Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Same here, Intel AX201. Bug appears both on 6.1.0-20 and 6.1.0-21 Rémy On Tue, 7 May 2024 01:07:49 +0200 Udo Richter wrote: > Hi, > > Seeing exactly the same bug with an Broadcom Corp. BCM2045B (BDC-2.1) > bluetooth device, so its not just the Intel AX211. > > Jeremy, thanks for tracking this down! > > Udo > >
Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Hi, Seeing exactly the same bug with an Broadcom Corp. BCM2045B (BDC-2.1) bluetooth device, so its not just the Intel AX211. Jeremy, thanks for tracking this down! Udo
Processed: Re: Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Processing control commands: > tag -1 -moreinfo +upstream Bug #1069301 [src:linux] linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2 Removed tag(s) moreinfo. Bug #1069301 [src:linux] linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2 Added tag(s) upstream. > forwarded -1 > https://lore.kernel.org/linux-bluetooth/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=ht...@mail.gmail.com/ Bug #1069301 [src:linux] linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2 Set Bug forwarded-to-address to 'https://lore.kernel.org/linux-bluetooth/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=ht...@mail.gmail.com/'. -- 1069301: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069301 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Control: tag -1 -moreinfo +upstream Control: forwarded -1 https://lore.kernel.org/linux-bluetooth/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=ht...@mail.gmail.com/ On Monday, 22 April 2024 10:32:00 CEST Jeremy Lainé wrote: > Over the weekend I reported the issue to the linux-bluetooth mailing > list, which led to bisecting the issue down to a single commit: > > https://lore.kernel.org/linux-bluetooth/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWT > TGfKJSRxY=ht...@mail.gmail.com/ Nice work :) signature.asc Description: This is a digitally signed message part.
Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Hi Salvatore, I've finished bisecting and the version that seems to introduce the breakage is 6.1.83. I tested the following upstream kernels: - linux 6.1.80 => OK - linux 6.1.82 => OK - linux 6.1.83 => BUG - linux 6.1.85 => BUG - linux 6.1.87 => BUG I looks like 6.1.83 introduced quite a few bluetooth changes, so I don't know which one caused the breakage: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83 What else can I do to assist? Cheers, Jeremy
Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Hi Salvatore, It had been a while (like 10+ years) since I built a kernel from source, so this guide was very welcome, and the "make bindeb-pkg" target is great: https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#s-kernel-org-package It looks like the problem is present in the upstream kernel, I have so far reproduced it with: - linux 6.1.85 - linux 6.1.87 I'll start building previous patch releases until I find one that works, but it's slow going! Cheers, Jeremy
Processed: Re: Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Processing control commands: > tags -1 + moreinfo Bug #1069301 [src:linux] linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2 Added tag(s) moreinfo. -- 1069301: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069301 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Control: tags -1 + moreinfo Hi Jeremy, On Fri, Apr 19, 2024 at 05:37:41PM +0200, Jeremy Lainé wrote: > Package: src:linux > Version: 6.1.85-1 > Severity: important > X-Debbugs-Cc: jeremy.la...@m4x.org > > Dear Maintainer, > > After upgrading from linux-image-6.1.0-18-amd64 to > linux-image-6.1.0-20-amd64, bluetooth no longer works and a kernel BUG is > visible in dmesg hinting at a memory safety issue. > > It is not necessary to attempt to connect to any specific bluetooth > device to trigger the problem, the problem arises as soon as the system > boots. > > I cannot reproduce the problem when booting back into the previous kernel > image. Would it be possible to do some experiments/debugging: - Can you reproduce the issue with 6.1.85 upstream itself? - If so can you try the current 6.1.87 (as of time of writing), does the issue reproduce there? - If it's still happening, can you try to bisect the changes between 6.1.76 and 6.1.85 to identify the culprit? Regards, Salvatore
Bug#1069301: linux-image-6.1.0-20-amd64: bluetooth causes kernel BUG - list_del corruption, (address)->prev is LIST_POISON2
Package: src:linux Version: 6.1.85-1 Severity: important X-Debbugs-Cc: jeremy.la...@m4x.org Dear Maintainer, After upgrading from linux-image-6.1.0-18-amd64 to linux-image-6.1.0-20-amd64, bluetooth no longer works and a kernel BUG is visible in dmesg hinting at a memory safety issue. It is not necessary to attempt to connect to any specific bluetooth device to trigger the problem, the problem arises as soon as the system boots. I cannot reproduce the problem when booting back into the previous kernel image. -- Package-specific info: ** Version: Linux version 6.1.0-20-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) ** Command line: BOOT_IMAGE=/vmlinuz-6.1.0-20-amd64 root=/dev/mapper/yuzu--vg-root ro quiet ** Tainted: D (128) * kernel died recently, i.e. there was an OOPS or BUG ** Kernel log: [ 19.489647] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 19.497033] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 19.497276] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 19.719465] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 19.739192] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 19.739699] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 19.740149] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 19.740166] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 [ 20.037515] wlp0s20f3: authenticate with 3e:94:ed:ae:f8:23 [ 20.037540] wlp0s20f3: 80 MHz not supported, disabling VHT [ 20.044248] wlp0s20f3: send auth to 3e:94:ed:ae:f8:23 (try 1/3) [ 20.077295] wlp0s20f3: authenticated [ 20.080607] wlp0s20f3: associate with 3e:94:ed:ae:f8:23 (try 1/3) [ 20.184598] wlp0s20f3: associate with 3e:94:ed:ae:f8:23 (try 2/3) [ 20.199647] wlp0s20f3: RX AssocResp from 3e:94:ed:ae:f8:23 (capab=0x1431 status=0 aid=3) [ 20.220862] wlp0s20f3: associated [ 20.361778] IPv6: ADDRCONF(NETDEV_CHANGE): wlp0s20f3: link becomes ready [ 20.424603] Bluetooth: hci0: command 0x0408 tx timeout [ 20.424648] Bluetooth: hci0: Opcode 0x0408 failed: -110 [ 20.474223] kauditd_printk_skb: 24 callbacks suppressed [ 20.474230] audit: type=1400 audit(1713540473.670:38): apparmor="DENIED" operation="open" profile="mariadbd_akonadi" name="/sys/devices/system/node/" pid=2378 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 20.545041] audit: type=1400 audit(1713540473.742:39): apparmor="DENIED" operation="open" profile="mariadbd_akonadi" name="/sys/devices/system/node/" pid=2453 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 20.602910] audit: type=1400 audit(1713540473.798:40): apparmor="DENIED" operation="open" profile="mariadbd_akonadi" name="/sys/block/" pid=2453 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 20.637180] audit: type=1400 audit(1713540473.834:41): apparmor="DENIED" operation="open" profile="mariadbd_akonadi" name="/sys/devices/virtual/block/dm-1/queue/physical_block_size" pid=2453 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 22.500681] Bluetooth: hci0: command 0x0408 tx timeout [ 22.500728] Bluetooth: hci0: Opcode 0x0408 failed: -110 [ 22.660771] Bluetooth: hci0: Opcode 0x0408 failed: -114 [ 22.660847] list_del corruption, 94d9f6302000->prev is LIST_POISON2 (dead0122) [ 22.660887] [ cut here ] [ 22.660890] kernel BUG at lib/list_debug.c:56! [ 22.660907] invalid opcode: [#1] PREEMPT SMP NOPTI [ 22.660917] CPU: 10 PID: 139 Comm: kworker/u25:0 Not tainted 6.1.0-20-amd64 #1 Debian 6.1.85-1 [ 22.660929] Hardware name: Dell Inc. XPS 9315/00KRKP, BIOS 1.19.1 03/14/2024 [ 22.660936] Workqueue: hci0 hci_cmd_sync_work [bluetooth] [ 22.661128] RIP: 0010:__list_del_entry_valid.cold+0x4b/0x6f [ 22.661147] Code: fe ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 48 18 7a 9f e8 14 a1 fe ff 0f 0b 48 89 fe 48 89 ca 48 c7 c7 10 18 7a 9f e8 00 a1 fe ff <0f> 0b 48 89 fe 48 c7 c7 d8 17 7a 9f e8 ef a0 fe ff 0f 0b 48 89 fe [ 22.661156] RSP: :ae0e406efde0 EFLAGS: 00010246 [ 22.661164] RAX: 004e RBX: 94d9f6302000 RCX: 0027 [ 22.661172] RDX: RSI: 0001 RDI: 94dfaf8a03a0 [ 22.661177] RBP: 94d859392000 R08: R09: ae0e406efc78 [ 22.661182] R10: 0003 R11: 9fed4448 R12: 94d859392000 [ 22.661187] R13: 94d859392770 R14: 94d858cb9800 R15: dead0100 [ 22.661194] FS: () GS:94dfaf88() knlGS: [ 22.661202] CS: 0010 DS: ES: CR0: 80050033 [ 22.661208] CR2: 7f423c024038
