封面图加载中

[Android稳定性] 第047篇 [问题篇] Unexpected kernel BRK exception at EL1

当前文章内容已隐藏,评论后可见。
  • 本文作者
  • 文章发布日期 2025-06-11 23:34
  • 热度 17
  • 天气 多云 20°~24°
  • 作者心情 有点愉快
  • 地点 上海市闵行区莘庄镇维璟中心
  • 本文共计
  • 预计阅读

一、问题背景

  1. BUGO19-6212 - [O19][MOVISTAR] The UE is crashed after activate the Portable hotspot

  2. BUGO19-6235 - [FT] [Santiago] [Chile] [Claro] [O19] RAM DUMP Crash seen after enabling portable hotspot in DUT

  3. BUGO19-6210 - [O19][WOM][Chile] UE crashes when activating hotspot

二、问题现象

[前提条件 Prerequisite]

  1. Flash device with proper SW version.

  2. Insert Entel SIM card

  3. Power on device

[测试步骤 Steps]

  1. Go to Settings

  2. Go to hotspot

  3. Enable hotspot.

  4. Check result

[实际结果 Actual Results]

UE crashes after activating hotspot

[期望结果 Expected Result]

UE must be able to activate hotspot without problems.

手机在打开热点后出现死机现象

三、问题分析

[  228.913230][    T1] init: starting service 'hostapd'...
[  228.920851][    T1] init: ... started service 'hostapd' has pid 17715
[  228.920973][    T1] init: Control message: Processed ctl.interface_start for 'aidl/android.hardware.wifi.hostapd.IHostapd/default' from pid: 434 (/system/bin/servicemanager)
[  228.929677][  T624] type=1400 audit(1749581690.361:4146): avc:  denied  { read } for  comm="hostapd" name="u:object_r:vendor_system_prop:s0" dev="tmpfs" ino=569 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:vendor_system_prop:s0 tclass=file permissive=0
[  228.974931][  T434] servicemanager: Caller(pid=17715,uid=1010,sid=u:r:hal_wifi_hostapd_default:s0) Found android.hardware.wifi.hostapd.IHostapd/default in device VINTF manifest.

[  228.982850][  T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.

[  229.020308][  T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.
[  229.021055][ T1546] [binder][0x10bec9aa9][18:54:50.459001] wlan: [1546:E:HDD] hdd_convert_nl80211_to_reg_band_mask: band: 2 not supported
[  229.021164][ T1546] [binder][0x10beca304][18:54:50.459112] wlan: [1546:E:HDD] hdd_send_usable_channel: nla put fail
[  229.021169][ T1546] [binder][0x10beca35e][18:54:50.459117] wlan: [1546:E:HDD] __wlan_hdd_cfg80211_get_usable_channel: failed to send usable_channels
[  229.027111][  T129] [kworke][0x10bee60e6][18:54:50.465057] wlan: [129:E:HDD] hdd_reg_notifier: Failed to set country
[  229.102946][  T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.
[  229.110860][  T434] servicemanager: Caller(pid=2550,uid=1000,sid=u:r:system_server:s0) Found android.hardware.wifi.IWifi/default in device VINTF manifest.
[  229.119511][T17715] [hostap][0x10c0972aa][18:54:50.557455] wlan: [17715:I:HDD] ACS request vid 1 hw mode 1

[  229.119599][T17715] Unexpected kernel BRK exception at EL1
[  229.119602][T17715] Internal error: BRK handler: 00000000f2005512 [#1] PREEMPT SMP

[  229.120019][T17715] CPU: 6 PID: 17715 Comm: hostapd Tainted: G        WC OE      6.1.118-android14-11-ga3b9c44908dd-ab13320413 #1
[  229.120022][T17715] Hardware name: Qualcomm Technologies, Inc. Spring QRD (DT)
[  229.120023][T17715] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  229.120025][T17715] pc : policy_mgr_mode_specific_modification_on_pcl+0xab4/0xc8c [wlan]
[  229.120653][T17715] lr : policy_mgr_mode_specific_modification_on_pcl+0xaa8/0xc8c [wlan]
[  229.121252][T17715] sp : ffffffc027d33490
[  229.121253][T17715] x29: ffffffc027d335a0 x28: ffffffc027d334b8 x27: 0000000000000010
[  229.121256][T17715] x26: 000000000000002a x25: ffffff80886df800 x24: ffffff80886df800
[  229.121259][T17715] x23: ffffffc027d334e8 x22: ffffff809b7fb89c x21: ffffff809b7fb7f4
[  229.121261][T17715] x20: ffffff809b7fb8c8 x19: ffffff8052c48000 x18: ffffffc022d96088
[  229.121264][T17715] x17: 726f6f646e695f6e x16: 6f5f64657361625f x15: 6c63705f79666964
[  229.121266][T17715] x14: 6f6d5f72676d5f79 x13: 3733343220716572 x12: 6620726f6f646e69
[  229.121269][T17715] x11: 206e6f2065746165 x10: 0000000000001608 x9 : ffffffc005104a14
[  229.121271][T17715] x8 : 0000000000000000 x7 : 503a443a35313737 x6 : 315b203a6e616c77
[  229.121273][T17715] x5 : ffffffc0051af89f x4 : 000000000000001d x3 : 64657361625f6c63
[  229.121276][T17715] x2 : 705f796669646f6d x1 : 000000000000000d x0 : 0000000000000000
[  229.121278][T17715] Call trace:
[  229.121280][T17715]  policy_mgr_mode_specific_modification_on_pcl+0xab4/0xc8c [wlan]
[  229.121867][T17715]  policy_mgr_get_pcl+0x3dc/0x480 [wlan]
[  229.122460][T17715]  wlan_hdd_cfg80211_do_acs+0x6c0/0xef4 [wlan]
[  229.123034][T17715]  nl80211_vendor_cmd+0x1f8/0x204 [cfg80211]
[  229.123172][T17715]  genl_rcv_msg+0x350/0x398
[  229.123177][T17715]  netlink_rcv_skb+0x11c/0x138
[  229.123180][T17715]  genl_rcv+0x34/0x50
[  229.123184][T17715]  netlink_unicast+0x254/0x3ec
[  229.123186][T17715]  netlink_sendmsg+0x2d8/0x3cc
[  229.123189][T17715]  ____sys_sendmsg+0x244/0x3b0
[  229.123192][T17715]  __sys_sendmsg+0x138/0x18c
[  229.123194][T17715]  __arm64_sys_sendmsg+0x24/0x34
[  229.123196][T17715]  invoke_syscall+0x58/0x118
[  229.123200][T17715]  el0_svc_common+0xb4/0xf4
[  229.123203][T17715]  do_el0_svc+0x24/0x80
[  229.123206][T17715]  el0_svc+0x2c/0x90
[  229.123209][T17715]  el0t_64_sync_handler+0x68/0xb4
[  229.123211][T17715]  el0t_64_sync+0x1a4/0x1a8
[  229.123215][T17715] Code: 9402aca9 3707ff20 7100a75f 54fffe29 (d42aa240) 
[  229.123221][T17715] ---[ end trace 0000000000000000 ]---

初步判断为数组越界

堆栈信息如上

pc指针位于0xFFFFFFC004D993F0

此处内容已隐藏,「评论可见」