Bug#1032948: linux-image-6.1.0-5-amd64: oops in ucsi_acpi_notify

To: Diederik de Haas <didi.debian@cknow.org>
Cc: 1032948@bugs.debian.org
Subject: Bug#1032948: linux-image-6.1.0-5-amd64: oops in ucsi_acpi_notify
From: Julien Cristau <jcristau@debian.org>
Date: Mon, 3 Apr 2023 14:57:02 +0200
Message-id: <[🔎] ZCrNHr725tREz72D@carotte>
Reply-to: Julien Cristau <jcristau@debian.org>, 1032948@bugs.debian.org
In-reply-to: <3239117.e0437cPNY7@prancing-pony>
References: <ZBB8uMsycDCVthsw@carotte> <ZBLsr/ACPwfDXH1i@carotte> <ZBNNvzl5sW/Dk43U@carotte> <3239117.e0437cPNY7@prancing-pony> <ZBB8uMsycDCVthsw@carotte>

On Thu, Mar 16, 2023 at 20:39:51 +0100, Diederik de Haas wrote:

> On Thursday, 16 March 2023 18:11:27 CET Julien Cristau wrote:
> > > I rebooted on 6.1.15-1 last night and things are still looking good so
> > > I'll call this fixed.  Thanks.
> > 
> > Spoke too soon:
> > > [84564.498495] BUG: kernel NULL pointer dereference, address:
> > > 0000000000000398 [84564.498502] #PF: supervisor write access in kernel
> > > mode
> > > [84564.498504] #PF: error_code(0x0002) - not-present page
> > > [84564.498506] PGD 4c9444067 P4D 4c9444067 PUD 0
> > > [84564.498510] Oops: 0002 [#1] PREEMPT SMP NOPTI
> > > [84564.498512] CPU: 0 PID: 140651 Comm: kworker/0:0 Not tainted
> > > 6.1.0-6-amd64 #1  Debian 6.1.15-1 [84564.498516] Hardware name: LENOVO
> > > 20XW00ABUS/20XW00ABUS, BIOS N32ET82W (1.58 ) 12/05/2022 [84564.498518]
> > > Workqueue: kacpi_notify acpi_os_execute_deferred
> 
> Bummer.
> 
> Since 6.1.8 I found the following 2 commits in drivers/usb/typec/ucsi:
> 
> 3d7f77e55da3455c8844b651e37779c90e201f48 titled
> "usb: ucsi: Ensure connector delayed work items are flushed"
> 
> fdd11d7136fd070b3a74d6d8799d9eac28a57fc5 titled
> "usb: typec: ucsi: Don't attempt to resume the ports before they exist"
> 
> Especially the first one looks 'promising'.
> Can you make a patch which reverts that commit and use 'test-patches' from
> https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html
> to build a kernel and test that?

Reverting "usb: ucsi: Ensure connector delayed work items are flushed"
doesn't fix the crash, pretty much instant upon unplugging my monitor.

I'll give the patch series you linked in the other reply a go now.

Cheers,
Julien

> [   34.956155] usb 3-6: USB disconnect, device number 4
> [   34.956164] usb 3-6.1: USB disconnect, device number 6
> [   34.956167] usb 3-6.1.4: USB disconnect, device number 8
> [   34.995650] usb 2-3: USB disconnect, device number 2
> [   34.995654] usb 2-3.1: USB disconnect, device number 3
> [   34.995655] usb 2-3.1.2: USB disconnect, device number 4
> [   34.995778] cdc_ncm 2-3.1.2:2.0 enxc84bd6b0b3e0: unregister 'cdc_ncm' usb-0000:00:0d.0-3.1.2, CDC NCM (NO ZLP)
> [   35.449317] usb 3-6.5: USB disconnect, device number 7
> [   35.843033] BUG: kernel NULL pointer dereference, address: 0000000000000388
> [   35.843040] #PF: supervisor write access in kernel mode
> [   35.843041] #PF: error_code(0x0002) - not-present page
> [   35.843043] PGD 0 P4D 0 
> [   35.843046] Oops: 0002 [#1] PREEMPT SMP NOPTI
> [   35.843048] CPU: 0 PID: 2704 Comm: kworker/0:3 Tainted: G            E      6.1.0-7-amd64 #1  Debian 6.1.20-1a~test
> [   35.843051] Hardware name: LENOVO 20XW00ABUS/20XW00ABUS, BIOS N32ET82W (1.58 ) 12/05/2022
> [   35.843052] Workqueue: kacpi_notify acpi_os_execute_deferred
> [   35.843058] RIP: 0010:queue_work_on+0x15/0x40
> [   35.843063] Code: ff ff ff e9 9a fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 1f 44 00 00 53 9c 58 0f 1f 40 00 48 89 c3 fa 0f 1f 44 00 00 <f0> 48 0f ba 2a 00 73 15 31 c9 80 e7 02 74 06 fb 0f 1f 44 00 00 89
> [   35.843065] RSP: 0018:ffffb4a50467be38 EFLAGS: 00010002
> [   35.843067] RAX: 0000000000000202 RBX: 0000000000000202 RCX: 0000000000000000
> [   35.843069] RDX: 0000000000000388 RSI: ffff8a0640051000 RDI: 0000000000002000
> [   35.843070] RBP: 0000000000000004 R08: ffff8a06fa490a38 R09: ffff8a06fa490a20
> [   35.843071] R10: 000000000000000f R11: ffffb4a50467bc20 R12: ffff8a0d7f639b00
> [   35.843072] R13: 0000000000000000 R14: ffff8a06c642a9c0 R15: ffff8a06bc057918
> [   35.843074] FS:  0000000000000000(0000) GS:ffff8a0d7f600000(0000) knlGS:0000000000000000
> [   35.843075] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   35.843076] CR2: 0000000000000388 CR3: 000000039d410004 CR4: 0000000000770ef0
> [   35.843078] PKRU: 55555554
> [   35.843079] Call Trace:
> [   35.843082]  <TASK>
> [   35.843087]  ucsi_acpi_notify+0xa8/0xc0 [ucsi_acpi]
> [   35.843092]  acpi_ev_notify_dispatch+0x42/0x60
> [   35.843096]  acpi_os_execute_deferred+0x13/0x20
> [   35.843099]  process_one_work+0x1c4/0x380
> [   35.843102]  worker_thread+0x4d/0x380
> [   35.843105]  ? _raw_spin_lock_irqsave+0x23/0x50
> [   35.843109]  ? rescuer_thread+0x3a0/0x3a0
> [   35.843111]  kthread+0xe6/0x110
> [   35.843114]  ? kthread_complete_and_exit+0x20/0x20
> [   35.843116]  ret_from_fork+0x1f/0x30
> [   35.843121]  </TASK>
> [   35.843122] Modules linked in: xt_conntrack(E) nft_chain_nat(E) xt_MASQUERADE(E) nf_nat(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) xfrm_user(E) xfrm_algo(E) xt_addrtype(E) nft_compat(E) nf_tables(E) libcrc32c(E) nfnetlink(E) br_netfilter(E) bridge(E) stp(E) llc(E) ctr(E) ccm(E) rfcomm(E) cmac(E) algif_hash(E) algif_skcipher(E) af_alg(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_seq_device(E) qrtr(E) overlay(E) bnep(E) ipmi_devintf(E) ipmi_msghandler(E) binfmt_misc(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) snd_ctl_led(E) snd_soc_skl_hda_dsp(E) snd_soc_intel_hda_dsp_common(E) snd_soc_hdac_hdmi(E) snd_sof_probes(E) snd_hda_codec_hdmi(E) snd_hda_codec_realtek(E) snd_hda_codec_generic(E) snd_soc_dmic(E) snd_sof_pci_intel_tgl(E) snd_sof_intel_hda_common(E) soundwire_intel(E) soundwire_generic_allocation(E) soundwire_cadence(E) snd_sof_intel_hda(E) snd_sof_pci(E) snd_sof_xtensa_dsp(E) snd_sof(E) x86_pkg_temp_thermal(E) snd_sof_utils(E)
> [   35.843163]  snd_soc_hdac_hda(E) intel_powerclamp(E) snd_hda_ext_core(E) mei_hdcp(E) coretemp(E) snd_soc_acpi_intel_match(E) snd_soc_acpi(E) iwlmvm(E) btusb(E) intel_rapl_msr(E) snd_soc_core(E) btrtl(E) pmt_telemetry(E) pmt_class(E) kvm_intel(E) btbcm(E) snd_compress(E) btintel(E) mac80211(E) soundwire_bus(E) btmtk(E) libarc4(E) snd_hda_intel(E) kvm(E) snd_intel_dspcfg(E) bluetooth(E) snd_intel_sdw_acpi(E) irqbypass(E) snd_hda_codec(E) rapl(E) iwlwifi(E) uvcvideo(E) snd_hda_core(E) processor_thermal_device_pci_legacy(E) jitterentropy_rng(E) thinkpad_acpi(E) videobuf2_vmalloc(E) snd_hwdep(E) intel_cstate(E) processor_thermal_device(E) processor_thermal_rfim(E) videobuf2_memops(E) nvram(E) snd_pcm(E) iTCO_wdt(E) videobuf2_v4l2(E) drbg(E) processor_thermal_mbox(E) platform_profile(E) intel_uncore(E) pcspkr(E) ansi_cprng(E) cfg80211(E) videobuf2_common(E) snd_timer(E) ledtrig_audio(E) ucsi_acpi(E) intel_pmc_bxt(E) ecdh_generic(E) mei_me(E) iTCO_vendor_support(E) typec_ucsi(E)
> [   35.843202]  processor_thermal_rapl(E) think_lmi(E) videodev(E) snd(E) firmware_attributes_class(E) wmi_bmof(E) watchdog(E) roles(E) cdc_mbim(E) intel_rapl_common(E) ecc(E) soundcore(E) mei(E) mc(E) intel_vsec(E) typec(E) intel_soc_dts_iosf(E) rfkill(E) int3403_thermal(E) soc_button_array(E) joydev(E) ac(E) int340x_thermal_zone(E) cdc_wdm(E) igen6_edac(E) intel_hid(E) int3400_thermal(E) acpi_thermal_rel(E) sparse_keymap(E) intel_pmc_core(E) acpi_tad(E) hid_multitouch(E) evdev(E) acpi_pad(E) serio_raw(E) msr(E) parport_pc(E) ppdev(E) lp(E) parport(E) loop(E) fuse(E) efi_pstore(E) configfs(E) efivarfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) usbhid(E) dm_crypt(E) dm_mod(E) cdc_ncm(E) cdc_ether(E) usbnet(E) mii(E) crc32_pclmul(E) crc32c_intel(E) ghash_clmulni_intel(E) hid_generic(E) sha512_ssse3(E) sha512_generic(E) nvme(E) i915(E) nvme_core(E) drm_buddy(E) t10_pi(E) i2c_algo_bit(E) crc64_rocksoft_generic(E) drm_display_helper(E)
> [   35.843249]  xhci_pci(E) cec(E) rc_core(E) crc64_rocksoft(E) crc_t10dif(E) crct10dif_generic(E) ttm(E) xhci_hcd(E) crct10dif_pclmul(E) crc64(E) intel_lpss_pci(E) i2c_hid_acpi(E) drm_kms_helper(E) i2c_i801(E) aesni_intel(E) usbcore(E) i2c_hid(E) intel_lpss(E) video(E) crypto_simd(E) cryptd(E) psmouse(E) i2c_smbus(E) idma64(E) thunderbolt(E) usb_common(E) drm(E) crct10dif_common(E) button(E) hid(E) battery(E) wmi(E)
> [   35.843271] CR2: 0000000000000388
> [   35.843273] ---[ end trace 0000000000000000 ]---
> [   36.052852] RIP: 0010:queue_work_on+0x15/0x40
> [   36.052868] Code: ff ff ff e9 9a fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 1f 44 00 00 53 9c 58 0f 1f 40 00 48 89 c3 fa 0f 1f 44 00 00 <f0> 48 0f ba 2a 00 73 15 31 c9 80 e7 02 74 06 fb 0f 1f 44 00 00 89
> [   36.052871] RSP: 0018:ffffb4a50467be38 EFLAGS: 00010002
> [   36.052873] RAX: 0000000000000202 RBX: 0000000000000202 RCX: 0000000000000000
> [   36.052875] RDX: 0000000000000388 RSI: ffff8a0640051000 RDI: 0000000000002000
> [   36.052876] RBP: 0000000000000004 R08: ffff8a06fa490a38 R09: ffff8a06fa490a20
> [   36.052877] R10: 000000000000000f R11: ffffb4a50467bc20 R12: ffff8a0d7f639b00
> [   36.052878] R13: 0000000000000000 R14: ffff8a06c642a9c0 R15: ffff8a06bc057918
> [   36.052880] FS:  0000000000000000(0000) GS:ffff8a0d7f600000(0000) knlGS:0000000000000000
> [   36.052881] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   36.052883] CR2: 0000000000000388 CR3: 00000001089b8002 CR4: 0000000000770ef0
> [   36.052884] PKRU: 55555554
> [   36.052886] note: kworker/0:3[2704] exited with irqs disabled

Reply to:

Follow-Ups:
- Bug#1032948: linux-image-6.1.0-5-amd64: oops in ucsi_acpi_notify
  - From: Diederik de Haas <didi.debian@cknow.org>

Prev by Date: Bug#1033637: Aw: Re: Bug#1033637: linux: amdgpu - External displays connected through Thinkpad Ultra Dock not turn on after suspend
Next by Date: Bug#1032948: linux-image-6.1.0-5-amd64: oops in ucsi_acpi_notify
Previous by thread: Bug#1033637: Aw: Re: Bug#1033637: linux: amdgpu - External displays connected through Thinkpad Ultra Dock not turn on after suspend
Next by thread: Bug#1032948: linux-image-6.1.0-5-amd64: oops in ucsi_acpi_notify
Index(es):
- Date
- Thread