From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <4D69EE46.9050401@lundman.net> Date: Sun, 27 Feb 2011 15:25:10 +0900 From: lundman MIME-Version: 1.0 To: linux-bluetooth@vger.kernel.org Subject: Re: Linux 2.6.28-10 Oops in hci_send_to_sock Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Linux-2.6.28 CE41xx kernel, sodaville board. I turned on more debugging, and added a print for each SK and peppered the logic a little: [code] void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb) { [snip] BT_DBG("filter"); /* Apply filter */ flt = &hci_pi(sk)->filter; [snip] BT_DBG("type"); if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) { register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS); if (!hci_test_bit(evt, &flt->event_mask)) continue; if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE && flt->opcode != get_unaligned((__le16 *)(skb->data + 3))) || (evt == HCI_EV_CMD_STATUS && flt->opcode != get_unaligned((__le16 *)(skb->data + 4))))) continue; } BT_DBG("clone"); [/code] When I start bluetoothd, the panic looks like: [code] hci_send_to_sock: hdev 00000000 len 8 usbcore: registered new interface driver btusb hci_sock_create: sock cbd6dd80 hci_sock_bind: sock cbd6dd80 sk cab87c00 hci_sock_sendmsg: sock cbd6dd80 sk cab87c00 hci_sock_release: sock cbd6dd80 sk cab87c00 hci_sock_create: sock cbd6dd80 hci_sock_setsockopt: sk cab87e00, opt 2 hci_sock_bind: sock cbd6dd80 sk cab87e00 hci_sock_ioctl: cmd 800448d2 arg b7f37208 hci_sock_create: sock cbdb9000 hci_sock_bind: sock cbdb9000 sk ca2cd400 hci_dev_get: 0 hci_sock_setsockopt: sk ca2cd400, opt 2 hci_sock_ioctl: cmd 400448e2 arg bff12038 hci_dev_get: 0 hci_sock_ioctl: cmd 400448c9 arg 0 hci_dev_get: 0 hci_dev_open: hci0 cc308c00 btusb_open: hci0 btusb_submit_intr_urb: hci0 __hci_request: hci0 start btusb_intr_complete: hci0 urb ca3bec80 status 0 count 6 hci_rx_task: hci0 hci_send_to_sock: hdev cc308c00 len 6 hci_send_to_sock: skb ca2cd400 hci_send_to_sock: filter hci_send_to_sock: type BUG: unable to handle kernel NULL pointer dereference at 00000008 IP: [] hci_send_to_sock+0x83/0x153 [bluetooth] *pdpt = 000000000a3d6001 *pde = 0000000000000000 Oops: 0000 [#1] PREEMPT last sysfs file: /sys/class/vc/vcsa1/dev Modules linked in: btusb bluetooth fusion pvrsrvkm alsa_shim snd_usb_audio snd_x Pid: 1783, comm: bluetoothd Not tainted (2.6.28 #1) EIP: 0060:[] EFLAGS: 00010246 CPU: 0 EIP is at hci_send_to_sock+0x83/0x153 [bluetooth] EAX: 00000008 EBX: ca2cd400 ECX: 00000004 EDX: ffffffff ESI: ca2cd408 EDI: 00000102 EBP: cc2a1480 ESP: ca3cbd4c DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 Process bluetoothd (pid: 1783, ti=ca3ca000 task=ca0e6e60 task.ti=ca3ca000) Call Trace: [] hci_rx_task+0x54/0x286 [bluetooth] [] tasklet_action+0x34/0x69 [] __do_softirq+0x53/0xe7 [] SystemISRWrapper+0xe/0x24 [pvrsrvkm] [] handle_IRQ_event+0x25/0x4a [] do_softirq+0x27/0x29 [] irq_exit+0x32/0x34 [] do_IRQ+0x4c/0x94 [] serial8250_console_putchar+0x0/0x1d [] common_interrupt+0x23/0x28 [] vprintk+0x1d3/0x300 [] vprintk+0x264/0x300 [] filemap_fault+0x119/0x466 [] printk+0x1b/0x1f [] __hci_request+0x48/0xfb [bluetooth] [] hci_init_req+0x0/0x158 [bluetooth] [] default_wake_function+0x0/0x8 [] hci_dev_open+0x9a/0x197 [bluetooth] [] sock_ioctl+0xb0/0x1fc [] sock_ioctl+0x0/0x1fc [] vfs_ioctl+0x1f/0x6d [] do_vfs_ioctl+0x52/0x471 [] do_page_fault+0x1b2/0x881 [] do_page_fault+0x0/0x881 [] error_code+0x6a/0x70 [] sys_ioctl+0x34/0x50 [] sysenter_do_call+0x12/0x25 [] pci_scan_bridge+0x40/0x3c7 [/code] Somewhere between 'type' and 'clone', anyone want to throw me a bone?;) Lund