wifi driver中的一次kernel panic分析
来源:互联网 发布:百度算法工程师待遇 编辑:程序博客网 时间:2024/06/07 02:17
软件开发过程中,最怕遇见kernel panic的错误,本文记录了一次发生在wifi driver中的kernel panic的简要分析过程。
问题描述
使用VERIWAVE下APP进行无线多用户连接测试,包括关联+认证+流量+去关联过程。配置63个clients,wep加密,第一次测试能正确完成,第二次测试时AP出现kernel panic错误。系统重启后同样操作必现该panic。
日志信息
Line 001: Unable to handle kernel NULL pointer dereference at virtual address 00000020Line 002: pgd = c0004000Line 003: [00000020] *pgd=00000000Line 004: Internal error: Oops: 17 [#1]Line 005: Modules linked in: xfrm4_mode_tunnel xfrm4_mode_transport l2tp_ppp l2tp_core l2_drv ath_pktlog(P) umac ath_dev(P) hst_tx99(P) ath_dfs(P) ath_spectral(P) ath_rate_atheros(P) ath_hal(P) asf(P) adf(P) eth_drv iptable_filter iptable_nat nf_nat ip6table_filter ip_tables ip6_tables nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_tftp nf_conntrack_ftp ppp_async crc_ccitt pppoe pppox ppp_generic slhc xt_state mdr_dbg_mod misc_modLine 006: CPU: 0 Tainted: P W (3.0.6_cig002 #14)Line 007: PC is at cwm_get_width+0x14/0x24 [umac]Line 008: LR is at ieee80211_alloc_node+0x234/0x444 [umac]Line 009: pc : [<bf66fee4>] lr : [<bf6495ec>] psr: a0000113Line 010: sp : c03ff8d8 ip : c03ff8e8 fp : c03ff8e4Line 011: r10: c5fca028 r9 : ffffffff r8 : cbca9988Line 012: r7 : bf6e5558 r6 : 00000000 r5 : c5854000 r4 : c5fca000Line 013: r3 : 00000000 r2 : bf66fed0 r1 : 00003068 r0 : cbca83c0Line 014: Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernelLine 015: Control: 10c5387d Table: 09cb4019 DAC: 00000015Line 016: Process swapper (pid: 0, stack limit = 0xc03fe2e8)Line 017: Stack: (0xc03ff8d8 to 0xc0400000)Line 018: f8c0: c03ff944 c03ff8e8Line 019: f8e0: bf6495ec bf66fedc ffffffff 00000016 00000000 00000000 00000000 cbca0000Line 020: f900: 00000400 00000080 c44c809a c5fcaae1 bf65829c cbca83c0 00000000 c5854000Line 021: f920: c5854000 c44c809a c44c80ae c44c8090 00000001 00000000 c03ff964 c03ff948Line 022: f940: bf64a3f4 bf6493c4 00000000 c5854000 c5806000 c44c809a c03ff9c4 c03ff968Line 023: f960: bf689aec bf64a3d8 00000001 c5fca108 00000000 00000000 c44c609a c5fca108Line 024: f980: 00000000 00000001 00000071 ca3ef2c0 c5806000 c5fca111 c03ff9f4 00000000Line 025: f9a0: 00000006 cbceff20 c44c80ae c5806000 cbceff20 00000000 c03ff9f4 c03ff9c8Line 026: f9c0: bf6855a0 bf689690 00000000 00000000 cbceff20 bf6cffb0 c44c8090 c5854000Line 027: f9e0: 00000000 c5806ae0 c03ffa84 c03ff9f8 bf67de78 bf685568 00000000 00000000Line 028: fa00: cbceff20 00000001 c03ffa2c c03ffa18 c5854000 c00c3cf4 0000027b c03ffc10Line 029: fa20: 00000000 00000001 c021cfb8 c021ccf4 c03ffa4c c03ffa40 c022667c c021cf7cLine 030: fa40: c03ffa5c c03ffa50 bf53e14c c0226644 c03ffa84 c03ffa60 bf6cf950 c5854000Line 031: fa60: 00000000 c5806000 00000000 000000b0 cbceff20 c03ffc10 c03ffb14 c03ffa88Line 032: fa80: bf6b5cf0 bf67ce58 c03ffc10 c43af134 c03ffab4 c03ffaa0 bf60aed8 c006a644Line 033: faa0: c03ffad4 cb6575c0 c03ffacc c03ffab8 bf5f9ecc c5854110 c03ffadc c03ffad4Line 034: fac0: c03ffb04 c03ffad8 bf53e4f4 c43ae000 000000b0 c43ae000 00000000 c03ffae8Line 035: fae0: 00000000 00000008 c03ffb04 00000000 00000000 00000001 c5806000 c5854000Line 036: fb00: ffffffff 000012ec c03ffb8c c03ffb18 bf6b6ccc bf6b58f4 c03ffc10 00000000Line 037: fb20: c5806000 c6017000 c5806000 c5854000 c03ffb7c c03ffb40 bf648100 bf664a40Line 038: fb40: 00000000 c03ffb50 bf570484 c03ffbd0 00000000 00000000 c6017000 c473f380Line 039: fb60: 00000006 00000000 00000000 00005dc0 ca420000 0000096c cbca83c0 c03ffd28Line 040: fb80: c03ffc94 c03ffb90 bf66c1d0 bf6b6bfc c03ffbac c03ffba0 c021cfb8 c021ccf4Line 041: fba0: c03ffbbc c03ffbb0 c022667c 0000003b ca420000 c03ffd34 c03ffd31 cbceff20Line 042: fbc0: 00000000 0000003b ffffffdc 00005dc0 00000030 00000009 0005103b cbca0000Line 043: fbe0: 00000008 0000096c 00000000 00000000 ff960000 c03f096c 00000000 00000000Line 044: fc00: 00000000 00000000 00000000 000f9c87 00000000 0000003b ffffffdc 00005dc0Line 045: fc20: 00000030 00000009 0005103b 00000000 00000008 0000096c 00000000 00000000Line 046: fc40: ff960000 bf61096c 00000000 c03ffc58 00000000 00000000 00000000 00000000Line 047: fc60: 00000000 00000000 00000000 00000001 00000000 cbca0000 cbea7984 0000027cLine 048: fc80: 00000000 00000022 c03ffcbc c03ffc98 bf622530 bf66b860 cbca0000 c03ffd28Line 049: fca0: cbcba17c cbea7984 cbceff20 000000b0 c03ffcfc c03ffcc0 bf6080a8 bf6224ecLine 050: fcc0: 0000037b c4698000 00000022 00000000 c03ffcf4 c03ffd8f 000037d4 c44c8090Line 051: fce0: cbca0000 cbceff20 00000052 cbca1ce0 c03ffdbc c03ffd00 bf61d9ec bf607d14Line 052: fd00: c03ffd28 c03ffd8f cbceff20 743dd000 00000001 00000000 cbca37f8 ca420000Line 053: fd20: c03ffd28 ca1a8798 00000000 00000000 05103b3b dc000000 00010930 00005dc0Line 054: fd40: 00000018 00000000 00000000 ff960000 0000096c 00000000 00000000 00000000Line 055: fd60: c44c8060 cbcba17c cbea7984 00000000 00000000 00000000 00000000 00000000Line 056: fd80: cbca37f8 cbca83c0 c03ffdd4 003ffd98 bf61bd60 cbca0000 000025f6 00000000Line 057: fda0: 00000100 c0453700 00000000 0000000a c03ffddc c03ffdc0 bf61dfc0 bf61d6dcLine 058: fdc0: bf61df84 cbca0000 00000002 00000000 c03ffdec c03ffde0 bf6224dc bf61df90Line 059: fde0: c03ffeb4 c03ffdf0 bf5fb110 bf6224bc cbca0000 ca420000 c03ffe50 00000001Line 060: fe00: c03ffe34 cbca0000 c03ffe84 c03ffe18 bf55e748 bf54e024 bf55e4c8 cbca0000Line 061: fe20: 00000000 ca420000 cbca25c0 000025d4 00003428 bf5fbfc4 00000002 f0010473Line 062: fe40: 3b9ac9ff cbca25ec 00022c09 00000002 00000001 c03ffe60 c007fc60 cbca8000Line 063: fe60: 000031e8 000031ec 00000000 00000000 00000000 cbca8000 c03ffeac c03ffe88Line 064: fe80: bf6bdf30 c0064c90 000d0b98 00000000 c0453700 c040a314 00000000 00000100Line 065: fea0: c0453700 0000000a c03ffec4 c03ffeb8 bf6bc890 bf5faf90 c03ffee4 c03ffec8Line 066: fec0: c0065044 bf6bc878 c0064fc8 00000001 c045373c c03fe000 c03fff24 c03ffee8Line 067: fee0: c0065200 c0064fd4 c03fff0c c03ffef8 c008f0ec 00000006 00000000 0000003aLine 068: ff00: 00000000 0000001f c0404754 00004059 561f5811 00000000 c03fff34 c03fff28Line 069: ff20: c00655dc c0065188 c03fff4c c03fff38 c002706c c00655a0 ffffffff fbb21000Line 070: ff40: c03fffb4 c03fff50 c02f1334 c002700c 00000001 c040be20 c03fff88 c0038324Line 071: ff60: c03fe000 c040475c c04306c4 c0404754 00004059 561f5811 00000000 c03fffb4Line 072: ff80: c03fff98 c03fff98 c002db60 c002dcd4 60000013 ffffffff 00000000 c040011cLine 073: ffa0: c0023534 c0c6d9e0 c03fffc4 c03fffb8 c02e67e4 c002dc90 c03ffff4 c03fffc8Line 074: ffc0: c00088a4 c02e6790 c0008314 00000000 00000000 c0023534 00000000 10c53c7dLine 075: ffe0: c0400070 c0023530 00000000 c03ffff8 0000803c c000867c 00000000 00000000Line 076: Backtrace:Line 077: [<bf66fed0>] (cwm_get_width+0x0/0x24 [umac]) from [<bf6495ec>] (ieee80211_alloc_node+0x234/0x444 [umac])Line 078: [<bf6493b8>] (ieee80211_alloc_node+0x0/0x444 [umac]) from [<bf64a3f4>] (ieee80211_dup_bss+0x28/0xb4 [umac])Line 079: [<bf64a3cc>] (ieee80211_dup_bss+0x0/0xb4 [umac]) from [<bf689aec>] (mlme_recv_auth_ap+0x468/0x874 [umac])Line 080: r6:c44c809a r5:c5806000 r4:c5854000 r3:00000000Line 081: [<bf689684>] (mlme_recv_auth_ap+0x0/0x874 [umac]) from [<bf6855a0>] (ieee80211_mlme_recv_auth+0x44/0x6c [umac])Line 082: [<bf68555c>] (ieee80211_mlme_recv_auth+0x0/0x6c [umac]) from [<bf67de78>] (ieee80211_recv_mgmt+0x102c/0x1a98 [umac])Line 083: r6:c5806ae0 r5:00000000 r4:c5854000Line 084: [<bf67ce4c>] (ieee80211_recv_mgmt+0x0/0x1a98 [umac]) from [<bf6b5cf0>] (ieee80211_input+0x408/0x1308 [umac])Line 085: [<bf6b58e8>] (ieee80211_input+0x0/0x1308 [umac]) from [<bf6b6ccc>] (ieee80211_input_all+0xdc/0x16c [umac])Line 086: [<bf6b6bf0>] (ieee80211_input_all+0x0/0x16c [umac]) from [<bf66c1d0>] (ath_net80211_rx+0x97c/0xa7c [umac])Line 087: [<bf66b854>] (ath_net80211_rx+0x0/0xa7c [umac]) from [<bf622530>] (ath_rx_indicate+0x50/0xbc [ath_dev])Line 088: [<bf6224e0>] (ath_rx_indicate+0x0/0xbc [ath_dev]) from [<bf6080a8>] (ath_rx_process+0x3a0/0x6e0 [ath_dev])Line 089: r9:000000b0 r8:cbceff20 r7:cbea7984 r6:cbcba17c r5:c03ffd28Line 090: r4:cbca0000Line 091: [<bf607d08>] (ath_rx_process+0x0/0x6e0 [ath_dev]) from [<bf61d9ec>] (ath_rx_handler+0x31c/0x8b4 [ath_dev])Line 092: [<bf61d6d0>] (ath_rx_handler+0x0/0x8b4 [ath_dev]) from [<bf61dfc0>] (ath_rx_edma_tasklet+0x3c/0x50 [ath_dev])Line 093: [<bf61df84>] (ath_rx_edma_tasklet+0x0/0x50 [ath_dev]) from [<bf6224dc>] (ath_handle_rx_intr+0x2c/0x30 [ath_dev])Line 094: r6:00000000 r5:00000002 r4:cbca0000 r3:bf61df84Line 095: [<bf6224b0>] (ath_handle_rx_intr+0x0/0x30 [ath_dev]) from [<bf5fb110>] (ath_handle_intr+0x18c/0x8d0 [ath_dev])Line 096: [<bf5faf84>] (ath_handle_intr+0x0/0x8d0 [ath_dev]) from [<bf6bc890>] (ath_tasklet+0x24/0x28 [umac])Line 097: [<bf6bc86c>] (ath_tasklet+0x0/0x28 [umac]) from [<c0065044>] (tasklet_action+0x7c/0xc4)Line 098: [<c0064fc8>] (tasklet_action+0x0/0xc4) from [<c0065200>] (__do_softirq+0x84/0x114)Line 099: r6:c03fe000 r5:c045373c r4:00000001 r3:c0064fc8Line 100: [<c006517c>] (__do_softirq+0x0/0x114) from [<c00655dc>] (irq_exit+0x48/0x98)Line 101: [<c0065594>] (irq_exit+0x0/0x98) from [<c002706c>] (asm_do_IRQ+0x6c/0x8c)Line 102: [<c0027000>] (asm_do_IRQ+0x0/0x8c) from [<c02f1334>] (__irq_svc+0x34/0x1c0)Line 103: Exception stack(0xc03fff50 to 0xc03fff98)Line 104: ff40: 00000001 c040be20 c03fff88 c0038324Line 105: ff60: c03fe000 c040475c c04306c4 c0404754 00004059 561f5811 00000000 c03fffb4Line 106: ff80: c03fff98 c03fff98 c002db60 c002dcd4 60000013 ffffffffLine 107: r5:fbb21000 r4:ffffffffLine 108: [<c002dc84>] (cpu_idle+0x0/0x90) from [<c02e67e4>] (rest_init+0x60/0x78)Line 109: r6:c0c6d9e0 r5:c0023534 r4:c040011c r3:00000000Line 110: [<c02e6784>] (rest_init+0x0/0x78) from [<c00088a4>] (start_kernel+0x234/0x27c)Line 111: [<c0008670>] (start_kernel+0x0/0x27c) from [<0000803c>] (0x803c)Line 112: Code: e92dd800 e24cb004 e3031068 e7903001 (e5930020)Line 113: ---[ end trace 56ce92b11c53b5a8 ]---Line 114: Kernel panic - not syncing: Fatal exception in interruptLine 115: Backtrace:Line 116: [<c0030478>] (dump_backtrace+0x0/0x110) from [<c02ecb34>] (dump_stack+0x18/0x1c)Line 117: r6:c03fe2e8 r5:c0403730 r4:c0432de8 r3:c040a284Line 118: [<c02ecb1c>] (dump_stack+0x0/0x1c) from [<c02eccd8>] (panic+0x5c/0x178)Line 119: [<c02ecc7c>] (panic+0x0/0x178) from [<c00308e4>] (die+0x17c/0x1bc)Line 120: r3:00000100 r2:c03ff6f8 r1:c0433230 r0:c039c190Line 121: r7:00000000Line 122: [<c0030768>] (die+0x0/0x1bc) from [<c02ecb94>] (__do_kernel_fault.part.1+0x5c/0x7c)Line 123: r8:00000000 r7:c03ff890 r6:00000000 r5:00000017 r4:00000020Line 124: [<c02ecb38>] (__do_kernel_fault.part.1+0x0/0x7c) from [<c02f3734>] (do_page_fault.part.2+0x260/0x278)Line 125: r7:00000020 r3:c03ff890Line 126: [<c02f34d4>] (do_page_fault.part.2+0x0/0x278) from [<c02f37a0>] (do_page_fault+0x54/0x60)Line 127: [<c02f374c>] (do_page_fault+0x0/0x60) from [<c0027284>] (do_DataAbort+0x3c/0xa0)Line 128: r6:00000020 r5:c0404d10 r4:00000017 r3:c02f374cLine 129: [<c0027248>] (do_DataAbort+0x0/0xa0) from [<c02f12ec>] (__dabt_svc+0x4c/0x60)Line 130: Exception stack(0xc03ff890 to 0xc03ff8d8)Line 131: f880: cbca83c0 00003068 bf66fed0 00000000Line 132: f8a0: c5fca000 c5854000 00000000 bf6e5558 cbca9988 ffffffff c5fca028 c03ff8e4Line 133: f8c0: c03ff8e8 c03ff8d8 bf6495ec bf66fee4 a0000113 ffffffffLine 134: r7:bf6e5558 r6:00000000 r5:c03ff8c4 r4:ffffffffLine 135: [<bf66fed0>] (cwm_get_width+0x0/0x24 [umac]) from [<bf6495ec>] (ieee80211_alloc_node+0x234/0x444 [umac])Line 136: [<bf6493b8>] (ieee80211_alloc_node+0x0/0x444 [umac]) from [<bf64a3f4>] (ieee80211_dup_bss+0x28/0xb4 [umac])Line 137: [<bf64a3cc>] (ieee80211_dup_bss+0x0/0xb4 [umac]) from [<bf689aec>] (mlme_recv_auth_ap+0x468/0x874 [umac])Line 138: r6:c44c809a r5:c5806000 r4:c5854000 r3:00000000Line 139: [<bf689684>] (mlme_recv_auth_ap+0x0/0x874 [umac]) from [<bf6855a0>] (ieee80211_mlme_recv_auth+0x44/0x6c [umac])Line 140: [<bf68555c>] (ieee80211_mlme_recv_auth+0x0/0x6c [umac]) from [<bf67de78>] (ieee80211_recv_mgmt+0x102c/0x1a98 [umac])Line 141: r6:c5806ae0 r5:00000000 r4:c5854000Line 142: [<bf67ce4c>] (ieee80211_recv_mgmt+0x0/0x1a98 [umac]) from [<bf6b5cf0>] (ieee80211_input+0x408/0x1308 [umac])Line 143: [<bf6b58e8>] (ieee80211_input+0x0/0x1308 [umac]) from [<bf6b6ccc>] (ieee80211_input_all+0xdc/0x16c [umac])Line 144: [<bf6b6bf0>] (ieee80211_input_all+0x0/0x16c [umac]) from [<bf66c1d0>] (ath_net80211_rx+0x97c/0xa7c [umac])Line 145: [<bf66b854>] (ath_net80211_rx+0x0/0xa7c [umac]) from [<bf622530>] (ath_rx_indicate+0x50/0xbc [ath_dev])Line 146: [<bf6224e0>] (ath_rx_indicate+0x0/0xbc [ath_dev]) from [<bf6080a8>] (ath_rx_process+0x3a0/0x6e0 [ath_dev])Line 147: r9:000000b0 r8:cbceff20 r7:cbea7984 r6:cbcba17c r5:c03ffd28Line 148: r4:cbca0000Line 149: [<bf607d08>] (ath_rx_process+0x0/0x6e0 [ath_dev]) from [<bf61d9ec>] (ath_rx_handler+0x31c/0x8b4 [ath_dev])Line 150: [<bf61d6d0>] (ath_rx_handler+0x0/0x8b4 [ath_dev]) from [<bf61dfc0>] (ath_rx_edma_tasklet+0x3c/0x50 [ath_dev])Line 151: [<bf61df84>] (ath_rx_edma_tasklet+0x0/0x50 [ath_dev]) from [<bf6224dc>] (ath_handle_rx_intr+0x2c/0x30 [ath_dev])Line 152: r6:00000000 r5:00000002 r4:cbca0000 r3:bf61df84Line 153: [<bf6224b0>] (ath_handle_rx_intr+0x0/0x30 [ath_dev]) from [<bf5fb110>] (ath_handle_intr+0x18c/0x8d0 [ath_dev])Line 154: [<bf5faf84>] (ath_handle_intr+0x0/0x8d0 [ath_dev]) from [<bf6bc890>] (ath_tasklet+0x24/0x28 [umac])Line 155: [<bf6bc86c>] (ath_tasklet+0x0/0x28 [umac]) from [<c0065044>] (tasklet_action+0x7c/0xc4)Line 156: [<c0064fc8>] (tasklet_action+0x0/0xc4) from [<c0065200>] (__do_softirq+0x84/0x114)Line 157: r6:c03fe000 r5:c045373c r4:00000001 r3:c0064fc8Line 158: [<c006517c>] (__do_softirq+0x0/0x114) from [<c00655dc>] (irq_exit+0x48/0x98)Line 159: [<c0065594>] (irq_exit+0x0/0x98) from [<c002706c>] (asm_do_IRQ+0x6c/0x8c)Line 160: [<c0027000>] (asm_do_IRQ+0x0/0x8c) from [<c02f1334>] (__irq_svc+0x34/0x1c0)Line 161: Exception stack(0xc03fff50 to 0xc03fff98)Line 162: ff40: 00000001 c040be20 c03fff88 c0038324Line 163: ff60: c03fe000 c040475c c04306c4 c0404754 00004059 561f5811 00000000 c03fffb4Line 164: ff80: c03fff98 c03fff98 c002db60 c002dcd4 60000013 ffffffffLine 165: r5:fbb21000 r4:ffffffffLine 166: [<c002dc84>] (cpu_idle+0x0/0x90) from [<c02e67e4>] (rest_init+0x60/0x78)Line 167: r6:c0c6d9e0 r5:c0023534 r4:c040011c r3:00000000Line 168: [<c02e6784>] (rest_init+0x0/0x78) from [<c00088a4>] (start_kernel+0x234/0x27c)Line 169: [<c0008670>] (start_kernel+0x0/0x27c) from [<0000803c>] (0x803c)
分析
1. 从panic的点入手
首先找到panic发生的地方:Line 001: Unable to handle kernel NULL pointer dereference at virtual address 00000020 ... Line 077: [<bf66fed0>] (cwm_get_width+0x0/0x24 [umac]) from [<bf6495ec>] (ieee80211_alloc_node+0x234/0x444 [umac])
panic发生在AP收到sta的auth frame时,需要给sta分配ieee80211 node。调用ieee80211_alloc_node()中的cwm_get_width()函数时,系统出现空指针。
查看源代码:CWM_IEEE80211_WIDTH cwm_get_width(COM_DEV *dev) { CWM_IEEE80211_WIDTH width; CWM_TO_IEEE80211_WIDTH(CWM_HANDLE(dev)->cw_width, width); return width; }这段代码根据dev,获取width=dev->sc_cwm->cw_width, 返回width.
2. 分析panic的函数
再来看看cwm_get_width到底在哪里panic的
Line 007: PC is at cwm_get_width+0x14/0x24 [umac] Line 008: LR is at ieee80211_alloc_node+0x234/0x444 [umac] Line 009: pc : [<bf66fee4>] lr : [<bf6495ec>] psr: a0000113 Line 010: sp : c03ff8d8 ip : c03ff8e8 fp : c03ff8e4 Line 011: r10: c5fca028 r9 : ffffffff r8 : cbca9988 Line 012: r7 : bf6e5558 r6 : 00000000 r5 : c5854000 r4 : c5fca000 Line 013: r3 : 00000000 r2 : bf66fed0 r1 : 00003068 r0 : cbca83c0 Line 014: Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel Line 015: Control: 10c5387d Table: 09cb4019 DAC: 00000015 Line 016: Process swapper (pid: 0, stack limit = 0xc03fe2e8) Line 017: Stack: (0xc03ff8d8 to 0xc0400000)
这里能知道cwm_get_width定义在umac.ko中
用objdump反汇编objdump -d file 反汇编test中的需要执行指令的那些section objdump -D file 与-d类似,但反汇编test中的所有section
这里我用了-d参数: objdump -d umac.ko > tmp.txt
在tmp.txt中找到 cwm_get_width 的汇编语句:00030ed0 <cwm_get_width>: 30ed0: e1a0c00d mov ip, sp 30ed4: e92dd800 push {fp, ip, lr, pc} 30ed8: e24cb004 sub fp, ip, #4 30edc: e3031068 movw r1, #12392 ; 0x3068 30ee0: e7903001 ldr r3, [r0, r1] 30ee4: e5930020 ldr r0, [r3, #32] 30ee8: e2900000 adds r0, r0, #0 30eec: 13a00001 movne r0, #1 30ef0: e89da800 ldm sp, {fp, sp, pc}
根据Line 007, crash发生在+0x14语句, 30ed0+14=30ee4
该语句为30ee4: e5930020 ldr r0, [r3, #32],翻看ARM的汇编语法,查找ldr的具体用法,该语句将r3地址偏移#32(0x20)取其中的值放入r0中。
此时,Line 013: r3 : 00000000 r2 : bf66fed0 r1 : 00003068 r0 : cbca83c0 ---> r3里的值已经为全0了,此时00000020就为空指针
那r3本来应该是什么值呢,不难看出,r3中存放了dev->sc_cwm. 所以dev结构体中的sc_cwm在某些个时刻被清0了。
3. 分析panic的原因
接下来分析sc_cwm在什么时候被清0
首先梳理一遍sc_cwm的初始化、赋值代码,查看是否有可疑处,我发现一切正常。然后查看sc_cwm变量在结构体中的位置,前后的变量如下:struct ieee80211_node *sc_keyixmap[ATH_KEYMAX];/* key ix->node map */ struct ath_cwm *sc_cwm; /* Channel Width Management */ TAILQ_HEAD(ath_amsdu_txq,ath_amsdu_tx) sc_amsdu_txq; /* amsdu tx requests */
其中,sc_keyixmap[]很可疑,因为测试过程中第一次测试是正常的,第二次测试发生异常,很可能在第一次测试过程中对sc_keyixmap[]数组操作越界,导致sc_cwm被误清除。
经过检查果然是在ath_key_delete()时,对数组做了赋值NULL操作,此处包含了一个bug,导致数组可能越界。
综上: kernel panic并不可怕,尤其是这种必现的bug。
- wifi driver中的一次kernel panic分析
- 如何分析 kernel panic
- 如何分析 kernel panic
- 如何分析 kernel panic
- 如何分析 kernel panic
- kernel panic 分析解决方法
- kernel panic分析
- kernel panic 分析解决方法
- kernel panic 分析解决方法
- kernel panic 分析解决方法
- Kernel panic 信息分析方法
- Kernel panic 信息分析方法
- Kernel panic 信息分析方法
- 使用gdb分析kernel panic
- [转载]如何分析 kernel panic
- Kernel panic 信息分析方法
- Kernel panic 信息分析方法
- [FAQ13941]如何分析kernel panic?
- listview中item改变字体
- CEdit类(编辑类)成员函数及消息
- phpmyadmin 4.0.7 输出<等字符解决办法
- iOS多线程编程指南(附录)
- 九度OJ 1002:grading
- wifi driver中的一次kernel panic分析
- C++捕获系统异常(VS2010设置)
- 2013/10/13周赛
- 让英语水平暴涨的超棒方法!!!
- 手机开免提黑屏后(还在通话中),无法再次点亮,按电源键可以点亮,却停止了通话
- cocos2d-x常用工具
- Passing Managed Structures With Arrays To Unmanaged Code Part 2
- Notification 使用详解
- Notepad++搭建Python开发环境