<div dir="ltr"><div class="gmail_quote">On Thu, Jun 27, 2013 at 9:11 PM, <span dir="ltr"><<a href="mailto:Valdis.Kletnieks@vt.edu" target="_blank">Valdis.Kletnieks@vt.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>On Thu, 27 Jun 2013 18:29:48 +0700, Mulyadi Santosa said:<br>
> On Thu, Jun 27, 2013 at 1:23 PM, Mohammed Shafi <<a href="mailto:shafi.kernel@gmail.com" target="_blank">shafi.kernel@gmail.com</a>> wrote:<br>
</div><div>> > [ 486.447220] [<c000de98>] (__dabt_svc+0x38/0x60) from [<bf05c324>]<br>
<br>
</div><div>> If you find that name through grepping kernel source tree, you shall<br>
> find the culprit. The next number "0x38/0x60" AFAIK is the offset that<br>
> shall point you to more exact location<br>
<br>
</div>To be more specific, the function is 0x60 (decimal 96) bytes long,<br>
and the pointer is at 0x38 (decimal 56) bytes into it. So even without<br>
a disassembly, you know its somewhere between 1/2 and 2/3 of the way<br>
through the code.<br>
<br></blockquote><div><br>thanks Prasad, Mulyadi, Valdis<br>(ath6kl_deliver_frames_to_nw_stack+0xac/0xf0 [ath6kl_core])
<br><br>with the arm gdb, am able to find the exact line and based on the test engineers<br>inputs, found the fix for crash.<br><br>seems fuzzy testing sends a destination mac address as zero, while we initialize<br>
the list with mac address as zero, and memcmp returns a pointer, which inturn de-references<br>to an uninitialized pointer.<br></div><div>below is the fix :-)<br></div><div><table class=""><tbody><tr valign="top"><td class="">
<br></td><td class=""><br></td><td class=""><br></td><td class=""><span class=""><span class="">»</span></span><span class=""> </span><span class="">if</span><span class=""> </span><span class="">(</span><span class="">is_zero_ether_addr</span><span class="">(</span><span class="">node_addr</span><span class="">))</span></td>
<td class=""><a>66</a></td></tr><tr class="" valign="top"><td class=""><img class="" src="https://review-android.quicinc.com/gerrit/clear.cache.gif" style="width: 12px; height: 9px; background: url("data:image/gif") repeat scroll 0% 0% transparent;" border="0"></td>
<td class=""><br></td><td class=""><br></td><td class=""><span class=""><span class="">»</span></span><span class=""> </span><span class=""><span class="">»</span></span><span class=""> </span><span class="">return</span><span class=""> NULL</span><span class="">;</span></td>
</tr></tbody></table><br></div></div><br>
</div>