On Sun, 22 Jul 2007, Iain Hibbert wrote:

> Looking at it the trail in the bluetooth stack is fairly short and I can't
> see much possibility of mistake there, will look at it in more depth
> later..

Juan, can you try to reproduce that with the attached patch included, so
that I can have more information about where this might be going wrong?

thanks,
iain

--- /usr/src/sys/dev/usb/ubt.c	2007-03-31 14:37:33.000000000 +0100
+++ src/sys/dev/usb/ubt.c	2007-07-22 21:33:06.000000000 +0100
@@ -1434,12 +1434,24 @@
 			DPRINTF("dumped undersized packet (%d)\n", count);
 			sc->sc_unit.hci_stats.err_rx++;
 		} else {
+			hci_acldata_hdr_t hdr;
+
+			memcpy(&hdr.con_handle, buf, sizeof(hdr) - 1);
+			hdr.length = le16toh(hdr.length);
+			if (hdr.length + sizeof(hdr) != count + 1)
+				printf("hdr.length = %d, count = %d\n", hdr.length, count);
+
 			sc->sc_unit.hci_stats.acl_rx++;
 			sc->sc_unit.hci_stats.byte_rx += count;

 			m = ubt_mbufload(buf, count, HCI_ACL_DATA_PKT);
 			if (m != NULL)
+			{
+				if (m->m_pkthdr.len != count + 1)
+					printf("m_pkthdr.len = %d, count = %d\n", m->m_pkthdr.len, count);
+
 				hci_input_acl(&sc->sc_unit, m);
+			}
 			else
 				sc->sc_unit.hci_stats.err_rx++;
 		}