Re: tty-related oops in latest kernel(s)?

[Pekka Enberg]

On 5/28/07, Pekka Enberg <penberg@xxxxxxxxxxxxxx> wrote:
> >   BUG: unable to handle kernel NULL pointer dereference at virtual address 00000731
> >   EIP is at vt_ioctl+0xda8/0x1482

[snip]

On 5/28/07, Pekka Enberg <penberg@xxxxxxxxxxxxxx> wrote:
> >   Call Trace:
> >    [<c0149fd9>] link_path_walk+0xa5/0xaf
> >    [<c021d766>] vt_ioctl+0x0/0x1482
> >    [<c021a395>] tty_ioctl+0xa01/0xa87

I am getting this with your config:

(gdb) p vt_ioctl
$1 = {int (struct tty_struct *, struct file *, unsigned int, long
unsigned int)} 0xc01e404a <vt_ioctl>
(gdb) l *(0xc01e404a + 0xda8)
0xc01e4df2 is in vt_ioctl (drivers/char/vt_ioctl.c:720).
715             /*
716              * Returns the first available (non-opened) console.
717              */
718             case VT_OPENQRY:
719                     for (i = 0; i < MAX_NR_CONSOLES; ++i)
720                             if (! VT_IS_IN_USE(i))
721                                     break;
722                     ucval = i < MAX_NR_CONSOLES ? (i+1) : -1;
723                     goto setint;
724

Which seems to match the code dump in the OOPS as well. I am not sure
what %edx (which is zero and causes problems) should contain but I am
guessing tty_driver->ttys is corrupted which seems consistent with the
reference count sanity check failure. Unfortunately I am not familiar
enough with tty internals to immediately see why this is happening.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/