Hi Guys
Recently I'v encountered A system_server Crash issue which can make the Android reboot.(Android4.3 imx_6dl)
I have checked the instructionsin at lr 0x408ffc04 by disassemble the libdvm.so, it just a call to common_abort which just make pc to 0xdeadf00c(a address whith nothing and program stop running). But this mke no sense about the issue, I didn't know the path to common_abort.
Any tips or help would be appreciated!
Below is a snippet of the tombstone file.I've also attached the back trach of the core-dump file, and the disassemble file of the libdvm.so
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Freescale/sabresd_6dq/sabresd_6dq:4.3/1.0.0-rc2/20131108:eng/dev-keys'
Revision: '397329'
pid: 2608, tid: 21251, name: Binder_C >>> system_server <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadf00c
r0 62a72b58 r1 00000027 r2 00000001 r3 f7400000
r4 64eb610c r5 6432fa84 r6 643290e0 r7 00004879
r8 408fddc0 r9 00004879 sl 6432fa70 fp 4215cf80
ip 00000079 sp 7adccbc0 lr 408ffc04 pc deadf00c cpsr 200d0030
d0 0000000000000000 d1 0000000000000000
d2 0000000000000000 d3 0000000000000000
d4 0000000043070000 d5 4366000043670000
d6 0000000000000000 d7 000000003f800000
d8 0000000000000000 d9 0000000000000000
d10 0000000000000000 d11 0000000000000000
d12 0000000000000000 d13 0000000000000000
d14 0000000000000000 d15 0000000000000000
d16 3ff0000000000000 d17 0000000000000218
d18 00000000014c85f0 d19 3f80000000000000
d20 0000000100000001 d21 bf66c0c55ca9076a
d22 bfb1be5a93a83e1d d23 000000000000000f
d24 3f62cda65e663694 d25 bf62cda764a98eab
d26 bfbaf8e8210a415c d27 4000000000000000
d28 40008df2d49d41f1 d29 3fb0f4a31edab38b
d30 3ff0000000000000 d31 3f4de16b9c24a98f
scr 60000010
backtrace:
#00 pc deadf00c <unknown>
#01 pc 0001fc00 /system/lib/libdvm.so
#02 pc 0002b5ec /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)
#03 pc 0005ff21 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+292)
#04 pc 0004cc31 /system/lib/libdvm.so
#05 pc 00040825 /system/lib/libdvm.so
#06 pc 0006a417 /system/lib/libandroid_runtime.so
#07 pc 0006e923 /system/lib/libandroid_runtime.so
#08 pc 00017f1d /system/lib/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+60)
#09 pc 0001b8e5 /system/lib/libbinder.so (android::IPCThreadState::executeCommand(int)+508)
#10 pc 0001bcf3 /system/lib/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+182)
#11 pc 0001fae9 /system/lib/libbinder.so
#12 pc 00011a8d /system/lib/libutils.so (android::Thread::_threadLoop(void*)+216)
#13 pc 0004b631 /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+68)
#14 pc 00011581 /system/lib/libutils.so
#15 pc 0000ca78 /system/lib/libc.so (__thread_entry+72)
#16 pc 0000cbf4 /system/lib/libc.so (pthread_create+208)
---------------------------------------------------------------------------------------------------------------------------------
Here is the more detailed back trace from the core-dump file
(gdb) bt full
#0 0xdeadf00c in ?? ()
No symbol table info available.
#1 0x408ffc04 in dalvik_inst () at dalvik/vm/mterp/out/InterpAsm-armv7-a-neon.S:3374
No locals.
#2 0x4090b5f0 in dvmInterpret (self=0x643290e0, method=0x62ae9998, pResult=0x7adcccb8) at dalvik/vm/interp/Interp.cpp:1956
savedSubModes = kSubModeNormal
stdInterp = 0x4090df08 <dvmMterpStd(Thread*)>
interpSaveState = {pc = 0x0, curFrame = 0x6432ff94, method = 0x0, methodClassDex = 0x0, retval = {z = 0 '\000', b = 0 '\000', c = 0, s = 0, i = 0, j = 0, f = 0, d = 0, l = 0x0}, bailPtr = 0x0,
unused = 0, prev = 0x0}
calleeSave = {0, 0, 0, 0, 0, 0, 0, 0}
#3 0x4093ff24 in dvmCallMethodV (self=0x643290e0, method=0x62ae9998, obj=<optimized out>, fromJni=<optimized out>, pResult=0x7adcccb8, args=...) at dalvik/vm/interp/Stack.cpp:526
desc = <optimized out>
verifyCount = <optimized out>
clazz = <optimized out>
ins = 0x6432ffc4
#4 0x4092cc34 in CallBooleanMethodV (env=0x64c86bf8, jobj=<optimized out>, methodID=0x62ae9998, args=<optimized out>) at dalvik/vm/Jni.cpp:1989
ts = {mSelf = 0x643290e0}
obj = 0x41a09ec0
meth = <optimized out>
result = {z = 228 '\344', b = -28 '\344', c = 52452, s = -13084, i = 2061290724, j = 7110789741839961316, f = 5.73230492e+35, d = 2.2555309706870072e+167, l = 0x7adccce4}
#5 0x40920826 in Check_CallBooleanMethodV (env=0x64c86bf8, obj=0x1d300256, methodID=0x62ae9998, args=...) at dalvik/vm/CheckJni.cpp:1682
sc = {mEnv = 0x64c86bf8, mFunctionName = 0x4098414b "CallBooleanMethodV", mFlags = 0, mHasMethod = true, mIndent = 0}
__FUNCTION__ = "Check_CallBooleanMethodV"
result = <optimized out>
#6 0x4024f418 in _JNIEnv::CallBooleanMethod (this=<optimized out>, obj=<optimized out>, methodID=0x62ae9998) at libnativehelper/include/nativehelper/jni.h:620
result = 224 '\340'
args = {__ap = 0x7adccd2c}
#7 0x40253926 in JavaBBinder::onTransact (this=0x628f5f80, code=37, data=..., reply=0x7adccddc, flags=16) at frameworks/base/core/jni/android_util_Binder.cpp:270
env = 0x64c86bf8
thread_state = 0x64a371b0
strict_policy_before = 2951
excep = <optimized out>
strict_policy_after = <optimized out>
res = <optimized out>
excep2 = <optimized out>
#8 0x4018ef1e in android::BBinder::transact (this=0x628f5f80, code=37, data=..., reply=0x7adccddc, flags=16) at frameworks/native/libs/binder/Binder.cpp:108
err = 0
#9 0x401928e6 in android::IPCThreadState::executeCommand (this=0x64a371b0, cmd=<optimized out>) at frameworks/native/libs/binder/IPCThreadState.cpp:1036
b = {m_ptr = 0x628f5f80}
error = <optimized out>
tr = {target = {handle = 1653563296, ptr = 0x628f5fa0}, cookie = 0x628f5f80, code = 37, flags = 16, sender_pid = 21293, sender_euid = 10019, data_size = 84, offsets_size = 4, data = {ptr = {
buffer = 0x6928220c, offsets = 0x69282260}, buf = "\f\"(i`\"(i"}}
buffer = {mError = 0, mData = 0x6928220c <Address 0x6928220c out of bounds>, mDataSize = 84, mDataCapacity = 84, mDataPos = 84, mObjects = 0x69282260, mObjectsSize = 1, mObjectsCapacity = 1,
mNextObjectHint = 1, mFdsKnown = true, mHasFds = false, mAllowFds = true,
---Type <return> to continue, or q <return> to quit---
mOwner = 0x401923e1 <android::IPCThreadState::freeBuffer(android::Parcel*, unsigned char const*, unsigned int, unsigned int const*, unsigned int, void*)>, mOwnerCookie = 0x64a371b0}
origUid = 1000
origPid = 2608
curPrio = <optimized out>
reply = {mError = 0, mData = 0x0, mDataSize = 0, mDataCapacity = 0, mDataPos = 0, mObjects = 0x0, mObjectsSize = 0, mObjectsCapacity = 0, mNextObjectHint = 0, mFdsKnown = true, mHasFds = false,
mAllowFds = true, mOwner = 0, mOwnerCookie = 0x6569d7e8}
obj = <optimized out>
refs = <optimized out>
result = <optimized out>
#10 0x40192cf6 in android::IPCThreadState::joinThreadPool (this=0x64a371b0, isMain=<optimized out>) at frameworks/native/libs/binder/IPCThreadState.cpp:468
IN = <optimized out>
cmd = <optimized out>
result = 0
#11 0x40196aec in android::PoolThread::threadLoop (this=0x7b3fe808) at frameworks/native/libs/binder/ProcessState.cpp:67
No locals.
#12 0x4014aa8e in android::Thread::_threadLoop (user=0x7b3fe808) at frameworks/native/libs/utils/Threads.cpp:797
result = <optimized out>
self = 0x7b3fe808
strong = {m_ptr = 0x7b3fe808}
weak = {m_ptr = 0x7b3fe808, m_refs = 0x41608458}
#13 0x40230632 in android::AndroidRuntime::javaThreadShell (args=<optimized out>) at frameworks/base/core/jni/AndroidRuntime.cpp:995
env = 0x64c86bf8
start = 0x4014a9b5
userData = 0x7b3fe808
name = 0x65cea790 "Binder_C"
result = <optimized out>
#14 0x4014a582 in thread_data_t::trampoline (t=<optimized out>) at frameworks/native/libs/utils/Threads.cpp:115
f = 0x402305ed <android::AndroidRuntime::javaThreadShell(void*)>
u = 0x6569d6d8
prio = 0
name = 0x6569d778 "Binder_D"
#15 0x400c1a7c in __thread_entry (func=0x4014a529 <thread_data_t::trampoline(thread_data_t const*)>, arg=0x65d3b168, tls=0x7adccf00) at bionic/libc/bionic/pthread_create.cpp:92
start_mutex = 0x7adccf00
thread = 0x6569d7e8
#16 0x400c1bf8 in pthread_create (thread_out=0x7acccd04, attr=<optimized out>, start_routine=0x78, arg=0x65d3b168) at bionic/libc/bionic/pthread_create.cpp:201
thread = 0x6569d7e8
stack_size = 1048576
tls = 0x7adccf00
flags = 331520
tid = <optimized out>
errno_restorer = {saved_errno_ = 0}
start_mutex = 0x7adccf00
start_locker = {mu_ = 0x7adccf00}
init_errno = <optimized out>
Original Attachment has been moved to: tombstone_01.zip
Original Attachment has been moved to: libdvm.asm.zip
Original Attachment has been moved to: call_stack.txt.zip