Return-Path: From: "Xu, Martin" To: "linux-bluetooth@vger.kernel.org" CC: "Liu, Bing Wei" Date: Tue, 5 May 2009 16:06:42 +0800 Subject: RE: kernel carsh using Bluez on Netbook platform Message-ID: <9F0C1DB20AFA954FA1DA05309350433D5F913D94@pdsmsx503.ccr.corp.intel.com> References: <1241399835.2899.0.camel@localhost.localdomain> <9F0C1DB20AFA954FA1DA05309350433D5F913D45@pdsmsx503.ccr.corp.intel.com> In-Reply-To: <9F0C1DB20AFA954FA1DA05309350433D5F913D45@pdsmsx503.ccr.corp.intel.com> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org List-ID: >On netbook platform( Eeepc 901; "Aspire One + Omiz Bluetooth dongle"), when using >bluez, such as paring, l2ping and rfcomm, kernel crashes easily. >I am using kernel 2.6.29. >I caught the crash messag: >BUG: spinlock bad magic on CPU#0, swapper/0 >Bug: unable to handle kernel paging request at 00646733 I have done some research on the issue and found that at hci_event.c: hci_disconn_complete_evt() After hci_conn_del_sysfs(conn) The contents of conn maybe modified Such as conn->idle_timer conn->disc_timer and conn->list that leads to crash of kernel when run hci_conn_del(conn) I worked a patch to run hci_conn_del_sysfs after hci_conn_del and find that the issue can be fixed. Some one can tell me whether the patch is ok, and the root cause of the issue. Thanks! :) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index f91ba69..1999ac1 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -1009,10 +1009,9 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff if (conn) { conn->state = BT_CLOSED; - hci_conn_del_sysfs(conn); - hci_proto_disconn_ind(conn, ev->reason); hci_conn_del(conn); + hci_conn_del_sysfs(conn); } hci_dev_unlock(hdev);