n_tty_ioctl() bug in 1.3.10 ?

J. Kean Johnston (root@tetrarch.paradigm.co.za)
Sat, 15 Jul 1995 10:24:05 +0000 (GMT)

Hello all.

I seem to have found a bug in 1.3.10. It manifested itself when using talk.
As soon as I reply to a talk request, it connects fine but the first character
that is typed by either party causes the following:

[Connection established]
stack segment: 0000
EIP: 0010:00185cde
EFLAGS: 00010286
eax: bffff788 ebx: 00b8a000 ecx: 0008c660 edx: 0000001a
esi: 0008c660 edi: 0000541b ebp: bffff788 esp: 00523f50
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process talk (pid: 732, process nr: 20, stackpage=00523000)
Stack: 00b8a000 0008c660 0000541b bffff788 00000000 00000000 00180207 00b8a000
0008c660 0000541b bffff788 0000541b bffff788 00000010 bffff754 00b8a000
00000000 0010f96f 00000020 0012ec87 008b6ee0 0008c660 0000541b bffff788
Call Trace: 00180207 0010f96f 0012ec87 0010a7b9
Code: c6 45 f9 ff 83 c4 0c 85 c0 0f 85 20 02 00 00 8b 7c 24 1c 8b
Segmentation fault

I do not know how to analyse this propperly (can anyone tell me exactly
how I can debug a running kernel so I can track the real problem down, or
point me in the direction of documents that tell me how), but here is
where I THINK the bug may be. These are the relevant lines from my
00185878 t _get_termio
00185908 T _n_tty_ioctl
00185f18 T _n_tty_flush_buffer
00185fb8 T _n_tty_chars_in_buffer

This leads me to believe that something is wrong inside n_tty_ioctl(). Right?
Any clues greatly appreciated, and info on how to search for the bug even
more so.

J. Kean Johnston.