search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
536 stars 47 forks source link

sys-usb crashes in btintel module with kernel 6.6.23 #9082

Open marmarek opened 6 months ago

marmarek commented 6 months ago

How to file a helpful issue

Qubes OS release

R4.2

Brief summary

sys-usb gets kernel panic related to btintel module

Steps to reproduce

Install Qubes OS on HP Probook 445 G5

Expected behavior

System starts normally

Actual behavior

https://openqa.qubes-os.org/tests/95136

sys-usb fails to start:

Details

``` [2024-04-03 02:55:41] [ 5.182838] Bluetooth: hci0: Found device firmware: intel/ibt-20-1-3.sfi [2024-04-03 02:55:41] [ 5.182873] Bluetooth: hci0: Boot Address: 0x24800 [2024-04-03 02:55:41] [ 5.182880] Bluetooth: hci0: Firmware Version: 255-255.255 [2024-04-03 02:55:41] [ 5.185611] usb 2-3: USB disconnect, device number 2 [2024-04-03 02:55:41] [ 5.185790] Bluetooth: hci0: FW download error recovery failed (-19) [2024-04-03 02:55:41] [ESC[0;32m OK ESC[0m] Finished ESC[0;1;39mmodprobe@efi_pstore.serviceESC[0m - Load Kernel Module efi_pstore. [2024-04-03 02:55:41] [ 5.186308] Bluetooth: hci0: sending frame failed (-19) [2024-04-03 02:55:41] [ 5.186336] BUG: kernel NULL pointer dereference, address: 0000000000000070 [2024-04-03 02:55:41] [ 5.186348] #PF: supervisor read access in kernel mode [2024-04-03 02:55:41] [ 5.186354] #PF: error_code(0x0000) - not-present page [2024-04-03 02:55:41] [ 5.186360] PGD 0 P4D 0 [2024-04-03 02:55:41] [ 5.186365] Oops: 0000 [#1] PREEMPT SMP NOPTI [2024-04-03 02:55:41] [ 5.186372] CPU: 1 PID: 85 Comm: kworker/u5:0 Not tainted 6.6.23-1.qubes.fc37.x86_64 #1 [2024-04-03 02:55:41] [ 5.186381] Hardware name: Xen HVM domU, BIOS 4.17.3 03/12/2024 [2024-04-03 02:55:41] [ 5.186388] Workqueue: hci0 hci_power_on [bluetooth] [2024-04-03 02:55:41] [ 5.186440] RIP: 0010:btintel_read_debug_features+0x4d/0xf0 [btintel] [2024-04-03 02:55:41] [ 5.186451] Code: 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 8d 4c 24 07 c6 44 24 07 01 e8 7e cd f3 ff 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48 [2024-04-03 02:55:41] [ 5.186469] RSP: 0018:ffffac9a40477c90 EFLAGS: 00010207 [2024-04-03 02:55:41] [ 5.186475] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8f5150ddab08 [2024-04-03 02:55:41] [ 5.186483] RDX: 0000000000000000 RSI: 0000000000000216 RDI: ffff8f5150ddab00 [2024-04-03 02:55:41] [ 5.186491] RBP: ffffac9a40477cc0 R08: ffff8f5150ddab08 R09: 0000000000000000 [2024-04-03 02:55:41] [ 5.186515] R10: 0000000000000001 R11: 0000000000000030 R12: ffff8f5150dda000 [2024-04-03 02:55:41] [ 5.186524] R13: ffff8f5146ecec00 R14: ffff8f51512b7e05 R15: ffff8f5150dda6d0 [2024-04-03 02:55:41] [ 5.186533] FS: 0000000000000000(0000) GS:ffff8f5157100000(0000) knlGS:0000000000000000 [2024-04-03 02:55:41] [ 5.186541] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2024-04-03 02:55:41] [ 5.186548] CR2: 0000000000000070 CR3: 00000000109a2000 CR4: 0000000000350ee0 [2024-04-03 02:55:41] [ 5.186557] Call Trace: [2024-04-03 02:55:41] [ 5.186562] [2024-04-03 02:55:41] [ 5.186566] ? __die+0x23/0x70 [2024-04-03 02:55:41] [ 5.186574] ? page_fault_oops+0x98/0x190 [2024-04-03 02:55:41] [ 5.186580] ? exc_page_fault+0x77/0x170 [2024-04-03 02:55:41] [ 5.186588] ? asm_exc_page_fault+0x26/0x30 [2024-04-03 02:55:41] [ 5.186596] ? btintel_read_debug_features+0x4d/0xf0 [btintel] [2024-04-03 02:55:41] [ 5.186606] btintel_register_devcoredump_support.isra.0+0x3e/0x110 [btintel] [2024-04-03 02:55:41] [ 5.186618] btintel_setup_combined+0x277/0x490 [btintel] [2024-04-03 02:55:41] [ 5.186628] hci_dev_setup_sync+0x66/0x360 [bluetooth] [2024-04-03 02:55:41] [ 5.186665] ? try_to_grab_pending+0xdf/0x1b0 [2024-04-03 02:55:41] [ 5.186672] hci_dev_init_sync+0x3a/0x1b0 [bluetooth] [2024-04-03 02:55:41] [ 5.186706] hci_dev_open_sync+0x8b/0x350 [bluetooth] [2024-04-03 02:55:41] [ 5.186739] ? try_to_wake_up+0x1da/0x510 [2024-04-03 02:55:41] [ 5.186745] hci_dev_do_open+0x23/0x60 [bluetooth] [2024-04-03 02:55:41] [ 5.186777] hci_power_on+0x51/0x260 [bluetooth] [2024-04-03 02:55:41] [ 5.186809] process_one_work+0x17f/0x350 [2024-04-03 02:55:41] [ 5.186815] worker_thread+0x27b/0x3a0 [2024-04-03 02:55:41] [ 5.186820] ? __pfx_worker_thread+0x10/0x10 [2024-04-03 02:55:41] [ 5.186826] kthread+0xe8/0x120 [2024-04-03 02:55:41] [ 5.186833] ? __pfx_kthread+0x10/0x10 [2024-04-03 02:55:41] [ 5.186838] ret_from_fork+0x34/0x50 [2024-04-03 02:55:41] [ 5.186844] ? __pfx_kthread+0x10/0x10 [2024-04-03 02:55:41] [ 5.186849] ret_from_fork_asm+0x1b/0x30 [2024-04-03 02:55:41] [ 5.186855] [2024-04-03 02:55:41] [ 5.186858] Modules linked in: btusb btrtl btintel btbcm btmtk bluetooth rfkill joydev intel_rapl_msr intel_rapl_common crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni xhci_pci polyval_generic xhci_pci_renesas ghash_clmulni_intel sha512_ssse3 sha256_ssse3 ehci_pci sha1_ssse3 xhci_hcd ehci_hcd pcspkr drm_vram_helper drm_ttm_helper ata_generic i2c_piix4 ttm pata_acpi serio_raw xen_scsiback target_core_mod xen_netback xen_privcmd xen_gntdev xen_gntalloc xen_blkback fuse xen_evtchn loop overlay xen_blkfront [2024-04-03 02:55:41] [ 5.186920] CR2: 0000000000000070 [2024-04-03 02:55:41] [ 5.186925] ---[ end trace 0000000000000000 ]--- [2024-04-03 02:55:41] [ 5.186932] RIP: 0010:btintel_read_debug_features+0x4d/0xf0 [btintel] [2024-04-03 02:55:41] [ 5.186943] Code: 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 8d 4c 24 07 c6 44 24 07 01 e8 7e cd f3 ff 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48 [2024-04-03 02:55:41] [ 5.186960] RSP: 0018:ffffac9a40477c90 EFLAGS: 00010207 [2024-04-03 02:55:41] [ 5.186966] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8f5150ddab08 [2024-04-03 02:55:41] [ 5.186974] RDX: 0000000000000000 RSI: 0000000000000216 RDI: ffff8f5150ddab00 [2024-04-03 02:55:41] [ 5.186982] RBP: ffffac9a40477cc0 R08: ffff8f5150ddab08 R09: 0000000000000000 [2024-04-03 02:55:41] [ 5.186990] R10: 0000000000000001 R11: 0000000000000030 R12: ffff8f5150dda000 [2024-04-03 02:55:41] [ 5.186999] R13: ffff8f5146ecec00 R14: ffff8f51512b7e05 R15: ffff8f5150dda6d0 [2024-04-03 02:55:41] [ 5.187008] FS: 0000000000000000(0000) GS:ffff8f5157100000(0000) knlGS:0000000000000000 [2024-04-03 02:55:41] [ 5.187017] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2024-04-03 02:55:41] [ 5.187024] CR2: 0000000000000070 CR3: 00000000109a2000 CR4: 0000000000350ee0 [2024-04-03 02:55:41] [ 5.187032] Kernel panic - not syncing: Fatal exception [2024-04-03 02:55:41] [ 5.187061] Kernel Offset: 0xc800000 from 0xffffffff80200000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) ```

Trying to start sys-usb again succeeded (as on - no panic this time), but bluetooth failed:

[    6.211108] Bluetooth: hci0: Reading Intel version command failed (-110)

The panic did not happen with Linux 6.6.21.

marmarek commented 6 months ago

Looks to be known already: https://lore.kernel.org/all/08275279-7462-4f4a-a0ee-8aa015f829bc@leemhuis.info/T/#u, with a fix available.