Re: Oops with 6.19.10: RIP: 0010:hci_sock_get_channel+0x5/0x20

Re: Oops with 6.19.10: RIP: 0010:hci_sock_get_channel+0x5/0x20

[Paul Menzel]

#regzbot ^introduced: v6.19.6..v6.19.10

Dear Gabor,


Thank you for your report.

Am 31.03.26 um 07:17 schrieb Gabor Gombas:

> I've upgraded to 6.19.10, and within an hour, I got the below Oops. The
> line from bluetoothd is the only syslog entry close to the oops. 6.19.6
> run fine on the same host since it was released.
> 
> Mar 30 22:00:43 host bluetoothd[807]: Path /org/bleak/65/140683142893552 removed along with Adv Monitor app :1.103
> Mar 30 22:00:43 host kernel: Oops: general protection fault, probably for non-canonical address 0xf712f8c7a288279f: 0000 [#1] SMP PTI
> Mar 30 22:00:43 host kernel: CPU: 1 UID: 0 PID: 807 Comm: bluetoothd Not tainted 6.19.10-gg #48 PREEMPT(lazy)
> Mar 30 22:00:43 host kernel: Hardware name:  /D54250WYK, BIOS WYLPT10H.86A.0045.2017.0302.2108 03/02/2017
> Mar 30 22:00:43 host kernel: RIP: 0010:hci_sock_get_channel+0x5/0x20
> Mar 30 22:00:43 host kernel: Code: 0f a3 b7 78 03 00 00 0f 92 c0 c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <0f> b7 87 72 03 00 00 c3 cc cc cc cc 0f 1f 40 00 66 66 2e 0f 1f 84
> Mar 30 22:00:43 host kernel: RSP: 0018:ffffbb74c11afa68 EFLAGS: 00010206
> Mar 30 22:00:43 host kernel: RAX: 0000000000000000 RBX: ffff9c46c5ead600 RCX: 0000000000000002
> Mar 30 22:00:43 host kernel: RDX: ffff9c46c97e1f80 RSI: 000000000000000d RDI: f712f8c7a288242d
> Mar 30 22:00:43 host kernel: RBP: 0000000000000000 R08: ffffffff8296f7b0 R09: 0000000000000002
> Mar 30 22:00:43 host kernel: R10: ffff9c46cb124000 R11: ffff9c4796f88400 R12: ffff9c46cb124b28
> Mar 30 22:00:43 host kernel: R13: 0000000000000003 R14: 000000000000000d R15: ffff9c46cb124b08
> Mar 30 22:00:43 host kernel: FS:  00007fec5ee85340(0000) GS:ffff9c4853a17000(0000) knlGS:0000000000000000
> Mar 30 22:00:43 host kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Mar 30 22:00:43 host kernel: CR2: 00007f959681a008 CR3: 0000000118f08001 CR4: 00000000001726f0
> Mar 30 22:00:43 host kernel: Call Trace:
> Mar 30 22:00:43 host kernel:  <TASK>
> Mar 30 22:00:43 host kernel:  mgmt_pending_find+0x48/0xa0
> Mar 30 22:00:43 host kernel:  remove_adv_monitor+0x3b/0x120
> Mar 30 22:00:43 host kernel:  ? _raw_read_lock+0x13/0x40
> Mar 30 22:00:43 host kernel:  hci_sock_sendmsg+0x656/0xb40
> Mar 30 22:00:43 host kernel:  sock_write_iter+0x181/0x190
> Mar 30 22:00:43 host kernel:  do_iter_readv_writev+0x139/0x230
> Mar 30 22:00:43 host kernel:  vfs_writev+0x120/0x3a0
> Mar 30 22:00:43 host kernel:  ? __seccomp_filter+0x34/0x5b0
> Mar 30 22:00:43 host kernel:  ? _copy_to_iter+0x87/0x6b0
> Mar 30 22:00:43 host kernel:  ? __seccomp_filter+0x34/0x5b0
> Mar 30 22:00:43 host kernel:  ? do_writev+0xde/0x110
> Mar 30 22:00:43 host kernel:  do_writev+0xde/0x110
> Mar 30 22:00:43 host kernel:  do_syscall_64+0x6c/0xe90
> Mar 30 22:00:43 host kernel:  ? syscall_exit_work+0x13e/0x1b0
> Mar 30 22:00:43 host kernel:  ? do_syscall_64+0x8a/0xe90
> Mar 30 22:00:43 host kernel:  ? do_syscall_64+0x8a/0xe90
> Mar 30 22:00:43 host kernel:  ? switch_fpu_return+0x16/0xd0
> Mar 30 22:00:43 host kernel:  ? do_syscall_64+0x29f/0xe90
> Mar 30 22:00:43 host kernel:  ? handle_softirqs+0x13f/0x2a0
> Mar 30 22:00:43 host kernel:  ? irqentry_exit+0x48/0x530
> Mar 30 22:00:43 host kernel:  entry_SYSCALL_64_after_hwframe+0x71/0x79
> Mar 30 22:00:43 host kernel: RIP: 0033:0x7fec5f333e92
> Mar 30 22:00:43 host kernel: Code: 18 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 1a 83 e2 39 83 fa 08 75 12 e8 2b ff ff ff 0f 1f 00 49 89 ca 48 8b 44 24 20 0f 05 <48> 83 c4 18 c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 10 ff 74 24 18
> Mar 30 22:00:43 host kernel: RSP: 002b:00007ffc60d23590 EFLAGS: 00000202 ORIG_RAX: 0000000000000014
> Mar 30 22:00:43 host kernel: RAX: ffffffffffffffda RBX: 00007ffc60d23610 RCX: 00007fec5f333e92
> Mar 30 22:00:43 host kernel: RDX: 0000000000000001 RSI: 00007ffc60d23610 RDI: 0000000000000008
> Mar 30 22:00:43 host kernel: RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
> Mar 30 22:00:43 host kernel: R10: 0000000000000000 R11: 0000000000000202 R12: 000055bcb1bf7e60
> Mar 30 22:00:43 host kernel: R13: 000055bcb1bf9f90 R14: 000055bcb1c15520 R15: 0000000000000000
> Mar 30 22:00:43 host kernel:  </TASK>
> Mar 30 22:00:43 host kernel: Modules linked in: ip_set tun rfcomm 8021q algif_hash algif_skcipher af_alg bnep uinput kvm_intel iwlmvm mei_hdcp nls_cp437 kvm iwlwifi at24 vfat regmap_i2c fat irqbypass ir_rc6_decoder rc_rc6_mce n>
> Mar 30 22:00:43 host kernel: ---[ end trace 0000000000000000 ]---
> Mar 30 22:00:44 host kernel: RIP: 0010:hci_sock_get_channel+0x5/0x20
> Mar 30 22:00:44 host kernel: Code: 0f a3 b7 78 03 00 00 0f 92 c0 c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <0f> b7 87 72 03 00 00 c3 cc cc cc cc 0f 1f 40 00 66 66 2e 0f 1f 84
> Mar 30 22:00:44 host kernel: RSP: 0018:ffffbb74c11afa68 EFLAGS: 00010206
> Mar 30 22:00:44 host kernel: RAX: 0000000000000000 RBX: ffff9c46c5ead600 RCX: 0000000000000002
> Mar 30 22:00:44 host kernel: RDX: ffff9c46c97e1f80 RSI: 000000000000000d RDI: f712f8c7a288242d
> Mar 30 22:00:44 host kernel: RBP: 0000000000000000 R08: ffffffff8296f7b0 R09: 0000000000000002
> Mar 30 22:00:44 host kernel: R10: ffff9c46cb124000 R11: ffff9c4796f88400 R12: ffff9c46cb124b28
> Mar 30 22:00:44 host kernel: R13: 0000000000000003 R14: 000000000000000d R15: ffff9c46cb124b08
> Mar 30 22:00:44 host kernel: FS:  00007fec5ee85340(0000) GS:ffff9c4853a17000(0000) knlGS:0000000000000000
> Mar 30 22:00:44 host kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Mar 30 22:00:44 host kernel: CR2: 00007f959681a008 CR3: 0000000118f08001 CR4: 00000000001726f0

Can you reproduce the issue? If yes, it’d be a great help, if you could 
bisect the issue.


Kind regards,

Paul

Re: Oops with 6.19.10: RIP: 0010:hci_sock_get_channel+0x5/0x20

[Thorsten Leemhuis]

On 3/31/26 08:24, Paul Menzel wrote:
> Am 31.03.26 um 07:17 schrieb Gabor Gombas:
>
> Can you reproduce the issue? If yes, it’d be a great help, if you could
> bisect the issue.

For instructions see:
https://docs.kernel.org/admin-guide/verify-bugs-and-bisect-regressions.html
or https://docs.kernel.org/admin-guide/bug-bisect.html

Checking if mainline is affected is also important (the first guide
handles that), as that determines how this needs to be handled.

Ciao, Thorsten

Re: Oops with 6.19.10: RIP: 0010:hci_sock_get_channel+0x5/0x20

[Gabor Gombas]

On Tue, Mar 31, 2026 at 09:07:48AM +0200, Thorsten Leemhuis wrote:
> On 3/31/26 08:24, Paul Menzel wrote:
> > Am 31.03.26 um 07:17 schrieb Gabor Gombas:
> >
> > Can you reproduce the issue? If yes, it’d be a great help, if you could
> > bisect the issue.
> 
> For instructions see:
> https://docs.kernel.org/admin-guide/verify-bugs-and-bisect-regressions.html
> or https://docs.kernel.org/admin-guide/bug-bisect.html
> 
> Checking if mainline is affected is also important (the first guide
> handles that), as that determines how this needs to be handled.

Unfortunately it's unlikely that I would have time for a bisection
before the weekend. The bug can be reproduced, I've booted 6.19.10
again, and this time hit the oops after a few minutes. The oops is
slightly different, so likely it's some kind of memory corruption. The
box in question is running Home Assistant, so it is constantly scanning
for Bluetooth devices.

I have a 6.19.8 kernel which I've built some time ago but then never
used, I've booted it now, we'll see how it fares.

Gabor

Mar 31 20:29:21 host bluetoothd[810]: Path /org/bleak/66/140584461213584 removed along with Adv Monitor app :1.101
Mar 31 20:29:21 host kernel: BUG: unable to handle page fault for address: 00000000bfaf0372
Mar 31 20:29:21 host kernel: #PF: supervisor read access in kernel mode
Mar 31 20:29:21 host kernel: #PF: error_code(0x0000) - not-present page
Mar 31 20:29:21 host kernel: PGD 0 P4D 0 
Mar 31 20:29:21 host kernel: Oops: Oops: 0000 [#1] SMP PTI
Mar 31 20:29:21 host kernel: CPU: 0 UID: 0 PID: 810 Comm: bluetoothd Not tainted 6.19.10-gg #48 PREEMPT(lazy) 
Mar 31 20:29:21 host kernel: Hardware name:  /D54250WYK, BIOS WYLPT10H.86A.0045.2017.0302.2108 03/02/2017
Mar 31 20:29:21 host kernel: RIP: 0010:hci_sock_get_channel+0x5/0x20
Mar 31 20:29:21 host kernel: Code: 0f a3 b7 78 03 00 00 0f 92 c0 c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <0f> b7 87 72 03 00 00 c3 cc cc cc cc 0f 1f 40 00 66 66 2e 0f 1f 84
Mar 31 20:29:21 host kernel: RSP: 0018:ffff9d7201013ad8 EFLAGS: 00010206
Mar 31 20:29:21 host kernel: RAX: 0000000000000000 RBX: ffff93d9887bec00 RCX: 0000000000000002
Mar 31 20:29:21 host kernel: RDX: ffff93d9877fbf00 RSI: 000000000000000d RDI: 00000000bfaf0000
Mar 31 20:29:21 host kernel: RBP: ffffe64e82febc40 R08: ffffffff83b6f7b0 R09: 0000000000000002
Mar 31 20:29:21 host kernel: R10: ffff93d98bda6000 R11: ffff93d985603600 R12: ffff93d98bda6b28
Mar 31 20:29:21 host kernel: R13: 0000000000000003 R14: 000000000000000d R15: ffff93d98bda6b08
Mar 31 20:29:21 host kernel: FS:  00007ff6a4ff2340(0000) GS:ffff93db12797000(0000) knlGS:0000000000000000
Mar 31 20:29:21 host kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 31 20:29:21 host kernel: CR2: 00000000bfaf0372 CR3: 000000010bc9e006 CR4: 00000000001726f0
Mar 31 20:29:21 host kernel: Call Trace:
Mar 31 20:29:21 host kernel:  <TASK>
Mar 31 20:29:21 host kernel:  mgmt_pending_find+0x48/0xa0
Mar 31 20:29:21 host kernel:  remove_adv_monitor+0x3b/0x120
Mar 31 20:29:21 host kernel:  ? _raw_read_lock+0x13/0x40
Mar 31 20:29:21 host kernel:  hci_sock_sendmsg+0x656/0xb40
Mar 31 20:29:21 host kernel:  sock_write_iter+0x181/0x190
Mar 31 20:29:21 host kernel:  ? ____sys_sendmsg+0x2e5/0x300
Mar 31 20:29:21 host kernel:  do_iter_readv_writev+0x139/0x230
Mar 31 20:29:21 host kernel:  vfs_writev+0x120/0x3a0
Mar 31 20:29:21 host kernel:  ? vfs_read+0x222/0x350
Mar 31 20:29:21 host kernel:  ? __seccomp_filter+0x34/0x5b0
Mar 31 20:29:21 host kernel:  ? do_writev+0xde/0x110
Mar 31 20:29:21 host kernel:  do_writev+0xde/0x110
Mar 31 20:29:21 host kernel:  do_syscall_64+0x6c/0xe90
Mar 31 20:29:21 host kernel:  ? syscall_exit_work+0x13e/0x1b0
Mar 31 20:29:21 host kernel:  ? do_syscall_64+0x8a/0xe90
Mar 31 20:29:21 host kernel:  ? syscall_exit_work+0x13e/0x1b0
Mar 31 20:29:21 host kernel:  ? do_syscall_64+0x8a/0xe90
Mar 31 20:29:21 host kernel:  ? irqentry_exit+0x48/0x530
Mar 31 20:29:21 host kernel:  entry_SYSCALL_64_after_hwframe+0x71/0x79
Mar 31 20:29:21 host kernel: RIP: 0033:0x7ff6a54a0e92
Mar 31 20:29:21 host kernel: Code: 18 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 1a 83 e2 39 83 fa 08 75 12 e8 2b ff ff ff 0f 1f 00 49 89 ca 48 8b 44 24 20 0f 05 <48> 83 c4 18 c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 10 ff 74 24 18
Mar 31 20:29:21 host kernel: RSP: 002b:00007fff3c414010 EFLAGS: 00000202 ORIG_RAX: 0000000000000014
Mar 31 20:29:21 host kernel: RAX: ffffffffffffffda RBX: 00007fff3c414090 RCX: 00007ff6a54a0e92
Mar 31 20:29:21 host kernel: RDX: 0000000000000001 RSI: 00007fff3c414090 RDI: 0000000000000008
Mar 31 20:29:21 host kernel: RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
Mar 31 20:29:21 host kernel: R10: 0000000000000000 R11: 0000000000000202 R12: 0000559419ca6e60
Mar 31 20:29:21 host kernel: R13: 0000559419ca8f90 R14: 0000559419cc6cb0 R15: 0000000000000000
Mar 31 20:29:21 host kernel:  </TASK>
Mar 31 20:29:21 host kernel: Modules linked in: ip_set tun rfcomm 8021q algif_hash algif_skcipher af_alg bnep uinput kvm_intel iwlmvm kvm at24 irqbypass nls_cp437 regmap_i2c iwlwifi vfat mei_hdcp fat ir_rc6_decoder rc_rc6_mce n>
Mar 31 20:29:21 host kernel: CR2: 00000000bfaf0372
Mar 31 20:29:21 host kernel: ---[ end trace 0000000000000000 ]---
Mar 31 20:29:21 host kernel: RIP: 0010:hci_sock_get_channel+0x5/0x20
Mar 31 20:29:21 host kernel: Code: 0f a3 b7 78 03 00 00 0f 92 c0 c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <0f> b7 87 72 03 00 00 c3 cc cc cc cc 0f 1f 40 00 66 66 2e 0f 1f 84
Mar 31 20:29:21 host kernel: RSP: 0018:ffff9d7201013ad8 EFLAGS: 00010206
Mar 31 20:29:21 host kernel: RAX: 0000000000000000 RBX: ffff93d9887bec00 RCX: 0000000000000002
Mar 31 20:29:21 host kernel: RDX: ffff93d9877fbf00 RSI: 000000000000000d RDI: 00000000bfaf0000
Mar 31 20:29:21 host kernel: RBP: ffffe64e82febc40 R08: ffffffff83b6f7b0 R09: 0000000000000002
Mar 31 20:29:21 host kernel: R10: ffff93d98bda6000 R11: ffff93d985603600 R12: ffff93d98bda6b28
Mar 31 20:29:21 host kernel: R13: 0000000000000003 R14: 000000000000000d R15: ffff93d98bda6b08
Mar 31 20:29:21 host kernel: FS:  00007ff6a4ff2340(0000) GS:ffff93db12797000(0000) knlGS:0000000000000000
Mar 31 20:29:21 host kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 31 20:29:21 host kernel: CR2: 00000000bfaf0372 CR3: 000000010bc9e006 CR4: 00000000001726f0