After frying my system, I'm finally up and
running. Not sure if this was due to a git-pull
(only be a few days since the last pull), or what:
when waking from suspend I see this
(I know it says tainted in it, so this will be the only noise you'll
here from me on this);

[  274.327003] =============================================================================
[  274.327528] BUG kmalloc-16: Object already free
[  274.327877] -----------------------------------------------------------------------------
[  274.327879]
[  274.327890] INFO: Allocated in btusb_open+0x82/0x16f [btusb] age=0
cpu=1 pid=3763
[  274.327899] INFO: Freed in btusb_open+0x13d/0x16f [btusb] age=0
cpu=1 pid=3763
[  274.327905] INFO: Slab 0xc139a100 objects=64 used=62 fp=0xdcd08100
flags=0x400000c3
[  274.327909] INFO: Object 0xdcd08100 @offset=256 fp=0xdcd08140
[  274.327912]
[  274.327914] Bytes b4 0xdcd080f0:  32 0d 00 00 c8 ba ff ff 5a 5a 5a
5a 5a 5a 5a 5a 2...ȺÿÿZZZZZZZZ
[  274.327928]   Object 0xdcd08100:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
[  274.327940]  Redzone 0xdcd08110:  bb bb bb bb
              »»»»
[  274.327952]  Padding 0xdcd08138:  5a 5a 5a 5a 5a 5a 5a 5a
              ZZZZZZZZ
[  274.327966] Pid: 3763, comm: hcid Tainted: P
2.6.27-rc7-00106-g6ef190c #34
[  274.327973]  [<c0170107>] print_trailer+0xc8/0xd0
[  274.327982]  [<c01701c3>] object_err+0x25/0x30
[  274.327989]  [<c0170a0a>] __slab_free+0x1be/0x271
[  274.327995]  [<c0170a85>] ? __slab_free+0x239/0x271
[  274.328001]  [<c0171147>] kfree+0x9c/0xb2
[  274.328006]  [<c02ca1d6>] ? urb_destroy+0x14/0x1e
[  274.328013]  [<c02ca1d6>] ? urb_destroy+0x14/0x1e
[  274.328018]  [<c02ca1c2>] ? urb_destroy+0x0/0x1e
[  274.328024]  [<c02ca1d6>] urb_destroy+0x14/0x1e
[  274.328028]  [<c02133b9>] kref_put+0x39/0x44
[  274.328035]  [<c02ca1c0>] usb_free_urb+0x11/0x13
[  274.328040]  [<f8db69b7>] btusb_open+0x147/0x16f [btusb]
[  274.328049]  [<f8d88abb>] hci_dev_open+0x50/0x168 [bluetooth]
[  274.328077]  ...
[ message continues ]

There's a commit in the latest git which looks like it will solve the
btusb suspend/resume issues: 5fbcd260.. ("[Bluetooth] Fix USB disconnect
handling of btusb driver").

Marcel / linux-bluetooth, I think this double free is a separate issue
with the error handling, and the following patch should fix it.

---
From: Rabin Vincent <rabin@rab.in>
Subject: [PATCH] btusb, bpa10x: fix double frees on error paths

Justin Mattock reported this double free in btusb:

  BUG kmalloc-16: Object already free
  -----------------------------------------------------------------------------

  INFO: Allocated in btusb_open+0x82/0x16f [btusb] age=3D0 cpu=3D1 pid=3D3763
  INFO: Freed in btusb_open+0x13d/0x16f [btusb] age=3D0 cpu=3D1 pid=3D3763

This occurs because the urb's transfer buffer is being freed separately
in the error path even though the URB_FREE_BUFFER transfer_flag is set
on the urb.

There are similar cases elsewhere in btusb and in bpa10x.  Fix all of
them by removing the additional kfree()'s.

Reported-by: Justin Mattock <justinmattock@gmail.com>
Signed-off-by: Rabin Vincent <rabin@rab.in>
---
 drivers/bluetooth/bpa10x.c |    2 --
 drivers/bluetooth/btusb.c  |    3 ---
 2 files changed, 0 insertions(+), 5 deletions(-)

diff --git a/drivers/bluetooth/bpa10x.c b/drivers/bluetooth/bpa10x.c
index 1e55a65..32f3a8e 100644
--- a/drivers/bluetooth/bpa10x.c
+++ b/drivers/bluetooth/bpa10x.c
@@ -256,7 +256,6 @@ static inline int bpa10x_submit_intr_urb(struct hci_dev *hdev)
 		BT_ERR("%s urb %p submission failed (%d)",
 						hdev->name, urb, -err);
 		usb_unanchor_urb(urb);
-		kfree(buf);
 	}
 
 	usb_free_urb(urb);
@@ -298,7 +297,6 @@ static inline int bpa10x_submit_bulk_urb(struct hci_dev *hdev)
 		BT_ERR("%s urb %p submission failed (%d)",
 						hdev->name, urb, -err);
 		usb_unanchor_urb(urb);
-		kfree(buf);
 	}
 
 	usb_free_urb(urb);
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 29ae998..262e9be 100644
--- ...
[ message continues ]

Cool, depending on the status of
this patch. either I'll apply this one, or just wait
until it gets commited,and then just do a git-pull.

-- 
Justin P. Mattock
--

[ message continues ]

I haven't verified it yet, but it looks like a good catch. Let me double
check this on my test machine. Weird that we never noticed this before
since I have been using the btusb driver for a very long time now.

Regards

Marcel


--

[ message continues ]

This was the first time I've seen this,
I can apply the patch myself, but first
I need to figure why dbus can be such a bitch : )
Need to figure out how to write dbus rules(if this is the case)
keep getting the permissions denied crap.

-- 
Justin P. Mattock
--

[ message continues ]

On Mon, Sep 29, 2008 at 10:21 PM, Justin Mattock

O.k. after messing around with /etc/dbus
I've applied the patch that was supplied.
Looks good!! attached is a before the patch was
applied and after the patch was applied.

-- 
Justin P. Mattock
[ message continues ]