[Bug 202963] New: [REGRESSION][BISECTED] Bluetooth broken on MBP and kernel NULL pointer dereference

linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: bugzilla-daemon@bugzilla.kernel.org
To: linux-bluetooth@vger.kernel.org
Subject: [Bug 202963] New: [REGRESSION][BISECTED] Bluetooth broken on MBP and kernel NULL pointer dereference
Date: Mon, 18 Mar 2019 07:47:56 +0000	[thread overview]
Message-ID: <bug-202963-62941@https.bugzilla.kernel.org/> (raw)

https://bugzilla.kernel.org/show_bug.cgi?id=202963

            Bug ID: 202963
           Summary: [REGRESSION][BISECTED] Bluetooth broken on MBP and
                    kernel NULL pointer dereference
           Product: Drivers
           Version: 2.5
    Kernel Version: 5.0.2
          Hardware: Intel
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: high
          Priority: P1
         Component: Bluetooth
          Assignee: linux-bluetooth@vger.kernel.org
          Reporter: ronald@innovation.ch
        Regression: No

Hardware: Apple MacBook Pro 13,3

As of kernel 5.0 bluetooth is not working anymore and there are a couple null
pointer deference bugs in the dmesg during boot (this also delays boot and
shutdown by several minutes). The issue has been bisected down to commit
75d11676dccb643de1e850c8a29f5e9aa58157c0 (Bluetooth: hci_bcm: Add support for
regulator supplies). Further investigation shows the reason why: at the top of
bcm_get_resources() processing is short-circuited on apple machines, and hence
dev->supplies is never initialized; this then eventually leads to the null
pointer after bcm_gpio_set_power() calls regulator_bulk_enable().

Two obvious fixes I see are:
1. don't call regulator_bulk_enable() if dev->supplies is not initialized
2. initialize dev->supplies on apple machines too

For reference the BUG in dmesg is:
  BUG: unable to handle kernel NULL pointer dereference at 0000000000000088
  #PF error: [normal kernel read fault]
  PGD 0 P4D 0 
  Oops: 0000 [#1] SMP PTI
  CPU: 2 PID: 439 Comm: kworker/u16:2 Tainted: G        W  OE     5.0.2+ #4
  Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS
251.0.0.0.0 10/>
  Workqueue: events_unbound async_run_entry_fn
  RIP: 0010:regulator_enable+0xe/0xc0
  Code: ac ff 8b 43 0c e9 e2 fe ff ff e9 98 22 00 00 66 66 2e 0f 1f 84 00 00 00
00 00>
  RSP: 0018:ffffa8f1c25cfd98 EFLAGS: 00010282
  RAX: ffffffffac63bef0 RBX: ffff926c1eda6ec8 RCX: 0000000000000002
  RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000000
  RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000001e1f80
  R10: 00000010213103a9 R11: ffffffffae650180 R12: ffff926c2d812000
  R13: ffff926c2d859b00 R14: 0000000000000000 R15: ffff926c21a4a6e8
  FS:  0000000000000000(0000) GS:ffff926c2e000000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000088 CR3: 000000016b616004 CR4: 00000000003606e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  Call Trace:
   ? sched_clock+0x5/0x10
   ? process_one_work+0x1ca/0x5f0
   ? __lock_is_held+0x5a/0xa0
   regulator_bulk_enable_async+0x12/0x20
   async_run_entry_fn+0x39/0x160
   process_one_work+0x24c/0x5f0
   worker_thread+0x3c/0x390
   ? process_one_work+0x5f0/0x5f0
   kthread+0x120/0x140
   ? kthread_create_on_node+0x60/0x60
   ret_from_fork+0x3a/0x50
  Modules linked in: acpi_cpufreq(E-) x86_pkg_temp_thermal(E) brcmfmac(E)
intel_power>
  CR2: 0000000000000088

regulator_enable+0xe is this line (i.e. regulator is null):

        struct regulator_dev *rdev = regulator->rdev;

-- 
You are receiving this mail because:
You are the assignee for the bug.

next             reply	other threads:[~2019-03-18  7:48 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-18  7:47 bugzilla-daemon [this message]
2019-03-18  7:49 ` [Bug 202963] [REGRESSION][BISECTED] Bluetooth broken on MBP and kernel NULL pointer dereference bugzilla-daemon
2019-03-23 13:48 ` bugzilla-daemon
2019-04-27  7:52 ` bugzilla-daemon
2019-04-27  7:56 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-202963-62941@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@bugzilla.kernel.org \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).