Closed
Bug 1025414
Opened 10 years ago
Closed 10 years ago
wifi_start_supplicant crashes
Categories
(Firefox OS Graveyard :: Vendcom, defect, P1)
Tracking
(b2g-v1.4 affected)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| b2g-v1.4 | --- | affected |
People
(Reporter: tkundu, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [POVB][caf priority: p1][CR 659788][b2g-crash])
Crash Data
Attachments
(3 files)
Tests steps: 1. Turn on WIFI and connect to a WIFI APN. 2. Run a reboot test script, whihc will reboot the device for every 60 seconds. 3. IN between, receive MT calls. 4. After night run, minidumps are generated on the phone.
|
Reporter | |
Comment 1•10 years ago
|
||
|
|
Reporter | |
Updated•10 years ago
|
blocking-b2g: --- → 1.4?
|
|
Reporter | |
Comment 2•10 years ago
|
||
I knew that it is very difficult to reproduce this using above test steps. But we want to know if mozilla can give us some direction by analyzing logs.
|
||
Updated•10 years ago
|
Whiteboard: [CR 655397] → [caf priority: p1][CR 655397]
|
||
Comment 3•10 years ago
|
||
Does it necessary to do the reboot? I am trying to reproduce Bug 1010292, the STR is keeping on toggling the wifi settings button for about every 10 seconds. But no luck to reproduce it in Nexus 5 on 1.4 branch for almost 4 days. Is it possible that android's property value has something wrong? You can see our discussion in the comment 11 of bug 1010292.
Flags: needinfo?(tkundu)
|
||
Updated•10 years ago
|
Keywords: crash
Whiteboard: [caf priority: p1][CR 655397] → [caf priority: p1][CR 655397][b2g-crash]
|
||
Comment 4•10 years ago
|
||
From the first 2
Crash reason: SIGSEGV
Crash address: 0xab700000
Thread 14 (crashed)
0 libc.so!strstr [strstr.c : 49 + 0x0]
r0 = 0xfffffff1 r1 = 0xb6d66663 r2 = 0x00000012 r3 = 0x0000005a
r4 = 0xab700000 r5 = 0xab700000 r6 = 0xb6d66663 r7 = 0x00000063
r8 = 0x00000012 r9 = 0xab6ffbc0 r10 = 0xb6f2c394 r12 = 0x00008000
fp = 0xb6f2a2ec sp = 0xb12fff20 lr = 0xb6f096fd pc = 0xb6f096e8
Found by: given as instruction pointer in context
1 libhardware_legacy.so!update_ctrl_interface [wifi.c : 448 + 0x9]
r4 = 0xab6ffbc0 r5 = 0x0000008a r6 = 0xb6d66d12 r7 = 0x000000af
r8 = 0xb6f2c394 r9 = 0xab6ffbc0 r10 = 0xb6f2c394 fp = 0xb6f2a2ec
sp = 0xb12fff38 pc = 0xb6d648af
r4@frame0 0xab700000 ==> used as the iterator of the first arguement |s| [1]
r9@frame1 0xab6ffbc0 ==> used to store the address of |pbuf| at [2]
0xab700000 - 0xab6ffbc0 = 0x440, which seems to be a abnormal length of |pbuf|.
Most likely the first call of |strstr| [3] is fine ("ctrl_interface=" appears in the config file)
but the next |strstr| (which is expected to return '\0') accesses the invalid address |pbuf| + 0x440
if "ctrl_interface=DIR=" and "ctrl_interface=/" doesn't exist in the config file.
(since |strstr| won't stop advancing the iterator until seeing the matching string or null char)
If we append a null char to the memory chunk pointed by |pbuf|, the crash should not happen (if I am not guessing wrong...).
[1] http://androidxref.com/4.4.2_r2/xref/bionic/libc/string/strstr.c#49
[2] http://androidxref.com/4.4.2_r2/xref/hardware/libhardware_legacy/wifi/wifi.c#334
[3] http://androidxref.com/4.4.2_r2/xref/hardware/libhardware_legacy/wifi/wifi.c#368
|
||
Comment 5•10 years ago
|
||
(In reply to Vincent Chang[:vchang] from comment #3) > Does it necessary to do the reboot? I am trying to reproduce Bug 1010292, > the STR is keeping on toggling the wifi settings button for about every 10 > seconds. But no luck to reproduce it in Nexus 5 on 1.4 branch for almost 4 > days. Is it possible that android's property value has something wrong? You > can see our discussion in the comment 11 of bug 1010292. How about repro on the Flame? Is it reproducing on the Flame?
Flags: needinfo?(vchang)
|
|
||
Comment 6•10 years ago
|
||
(In reply to Preeti Raghunath(:Preeti) from comment #5) > (In reply to Vincent Chang[:vchang] from comment #3) > > Does it necessary to do the reboot? I am trying to reproduce Bug 1010292, > > the STR is keeping on toggling the wifi settings button for about every 10 > > seconds. But no luck to reproduce it in Nexus 5 on 1.4 branch for almost 4 > > days. Is it possible that android's property value has something wrong? You > > can see our discussion in the comment 11 of bug 1010292. > > How about repro on the Flame? Is it reproducing on the Flame? It is not reproduced on the Flame so far. The reason I used Nexus5 to reproduce the problem is because that its gonk is Android kikat which is more likely to QC's platform(If my understanding is correct). It seems that we still use Jelly Bean in Flame.
Flags: needinfo?(vchang)
|
||
Updated•10 years ago
|
blocking-b2g: 1.4? → ---
Whiteboard: [caf priority: p1][CR 655397][b2g-crash] → [POVB][caf priority: p1][CR 655397][b2g-crash]
|
|
Reporter | |
Comment 7•10 years ago
|
||
it seems like issue is resolved by following comments from #comment 4. We will upstream this fix.
|
||
Updated•10 years ago
|
status-b2g-v1.4:
--- → affected
If I read this correctly, it's a kitkat issue not a JB isssue?
|
|
||
Comment 9•10 years ago
|
||
(In reply to Naoki Hirata :nhirata (please use needinfo instead of cc) from comment #8) > If I read this correctly, it's a kitkat issue not a JB isssue? From reviewing wifi.c on ICS/JB/KK [1][2][3], this crash may only occur on JB and KK (no ICS). [1] ICS: http://androidxref.com/4.0.4/xref/hardware/libhardware_legacy/wifi/wifi.c#342 [2] JB: http://androidxref.com/4.3_r2.1/xref/hardware/libhardware_legacy/wifi/wifi.c#386 [3] KK: http://androidxref.com/4.4_r1/xref/hardware/libhardware_legacy/wifi/wifi.c#370
|
||
Comment 12•10 years ago
|
||
According to comment 9, this bug needs partner's help. Anshul, I wonder if you could talk with your colleague to help this. We are suffering wifi tests failed because of this bug.
Component: Wifi → Vendcom
Flags: needinfo?(anshulj)
|
|
||
Comment 13•10 years ago
|
||
Tapas, once the fix for CR 659788 is released to CAF would you please link to the commit here.
Whiteboard: [POVB][caf priority: p1][CR 655397][b2g-crash] → [POVB][caf priority: p1][CR 659788][b2g-crash]
|
||
Comment 14•10 years ago
|
||
Just stumbled upon this myself: https://crash-stats.mozilla.com/report/index/76ffc509-f203-413e-9e8f-386b92140702 STR were similar to comment #0 although wifi was not connected at the time, however it was enabled.
|
|
Reporter | |
Comment 15•10 years ago
|
||
Fix has landed in https://www.codeaurora.org/cgit/quic/la/platform/hardware/libhardware_legacy/commit/?h=LNX.LF.3.5.2.1_1&id=cac4f50ce59697be2c2b9001eb31f4be210f3756
Flags: needinfo?(tkundu)
|
||
Comment 16•10 years ago
|
||
Is there anything left to do here or can we close?
|
|
||
Comment 17•10 years ago
|
||
Per comment 15, marking fixed.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 18•10 years ago
|
||
I ran into this issue today not following the original STR's in comment 0. I can open a new bug if need be. After a phone reboot I opened up Email app and swiped across screen. I have included a logcat, although I am not sure if it has the correct information needed for this issue. Environmental Variables: Device: Flame Master Build ID: 20140723040201 Gaia: 01d86c8cc615658694b114ca5711763efc4ef205 Gecko: d0f6259e8446 Version: 34.0a1 (Master) Firmware Version: v122
|
|
||
Updated•10 years ago
|
Flags: needinfo?(mvines)
|
|
||
Comment 19•10 years ago
|
||
I'm not sure if/how the Flame build has picked up this fix. IMO that's a different bug to update the Flame manifest
Flags: needinfo?(mvines)
You need to log in
before you can comment on or make changes to this bug.
Description
•