Hi,

> I can reproduce this issue with a 2.6.20-rc3 kernel running on my G5:
> 
> add_conn: Failed to register connection device
> Unable to handle kernel paging request for data at address 0x00000020
> Faulting instruction address: 0xc0000000002877d8
> Oops: Kernel access of bad area, sig: 11 [#1]
> SMP NR_CPUS=4 
> Modules linked in: hci_usb binfmt_misc rfcomm hidp l2cap bluetooth ipv6 cpufreq_stats usbhid hid fuse ide_cd cdrom snd_aoa_codec_onyx snd_aoa_fabric_layout snd_aoa snd_aoa_i2sbus snd_aoa_soundbus snd_pcm snd_page_alloc snd_timer bcm43xx snd ieee80211softmac ieee80211 ohci_hcd ieee80211_crypt ehci_hcd evdev ide_core soundcore tg3 firmware_class ata_generic pmac_zilog serial_core usbcore
> NIP: C0000000002877D8 LR: C0000000001B7380 CTR: C0000000001B7344
> REGS: c00000003ff07940 TRAP: 0300   Not tainted  (2.6.20-rc3)
> MSR: 9000000000009032 <EE,ME,IR,DR>  CR: 28000028  XER: 000FFFFF
> DAR: 0000000000000020, DSISR: 0000000040000000
> TASK = c0000000018cc040[17] 'events/3' THREAD: c00000003ff04000 CPU: 3
> GPR00: C0000000001B7380 C00000003FF07BC0 C0000000003D1F50 0000000000000000 
> GPR04: 0000000000000001 0000000000000001 0000000028000022 0000000000F12E00 
> GPR08: C00000003FF07EB0 0000000000000001 C000000001981FB0 C0000000001B7344 
> GPR12: D000000000402360 C00000000034BC80 0000000000000000 C0000000002C6F78 
> GPR16: 4000000001400000 C0000000002C5A98 0000000000000000 0000000000000000 
> GPR20: C00000000033BCA8 000000000173BCA8 C00000000033BF18 000000000173BF18 
> GPR24: 0000000000241AC0 0000000000000000 C00000003FF04000 C000000001981F80 
> GPR28: C00000003823FD10 0000000000000000 C000000000386668 C00000003823FCE8 
> NIP [C0000000002877D8] .klist_del+0x24/0xb4
> LR [C0000000001B7380] .device_del+0x3c/0x278
> Call Trace:
> [C00000003FF07BC0] [C0000000018CC040] 0xc0000000018cc040 (unreliable)
> [C00000003FF07C50] [C0000000001B7380] .device_del+0x3c/0x278
> [C00000003FF07CE0] [D000000000400820] .del_conn+0x14/0x28 [bluetooth]
> [C00000003FF07D60] [C000000000058560] .run_workqueue+0xec/0x1d4
> [C00000003FF07E00] [C000000000059198] .worker_thread+0x15c/0x1b4
> [C00000003FF07EE0] [C00000000005DE88] .kthread+0x11c/0x16c
> [C00000003FF07F90] [C0000000000210EC] .kernel_thread+0x4c/0x68
> Instruction dump:
> eba1ffe8 7c0803a6 4e800020 7c0802a6 fb81ffe0 fba1ffe8 fbe1fff8 7c7c1b78 
> f8010010 f821ff71 eba30000 7fa3eb78 <ebfd0020> 4800386d 60000000 7f83e378 
> 
> The problem is that the add_conn call fails for some strange reasons. I
> have no idea why, because it actually shouldn't. Even if it fails, it
> shouldn't kill the kernel on del_conn.

I am still unsure why the device_add operation fails, but the attached
patch fixes the case where the device_del produces the kernel oops.

Regards

Marcel