This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 488115 - Bluetooth oops from hci_conn_del
Bluetooth oops from hci_conn_del
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
: 481678 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-02 13:58 EST by Pete Zaitcev
Modified: 2009-03-28 15:32 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-05 20:46:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The dmesg pre-captured before crash (37.48 KB, text/plain)
2009-03-02 13:58 EST, Pete Zaitcev
no flags Details
The crash, over netconsole, same run as dmesg (9.50 KB, text/plain)
2009-03-02 13:59 EST, Pete Zaitcev
no flags Details

  None (edit)
Description Pete Zaitcev 2009-03-02 13:58:15 EST
Created attachment 333774 [details]
The dmesg pre-captured before crash

Description of problem:

After pairing the earpiece, kernel oopses (GPF).

Version-Release number of selected component (if applicable):

2.6.29-0.148.rc6.fc11.x86_64

How reproducible:

100% (in the given configuration)

Steps to Reproduce:
1. Connect USB adapter
2. hcitool scan
3. hcitool cc MAC
4. Wait - it's not synchronous. Takes some idle time to happen.
5. Oops
  
Actual results:

Crash

Expected results:

No crash at least

Additional info:

Terminal trace:

[root@simbelmyne zaitcev]# hcitool dev
Devices:
        hci0    00:18:E7:36:30:3A
[root@simbelmyne zaitcev]# hcitool dev
Devices:
        hci0    00:18:E7:36:30:3A
[root@simbelmyne zaitcev]# hcitool scan
Scanning ...
        00:1A:0E:43:6D:5E       Motorola H350
[root@simbelmyne zaitcev]# hcitool cc 00:1A:0E:43:6D:5E
[root@simbelmyne zaitcev]# hcitool cc 00:1A:0E:43:6D:5E
[root@simbelmyne zaitcev]# 
 <--------------- crash at this point after some idle time

I've done hcitool cc twice here, but actually it happens with just
one too.
Comment 1 Pete Zaitcev 2009-03-02 13:59:19 EST
Created attachment 333775 [details]
The crash, over netconsole, same run as dmesg
Comment 2 Chuck Ebbert 2009-03-02 17:45:26 EST
   0:	49 8b 0c 24          	mov    (%r12),%rcx

r12 == 6b6b6b6b6b6b6b6b
Comment 3 Chuck Ebbert 2009-03-02 21:27:06 EST
*** Bug 481678 has been marked as a duplicate of this bug. ***
Comment 4 Chuck Ebbert 2009-03-03 16:52:30 EST
net/core/skbuff.c:1793:
        result = __skb_dequeue(list);

static inline struct sk_buff *__skb_dequeue(struct sk_buff_head *list)
{
        struct sk_buff *skb = skb_peek(list);
        if (skb)
                __skb_unlink(skb, list);
        return skb;
}

skb_peek() returns skb == 0x6b6b6b6b6b6b6b6b

static inline struct sk_buff *skb_peek(struct sk_buff_head *list_)
{
        struct sk_buff *list = ((struct sk_buff *)list_)->next;
        if (list == (struct sk_buff *)list_)
                list = NULL;
        return list;
}
Comment 5 Chuck Ebbert 2009-03-03 17:53:28 EST
reported upstream:
http://marc.info/?l=linux-netdev&m=123612024109003&w=2
Comment 6 Bastien Nocera 2009-03-04 13:49:36 EST
Could this be related as well?
http://thread.gmane.org/gmane.linux.bluez.kernel/1549
Comment 7 Chuck Ebbert 2009-03-05 18:15:40 EST
The bluetooth patches have been rebased in kernel 0.207, can you try this again?
Comment 8 Pete Zaitcev 2009-03-05 20:46:59 EST
2.6.29-0.207.rc7.fc11 seems to work ok (I've not gotten the headset to
work, but there's no crash anymore). Rawhide is on .197, I pulled .207
from Koji to test. Closing.
Comment 9 James 2009-03-28 15:32:43 EDT
I've seen some lockups after finishing with Bluetooth on kernel-2.6.29-3.fc10.x86_64, have the patches made it into this kernel?

Note You need to log in before you can comment on or make changes to this bug.