[Crash-utility] Unable to switch stack frames while using crash

Dave Anderson anderson at redhat.com
Thu Jun 23 16:04:33 UTC 2011 


----- Original Message -----

> BTW, are you sure about that?
> 
> Presuming that the "tty" pointer is ffff8802cbd54800 as you've shown below,
> and therefore tty->read_buf is 0xffff8802cbfe6000 and tty->read_tail is 0,
> then the statement above would be simply be reading tty->read_buf[0], or
> virtual address 0xffff8802cbfe6000. But the oops shows it faulting on a
> virtual address of "5":
> 
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000005

Just for my own sanity, can you either attach the "drivers/char/n_tty.c" 
from *your* specific kernel, or get the source-code/line-number data from 
the embedded gdb module?

If you don't have the n_tty.c file readily available, you can get the
source-code/line-number data of a particular function by doing something
like this:

Get the line number of the beginning of n_tty_read(), which in my kernel
is at 1698 -- your's will probably be different:

 crash> gdb list n_tty_read
 1695     *      This code must be sure never to sleep through a hangup.
 1696     */
 1697    
 1698    static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
 1699                             unsigned char __user *buf, size_t nr)
 1700    {
 1701            unsigned char __user *b = buf;
 1702            DECLARE_WAITQUEUE(wait, current);
 1703            int c;
 1704            int minimum, time;
 crash>
 
Then get the line number of the next function in the file, which is
n_tty_write():
 
 crash> gdb list n_tty_write
 1918     *                lock themselves)
 1919     */
 1920    
 1921    static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
 1922                               const unsigned char *buf, size_t nr)
 1923    {
 1924            const unsigned char *b = buf;
 1925            DECLARE_WAITQUEUE(wait, current);
 1926            int c;
 1927            ssize_t retval = 0;
 
And then dump the whole n_tty_read() function (plus some extra stuff):
 
 crash> gdb list 1698,1920
 1698    static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
 1699                             unsigned char __user *buf, size_t nr)
 1700    {
 1701            unsigned char __user *b = buf;
 1702            DECLARE_WAITQUEUE(wait, current);
 1703            int c;
 1704            int minimum, time;
 1705            ssize_t retval = 0;
 1706            ssize_t size;
 1707            long timeout;
 1708            unsigned long flags;
 1709            int packet;
 1710    
 1711    do_it_again:
 1712    
 1713            BUG_ON(!tty->read_buf);
 1714    
 1715            c = job_control(tty, file);
 1716            if (c < 0)
 1717                    return c;
 1718    
 1719            minimum = time = 0;
 1720            timeout = MAX_SCHEDULE_TIMEOUT;
 1721            if (!tty->icanon) {
 1722                    time = (HZ / 10) * TIME_CHAR(tty);
 1723                    minimum = MIN_CHAR(tty);
 ... 
 
And lastly, since the crash occurred at 
 
   IP: [<ffffffff811f03b3>] n_tty_read+0x58c/0x818
 
Do this:
 
 crash> dis -rl n_tty_read+0x58c
 ...
 
And then post all of that data.
 
Dave

More information about the Crash-utility mailing list