Hi Pavel, > On 2.6.20-rc2, I got: > > This used to work before... certainly with 2.6.19. > > Running this multiple times seems to trigger it: > > #!/bin/bash > # > # Run tui on desktop machine, using t68i instead of a modem. > # > > hciconfig hci0 name billionton > hciconfig hci0 up > hcid > rfcomm unbind 1 > # t68 > rfcomm bind 1 00:80:37:??:??:?? > stty -echo < /dev/rfcomm1 > > cd ~pavel/misc/tui/microwindows-0.91/src > ( while true; do ~pavel/sf/tui/input_sx1 | bin/phone; done ) & > ./launcher.sh > > Pavel > > .... > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > l2cap_recv_acldata: Unexpected continuation frame (len 0) > kobject_add failed for rfcomm1 with -EEXIST, don't try to register things with the same name in the same directory. > [] kobject_add+0x1ac/0x1e0 > [] device_add+0xb0/0x500 > [] kobject_init+0x2b/0x40 > [] device_create_release+0x0/0x10 > [] device_create+0x89/0xc0 > [] tty_register_device+0x5b/0xf0 > [] _read_lock_bh+0x8/0x20 > [] hci_get_route+0x112/0x120 > [] rfcomm_dev_ioctl+0x4cd/0x690 > [] rfcomm_sock_ioctl+0x29/0x50 > [] sock_ioctl+0xaf/0x1d0 > [] sock_ioctl+0x0/0x1d0 > [] do_ioctl+0x2b/0xa0 > [] vfs_ioctl+0x5c/0x2e0 > [] sys_ioctl+0x3d/0x70 > [] syscall_call+0x7/0xb > [] schedule+0x2c3/0x8f0 > ======================= I have no idea why this one happens. You should check if the unbind really succeeded. > BUG: unable to handle kernel NULL pointer dereference at virtual address 0000003c > printing eip: > c05ef978 > *pde = 00000000 > BUG: soft lockup detected on CPU#0! > [] softlockup_tick+0xa9/0xd0 > [] update_process_times+0x33/0x80 > [] smp_apic_timer_interrupt+0x6b/0x80 > [] apic_timer_interrupt+0x28/0x30 > [] delay_tsc+0x16/0x20 > [] __delay+0x6/0x10 > [] do_page_fault+0x35b/0x600 > [] do_page_fault+0x0/0x600 > [] error_code+0x7c/0x84 > [] read_fan+0x59/0x6f > [] rfcomm_tty_chars_in_buffer+0x8/0x20 > [] normal_poll+0xd4/0x140 > [] normal_poll+0x0/0x140 > [] tty_poll+0x6b/0x90 > [] do_select+0x219/0x4b0 > [] __pollwait+0x0/0x110 > [] default_wake_function+0x0/0x10 > [] default_wake_function+0x0/0x10 > [] default_wake_function+0x0/0x10 > [] __find_get_block_slow+0xc0/0x140 > [] poison_obj+0x29/0x60 > [] dbg_redzone1+0xe/0x20 > [] cache_alloc_debugcheck_after+0x3e/0x150 > [] check_poison_obj+0x24/0x1a0 > [] __find_get_block+0xcf/0x1c0 > [] poison_obj+0x29/0x60 > [] poison_obj+0x29/0x60 > [] cache_free_debugcheck+0xb0/0x1d0 > [] journal_stop+0x162/0x1f0 > [] journal_stop+0x162/0x1f0 > [] __ext3_journal_stop+0x24/0x50 > [] ext3_ordered_commit_write+0xa1/0xd0 > [] ext3_journal_dirty_data+0x0/0x50 > [] generic_file_buffered_write+0x39b/0x680 > [] __ext3_journal_stop+0x24/0x50 > [] __mark_inode_dirty+0x34/0x1c0 > [] __generic_file_aio_write_nolock+0x283/0x590 > [] core_sys_select+0x1c6/0x2e0 > [] __mutex_lock_slowpath+0xef/0x230 > [] generic_file_aio_write+0x62/0xd0 > [] ext3_file_write+0x30/0xc0 > [] do_sync_write+0xc7/0x130 > [] __handle_mm_fault+0x642/0x890 > [] autoremove_wake_function+0x0/0x50 > [] tty_ldisc_deref+0x15/0x70 > [] sys_select+0x51/0x1c0 > [] syscall_call+0x7/0xb > ======================= > Oops: 0000 [#1] > SMP > Modules linked in: > CPU: 0 > EIP: 0060:[] Not tainted VLI > EFLAGS: 00010246 (2.6.20-rc2 #384) > EIP is at rfcomm_tty_chars_in_buffer+0x8/0x20 > eax: 00000000 ebx: db0e5704 ecx: 00000000 edx: f79858ac > esi: 00000000 edi: f7599528 ebp: 00000000 esp: da73bb54 > ds: 007b es: 007b ss: 0068 > Process phone (pid: 3930, ti=da73a000 task=dc212a70 task.ti=da73a000) > Stack: c02dcd64 00610a52 f7599528 db0e5704 c02dcc90 c02d9f4b 00000000 db0e5710 > 00000010 f7599528 00000004 0000001c c017b5c9 00000000 da73bf9c da73bf54 > 00000000 da73be60 da73be64 da73be68 da73be58 da73be5c da73be60 00000011 > Call Trace: > [] normal_poll+0xd4/0x140 > [] normal_poll+0x0/0x140 > [] tty_poll+0x6b/0x90 > [] do_select+0x219/0x4b0 > [] __pollwait+0x0/0x110 > [] default_wake_function+0x0/0x10 > [] default_wake_function+0x0/0x10 > [] default_wake_function+0x0/0x10 > [] __find_get_block_slow+0xc0/0x140 > [] poison_obj+0x29/0x60 > [] dbg_redzone1+0xe/0x20 > [] cache_alloc_debugcheck_after+0x3e/0x150 > [] check_poison_obj+0x24/0x1a0 > [] __find_get_block+0xcf/0x1c0 > [] poison_obj+0x29/0x60 > [] poison_obj+0x29/0x60 > [] cache_free_debugcheck+0xb0/0x1d0 > [] journal_stop+0x162/0x1f0 > [] journal_stop+0x162/0x1f0 > [] __ext3_journal_stop+0x24/0x50 > [] ext3_ordered_commit_write+0xa1/0xd0 > [] ext3_journal_dirty_data+0x0/0x50 > [] generic_file_buffered_write+0x39b/0x680 > [] __ext3_journal_stop+0x24/0x50 > [] __mark_inode_dirty+0x34/0x1c0 > [] __generic_file_aio_write_nolock+0x283/0x590 > [] core_sys_select+0x1c6/0x2e0 > [] __mutex_lock_slowpath+0xef/0x230 > [] generic_file_aio_write+0x62/0xd0 > [] ext3_file_write+0x30/0xc0 > [] do_sync_write+0xc7/0x130 > [] __handle_mm_fault+0x642/0x890 > [] autoremove_wake_function+0x0/0x50 > [] tty_ldisc_deref+0x15/0x70 > [] sys_select+0x51/0x1c0 > [] syscall_call+0x7/0xb > ======================= > Code: 8d 76 00 8b 80 60 01 00 00 8b 50 3c f0 0f ba 72 3c 00 19 c0 85 c0 75 01 c3 89 d0 e9 f3 cb ff ff 8d 76 00 8b 80 60 01 00 00 31 c9 <8b> 50 3c 8d 42 0c 39 42 0c 74 03 8b 4a 50 89 c8 c3 8d b4 26 00 > EIP: [] rfcomm_tty_chars_in_buffer+0x8/0x20 SS:ESP 0068:da73bb54 The attached patch is from my queue of pending fixes and should take care of these oopses. Regards Marcel