----- Original Message -----
> On 24 June 2011 14:40, Dave Anderson < anderson@xxxxxxxxxx > wrote:
>
>
> And for that matter, since tty->read_cnt is 0 above,
> your original question as to how that code path was taken to
> begin with is also valid.
>
> Surely that implies tty->read_cnt has been modified since it was
> tested, and hence you're looking at concurrency issues?
Yeah, although the contents tty->read_buf are hard to explain.
It gets allocated during n_tty_open() and freed during n_tty_close().
And at the beginning of n_tty_read() there's:
BUG_ON(!tty->read_buf);
and the dump-time contents show a buffer allocated:
crash> tty_struct ffff8802cbd54800
struct tty_struct { ...
magic = 21505,
driver = 0xffff88031b54ea00,
ops = 0xffffffff8130f650,
name = "pts9\000\...",
driver_data = 0xffff88029c8a9668,
icanon = 1 '\001',
read_buf = 0xffff8802cbfe6000 "",
read_head = 0,
read_tail = 0,
read_cnt = 0,
...
but it's a NULL pointer when read during the function?
Dave
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility
