw_spin_unlock_irqrestore+0x23/0x40 > [ 459.241682] ? bt_sock_wait_ready+0x128/0x1a0 [bluetooth] > [ 459.241731] l2cap_sock_sendmsg+0x9a/0x100 [bluetooth] > [ 459.241786] sock_sendmsg+0x5f/0x70 > [ 459.241796] rfcomm_send_frame+0x62/0xa0 [rfcomm] > [ 459.241814] rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm] > [ 459.241828] __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm] > [ 459.241843] __rfcomm_dlc_close+0x60/0x200 [rfcomm] > [ 459.241857] rfcomm_dlc_close+0x6a/0xb0 [rfcomm] > [ 459.241871] __rfcomm_sock_close+0x2e/0xd0 [rfcomm] > [ 459.241886] rfcomm_sock_shutdown+0x54/0xb0 [rfcomm] > [ 459.241899] rfcomm_sock_release+0x2e/0x90 [rfcomm] > [ 459.241914] __sock_release+0x3d/0xb0 > [ 459.241920] sock_close+0x11/0x20 > [ 459.241925] __fput+0x91/0x250 > [ 459.241933] task_work_run+0x59/0x90 > [ 459.241942] exit_to_user_mode_prepare+0x1cd/0x1e0 > [ 459.241948] syscall_exit_to_user_mode+0x17/0x40 > [ 459.241960] do_syscall_64+0x46/0xc0 > [ 459.241974] entry_SYSCALL_64_after_hwframe+0x63/0xcd > [ 459.241981] RIP: 0033:0x7feffc07a770 > [ 459.241986] Code: 0d 00 00 00 eb b2 e8 4f f7 01 00 66 2e 0f 1f 84 00 00 > 00 00 00 0f 1f 44 00 00 80 3d 71 1e 0e 00 00 74 17 b8 03 00 00 00 0f 05 <48> > 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c > [ 459.241990] RSP: 002b:00007ffceb4d6ba8 EFLAGS: 00000202 ORIG_RAX: > 0000000000000003 > [ 459.241995] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 00007feffc07a770 > [ 459.241998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: > 0000000000000028 > [ 459.242000] RBP: 0000000000000000 R08: 0000000000000000 R09: > 0000000000000010 > [ 459.242003] R10: 0000000000000000 R11: 0000000000000202 R12: > 0000000000000001 > [ 459.242005] R13: 0000555efbd88f30 R14: 00007feffc3691b0 R15: > 0000555efbd7e350 > [ 459.242011] </TASK> > ``` > > Could you please attach all Linux messages, that means, the full output of > `dmesg`, and also have `sudo btmon -w /dev/shm/trace.log` running in > parallel. I triggered the bug while running btmon, but the computer become unresponsive and freezes completely and I'm not even sure if it get into syslog. I will try later to have btmon writing somewhere else so I don't lose the file. Meanwhile, I attached all kernel messages I could get from `grep kernel /var/log/syslog` in a xz file attached at https://bugzilla.kernel.org/attachment.cgi?id=303168 > > As you know it’s a regression, and you can reproduce it, it might be fastest > to do the following: > > 1. Build bluetooth-next [2]. (Clone the source tree, copy the Debian > configuration from `/boot` to `.config`, run `make olddefconfig` and `make > localmodconfig`, disable debug info in `make menuconfig`, and then `make > bindeb-pkg` and install the generated `linux-image….deb` with `dpkg -i`. > 2. If it’s still happening, and you want faster test cycles, try to > reproduce it in QEMU by passing the USB device through. > 3. Bisect the issue with `git bisect`. > > [1]: https://bugs.debian.org/1023076 > [2]: > https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git Sure, I will try that too later today.
(In reply to frc.gabriel from comment #7) > (In reply to Paul Menzel from comment #5) > > In * linux-headers-6.0.0-2-amd64: bluetooth crashes after returning from > > suspend* [1] you write: > > > > > I installed 6.0.5-1 and during the past few days seems to be working > okay. > > > > Just to avoid misunderstandings, is that outdated information? > > > Hi, thanks for the quick response, > > I think so, I used 6.0.5 only for a couple of days, then installed 6.1-rc3 > as soon it landed in experimental. > > When writing this bug report (against 6.1-rc3) I noticed 6.0.8 was already > in unstable and tried it as well. (full dmesg for 6.0.8 at > https://bugzilla.kernel.org/attachment.cgi?id=303163&action=edit) > > Both links were added just for context (because they have similar call trace) > > > > > > The trace from attachment 6 [details].1-rc3 oops is: > > > > ``` > > [ 459.240547] usb 5-4: USB disconnect, device number 3 > > [ 459.241253] BUG: kernel NULL pointer dereference, address: > > 0000000000000680 > > [ 459.241265] #PF: supervisor read access in kernel mode > > [ 459.241270] #PF: error_code(0x0000) - not-present page > > [ 459.241275] PGD 0 P4D 0 > > [ 459.241282] Oops: 0000 [#1] PREEMPT SMP NOPTI > > [ 459.241288] CPU: 12 PID: 973 Comm: bluetoothd Not tainted 6.1.0-0-amd64 > > #1 Debian 6.1~rc3-1~exp1 > > [ 459.241296] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W > > (1.21 ) 09/15/2022 > > [ 459.241300] RIP: 0010:hci_send_acl+0x21/0x2f0 [bluetooth] > > [ 459.241515] Code: cc cc 0f 1f 80 00 00 00 00 0f 1f 44 00 00 41 57 49 89 > > ff 41 56 41 55 41 54 55 48 89 f5 53 48 83 ec 28 4c 8b 67 18 89 54 24 0c > <4d> > > 8b 8c 24 80 06 00 00 4c 89 4c 24 18 66 90 0f b7 da 8b 4d 70 2b > > [ 459.241521] RSP: 0018:ffffa29981eafc00 EFLAGS: 00010286 > > [ 459.241526] RAX: ffff9119fabab400 RBX: 0000000000000004 RCX: > > 0000000000000000 > > [ 459.241530] RDX: 0000000000000000 RSI: ffff9119cb626f00 RDI: > > ffff9119c68cfc00 > > [ 459.241533] RBP: ffff9119cb626f00 R08: ffff911ac574fec0 R09: > > 000000000000000c > > [ 459.241535] R10: 0000000000000028 R11: 0000000000000000 R12: > > 0000000000000000 > > [ 459.241538] R13: ffffa29981eafd40 R14: ffff9119cb626f00 R15: > > ffff9119c68cfc00 > > [ 459.241542] FS: 00007feffba587c0(0000) GS:ffff911fd2100000(0000) > > knlGS:0000000000000000 > > [ 459.241546] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > [ 459.241549] CR2: 0000000000000680 CR3: 000000012219c000 CR4: > > 0000000000750ee0 > > [ 459.241554] PKRU: 55555554 > > [ 459.241557] Call Trace: > > [ 459.241568] <TASK> > > [ 459.241573] ? mutex_lock+0xe/0x30 > > [ 459.241605] l2cap_chan_send+0x12f/0xc60 [bluetooth] > > [ 459.241670] ? remove_wait_queue+0x20/0x60 > > [ 459.241677] ? _raw_spin_unlock_irqrestore+0x23/0x40 > > [ 459.241682] ? bt_sock_wait_ready+0x128/0x1a0 [bluetooth] > > [ 459.241731] l2cap_sock_sendmsg+0x9a/0x100 [bluetooth] > > [ 459.241786] sock_sendmsg+0x5f/0x70 > > [ 459.241796] rfcomm_send_frame+0x62/0xa0 [rfcomm] > > [ 459.241814] rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm] > > [ 459.241828] __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm] > > [ 459.241843] __rfcomm_dlc_close+0x60/0x200 [rfcomm] > > [ 459.241857] rfcomm_dlc_close+0x6a/0xb0 [rfcomm] > > [ 459.241871] __rfcomm_sock_close+0x2e/0xd0 [rfcomm] > > [ 459.241886] rfcomm_sock_shutdown+0x54/0xb0 [rfcomm] > > [ 459.241899] rfcomm_sock_release+0x2e/0x90 [rfcomm] > > [ 459.241914] __sock_release+0x3d/0xb0 > > [ 459.241920] sock_close+0x11/0x20 > > [ 459.241925] __fput+0x91/0x250 > > [ 459.241933] task_work_run+0x59/0x90 > > [ 459.241942] exit_to_user_mode_prepare+0x1cd/0x1e0 > > [ 459.241948] syscall_exit_to_user_mode+0x17/0x40 > > [ 459.241960] do_syscall_64+0x46/0xc0 > > [ 459.241974] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > [ 459.241981] RIP: 0033:0x7feffc07a770 > > [ 459.241986] Code: 0d 00 00 00 eb b2 e8 4f f7 01 00 66 2e 0f 1f 84 00 00 > > 00 00 00 0f 1f 44 00 00 80 3d 71 1e 0e 00 00 74 17 b8 03 00 00 00 0f 05 > <48> > > 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c > > [ 459.241990] RSP: 002b:00007ffceb4d6ba8 EFLAGS: 00000202 ORIG_RAX: > > 0000000000000003 > > [ 459.241995] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > > 00007feffc07a770 > > [ 459.241998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: > > 0000000000000028 > > [ 459.242000] RBP: 0000000000000000 R08: 0000000000000000 R09: > > 0000000000000010 > > [ 459.242003] R10: 0000000000000000 R11: 0000000000000202 R12: > > 0000000000000001 > > [ 459.242005] R13: 0000555efbd88f30 R14: 00007feffc3691b0 R15: > > 0000555efbd7e350 > > [ 459.242011] </TASK> > > ``` > > > > Could you please attach all Linux messages, that means, the full output of > > `dmesg`, and also have `sudo btmon -w /dev/shm/trace.log` running in > > parallel. > > I triggered the bug while running btmon, but the computer become > unresponsive and freezes completely and I'm not even sure if it get into > syslog. I will try later to have btmon writing somewhere else so I don't > lose the file. > > Meanwhile, I attached all kernel messages I could get from `grep kernel > /var/log/syslog` in a xz file attached at > https://bugzilla.kernel.org/attachment.cgi?id=303168 > > > > > > As you know it’s a regression, and you can reproduce it, it might be > fastest > > to do the following: > > > > 1. Build bluetooth-next [2]. (Clone the source tree, copy the Debian > > configuration from `/boot` to `.config`, run `make olddefconfig` and `make > > localmodconfig`, disable debug info in `make menuconfig`, and then `make > > bindeb-pkg` and install the generated `linux-image….deb` with `dpkg -i`. > > 2. If it’s still happening, and you want faster test cycles, try to > > reproduce it in QEMU by passing the USB device through. > > 3. Bisect the issue with `git bisect`. > > > > [1]: https://bugs.debian.org/1023076 > > [2]: > > > https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git > > Sure, I will try that too later today. Ah, I forgot to share how I reproduce this bug: While a video is playing in firefox: Once a while I disconnect and connect the earphone headset via gnome-control-center. I connect my android cellphone to the earphone headset while it is still connected to computer, "forcing" a disconnection. All that while still keeping gnome-control-center bluetooth page open/scanning. After a few cycles, of connect+disconnect the earphone headset shows as "connected" in gnome-control-center, but no audio sink is available. At this point, closing the lid or switching bluetooth off (via gnome-control-center toggle) I get this message in dmesg: ``` 2022-11-13T08:04:07.733635+01:00 computer kernel: [ 553.697726] general protection fault, probably for non-canonical address 0xa0ffff9bb2249beb: 0000 [#1] PREEMPT SMP NOPTI 2022-11-13T08:04:07.733710+01:00 computer kernel: [ 553.697742] CPU: 7 PID: 933 Comm: bluetoothd Not tainted 6.0.0-4-amd64 #1 Debian 6.0.8-1 2022-11-13T08:04:07.733716+01:00 computer kernel: [ 553.697752] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21 ) 09/15/2022 2022-11-13T08:04:07.733720+01:00 computer kernel: [ 553.697756] RIP: 0010:hci_send_acl+0x4a/0x2f0 [bluetooth] 2022-11-13T08:04:07.733724+01:00 computer kernel: [ 553.697825] Code: 0c 4d 8b 8c 24 80 06 00 00 4c 89 4c 24 18 66 90 0f b7 da 8b 4d 70 2b 4d 74 c6 45 28 02 89 4d 70 41 89 cd c7 45 74 00 00 00 00 <41> 0f b6 51 43 84 d2 0f 84 0e 02 00 00 80 fa 01 0f 84 81 00 00 00 2022-11-13T08:04:07.733728+01:00 computer kernel: [ 553.697831] RSP: 0018:ffffbd1fc1bc7c00 EFLAGS: 00010202 2022-11-13T08:04:07.733729+01:00 computer kernel: [ 553.697839] RAX: ffff9bb240599600 RBX: 0000000000000002 RCX: 0000000000000008 2022-11-13T08:04:07.733733+01:00 computer kernel: [ 553.697844] RDX: 0000000000000002 RSI: ffff9bb1c30ea600 RDI: ffff9bb1c805fcc0 2022-11-13T08:04:07.733736+01:00 computer kernel: [ 553.697847] RBP: ffff9bb1c30ea600 R08: ffff9bb2378ba2c0 R09: a0ffff9bb2249ba8 2022-11-13T08:04:07.733740+01:00 computer kernel: [ 553.697851] R10: 0000000000000029 R11: 0000000000000000 R12: ffff9bb2249ba1c1 2022-11-13T08:04:07.733743+01:00 computer kernel: [ 553.697854] R13: 0000000000000008 R14: ffff9bb1c30ea600 R15: ffff9bb1c805fcc0 2022-11-13T08:04:07.733746+01:00 computer kernel: [ 553.697858] FS: 00007f6c939e47c0(0000) GS:ffff9bb7edfc0000(0000) knlGS:0000000000000000 2022-11-13T08:04:07.733748+01:00 computer kernel: [ 553.697863] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 2022-11-13T08:04:07.733824+01:00 computer kernel: [ 553.697868] CR2: 00007fac2212d000 CR3: 0000000168dc2000 CR4: 0000000000750ee0 2022-11-13T08:04:07.733830+01:00 computer kernel: [ 553.697872] PKRU: 55555554 2022-11-13T08:04:07.733833+01:00 computer kernel: [ 553.697875] Call Trace: 2022-11-13T08:04:07.733836+01:00 computer kernel: [ 553.697881] <TASK> 2022-11-13T08:04:07.733839+01:00 computer kernel: [ 553.697885] ? mutex_lock+0xe/0x30 2022-11-13T08:04:07.733843+01:00 computer kernel: [ 553.697901] l2cap_chan_send+0x12f/0xc60 [bluetooth] 2022-11-13T08:04:07.733846+01:00 computer kernel: [ 553.697977] ? remove_wait_queue+0x20/0x60 2022-11-13T08:04:07.733849+01:00 computer kernel: [ 553.697987] ? _raw_spin_unlock_irqrestore+0x23/0x40 2022-11-13T08:04:07.733852+01:00 computer kernel: [ 553.697995] ? bt_sock_wait_ready+0x128/0x1a0 [bluetooth] 2022-11-13T08:04:07.733855+01:00 computer kernel: [ 553.698050] l2cap_sock_sendmsg+0x9a/0x100 [bluetooth] 2022-11-13T08:04:07.733858+01:00 computer kernel: [ 553.698114] sock_sendmsg+0x5f/0x70 2022-11-13T08:04:07.733861+01:00 computer kernel: [ 553.698125] rfcomm_send_frame+0x62/0xa0 [rfcomm] 2022-11-13T08:04:07.733864+01:00 computer kernel: [ 553.698141] rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm] 2022-11-13T08:04:07.733867+01:00 computer kernel: [ 553.698154] __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm] 2022-11-13T08:04:07.733870+01:00 computer kernel: [ 553.698166] __rfcomm_dlc_close+0x60/0x200 [rfcomm] 2022-11-13T08:04:07.733872+01:00 computer kernel: [ 553.698179] rfcomm_dlc_close+0x6a/0xb0 [rfcomm] 2022-11-13T08:04:07.733875+01:00 computer kernel: [ 553.698190] __rfcomm_sock_close+0x2e/0xd0 [rfcomm] 2022-11-13T08:04:07.733878+01:00 computer kernel: [ 553.698203] rfcomm_sock_shutdown+0x54/0xb0 [rfcomm] 2022-11-13T08:04:07.733882+01:00 computer kernel: [ 553.698215] rfcomm_sock_release+0x2e/0x90 [rfcomm] 2022-11-13T08:04:07.733885+01:00 computer kernel: [ 553.698227] __sock_release+0x3d/0xb0 2022-11-13T08:04:07.733888+01:00 computer kernel: [ 553.698234] sock_close+0x11/0x20 2022-11-13T08:04:07.733890+01:00 computer kernel: [ 553.698239] __fput+0x91/0x250 2022-11-13T08:04:07.733892+01:00 computer kernel: [ 553.698248] task_work_run+0x5c/0x90 2022-11-13T08:04:07.733895+01:00 computer kernel: [ 553.698257] exit_to_user_mode_prepare+0x1cd/0x1e0 2022-11-13T08:04:07.733898+01:00 computer kernel: [ 553.698264] syscall_exit_to_user_mode+0x17/0x40 2022-11-13T08:04:07.733901+01:00 computer kernel: [ 553.698271] do_syscall_64+0x46/0xc0 2022-11-13T08:04:07.733904+01:00 computer kernel: [ 553.698280] entry_SYSCALL_64_after_hwframe+0x63/0xcd 2022-11-13T08:04:07.733907+01:00 computer kernel: [ 553.698289] RIP: 0033:0x7f6c94006770 2022-11-13T08:04:07.733910+01:00 computer kernel: [ 553.698295] Code: 0d 00 00 00 eb b2 e8 4f f7 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 80 3d 71 1e 0e 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 2022-11-13T08:04:07.733914+01:00 computer kernel: [ 553.698300] RSP: 002b:00007ffc65ad5da8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 2022-11-13T08:04:07.733917+01:00 computer kernel: [ 553.698306] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6c94006770 2022-11-13T08:04:07.733920+01:00 computer kernel: [ 553.698310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000029 2022-11-13T08:04:07.733923+01:00 computer kernel: [ 553.698313] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010 2022-11-13T08:04:07.733925+01:00 computer kernel: [ 553.698316] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 2022-11-13T08:04:07.733929+01:00 computer kernel: [ 553.698319] R13: 00005564dd86f1f0 R14: 00005564dd86d940 R15: 00005564dd876610 2022-11-13T08:04:07.733932+01:00 computer kernel: [ 553.698326] </TASK> 2022-11-13T08:04:07.733934+01:00 computer kernel: [ 553.698328] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables libcrc32c nfnetlink br_netfilter bridge stp llc nvme_fabrics uinput ctr ccm rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash algif_skcipher af_alg cpufreq_ondemand cpufreq_powersave cpufreq_conservative zstd cpufreq_userspace zstd_compress overlay zram qrtr bnep zsmalloc binfmt_misc nls_ascii nls_cp437 vfat intel_rapl_msr fat intel_rapl_common rtw89_8852ae rtw89_8852a btusb btrtl btbcm rtw89_pci btintel rtw89_core btmtk snd_acp3x_pdm_dma snd_acp3x_rn snd_soc_dmic bluetooth snd_soc_core snd_ctl_led snd_compress snd_hda_codec_realtek mac80211 edac_mce_amd snd_hda_codec_generic snd_hda_codec_hdmi jitterentropy_rng uvcvideo snd_hda_intel snd_intel_dspcfg videobuf2_vmalloc videobuf2_memops snd_intel_sdw_acpi kvm_amd videobuf2_v4l2 drbg libarc4 videobuf2_common ansi_cprng 2022-11-13T08:04:07.733938+01:00 computer kernel: [ 553.698439] snd_hda_codec kvm snd_hda_core videodev snd_hwdep snd_pci_acp6x ecdh_generic thinkpad_acpi irqbypass snd_pci_acp5x cfg80211 rapl mc ecc wmi_bmof pcspkr snd_rn_pci_acp3x snd_pcm snd_acp_config nvram ccp k10temp platform_profile ucsi_acpi snd_soc_acpi typec_ucsi snd_timer sp5100_tco ledtrig_audio snd_pci_acp3x rng_core watchdog snd roles soundcore typec rfkill ac joydev evdev serio_raw amd_pstate msr parport_pc ppdev lp parport fuse efi_pstore configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_crypt dm_mod amdgpu gpu_sched drm_buddy i2c_algo_bit drm_display_helper crc32_pclmul crc32c_intel cec rc_core drm_ttm_helper ttm ghash_clmulni_intel rtsx_pci_sdmmc xhci_pci drm_kms_helper nvme mmc_core xhci_hcd r8169 nvme_core aesni_intel drm realtek t10_pi mdio_devres usbcore crypto_simd psmouse libphy crc64_rocksoft_generic cryptd crc64_rocksoft crc_t10dif rtsx_pci i2c_piix4 crct10dif_generic crct10dif_pclmul usb_common crc64 crct10dif_common wmi 2022-11-13T08:04:07.733946+01:00 computer kernel: [ 553.698572] battery video i2c_scmi button sha512_ssse3 sha512_generic 2022-11-13T08:04:07.733949+01:00 computer kernel: [ 553.698586] ---[ end trace 0000000000000000 ]--- ``` After this message is printed, closing the lid and opening it again I get these (suspend (s2idle) and (deep)): ``` 2022-11-13T08:55:19.687599+01:00 computer kernel: [ 3625.820979] PM: suspend exit 2022-11-13T08:55:19.687610+01:00 computer kernel: [ 3625.821050] PM: suspend entry (s2idle) 2022-11-13T08:55:39.731257+01:00 computer kernel: [ 3625.857013] Filesystems sync: 0.035 seconds 2022-11-13T08:55:39.731469+01:00 computer kernel: [ 3625.857914] Freezing user space processes ... 2022-11-13T08:55:39.731480+01:00 computer kernel: [ 3625.924634] r8169 0000:05:00.0 enp5s0: Link is Down 2022-11-13T08:55:39.731488+01:00 computer kernel: [ 3645.867121] 2022-11-13T08:55:39.731492+01:00 computer kernel: [ 3645.867138] Freezing of tasks failed after 20.009 seconds (1 tasks refusing to freeze, wq_busy=0): 2022-11-13T08:55:39.731499+01:00 computer kernel: [ 3645.867211] task:bluetoothd state:D stack: 0 pid: 6502 ppid: 1 flags:0x00000006 2022-11-13T08:55:39.731505+01:00 computer kernel: [ 3645.867230] Call Trace: 2022-11-13T08:55:39.731511+01:00 computer kernel: [ 3645.867237] <TASK> 2022-11-13T08:55:39.731516+01:00 computer kernel: [ 3645.867249] __schedule+0x33e/0xa10 2022-11-13T08:55:39.731521+01:00 computer kernel: [ 3645.867281] schedule+0x5d/0xe0 2022-11-13T08:55:39.731569+01:00 computer kernel: [ 3645.867291] schedule_preempt_disabled+0x14/0x30 2022-11-13T08:55:39.731577+01:00 computer kernel: [ 3645.867299] __mutex_lock.constprop.0+0x3b4/0x700 2022-11-13T08:55:39.731582+01:00 computer kernel: [ 3645.867312] rfcomm_dlc_open+0x3e/0x360 [rfcomm] 2022-11-13T08:55:39.731588+01:00 computer kernel: [ 3645.867339] rfcomm_sock_connect+0xd8/0x130 [rfcomm] 2022-11-13T08:55:39.731593+01:00 computer kernel: [ 3645.867358] __sys_connect+0xa4/0xd0 2022-11-13T08:55:39.731683+01:00 computer kernel: [ 3645.867376] __x64_sys_connect+0x14/0x20 2022-11-13T08:55:39.731693+01:00 computer kernel: [ 3645.867385] do_syscall_64+0x3a/0xc0 2022-11-13T08:55:39.731700+01:00 computer kernel: [ 3645.867399] entry_SYSCALL_64_after_hwframe+0x63/0xcd 2022-11-13T08:55:39.731705+01:00 computer kernel: [ 3645.867413] RIP: 0033:0x7f8d074bf470 2022-11-13T08:55:39.731711+01:00 computer kernel: [ 3645.867423] RSP: 002b:00007ffe397682c8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a 2022-11-13T08:55:39.731717+01:00 computer kernel: [ 3645.867434] RAX: ffffffffffffffda RBX: 00007ffe397684c0 RCX: 00007f8d074bf470 2022-11-13T08:55:39.731723+01:00 computer kernel: [ 3645.867440] RDX: 000000000000000a RSI: 00007ffe397682e0 RDI: 0000000000000029 2022-11-13T08:55:39.731727+01:00 computer kernel: [ 3645.867446] RBP: 000055ec2510b410 R08: 000000000000001f R09: 000055ec250d01d0 2022-11-13T08:55:39.731732+01:00 computer kernel: [ 3645.867451] R10: 0000000000001000 R11: 0000000000000202 R12: 0000000000000000 2022-11-13T08:55:39.731737+01:00 computer kernel: [ 3645.867457] R13: 000055ec250d07f0 R14: 000055ec233329f0 R15: 00007ffe397682e0 2022-11-13T08:55:39.731741+01:00 computer kernel: [ 3645.867466] </TASK> 2022-11-13T08:55:39.731745+01:00 computer kernel: [ 3645.867475] 2022-11-13T08:55:39.731751+01:00 computer kernel: [ 3645.867479] OOM killer enabled. 2022-11-13T08:55:39.738773+01:00 computer kernel: [ 3645.867483] Restarting tasks ... done. 2022-11-13T08:55:39.738807+01:00 computer kernel: [ 3645.873016] random: crng reseeded on system resumption 2022-11-13T08:55:39.863568+01:00 computer kernel: [ 3645.996885] PM: suspend exit 2022-11-13T08:55:39.939555+01:00 computer kernel: [ 3646.075416] PM: suspend entry (deep) 2022-11-13T08:55:39.976001+01:00 computer kernel: [ 3646.112036] Filesystems sync: 0.036 seconds 2022-11-13T08:55:59.985387+01:00 computer kernel: [ 3646.113861] Freezing user space processes ... 2022-11-13T08:55:59.985459+01:00 computer kernel: [ 3666.121238] Freezing of tasks failed after 20.007 seconds (1 tasks refusing to freeze, wq_busy=0): 2022-11-13T08:55:59.985470+01:00 computer kernel: [ 3666.121308] task:bluetoothd state:D stack: 0 pid: 6502 ppid: 1 flags:0x00000006 2022-11-13T08:55:59.985476+01:00 computer kernel: [ 3666.121325] Call Trace: 2022-11-13T08:55:59.985481+01:00 computer kernel: [ 3666.121331] <TASK> 2022-11-13T08:55:59.985486+01:00 computer kernel: [ 3666.121343] __schedule+0x33e/0xa10 2022-11-13T08:55:59.985494+01:00 computer kernel: [ 3666.121374] schedule+0x5d/0xe0 2022-11-13T08:55:59.985499+01:00 computer kernel: [ 3666.121383] schedule_preempt_disabled+0x14/0x30 2022-11-13T08:55:59.985544+01:00 computer kernel: [ 3666.121392] __mutex_lock.constprop.0+0x3b4/0x700 2022-11-13T08:55:59.985550+01:00 computer kernel: [ 3666.121404] rfcomm_dlc_open+0x3e/0x360 [rfcomm] 2022-11-13T08:55:59.985556+01:00 computer kernel: [ 3666.121431] rfcomm_sock_connect+0xd8/0x130 [rfcomm] 2022-11-13T08:55:59.985561+01:00 computer kernel: [ 3666.121449] __sys_connect+0xa4/0xd0 2022-11-13T08:55:59.985568+01:00 computer kernel: [ 3666.121467] __x64_sys_connect+0x14/0x20 2022-11-13T08:55:59.985574+01:00 computer kernel: [ 3666.121475] do_syscall_64+0x3a/0xc0 2022-11-13T08:55:59.985579+01:00 computer kernel: [ 3666.121489] entry_SYSCALL_64_after_hwframe+0x63/0xcd 2022-11-13T08:55:59.985584+01:00 computer kernel: [ 3666.121502] RIP: 0033:0x7f8d074bf470 2022-11-13T08:55:59.985588+01:00 computer kernel: [ 3666.121512] RSP: 002b:00007ffe397682c8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a 2022-11-13T08:55:59.985593+01:00 computer kernel: [ 3666.121522] RAX: ffffffffffffffda RBX: 00007ffe397684c0 RCX: 00007f8d074bf470 2022-11-13T08:55:59.985599+01:00 computer kernel: [ 3666.121528] RDX: 000000000000000a RSI: 00007ffe397682e0 RDI: 0000000000000029 2022-11-13T08:55:59.985604+01:00 computer kernel: [ 3666.121534] RBP: 000055ec2510b410 R08: 000000000000001f R09: 000055ec250d01d0 2022-11-13T08:55:59.985610+01:00 computer kernel: [ 3666.121539] R10: 0000000000001000 R11: 0000000000000202 R12: 0000000000000000 2022-11-13T08:55:59.985615+01:00 computer kernel: [ 3666.121544] R13: 000055ec250d07f0 R14: 000055ec233329f0 R15: 00007ffe397682e0 2022-11-13T08:55:59.985619+01:00 computer kernel: [ 3666.121553] </TASK> 2022-11-13T08:55:59.985624+01:00 computer kernel: [ 3666.121562] 2022-11-13T08:55:59.985628+01:00 computer kernel: [ 3666.121565] OOM killer enabled. 2022-11-13T08:55:59.991624+01:00 computer kernel: [ 3666.121569] Restarting tasks ... done. 2022-11-13T08:55:59.991654+01:00 computer kernel: [ 3666.125306] random: crng reseeded on system resumption 2022-11-13T08:56:00.023913+01:00 computer kernel: [ 3666.156324] Generic FE-GE Realtek PHY r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC) 2022-11-13T08:56:00.115588+01:00 computer kernel: [ 3666.248877] PM: suspend exit 2022-11-13T08:56:00.115604+01:00 computer kernel: [ 3666.248972] PM: suspend entry (s2idle) ``` Best, Gabriel Francisco
Created attachment 303169 [details] kernel messages from kern.log
Created attachment 303170 [details] btmon file when the computer crashed running kernel from bluetooth-next
Hi, these two attachments are when running the kernel from https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git (bluetooth-next branch). I will try master branch.
Created attachment 303171 [details] dmesg bluetooth-next master branch HEAD Triggering the bug while running btmon with the HEAD of master branch from bluetooth-next does not renders the computer unusable, but disconnecting+connecting the the headset is not as smooth compared with bluetooth-next branch (which freezes computer). ``` [ 301.300526] PM: suspend exit [ 301.301469] Bluetooth: hci0: RTL: rom_version status=0 version=1 [ 301.301473] Bluetooth: hci0: RTL: loading rtl_bt/rtl8852au_fw.bin [ 301.301583] Bluetooth: hci0: RTL: loading rtl_bt/rtl8852au_config.bin [ 301.301640] Bluetooth: hci0: RTL: cfg_sz 6, total sz 47155 [ 301.393319] Generic FE-GE Realtek PHY r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC) [ 301.429363] usb 5-3: new full-speed USB device number 5 using xhci_hcd [ 301.508834] psmouse serio1: synaptics: queried max coordinates: x [..5678], y [..4694] [ 301.521632] r8169 0000:02:00.0 enp2s0f0: Link is Down [ 301.547243] psmouse serio1: synaptics: queried min coordinates: x [1266..], y [1162..] [ 301.553423] Generic FE-GE Realtek PHY r8169-0-500:00: attached PHY driver (mii_bus:phy_addr=r8169-0-500:00, irq=MAC) [ 301.590802] usb 5-3: New USB device found, idVendor=06cb, idProduct=00bd, bcdDevice= 0.00 [ 301.590815] usb 5-3: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 301.590821] usb 5-3: SerialNumber: f699a1169720 [ 301.700442] Bluetooth: hci0: RTL: fw version 0xd9b88207 [ 301.757826] r8169 0000:05:00.0 enp5s0: Link is Down [ 301.824556] Bluetooth: MGMT ver 1.22 [ 305.674822] wlp3s0: authenticate with e4:bf:fa:cc:15:70 [ 305.674836] wlp3s0: Invalid HE elem, Disable HE [ 305.800382] wlp3s0: send auth to e4:bf:fa:cc:15:70 (try 1/3) [ 305.802262] wlp3s0: authenticated [ 305.805269] wlp3s0: associate with e4:bf:fa:cc:15:70 (try 1/3) [ 305.806658] wlp3s0: RX AssocResp from e4:bf:fa:cc:15:70 (capab=0x1011 status=0 aid=3) [ 305.917751] wlp3s0: associated [ 305.917962] wlp3s0: Limiting TX power to 23 (23 - 0) dBm as advertised by e4:bf:fa:cc:15:70 [ 305.985550] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready [ 316.051610] audit: type=1400 audit(1668405359.412:35): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 316.101113] audit: type=1400 audit(1668405359.460:36): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 316.110480] audit: type=1400 audit(1668405359.472:37): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 316.119295] audit: type=1400 audit(1668405359.480:38): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1948 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 334.857310] Bluetooth: \x05: unknown dev_type 141 [ 334.857335] BUG: kernel NULL pointer dereference, address: 0000000000000102 [ 334.857339] #PF: supervisor read access in kernel mode [ 334.857343] #PF: error_code(0x0000) - not-present page [ 334.857346] PGD 0 P4D 0 [ 334.857351] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 334.857356] CPU: 12 PID: 1382 Comm: krfcommd Not tainted 6.0.0-rc7+ #1 [ 334.857360] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21 ) 09/15/2022 [ 334.857364] RIP: 0010:__queue_work+0x1c/0x460 [ 334.857376] Code: 8f 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 41 57 41 56 41 55 41 89 fd 41 54 49 89 f4 55 53 48 89 d3 48 83 ec 08 <f6> 86 02 01 00 00 01 0f 85 e1 02 00 00 e8 42 e4 06 00 45 89 ee 41 [ 334.857379] RSP: 0018:ffffc16dcc66fc40 EFLAGS: 00010082 [ 334.857383] RAX: 0000000000000282 RBX: ffff9ecde6f2b488 RCX: 0000000000000000 [ 334.857385] RDX: ffff9ecde6f2b488 RSI: 0000000000000000 RDI: 0000000000002000 [ 334.857387] RBP: ffffc16dcc66fd10 R08: 0000000000000000 R09: ffffc16dcc66fa58 [ 334.857389] R10: 0000000000000003 R11: ffffffffa3ad16a8 R12: 0000000000000000 [ 334.857391] R13: 0000000000002000 R14: ffff9ecd809e4e00 R15: ffff9ecdb3282400 [ 334.857393] FS: 0000000000000000(0000) GS:ffff9ed392100000(0000) knlGS:0000000000000000 [ 334.857396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 334.857399] CR2: 0000000000000102 CR3: 000000042b410000 CR4: 0000000000750ee0 [ 334.857401] PKRU: 55555554 [ 334.857403] Call Trace: [ 334.857408] <TASK> [ 334.857416] queue_work_on+0x37/0x40 [ 334.857426] l2cap_chan_send+0x12f/0xc60 [bluetooth] [ 334.857483] ? remove_wait_queue+0x20/0x60 [ 334.857489] ? _raw_spin_unlock_irqrestore+0x23/0x40 [ 334.857497] ? preempt_count_add+0x6a/0xa0 [ 334.857503] l2cap_sock_sendmsg+0x9a/0x100 [bluetooth] [ 334.857539] sock_sendmsg+0x5f/0x70 [ 334.857548] rfcomm_send_frame+0x62/0xa0 [rfcomm] [ 334.857562] rfcomm_send_disc.isra.0+0x80/0xd0 [rfcomm] [ 334.857570] __rfcomm_dlc_disconn+0x10a/0x120 [rfcomm] [ 334.857577] __rfcomm_dlc_close+0x60/0x200 [rfcomm] [ 334.857583] rfcomm_run+0x6f6/0x1900 [rfcomm] [ 334.857591] ? _raw_spin_rq_lock_irqsave+0x20/0x20 [ 334.857596] ? rfcomm_check_accept+0xa0/0xa0 [rfcomm] [ 334.857602] kthread+0xe9/0x110 [ 334.857608] ? kthread_complete_and_exit+0x20/0x20 [ 334.857613] ret_from_fork+0x22/0x30 [ 334.857622] </TASK> [ 334.857623] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables libcrc32c nfnetlink br_netfilter bridge stp llc nvme_fabrics uinput ctr ccm rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device qrtr overlay cpufreq_ondemand cpufreq_powersave cpufreq_conservative cmac cpufreq_userspace algif_hash algif_skcipher zstd af_alg zstd_compress bnep zram zsmalloc binfmt_misc nls_ascii nls_cp437 vfat fat btusb btrtl btbcm btintel btmtk bluetooth snd_ctl_led snd_hda_codec_realtek snd_hda_codec_generic rtw89_8852ae rtw89_8852a snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common rtw89_pci uvcvideo snd_soc_dmic snd_acp3x_pdm_dma snd_acp3x_rn jitterentropy_rng rtw89_core snd_hda_intel videobuf2_vmalloc snd_soc_core videobuf2_memops videobuf2_v4l2 snd_intel_dspcfg snd_hda_codec kvm_amd snd_pci_acp6x drbg videobuf2_common snd_hwdep mac80211 wmi_bmof snd_pci_acp5x [ 334.857705] ansi_cprng kvm libarc4 videodev irqbypass snd_rn_pci_acp3x snd_hda_core ecdh_generic snd_acp_config mc rapl ecc pcspkr thinkpad_acpi snd_soc_acpi ccp snd_pcm cfg80211 snd_pci_acp3x nvram rng_core ledtrig_audio snd_timer sp5100_tco platform_profile ucsi_acpi k10temp watchdog snd typec_ucsi roles soundcore rfkill typec wmi ac battery video button evdev joydev serio_raw amd_pstate msr parport_pc ppdev lp parport fuse configfs efi_pstore efivarfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 dm_crypt dm_mod amdgpu crc32_pclmul crc32c_intel drm_ttm_helper ttm ghash_clmulni_intel gpu_sched nvme i2c_algo_bit drm_buddy nvme_core rtsx_pci_sdmmc xhci_pci drm_display_helper t10_pi mmc_core xhci_hcd r8169 drm_kms_helper realtek crc64_rocksoft_generic aesni_intel crc64_rocksoft mdio_devres drm crc_t10dif crypto_simd usbcore psmouse cec cryptd crct10dif_generic libphy rc_core crct10dif_pclmul i2c_piix4 rtsx_pci usb_common crc64 crct10dif_common i2c_scmi sha512_ssse3 [ 334.857807] sha512_generic [ 334.857814] CR2: 0000000000000102 [ 334.857817] ---[ end trace 0000000000000000 ]--- [ 334.861275] RIP: 0010:__queue_work+0x1c/0x460 [ 334.861275] Code: 8f 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 41 57 41 56 41 55 41 89 fd 41 54 49 89 f4 55 53 48 89 d3 48 83 ec 08 <f6> 86 02 01 00 00 01 0f 85 e1 02 00 00 e8 42 e4 06 00 45 89 ee 41 [ 334.861275] RSP: 0018:ffffc16dcc66fc40 EFLAGS: 00010082 [ 334.861275] RAX: 0000000000000282 RBX: ffff9ecde6f2b488 RCX: 0000000000000000 [ 334.861275] RDX: ffff9ecde6f2b488 RSI: 0000000000000000 RDI: 0000000000002000 [ 334.861275] RBP: ffffc16dcc66fd10 R08: 0000000000000000 R09: ffffc16dcc66fa58 [ 334.959941] R10: 0000000000000003 R11: ffffffffa3ad16a8 R12: 0000000000000000 [ 334.959941] R13: 0000000000002000 R14: ffff9ecd809e4e00 R15: ffff9ecdb3282400 [ 334.959941] FS: 0000000000000000(0000) GS:ffff9ed392100000(0000) knlGS:0000000000000000 [ 334.959941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 334.959941] CR2: 0000000000000102 CR3: 0000000161a42000 CR4: 0000000000750ee0 [ 334.959941] PKRU: 55555554 [ 350.116698] BUG: unable to handle page fault for address: ffffc16dcc66feb0 [ 350.116706] #PF: supervisor read access in kernel mode [ 350.116709] #PF: error_code(0x0000) - not-present page [ 350.116712] PGD 100000067 P4D 100000067 PUD 1001a4067 PMD 106ffa067 PTE 0 [ 350.116717] Oops: 0000 [#2] PREEMPT SMP NOPTI [ 350.116721] CPU: 4 PID: 860 Comm: kworker/u33:1 Tainted: G D 6.0.0-rc7+ #1 [ 350.116724] Hardware name: LENOVO 21A00004GE/21A00004GE, BIOS R1MET51W (1.21 ) 09/15/2022 [ 350.116727] Workqueue: hci0 hci_rx_work [bluetooth] [ 350.116759] RIP: 0010:__wake_up_common+0x4c/0x180 [ 350.116768] Code: 24 0c 89 4c 24 08 4d 85 c9 74 0a 41 f6 01 04 0f 85 a3 00 00 00 48 8b 43 08 4c 8d 40 e8 48 83 c3 08 49 8d 40 18 48 39 c3 74 5b <49> 8b 40 18 31 ed 4c 8d 70 e8 45 8b 28 41 f6 c5 04 75 5f 49 8b 40 [ 350.116770] RSP: 0018:ffffc16dc2777ce0 EFLAGS: 00010002 [ 350.116773] RAX: ffffc16dcc66feb0 RBX: ffffffffc18440a8 RCX: 0000000000000000 [ 350.116775] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffffffc18440a0 [ 350.116777] RBP: 0000000000000246 R08: ffffc16dcc66fe98 R09: ffffc16dc2777d30 [ 350.116778] R10: ffff9ecdb3282421 R11: 00000000dd721946 R12: ffffc16dc2777d30 [ 350.116780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 350.116781] FS: 0000000000000000(0000) GS:ffff9ed391f00000(0000) knlGS:0000000000000000 [ 350.116784] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 350.116785] CR2: ffffc16dcc66feb0 CR3: 000000042b410000 CR4: 0000000000750ee0 [ 350.116787] PKRU: 55555554 [ 350.116789] Call Trace: [ 350.116794] <TASK> [ 350.116800] __wake_up_common_lock+0x7b/0xc0 [ 350.116805] hci_encrypt_change_evt+0x160/0x4e0 [bluetooth] [ 350.116835] ? hci_cs_read_remote_features+0x1e0/0x1e0 [bluetooth] [ 350.116859] hci_event_packet+0x3ad/0x570 [bluetooth] [ 350.116884] hci_rx_work+0x9c/0x580 [bluetooth] [ 350.116909] process_one_work+0x1c7/0x380 [ 350.116913] worker_thread+0x4d/0x380 [ 350.116916] ? rescuer_thread+0x3a0/0x3a0 [ 350.116918] kthread+0xe9/0x110 [ 350.116922] ? kthread_complete_and_exit+0x20/0x20 [ 350.116925] ret_from_fork+0x22/0x30 [ 350.116931] </TASK> [ 350.116932] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables libcrc32c nfnetlink br_netfilter bridge stp llc nvme_fabrics uinput ctr ccm rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device qrtr overlay cpufreq_ondemand cpufreq_powersave cpufreq_conservative cmac cpufreq_userspace algif_hash algif_skcipher zstd af_alg zstd_compress bnep zram zsmalloc binfmt_misc nls_ascii nls_cp437 vfat fat btusb btrtl btbcm btintel btmtk bluetooth snd_ctl_led snd_hda_codec_realtek snd_hda_codec_generic rtw89_8852ae rtw89_8852a snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common rtw89_pci uvcvideo snd_soc_dmic snd_acp3x_pdm_dma snd_acp3x_rn jitterentropy_rng rtw89_core snd_hda_intel videobuf2_vmalloc snd_soc_core videobuf2_memops videobuf2_v4l2 snd_intel_dspcfg snd_hda_codec kvm_amd snd_pci_acp6x drbg videobuf2_common snd_hwdep mac80211 wmi_bmof snd_pci_acp5x [ 350.116993] ansi_cprng kvm libarc4 videodev irqbypass snd_rn_pci_acp3x snd_hda_core ecdh_generic snd_acp_config mc rapl ecc pcspkr thinkpad_acpi snd_soc_acpi ccp snd_pcm cfg80211 snd_pci_acp3x nvram rng_core ledtrig_audio snd_timer sp5100_tco platform_profile ucsi_acpi k10temp watchdog snd typec_ucsi roles soundcore rfkill typec wmi ac battery video button evdev joydev serio_raw amd_pstate msr parport_pc ppdev lp parport fuse configfs efi_pstore efivarfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 dm_crypt dm_mod amdgpu crc32_pclmul crc32c_intel drm_ttm_helper ttm ghash_clmulni_intel gpu_sched nvme i2c_algo_bit drm_buddy nvme_core rtsx_pci_sdmmc xhci_pci drm_display_helper t10_pi mmc_core xhci_hcd r8169 drm_kms_helper realtek crc64_rocksoft_generic aesni_intel crc64_rocksoft mdio_devres drm crc_t10dif crypto_simd usbcore psmouse cec cryptd crct10dif_generic libphy rc_core crct10dif_pclmul i2c_piix4 rtsx_pci usb_common crc64 crct10dif_common i2c_scmi sha512_ssse3 [ 350.117065] sha512_generic [ 350.117069] CR2: ffffc16dcc66feb0 [ 350.117071] ---[ end trace 0000000000000000 ]--- [ 350.120656] RIP: 0010:__queue_work+0x1c/0x460 [ 350.120656] Code: 8f 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 41 57 41 56 41 55 41 89 fd 41 54 49 89 f4 55 53 48 89 d3 48 83 ec 08 <f6> 86 02 01 00 00 01 0f 85 e1 02 00 00 e8 42 e4 06 00 45 89 ee 41 [ 350.120656] RSP: 0018:ffffc16dcc66fc40 EFLAGS: 00010082 [ 350.120656] RAX: 0000000000000282 RBX: ffff9ecde6f2b488 RCX: 0000000000000000 [ 350.120656] RDX: ffff9ecde6f2b488 RSI: 0000000000000000 RDI: 0000000000002000 [ 350.120656] RBP: ffffc16dcc66fd10 R08: 0000000000000000 R09: ffffc16dcc66fa58 [ 350.120656] R10: 0000000000000003 R11: ffffffffa3ad16a8 R12: 0000000000000000 [ 350.120656] R13: 0000000000002000 R14: ffff9ecd809e4e00 R15: ffff9ecdb3282400 [ 350.120656] FS: 0000000000000000(0000) GS:ffff9ed391f00000(0000) knlGS:0000000000000000 [ 350.120656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 350.120656] CR2: ffffc16dcc66feb0 CR3: 0000000206866000 CR4: 0000000000750ee0 [ 350.120656] PKRU: 55555554 [ 350.120656] note: kworker/u33:1[860] exited with preempt_count 1 ```
Created attachment 303172 [details] btmon file when the computer crashed running kernel from bluetooth-next master branch HEAD
I noticed these messages after a some minutes: ``` [ 350.120656] note: kworker/u33:1[860] exited with preempt_count 1 [ 1873.559221] wlp3s0: deauthenticating from e4:bf:fa:cc:15:70 by local choice (Reason: 3=DEAUTH_LEAVING) [ 1877.096203] PM: suspend entry (deep) [ 1877.106898] Filesystems sync: 0.010 seconds [ 1879.113564] Bluetooth: hci0: Opcode 0x c1a failed: -110 [ 1881.129302] Bluetooth: hci0: Opcode 0x2042 failed: -110 [ 1881.129327] Bluetooth: hci0: Unable to disable scanning: -110 [ 1883.145290] Bluetooth: hci0: Opcode 0x 406 failed: -110 [ 1885.161292] Bluetooth: hci0: Opcode 0x c01 failed: -110 [ 1887.177319] Bluetooth: hci0: Opcode 0x2042 failed: -110 [ 1887.177330] Bluetooth: hci0: Unable to disable scanning: -110 [ 1887.177335] Bluetooth: hci0: disable scanning failed: -110 [ 1887.177337] Bluetooth: hci0: start background scanning failed: -110 ```