林渡
AI智能摘要
**问题背景**:多款手机在启用移动热点功能后出现死机现象,涉及BUGO19-6212、BUGO19-6235和BUGO19-6210等多个JIRA问题。
**问题现象**:设备在启用热点后崩溃。经过测试,发现启用热点功能会导致设备死机,与预期不符。
**问题分析**:通过分析堆栈信息和汇编代码,初步判断问题为数组越界。寄存器W26的值超出数组最大值,导致数组越界,进而触发BRK异常。
**wlan模块分析**:在wlan模块中,存在两个for循环,重复复制了同一批非indoor信道,导致pcl_len值翻倍,超出数组最大值。
**解决方案**:删除第二个for循环,避免重复复制信道,从而解决数组越界问题。
此摘要由AI分析文章内容生成,仅供参考。
一、问题背景
BUGO19-6212 - [O19][MOVISTAR] The UE is crashed after activate the Portable hotspot
BUGO19-6235 - [FT] [Santiago] [Chile] [Claro] [O19] RAM DUMP Crash seen after enabling portable hotspot in DUT
BUGO19-6210 - [O19][WOM][Chile] UE crashes when activating hotspot
二、问题现象
[前提条件 Prerequisite]
Flash device with proper SW version.
Insert Entel SIM card
Power on device
[测试步骤 Steps]
Go to Settings
Go to hotspot
Enable hotspot.
Check result
[实际结果 Actual Results]
UE crashes after activating hotspot
[期望结果 Expected Result]
UE must be able to activate hotspot without problems.
手机在打开热点后出现死机现象
三、问题分析
[ 228.913230][ T1] init: starting service 'hostapd'...
[ 228.920851][ T1] init: ... started service 'hostapd' has pid 17715
[ 228.920973][ T1] init: Control message: Processed ctl.interface_start for 'aidl/android.hardware.wifi.hostapd.IHostapd/default' from pid: 434 (/system/bin/servicemanager)
[ 228.929677][ T624] type=1400 audit(1749581690.361:4146): avc: denied { read } for comm="hostapd" name="u:object_r:vendor_system_prop:s0" dev="tmpfs" ino=569 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:vendor_system_prop:s0 tclass=file permissive=0
[ 228.974931][ T434] servicemanager: Caller(pid=17715,uid=1010,sid=u:r:hal_wifi_hostapd_default:s0) Found android.hardware.wifi.hostapd.IHostapd/default in device VINTF manifest.
[ 228.982850][ T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.
[ 229.020308][ T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.
[ 229.021055][ T1546] [binder][0x10bec9aa9][18:54:50.459001] wlan: [1546:E:HDD] hdd_convert_nl80211_to_reg_band_mask: band: 2 not supported
[ 229.021164][ T1546] [binder][0x10beca304][18:54:50.459112] wlan: [1546:E:HDD] hdd_send_usable_channel: nla put fail
[ 229.021169][ T1546] [binder][0x10beca35e][18:54:50.459117] wlan: [1546:E:HDD] __wlan_hdd_cfg80211_get_usable_channel: failed to send usable_channels
[ 229.027111][ T129] [kworke][0x10bee60e6][18:54:50.465057] wlan: [129:E:HDD] hdd_reg_notifier: Failed to set country
[ 229.102946][ T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.
[ 229.110860][ T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.
[ 229.119511][T17715] [hostap][0x10c0972aa][18:54:50.557455] wlan: [17715:I:HDD] ACS request vid 1 hw mode 1
[ 229.119599][T17715] Unexpected kernel BRK exception at EL1
[ 229.119602][T17715] Internal error: BRK handler: 00000000f2005512 [#1] PREEMPT SMP
[ 229.120019][T17715] CPU: 6 PID: 17715 Comm: hostapd Tainted: G WC OE 6.1.118-android14-11-ga3b9c44908dd-ab13320413 #1
[ 229.120022][T17715] Hardware name: Qualcomm Technologies, Inc. Spring QRD (DT)
[ 229.120023][T17715] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 229.120025][T17715] pc : policy_mgr_mode_specific_modification_on_pcl+0xab4/0xc8c [wlan]
[ 229.120653][T17715] lr : policy_mgr_mode_specific_modification_on_pcl+0xaa8/0xc8c [wlan]
[ 229.121252][T17715] sp : ffffffc027d33490
[ 229.121253][T17715] x29: ffffffc027d335a0 x28: ffffffc027d334b8 x27: 0000000000000010
[ 229.121256][T17715] x26: 000000000000002a x25: ffffff80886df800 x24: ffffff80886df800
[ 229.121259][T17715] x23: ffffffc027d334e8 x22: ffffff809b7fb89c x21: ffffff809b7fb7f4
[ 229.121261][T17715] x20: ffffff809b7fb8c8 x19: ffffff8052c48000 x18: ffffffc022d96088
[ 229.121264][T17715] x17: 726f6f646e695f6e x16: 6f5f64657361625f x15: 6c63705f79666964
[ 229.121266][T17715] x14: 6f6d5f72676d5f79 x13: 3733343220716572 x12: 6620726f6f646e69
[ 229.121269][T17715] x11: 206e6f2065746165 x10: 0000000000001608 x9 : ffffffc005104a14
[ 229.121271][T17715] x8 : 0000000000000000 x7 : 503a443a35313737 x6 : 315b203a6e616c77
[ 229.121273][T17715] x5 : ffffffc0051af89f x4 : 000000000000001d x3 : 64657361625f6c63
[ 229.121276][T17715] x2 : 705f796669646f6d x1 : 000000000000000d x0 : 0000000000000000
[ 229.121278][T17715] Call trace:
[ 229.121280][T17715] policy_mgr_mode_specific_modification_on_pcl+0xab4/0xc8c [wlan]
[ 229.121867][T17715] policy_mgr_get_pcl+0x3dc/0x480 [wlan]
[ 229.122460][T17715] wlan_hdd_cfg80211_do_acs+0x6c0/0xef4 [wlan]
[ 229.123034][T17715] nl80211_vendor_cmd+0x1f8/0x204 [cfg80211]
[ 229.123172][T17715] genl_rcv_msg+0x350/0x398
[ 229.123177][T17715] netlink_rcv_skb+0x11c/0x138
[ 229.123180][T17715] genl_rcv+0x34/0x50
[ 229.123184][T17715] netlink_unicast+0x254/0x3ec
[ 229.123186][T17715] netlink_sendmsg+0x2d8/0x3cc
[ 229.123189][T17715] ____sys_sendmsg+0x244/0x3b0
[ 229.123192][T17715] __sys_sendmsg+0x138/0x18c
[ 229.123194][T17715] __arm64_sys_sendmsg+0x24/0x34
[ 229.123196][T17715] invoke_syscall+0x58/0x118
[ 229.123200][T17715] el0_svc_common+0xb4/0xf4
[ 229.123203][T17715] do_el0_svc+0x24/0x80
[ 229.123206][T17715] el0_svc+0x2c/0x90
[ 229.123209][T17715] el0t_64_sync_handler+0x68/0xb4
[ 229.123211][T17715] el0t_64_sync+0x1a4/0x1a8
[ 229.123215][T17715] Code: 9402aca9 3707ff20 7100a75f 54fffe29 (d42aa240)
[ 229.123221][T17715] ---[ end trace 0000000000000000 ]---初步判断为数组越界
堆栈信息如上
pc指针位于0xFFFFFFC004D993F0