Return-Path: Date: Fri, 14 Sep 2012 12:45:00 +0300 From: Andrei Emeltchenko To: Maxim Levitsky Cc: Jaganath , linux-bluetooth@vger.kernel.org, s.syam@samsung.com Subject: Re: [PATCH] Bluetooth: Free the l2cap channel list only when refcount is zero Message-ID: <20120914094458.GD7483@aemeltch-MOBL1> References: <1342165923-4901-1-git-send-email-jaganath.k@samsung.com> <20120713084859.GC2729@aemeltch-MOBL1> <4368C8F191BB414F84A70D30771FE893@sisodomain.com> <1347580581.5975.4.camel@maxim-laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <1347580581.5975.4.camel@maxim-laptop> Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Hi Maxim, On Fri, Sep 14, 2012 at 02:56:21AM +0300, Maxim Levitsky wrote: > On Fri, 2012-07-13 at 16:56 +0530, Jaganath wrote: > > Hi Andrei, > > > > -------------------------------------------------- > > From: "Andrei Emeltchenko" > > Sent: Friday, July 13, 2012 2:19 PM > > To: "Jaganath Kanakkassery" > > Cc: ; > > Subject: Re: [PATCH] Bluetooth: Free the l2cap channel list only when > > refcount is zero > > > > > Hi Jaganath, > > > > > > On Fri, Jul 13, 2012 at 01:22:03PM +0530, Jaganath Kanakkassery wrote: > > >> Move the l2cap channel list chan->global_l under the refcnt > > >> protection and free it based on the refcnt. > > > > > > The idea is good. > > > > Note that in 3.6-rc5 which soon to be released, it trivial to trigger a > crash by suspending the system with a2dp headphones connected. > I also have seem (and I strongly suspect the same) crash in 3.5 > This patch seems to fix this so far. > Could you sent it to Linus, to fix this kernel panic? AFAIK the updated patch has been applied. Concerning your crash you can also check my patch in the mail archive "Bluetooth: Add refcnt to l2cap_conn" Best regards Andrei Emeltchenko > > Best regards, > Maxim Levitsky > > PS: > The backtrace: > > > fg80211: Calling CRDA to update world regulatory domain > cfg80211: World regulatory domain updated: > cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, > max_eirp) > cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 > mBm)2 > cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm) > cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 > mBm)T: > cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) > cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) > 8 > cfg80211: World regulatory domain updated: > cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, > max_eirp) > cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 > mBm)< > cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 > mBm)P@ > cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm) > cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) > cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) > general protection fault: 0000 [#1] PREEMPT SMP > Modules linked in: hidp af_packet bnep rfcomm iwl3945 > snd_hda_codec_realtek iwlegacy mac80211 snd_hda_intel nfsd btusb > snd_hda_codec uvcvideo snd_hwdep videobuf2_core snd_pcm bluetooth > videobuf2_vmalloc videobuf2_memops nfs_acl auth_rpcgss r592 cfg80211 > microcode nfs psmouse memstick serio_raw snd_page_alloc ene_ir battery > ac lockd sunrpc rc_lirc ir_lirc_codec lirc_dev ir_rc6_decoder > firewire_net iTCO_wdt firewire_sbp2 nouveau ttm drm_kms_helper mxm_wmi > usb_storage video wmi uhci_hcd sdhci_pci firewire_ohci firewire_core > sdhci mmc_core atkbd ehci_hcd thermal [last unloaded: tg3] > CPU 0 > Pid: 3512, comm: bluetoothd Not tainted 3.6.0-rc5+ #34 Acer Aspire > 5720 /Nettiling?b > RIP: 0010:[] [] l2cap_chan_destroy > +0x46/0xb0 [bluetooth] > RSP: 0018:ffff8800619dbca8 EFLAGS: 00010296 > RAX: dead000000200200 RBX: ffff88007d3f1000 RCX: dead000000100100 > RDX: dead000000100100 RSI: dead000000200200 RDI: ffffffffa03b7cc0 > RBP: ffff8800619dbcb8 R08: 0000000000000000 R09: 0000000000000000 > R10: 0001cc0f349b43de R11: ffffffffa03a1d2d R12: ffff88007d3f1000 > R13: ffff88007d3f1014 R14: ffff88005f922570 R15: ffff88005f9229e0 > FS: 00007f8aa4634740(0000) GS:ffff88007fa00000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f8aa46b7d90 CR3: 000000005f945000 CR4: 00000000000007f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > Process bluetoothd (pid: 3512, threadinfo ffff8800619da000, task > ffff88005ec4bde0) > Stack: > ffff8800619dbcd8 ffff880079945800 ffff8800619dbcd8 ffffffffa03a7b3c > ffff88007d3f1000 ffff88005f922800 ffff8800619dbce8 ffffffffa03a7b85 > ffff8800619dbd48 ffffffffa03a231e ffff88007d3f14a0 ffff88005f9229f0 > Call Trace: > [] l2cap_sock_kill+0x7c/0xb0 [bluetooth] > [] l2cap_sock_close_cb+0x15/0x20 [bluetooth] > [] l2cap_conn_del+0x11e/0x1f0 [bluetooth] > [] ? hci_dev_do_close+0x18a/0x370 [bluetooth] > [] l2cap_disconn_cfm+0x53/0x60 [bluetooth] > [] hci_conn_hash_flush+0x95/0x100 [bluetooth] > [] hci_dev_do_close+0x19a/0x370 [bluetooth] > [] hci_dev_close+0x50/0x80 [bluetooth] > [] hci_sock_ioctl+0x15a/0x420 [bluetooth] > [] sock_do_ioctl+0x30/0x60 > [] ? task_work_run+0x30/0xa0 > [] sock_ioctl+0x290/0x2b0 > [] do_vfs_ioctl+0x580/0x5e0 > [] ? _raw_spin_unlock_irq+0x3b/0x60 > [] sys_ioctl+0x4f/0x80 > [] system_call_fastpath+0x1a/0x1f > Code: 17 e1 48 8b 93 80 04 00 00 48 b9 00 01 10 00 00 00 ad de 48 8b 83 > 88 04 00 00 48 c7 c7 c0 7c 3b a0 48 be 00 02 20 00 00 00 ad de <48> 89 > 42 08 48 89 10 48 89 8b 80 04 00 00 48 89 b3 88 04 00 00 > "RIP [] l2cap_chan_destroy+0x46/0xb0 [bluetooth] > RSP > ---[ end trace 6e537072816e99b2 ]---+qZ > Kernel panic - not syncing: Fatal exception > fpanic occurred, switching back to text console > Rebooting in 10 seconds.. > ACPI MEMORY or I/O RESET_REG. >