----- Original Message -----
> BTW, are you sure about that?
>
> Presuming that the "tty" pointer is ffff8802cbd54800 as you've shown below,
> and therefore tty->read_buf is 0xffff8802cbfe6000 and tty->read_tail is 0,
> then the statement above would be simply be reading tty->read_buf[0], or
> virtual address 0xffff8802cbfe6000. But the oops shows it faulting on a
> virtual address of "5":
>
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000005
Just for my own sanity, can you either attach the "drivers/char/n_tty.c"
from *your* specific kernel, or get the source-code/line-number data from
the embedded gdb module?
If you don't have the n_tty.c file readily available, you can get the
source-code/line-number data of a particular function by doing something
like this:
Get the line number of the beginning of n_tty_read(), which in my kernel
is at 1698 -- your's will probably be different:
crash> gdb list n_tty_read
1695 * This code must be sure never to sleep through a hangup.
1696 */
1697
1698 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
1699 unsigned char __user *buf, size_t nr)
1700 {
1701 unsigned char __user *b = buf;
1702 DECLARE_WAITQUEUE(wait, current);
1703 int c;
1704 int minimum, time;
crash>
Then get the line number of the next function in the file, which is
n_tty_write():
crash> gdb list n_tty_write
1918 * lock themselves)
1919 */
1920
1921 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
1922 const unsigned char *buf, size_t nr)
1923 {
1924 const unsigned char *b = buf;
1925 DECLARE_WAITQUEUE(wait, current);
1926 int c;
1927 ssize_t retval = 0;
And then dump the whole n_tty_read() function (plus some extra stuff):
crash> gdb list 1698,1920
1698 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
1699 unsigned char __user *buf, size_t nr)
1700 {
1701 unsigned char __user *b = buf;
1702 DECLARE_WAITQUEUE(wait, current);
1703 int c;
1704 int minimum, time;
1705 ssize_t retval = 0;
1706 ssize_t size;
1707 long timeout;
1708 unsigned long flags;
1709 int packet;
1710
1711 do_it_again:
1712
1713 BUG_ON(!tty->read_buf);
1714
1715 c = job_control(tty, file);
1716 if (c < 0)
1717 return c;
1718
1719 minimum = time = 0;
1720 timeout = MAX_SCHEDULE_TIMEOUT;
1721 if (!tty->icanon) {
1722 time = (HZ / 10) * TIME_CHAR(tty);
1723 minimum = MIN_CHAR(tty);
...
And lastly, since the crash occurred at
IP: [<ffffffff811f03b3>] n_tty_read+0x58c/0x818
Do this:
crash> dis -rl n_tty_read+0x58c
...
And then post all of that data.
Dave
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility
