System_server Crash (Android4.3 imx_6dl)

Hi Guys

   Recently I'v encountered A system_server Crash issue which can make the Android reboot.(Android4.3 imx_6dl)

    I have checked the instructionsin at  lr 0x408ffc04 by disassemble the libdvm.so, it just a call to common_abort which just make pc to 0xdeadf00c(a address whith nothing and program stop running). But this mke no sense about the issue, I didn't  know the path to common_abort.

     Any tips or help would be appreciated!

    Below is a snippet of the tombstone file.I've also attached the back trach of the core-dump file, and the disassemble file of the libdvm.so

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Build fingerprint: 'Freescale/sabresd_6dq/sabresd_6dq:4.3/1.0.0-rc2/20131108:eng/dev-keys'

Revision: '397329'

pid: 2608, tid: 21251, name: Binder_C  >>> system_server <<<

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadf00c

    r0 62a72b58  r1 00000027  r2 00000001  r3 f7400000

    r4 64eb610c  r5 6432fa84  r6 643290e0  r7 00004879

    r8 408fddc0  r9 00004879  sl 6432fa70  fp 4215cf80

    ip 00000079  sp 7adccbc0 lr 408ffc04  pc deadf00c  cpsr 200d0030

    d0  0000000000000000  d1  0000000000000000

    d2  0000000000000000  d3  0000000000000000

    d4  0000000043070000  d5  4366000043670000

    d6  0000000000000000  d7  000000003f800000

    d8  0000000000000000  d9  0000000000000000

    d10 0000000000000000  d11 0000000000000000

    d12 0000000000000000  d13 0000000000000000

    d14 0000000000000000  d15 0000000000000000

    d16 3ff0000000000000  d17 0000000000000218

    d18 00000000014c85f0  d19 3f80000000000000

    d20 0000000100000001  d21 bf66c0c55ca9076a

    d22 bfb1be5a93a83e1d  d23 000000000000000f

    d24 3f62cda65e663694  d25 bf62cda764a98eab

    d26 bfbaf8e8210a415c  d27 4000000000000000

    d28 40008df2d49d41f1  d29 3fb0f4a31edab38b

    d30 3ff0000000000000  d31 3f4de16b9c24a98f

    scr 60000010

backtrace:

    #00  pc deadf00c  <unknown>

    #01  pc 0001fc00  /system/lib/libdvm.so

    #02  pc 0002b5ec  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)

    #03  pc 0005ff21  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+292)

    #04  pc 0004cc31  /system/lib/libdvm.so

    #05  pc 00040825  /system/lib/libdvm.so

    #06  pc 0006a417  /system/lib/libandroid_runtime.so

    #07  pc 0006e923  /system/lib/libandroid_runtime.so

    #08  pc 00017f1d  /system/lib/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+60)

    #09  pc 0001b8e5  /system/lib/libbinder.so (android::IPCThreadState::executeCommand(int)+508)

    #10  pc 0001bcf3  /system/lib/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+182)

    #11  pc 0001fae9  /system/lib/libbinder.so

    #12  pc 00011a8d  /system/lib/libutils.so (android::Thread::_threadLoop(void*)+216)

    #13  pc 0004b631  /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+68)

    #14  pc 00011581  /system/lib/libutils.so

    #15  pc 0000ca78  /system/lib/libc.so (__thread_entry+72)

    #16  pc 0000cbf4  /system/lib/libc.so (pthread_create+208)

---------------------------------------------------------------------------------------------------------------------------------

Here is the more detailed back trace from the core-dump file

(gdb) bt full

#0  0xdeadf00c in ?? ()

No symbol table info available.

#1  0x408ffc04 in dalvik_inst () at dalvik/vm/mterp/out/InterpAsm-armv7-a-neon.S:3374

No locals.

#2  0x4090b5f0 in dvmInterpret (self=0x643290e0, method=0x62ae9998, pResult=0x7adcccb8) at dalvik/vm/interp/Interp.cpp:1956

        savedSubModes = kSubModeNormal

        stdInterp = 0x4090df08 <dvmMterpStd(Thread*)>

        interpSaveState = {pc = 0x0, curFrame = 0x6432ff94, method = 0x0, methodClassDex = 0x0, retval = {z = 0 '\000', b = 0 '\000', c = 0, s = 0, i = 0, j = 0, f = 0, d = 0, l = 0x0}, bailPtr = 0x0,

          unused = 0, prev = 0x0}

        calleeSave = {0, 0, 0, 0, 0, 0, 0, 0}

#3  0x4093ff24 in dvmCallMethodV (self=0x643290e0, method=0x62ae9998, obj=<optimized out>, fromJni=<optimized out>, pResult=0x7adcccb8, args=...) at dalvik/vm/interp/Stack.cpp:526

        desc = <optimized out>

        verifyCount = <optimized out>

        clazz = <optimized out>

        ins = 0x6432ffc4

#4  0x4092cc34 in CallBooleanMethodV (env=0x64c86bf8, jobj=<optimized out>, methodID=0x62ae9998, args=<optimized out>) at dalvik/vm/Jni.cpp:1989

        ts = {mSelf = 0x643290e0}

        obj = 0x41a09ec0

        meth = <optimized out>

        result = {z = 228 '\344', b = -28 '\344', c = 52452, s = -13084, i = 2061290724, j = 7110789741839961316, f = 5.73230492e+35, d = 2.2555309706870072e+167, l = 0x7adccce4}

#5  0x40920826 in Check_CallBooleanMethodV (env=0x64c86bf8, obj=0x1d300256, methodID=0x62ae9998, args=...) at dalvik/vm/CheckJni.cpp:1682

        sc = {mEnv = 0x64c86bf8, mFunctionName = 0x4098414b "CallBooleanMethodV", mFlags = 0, mHasMethod = true, mIndent = 0}

        __FUNCTION__ = "Check_CallBooleanMethodV"

        result = <optimized out>

#6  0x4024f418 in _JNIEnv::CallBooleanMethod (this=<optimized out>, obj=<optimized out>, methodID=0x62ae9998) at libnativehelper/include/nativehelper/jni.h:620

        result = 224 '\340'

        args = {__ap = 0x7adccd2c}

#7  0x40253926 in JavaBBinder::onTransact (this=0x628f5f80, code=37, data=..., reply=0x7adccddc, flags=16) at frameworks/base/core/jni/android_util_Binder.cpp:270

        env = 0x64c86bf8

        thread_state = 0x64a371b0

        strict_policy_before = 2951

        excep = <optimized out>

        strict_policy_after = <optimized out>

        res = <optimized out>

        excep2 = <optimized out>

#8  0x4018ef1e in android::BBinder::transact (this=0x628f5f80, code=37, data=..., reply=0x7adccddc, flags=16) at frameworks/native/libs/binder/Binder.cpp:108

        err = 0

#9  0x401928e6 in android::IPCThreadState::executeCommand (this=0x64a371b0, cmd=<optimized out>) at frameworks/native/libs/binder/IPCThreadState.cpp:1036

        b = {m_ptr = 0x628f5f80}

        error = <optimized out>

        tr = {target = {handle = 1653563296, ptr = 0x628f5fa0}, cookie = 0x628f5f80, code = 37, flags = 16, sender_pid = 21293, sender_euid = 10019, data_size = 84, offsets_size = 4, data = {ptr = {

              buffer = 0x6928220c, offsets = 0x69282260}, buf = "\f\"(i`\"(i"}}

        buffer = {mError = 0, mData = 0x6928220c <Address 0x6928220c out of bounds>, mDataSize = 84, mDataCapacity = 84, mDataPos = 84, mObjects = 0x69282260, mObjectsSize = 1, mObjectsCapacity = 1,

          mNextObjectHint = 1, mFdsKnown = true, mHasFds = false, mAllowFds = true,

---Type <return> to continue, or q <return> to quit---

          mOwner = 0x401923e1 <android::IPCThreadState::freeBuffer(android::Parcel*, unsigned char const*, unsigned int, unsigned int const*, unsigned int, void*)>, mOwnerCookie = 0x64a371b0}

        origUid = 1000

        origPid = 2608

        curPrio = <optimized out>

        reply = {mError = 0, mData = 0x0, mDataSize = 0, mDataCapacity = 0, mDataPos = 0, mObjects = 0x0, mObjectsSize = 0, mObjectsCapacity = 0, mNextObjectHint = 0, mFdsKnown = true, mHasFds = false,

          mAllowFds = true, mOwner = 0, mOwnerCookie = 0x6569d7e8}

        obj = <optimized out>

        refs = <optimized out>

        result = <optimized out>

#10 0x40192cf6 in android::IPCThreadState::joinThreadPool (this=0x64a371b0, isMain=<optimized out>) at frameworks/native/libs/binder/IPCThreadState.cpp:468

        IN = <optimized out>

        cmd = <optimized out>

        result = 0

#11 0x40196aec in android::PoolThread::threadLoop (this=0x7b3fe808) at frameworks/native/libs/binder/ProcessState.cpp:67

No locals.

#12 0x4014aa8e in android::Thread::_threadLoop (user=0x7b3fe808) at frameworks/native/libs/utils/Threads.cpp:797

        result = <optimized out>

        self = 0x7b3fe808

        strong = {m_ptr = 0x7b3fe808}

        weak = {m_ptr = 0x7b3fe808, m_refs = 0x41608458}

#13 0x40230632 in android::AndroidRuntime::javaThreadShell (args=<optimized out>) at frameworks/base/core/jni/AndroidRuntime.cpp:995

        env = 0x64c86bf8

        start = 0x4014a9b5

        userData = 0x7b3fe808

        name = 0x65cea790 "Binder_C"

        result = <optimized out>

#14 0x4014a582 in thread_data_t::trampoline (t=<optimized out>) at frameworks/native/libs/utils/Threads.cpp:115

        f = 0x402305ed <android::AndroidRuntime::javaThreadShell(void*)>

        u = 0x6569d6d8

        prio = 0

        name = 0x6569d778 "Binder_D"

#15 0x400c1a7c in __thread_entry (func=0x4014a529 <thread_data_t::trampoline(thread_data_t const*)>, arg=0x65d3b168, tls=0x7adccf00) at bionic/libc/bionic/pthread_create.cpp:92

        start_mutex = 0x7adccf00

        thread = 0x6569d7e8

#16 0x400c1bf8 in pthread_create (thread_out=0x7acccd04, attr=<optimized out>, start_routine=0x78, arg=0x65d3b168) at bionic/libc/bionic/pthread_create.cpp:201

        thread = 0x6569d7e8

        stack_size = 1048576

        tls = 0x7adccf00

        flags = 331520

        tid = <optimized out>

        errno_restorer = {saved_errno_ = 0}

        start_mutex = 0x7adccf00

        start_locker = {mu_ = 0x7adccf00}

        init_errno = <optimized out>

Original Attachment has been moved to: tombstone_01.zip

Original Attachment has been moved to: libdvm.asm.zip

Original Attachment has been moved to: call_stack.txt.zip