Hi Martin,
> >On netbook platform( Eeepc 901; "Aspire One + Omiz Bluetooth dongle"), when using >bluez, such as paring, l2ping and rfcomm, kernel crashes easily.
> >I am using kernel 2.6.29.
>
> >I caught the crash messag:
> >BUG: spinlock bad magic on CPU#0, swapper/0
> >Bug: unable to handle kernel paging request at 00646733
>
> I have done some research on the issue and found that at
> hci_event.c: hci_disconn_complete_evt()
> After
> hci_conn_del_sysfs(conn)
> The contents of conn maybe modified
> Such as
> conn->idle_timer
> conn->disc_timer
> and
> conn->list
> that leads to crash of kernel when run hci_conn_del(conn)
>
> I worked a patch to run hci_conn_del_sysfs after hci_conn_del and find that the issue can be fixed. Some one can tell me whether the patch is ok, and the root cause of the issue. Thanks! :)
>
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index f91ba69..1999ac1 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -1009,10 +1009,9 @@ static inline void hci_disconn_complete_evt(struct
> hci_dev *hdev, struct sk_buff
> if (conn) {
> conn->state = BT_CLOSED;
>
> - hci_conn_del_sysfs(conn);
> -
> hci_proto_disconn_ind(conn, ev->reason);
> hci_conn_del(conn);
> + hci_conn_del_sysfs(conn);
> }
>
> hci_dev_unlock(hdev);
can you verify that a bluetooth-testing.git kernel would still procude
this NULL pointer dereference. It looks a little bit different, but I
think that actually got fixed now.
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
