On Fri, 2007-07-06 at 21:28 -0400, David Woodhouse wrote:
quoted text
> I suspect it's more likely that hci_conn_del_sysfs() is running and
> removing the object representing the ACL connection. That's what the
> input device's remove event is reporting as 'PHYSDEVPATH' on the
> occasions that it _doesn't_ oops. 

Yes, that seems to be it. It happens when we hit the idle_timeout and
the kernel tears down the connection. Adding a mdelay(5000) into
hidp_session() just before calling input_unregister_device(), and
hard-coding idle_to to 1 second, makes it nice and easy to reproduce...

Marcel? Can we deregister the input devices earlier...?

--- net/bluetooth/hidp/core.c~	2007-07-06 21:34:25.000000000 -0400
+++ net/bluetooth/hidp/core.c	2007-07-06 22:06:48.000000000 -0400
@@ -581,15 +581,6 @@ static int hidp_session(void *arg)
 
 	hidp_del_timer(session);
 
-	fput(session->intr_sock->file);
-
-	wait_event_timeout(*(ctrl_sk->sk_sleep),
-		(ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
-
-	fput(session->ctrl_sock->file);
-
-	__hidp_unlink_session(session);
-
 	if (session->input) {
 		input_unregister_device(session->input);
 		session->input = NULL;
@@ -601,6 +592,15 @@ static int hidp_session(void *arg)
 		hid_free_device(session->hid);
 	}
 
+	fput(session->intr_sock->file);
+
+	wait_event_timeout(*(ctrl_sk->sk_sleep),
+		(ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
+
+	fput(session->ctrl_sock->file);
+
+	__hidp_unlink_session(session);
+
 	up_write(&hidp_session_sem);
 
 	kfree(session);

-- 
dwmw2

-
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/