I managed to find one more bug report similar to this one. So now there are at least four bug reports (including this one) here in Launchpad on this problem:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1144322 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1165433 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1189998 https://bugs.launchpad.net/ubuntu/+source/linux-lts-raring/+bug/1256811 Anyway, if these are about the same bug that I think they are, the bug has now been completely fixed in kernel version 3.14, though kernel version 3.12 included some of the fix. Also there was one previous fix that is also needed that I think was backported to stable before 3.12. I think I manged to list all the necessary commits, Here are links to the commits, in case they need to be backported: The first fix (pre 3.12?): https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d9e689c934bd5ecb0f273c6c65e0655c5cfee5f The fixes in 3.12: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=396dc223dd36edd218650d042a07c5e61f022c5b https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebe937f74b8a72cf3ceeae5c2194a160bb092901 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54b926a1434e817ca84cb090f36b56763e192470 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cad348a17e170451ea8688b532a6ca3e98c63b60 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ece3150dea382c7c961fe2604332ed3474960d25 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ffe6b68cc5999a3f91a15b6667e69e14186e337d https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29cd718beba999bda4bdbbf59b5a4d25c07e1547 And finally the fixes in 3.14: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b899241874dcc1a2b932a668731c80a3a869575 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e228b63390536f5b737056059a9a04ea016b1abf https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2fb3ecc7467c775b154813861f25a0ddc11aa0 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f86772af6a0f643d3e13eb3f4f9213ae0c333ee4 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1189998 Title: bluetooth disconnection corrupts memory and causes kernel panic Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Raring: Confirmed Status in “linux” source package in Saucy: Fix Released Bug description: This bug is present on kernels v3.8-rc1 and beyond and was exposed by commit ecbbfd44. To reproduce: 1) Pair a bluetooth device that is capable of being easily powered down (a phone for example) 2) Configure /etc/bluetooth/rfcomm.conf to connect to device. For example: rfcomm0 { bind no; device XX:XX:XX:XX:XX:XX; channel XX; comment "phone"; } 3) Type 'rfcomm connect 0'. 4) On the device power down the bluetooth component or power down the device. 5) Eventually the machine will crash, I've found that exec'ing another program will cause the crash easily. ProblemType: KernelCrash DistroRelease: Ubuntu 13.10 Package: linux-image-3.9.0-4-generic ProcVersionSignature: Ubuntu 3.9.0-4.9-generic 3.9.4 Uname: Linux 3.9.0-4-generic x86_64 ApportVersion: 2.10.2-0ubuntu1 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: ubuntu 1537 F.... pulseaudio Date: Tue Jun 11 12:22:26 2013 HibernationDevice: RESUME=UUID=8c8e9f7c-b216-4ead-a5da-8e267ab136ac InstallationDate: Installed on 2013-06-05 (5 days ago) InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Alpha amd64 (20130605) MachineType: LENOVO 42872WU MarkForUpload: True ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.9.0-4-generic root=UUID=94d4ed1f-8182-4805-8d5b-6944f6f1c428 ro crashkernel=384M-2G:64M,2G-:128M debug ignore_loglevel PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: Home directory not accessible: Permission denied No PulseAudio daemon running, or not running as session daemon. RelatedPackageVersions: linux-restricted-modules-3.9.0-4-generic N/A linux-backports-modules-3.9.0-4-generic N/A linux-firmware 1.109 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/01/2011 dmi.bios.vendor: LENOVO dmi.bios.version: 8DET55WW (1.25 ) dmi.board.asset.tag: Not Available dmi.board.name: 42872WU dmi.board.vendor: LENOVO dmi.board.version: Not Available dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Not Available dmi.modalias: dmi:bvnLENOVO:bvr8DET55WW(1.25):bd11/01/2011:svnLENOVO:pn42872WU:pvrThinkPadX220:rvnLENOVO:rn42872WU:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable: dmi.product.name: 42872WU dmi.product.version: ThinkPad X220 dmi.sys.vendor: LENOVO -- The actual crash: [ 507.050158] Bluetooth: TIOCGSERIAL is not supported [ 513.902765] ------------[ cut here ]------------ [ 513.902781] WARNING: at /build/buildd/linux-3.9.0/kernel/workqueue.c:602 get_work_pool+0x81/0x90() [ 513.902784] Hardware name: 42872WU [ 513.902786] Modules linked in: intel_powerclamp coretemp kvm_intel kvm parport_pc(F) crc32_pclmul(F) ghash_clmulni_intel(F) ppdev(F) rfcomm aesni_intel(F) aes_x86_64(F) bnep xts(F) lrw(F) gf128mul(F) ablk_helper(F) cryptd(F) joydev(F) arc4(F) uvcvideo iwldvm snd_hda_codec_hdmi snd_hda_codec_conexant videobuf2_vmalloc videobuf2_memops videobuf2_core mac80211 snd_hda_intel thinkpad_acpi videodev snd_hda_codec nvram(F) snd_hwdep(F) snd_pcm(F) iwlwifi snd_page_alloc(F) snd_seq_midi(F) snd_seq_midi_event(F) snd_rawmidi(F) snd_seq(F) snd_seq_device(F) btusb snd_timer(F) psmouse(F) snd(F) bluetooth mei cfg80211 serio_raw(F) soundcore(F) microcode(F) tpm_tis lpc_ich mac_hid lp(F) parport(F) i915 i2c_algo_bit drm_kms_helper e1000e(F) ptp(F) pps_core(F) drm sdhci_pci sdhci ahci(F) libahci(F) wmi video(F) [ 513.902871] Pid: 863, comm: modem-manager Tainted: GF 3.9.0-4-generic #9-Ubuntu [ 513.902873] Call Trace: [ 513.902883] [<ffffffff810584c0>] warn_slowpath_common+0x70/0xa0 [ 513.902889] [<ffffffff810585aa>] warn_slowpath_null+0x1a/0x20 [ 513.902894] [<ffffffff810750f1>] get_work_pool+0x81/0x90 [ 513.902900] [<ffffffff810780c4>] flush_work+0x24/0x160 [ 513.902909] [<ffffffffa051330e>] ? rfcomm_dev_destruct+0x7e/0xb0 [rfcomm] [ 513.902916] [<ffffffff8117d0ed>] ? kfree+0xfd/0x130 [ 513.902922] [<ffffffff81078274>] __cancel_work_timer+0x74/0xb0 [ 513.902928] [<ffffffff810782c0>] cancel_work_sync+0x10/0x20 [ 513.902935] [<ffffffff814196bd>] tty_ldisc_halt+0x1d/0x30 [ 513.902940] [<ffffffff8141a437>] tty_ldisc_release+0x17/0x90 [ 513.902946] [<ffffffff814131ed>] tty_release+0x46d/0x5c0 [ 513.902953] [<ffffffff81195da1>] __fput+0xe1/0x230 [ 513.902958] [<ffffffff81195fbe>] ____fput+0xe/0x10 [ 513.902964] [<ffffffff810799d7>] task_work_run+0xa7/0xe0 [ 513.902970] [<ffffffff81013d09>] do_notify_resume+0x69/0xa0 [ 513.902977] [<ffffffff816db7da>] int_signal+0x12/0x17 [ 513.902980] ---[ end trace df6aa8116aaf35db ]--- [ 536.981969] BUG: unable to handle kernel paging request at 000000fffffffe00 [ 536.982013] IP: [<ffffffff8117f83b>] __kmalloc_node_track_caller+0xdb/0x1d0 [ 536.982050] PGD 0 [ 536.982061] Oops: 0000 [#1] SMP [ 536.982079] Modules linked in: intel_powerclamp coretemp kvm_intel kvm parport_pc(F) crc32_pclmul(F) ghash_clmulni_intel(F) ppdev(F) rfcomm aesni_intel(F) aes_x86_64(F) bnep xts(F) lrw(F) gf128mul(F) ablk_helper(F) cryptd(F) joydev(F) arc4(F) uvcvideo iwldvm snd_hda_codec_hdmi snd_hda_codec_conexant videobuf2_vmalloc videobuf2_memops videobuf2_core mac80211 snd_hda_intel thinkpad_acpi videodev snd_hda_codec nvram(F) snd_hwdep(F) snd_pcm(F) iwlwifi snd_page_alloc(F) snd_seq_midi(F) snd_seq_midi_event(F) snd_rawmidi(F) snd_seq(F) snd_seq_device(F) btusb snd_timer(F) psmouse(F) snd(F) bluetooth mei cfg80211 serio_raw(F) soundcore(F) microcode(F) tpm_tis lpc_ich mac_hid lp(F) parport(F) i915 i2c_algo_bit drm_kms_helper e1000e(F) ptp(F) pps_core(F) drm sdhci_pci sdhci ahci(F) libahci(F) wmi video(F) [ 536.982464] CPU 3 [ 536.982476] Pid: 1586, comm: dbus-daemon Tainted: GF W 3.9.0-4-generic #9-Ubuntu LENOVO 42872WU/42872WU [ 536.982522] RIP: 0010:[<ffffffff8117f83b>] [<ffffffff8117f83b>] __kmalloc_node_track_caller+0xdb/0x1d0 [ 536.982567] RSP: 0018:ffff8801167099d0 EFLAGS: 00010246 [ 536.982591] RAX: 0000000000000000 RBX: ffff8800d3ce3c00 RCX: 000000000000c011 [ 536.982623] RDX: 000000000000c010 RSI: 0000000000000000 RDI: 0000000000017080 [ 536.982657] RBP: ffff880116709a10 R08: ffff88011e2d7080 R09: ffff880119802a00 [ 536.982688] R10: ffff880119810400 R11: 0000000000000246 R12: 00000000000106d0 [ 536.982719] R13: 000000fffffffe00 R14: 0000000000000200 R15: 00000000ffffffff [ 536.982751] FS: 00007fab0e008800(0000) GS:ffff88011e2c0000(0000) knlGS:0000000000000000 [ 536.982787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 536.982812] CR2: 000000fffffffe00 CR3: 0000000116606000 CR4: 00000000000407e0 [ 536.982844] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 536.982875] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 536.982907] Process dbus-daemon (pid: 1586, threadinfo ffff880116708000, task ffff880113de45f0) [ 536.982945] Stack: [ 536.982954] 0000000000000001 ffff880119802a00 ffffffff815be9ae ffff8800d3ce3c00 [ 536.982991] ffff880116709a6f 00000000000004d0 0000000000000200 00000000ffffffff [ 536.983026] ffff880116709a50 ffffffff815be741 ffffffff815be97e ffff8800d3ce3c00 [ 536.983062] Call Trace: [ 536.983078] [<ffffffff815be9ae>] ? __alloc_skb+0x7e/0x2b0 [ 536.983105] [<ffffffff815be741>] __kmalloc_reserve.isra.26+0x31/0x90 [ 536.983135] [<ffffffff815be97e>] ? __alloc_skb+0x4e/0x2b0 [ 536.983162] [<ffffffff815be9ae>] __alloc_skb+0x7e/0x2b0 [ 536.983188] [<ffffffff815b9f56>] sock_alloc_send_pskb+0x1c6/0x340 [ 536.983218] [<ffffffff815bf38c>] ? consume_skb+0x2c/0x80 [ 536.983244] [<ffffffff816d2c2e>] ? _raw_spin_lock+0xe/0x20 [ 536.983270] [<ffffffff815ba0e5>] sock_alloc_send_skb+0x15/0x20 [ 536.983300] [<ffffffff8165f349>] unix_stream_sendmsg+0x269/0x460 [ 536.983328] [<ffffffff815b511a>] sock_sendmsg+0xaa/0xe0 [ 536.983353] [<ffffffff815b5259>] ? sock_recvmsg+0xb9/0xf0 [ 536.983380] [<ffffffff81098429>] ? load_balance+0x109/0x7e0 [ 536.983408] [<ffffffff815c2c06>] ? verify_iovec+0x56/0xd0 [ 536.983434] [<ffffffff815b58de>] __sys_sendmsg+0x39e/0x3b0 [ 536.983461] [<ffffffff811da07b>] ? ep_send_events_proc+0x15b/0x1a0 [ 536.983492] [<ffffffff81043bd9>] ? default_spin_lock_flags+0x9/0x10 [ 536.983522] [<ffffffff811da85d>] ? ep_scan_ready_list.isra.6+0x1ad/0x1b0 [ 536.983554] [<ffffffff811da991>] ? ep_poll+0x111/0x340 [ 536.983578] [<ffffffff815b7802>] sys_sendmsg+0x42/0x80 [ 536.984924] [<ffffffff816db51d>] system_call_fastpath+0x1a/0x1f [ 536.986258] Code: 49 63 41 18 66 66 66 66 90 4c 89 e8 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 44 00 00 49 63 41 20 48 8d 4a 01 49 8b 39 <49> 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 0f 84 65 [ 536.989223] RIP [<ffffffff8117f83b>] __kmalloc_node_track_caller+0xdb/0x1d0 [ 536.990667] RSP <ffff8801167099d0> [ 536.992062] CR2: 000000fffffffe00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1189998/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
