Bug#1106411: linux-image-6.12.27-amd64: kernel NULL pointer dereference in bmc150_accel_core
Control: tags -1 + moreinfo
Hi Kim,
On Sat, May 24, 2025 at 04:44:05PM +0200, Kim Alvefur wrote:
> Package: src:linux
> Version: 6.12.27-1
> Severity: important
> X-Debbugs-Cc: debian-amd64@lists.debian.org
> User: debian-amd64@lists.debian.org
> Usertags: amd64
>
> Dear Maintainer,
>
> I noticed a kernel BUG line in the logs.
>
> > BUG: kernel NULL pointer dereference, address: 0000000000000001
>
> -- Package-specific info:
> ** Version:
> Linux version 6.12.27-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.12.27-1 (2025-05-06)
>
> ** Command line:
> BOOT_IMAGE=/vmlinuz-6.12.27-amd64 root=/dev/mapper/spisula--vg-root ro quiet
>
> ** Tainted: D (128)
> * kernel died recently, i.e. there was an OOPS or BUG
>
> ** Kernel log:
> [ 15.089146] RDX: ffffffff83326d30 RSI: 0000000000000202 RDI: ffff9a9190947504
> [ 15.089148] RBP: ffff9a9190947420 R08: ffff9a919c498be8 R09: 0000000000000000
> [ 15.089149] R10: ffffb83f40d27ac8 R11: 0000000000000009 R12: ffff9a919c498d50
> [ 15.089151] R13: 0000000000000000 R14: 0000000000000001 R15: ffff9a919c498b30
> [ 15.089153] FS: 00007f10b2d30940(0000) GS:ffff9a91fbd00000(0000) knlGS:0000000000000000
> [ 15.089155] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 15.089157] CR2: 0000000000000001 CR3: 000000011c33c000 CR4: 0000000000352ef0
> [ 15.089159] Call Trace:
> [ 15.089163] <TASK>
> [ 15.089167] bmc150_accel_buffer_postenable+0x5d/0x90 [bmc150_accel_core]
> [ 15.089173] __iio_update_buffers+0x731/0xb20 [industrialio]
> [ 15.089198] enable_store+0x84/0xe0 [industrialio]
> [ 15.089214] kernfs_fop_write_iter+0x13b/0x1f0
> [ 15.089222] vfs_write+0x28d/0x450
> [ 15.089230] ksys_write+0x6d/0xf0
> [ 15.089235] do_syscall_64+0x82/0x190
> [ 15.089241] ? syscall_exit_to_user_mode+0x4d/0x210
> [ 15.089245] ? do_syscall_64+0x8e/0x190
> [ 15.089248] ? __memcg_slab_free_hook+0xf7/0x140
> [ 15.089253] ? __x64_sys_close+0x3c/0x80
> [ 15.089255] ? kmem_cache_free+0x3ee/0x440
> [ 15.089260] ? syscall_exit_to_user_mode+0x4d/0x210
> [ 15.089263] ? do_syscall_64+0x8e/0x190
> [ 15.089265] ? kernfs_fop_write_iter+0x9d/0x1f0
> [ 15.089268] ? vfs_write+0x28d/0x450
> [ 15.089272] ? syscall_exit_to_user_mode+0x4d/0x210
> [ 15.089275] ? clear_bhb_loop+0x25/0x80
> [ 15.089279] ? clear_bhb_loop+0x25/0x80
> [ 15.089281] ? clear_bhb_loop+0x25/0x80
> [ 15.089284] entry_SYSCALL_64_after_hwframe+0x76/0x7e
> [ 15.089288] RIP: 0033:0x7f10b31369ee
> [ 15.089319] Code: 08 0f 85 f5 4b ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
> [ 15.089321] RSP: 002b:00007ffc6dbe57d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> [ 15.089324] RAX: ffffffffffffffda RBX: 00007f10b2d30940 RCX: 00007f10b31369ee
> [ 15.089325] RDX: 0000000000000001 RSI: 00007ffc6dbe5980 RDI: 0000000000000009
> [ 15.089327] RBP: 00007ffc6dbe5980 R08: 0000000000000000 R09: 0000000000000000
> [ 15.089328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
> [ 15.089329] R13: 0000559ac7f662a0 R14: 00007f10b3281e80 R15: 0000000000000001
> [ 15.089333] </TASK>
> [ 15.089333] Modules linked in: snd_hda_ext_core snd_soc_core snd_compress snd_pcm_dmaengine overlay bnep zram processor_thermal_device_pci_legacy snd_hda_intel lz4hc_compress snd_intel_dspcfg lz4_compress i915(+) processor_thermal_device x86_pkg_temp_thermal uvcvideo intel_powerclamp snd_intel_sdw_acpi processor_thermal_wt_hint coretemp videobuf2_vmalloc iwlmvm btusb snd_hda_codec binfmt_misc processor_thermal_rfim drm_buddy kvm_intel uvc drm_display_helper btrtl snd_hda_core mac80211 intel_rapl_msr processor_thermal_rapl videobuf2_memops nls_ascii btintel snd_hwdep cec intel_rapl_common kvm libarc4 bmc150_accel_i2c videobuf2_v4l2 nls_cp437 btbcm snd_pcm acer_wmi rc_core processor_thermal_wt_req bmc150_accel_core iwlwifi irqbypass videodev vfat btmtk intel_pmc_core snd_timer mei_hdcp mei_pxp sparse_keymap ttm processor_thermal_power_floor industrialio_triggered_buffer rapl fat videobuf2_common rtsx_usb_ms cfg80211 intel_vsec snd bluetooth platform_profile mei_me drm_kms_helper processor_thermal_mbox kfifo_buf
> [ 15.089389] intel_cstate pcspkr mc wmi_bmof memstick pmt_telemetry soundcore rfkill mei i2c_algo_bit intel_soc_dts_iosf industrialio int3400_thermal ac acer_wireless int3403_thermal pmt_class soc_button_array button acpi_thermal_rel int340x_thermal_zone joydev evdev msr parport_pc ppdev lp parport efi_pstore configfs nfnetlink efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic rtsx_usb_sdmmc rtsx_usb dm_crypt dm_mod crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel hid_multitouch sha512_ssse3 hid_generic sha256_ssse3 xhci_pci sha1_ssse3 r8169 i2c_hid_acpi sdhci_pci xhci_hcd aesni_intel nvme realtek i2c_hid intel_lpss_pci cqhci usbcore gf128mul nvme_core mdio_devres hid intel_lpss sdhci i2c_i801 wdat_wdt crypto_simd cryptd watchdog serio_raw video i2c_smbus lpc_ich libphy mmc_core usb_common idma64 drm nvme_auth battery wmi
> [ 15.089449] CR2: 0000000000000001
> [ 15.089451] ---[ end trace 0000000000000000 ]---
> [ 15.207536] RIP: 0010:bmc150_accel_set_interrupt+0x68/0x120 [bmc150_accel_core]
> [ 15.207561] Code: 84 86 00 00 00 ba 01 00 00 00 f0 0f c1 10 83 c2 01 83 fa 01 7f 64 49 8b 3c 24 be 01 00 00 00 e8 5e fc ff ff 89 c3 85 c0 75 52 <41> 0f b6 55 01 41 0f b6 75 00 45 31 c9 45 31 c0 49 8b 3c 24 6a 00
> [ 15.207563] RSP: 0018:ffffb83f40d27ab0 EFLAGS: 00010246
> [ 15.207567] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffff01
> [ 15.207569] RDX: ffffffff83326d30 RSI: 0000000000000202 RDI: ffff9a9190947504
> [ 15.207571] RBP: ffff9a9190947420 R08: ffff9a919c498be8 R09: 0000000000000000
> [ 15.207572] R10: ffffb83f40d27ac8 R11: 0000000000000009 R12: ffff9a919c498d50
> [ 15.207574] R13: 0000000000000000 R14: 0000000000000001 R15: ffff9a919c498b30
> [ 15.207575] FS: 00007f10b2d30940(0000) GS:ffff9a91fbd00000(0000) knlGS:0000000000000000
> [ 15.207577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 15.207579] CR2: 0000000000000001 CR3: 000000011c33c000 CR4: 0000000000352ef0
> [ 15.207582] note: iio-sensor-prox[804] exited with irqs disabled
> [ 15.281160] Generic FE-GE Realtek PHY r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC)
> [ 15.300168] snd_hda_codec_realtek hdaudioC0D0: autoconfig for ALC256: line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:speaker
> [ 15.300176] snd_hda_codec_realtek hdaudioC0D0: speaker_outs=0 (0x0/0x0/0x0/0x0/0x0)
> [ 15.300179] snd_hda_codec_realtek hdaudioC0D0: hp_outs=1 (0x21/0x0/0x0/0x0/0x0)
> [ 15.300181] snd_hda_codec_realtek hdaudioC0D0: mono: mono_out=0x0
> [ 15.300182] snd_hda_codec_realtek hdaudioC0D0: inputs:
> [ 15.300184] snd_hda_codec_realtek hdaudioC0D0: Internal Mic=0x12
> [ 15.300186] snd_hda_codec_realtek hdaudioC0D0: Headset Mic=0x19
> [ 15.461236] r8169 0000:02:00.0 enp2s0: Link is Down
> [ 15.666827] iwlwifi 0000:00:0c.0: Registered PHC clock: iwlwifi-PTP, with index: 0
> [ 15.749241] Bluetooth: hci0: Waiting for firmware download to complete
> [ 15.749426] Bluetooth: hci0: Firmware loaded in 1795145 usecs
> [ 15.749520] Bluetooth: hci0: Waiting for device to boot
> [ 15.753647] input: HDA Digital PCBeep as /devices/pci0000:00/0000:00:0e.0/sound/card0/input23
> [ 15.753728] input: HDA Intel PCH Front Headphone as /devices/pci0000:00/0000:00:0e.0/sound/card0/input24
> [ 15.753797] input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input25
> [ 15.753859] input: HDA Intel PCH HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input26
> [ 15.753929] input: HDA Intel PCH HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input27
> [ 15.763426] Bluetooth: hci0: Device booted in 13644 usecs
> [ 15.764861] Bluetooth: hci0: Found Intel DDC parameters: intel/ibt-17-16-1.ddc
> [ 15.766480] Bluetooth: hci0: Applying Intel DDC parameters completed
> [ 15.767483] Bluetooth: hci0: Firmware revision 0.1 build 201 week 12 2024
> [ 15.769492] Bluetooth: hci0: HCI LE Coded PHY feature bit is set, but its usage is not supported.
> [ 15.825248] Bluetooth: MGMT ver 1.23
> [ 15.862572] NET: Registered PF_ALG protocol family
> [ 16.107882] Console: switching to colour frame buffer device 170x48
> [ 16.186327] i915 0000:00:02.0: [drm] fb0: i915drmfb frame buffer device
> [ 16.188401] Bluetooth: RFCOMM TTY layer initialized
> [ 16.189294] Bluetooth: RFCOMM socket layer initialized
> [ 16.190089] Bluetooth: RFCOMM ver 1.11
> [ 18.899809] wlp0s12f0: authenticate with 14:91:82:2e:1c:5b (local address=f4:b3:01:63:29:78)
> [ 18.900292] wlp0s12f0: send auth to 14:91:82:2e:1c:5b (try 1/3)
> [ 18.939856] wlp0s12f0: authenticated
> [ 18.941129] wlp0s12f0: associate with 14:91:82:2e:1c:5b (try 1/3)
> [ 18.960084] wlp0s12f0: RX AssocResp from 14:91:82:2e:1c:5b (capab=0x11 status=0 aid=2)
> [ 18.963364] wlp0s12f0: associated
> [ 19.726378] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7
> [ 20.032936] rfkill: input handler disabled
> [ 56.015476] systemd-journald[486]: File /var/log/journal/1ee1fc9b6cdc4cf895119313e2529972/user-1000.journal corrupted or uncleanly shut down, renaming and replacing.
> [ 56.441048] rfkill: input handler enabled
> [ 57.651916] snd_hda_intel 0000:00:0e.0: azx_get_response timeout, switching to polling mode: last cmd=0x20bf8100
> [ 58.655918] snd_hda_intel 0000:00:0e.0: No response from codec, disabling MSI: last cmd=0x20bf8100
> [ 59.663910] snd_hda_intel 0000:00:0e.0: azx_get_response timeout, switching to single_cmd mode: last cmd=0x20bf8100
> [ 59.664135] azx_single_wait_for_response: 119 callbacks suppressed
> [ 71.688065] azx_single_send_cmd: 161 callbacks suppressed
Can you please test 6.12.29-1 from unstable (and which should migrate
soon to trixie)?
If you can reproduce the issue, can you please post the full kernel
log once the issue has happened, so we get the full context (The
previous log is capped).
Regards,
Salvatore
Reply to: