I have the same issue right now. Did you find a solution to your problem?
I've posted a question (Crash in /system/lib/libutils.so
(android::Looper::pollOnce(int, int*, int*, void**)) in the *android-ndk*group
that describes more details.
Any help on this would be much appreciated,
Bart
Op dinsdag 25 oktober 2011 21:21:23 UTC+2 schreef Shridhar Basty het
volgende:
>
> Hello,
>
> I'm working on fixing a system_server crash that was found to occur
> randomly. By following the logs and the stack trace, I find a
> situation that appears impossible to occur under normal circumstances.
> The function "pollOnce()" in Looper.cpp is called with its pointer
> arguments set to NULL. A SIGSEGV occurs in the body of the function
> where an attempt is made to access one of the pointers (outFd). The
> function arguments are never modified and checks are in place to
> access pointers only if they are non-NULL. But it seens that this
> pointer has changed and acquired a non-NULL invalid address. An access
> in the subsequent code causes a SIGSEGV. I'm unable to see how outFd
> got modified - unless a child function (pollInner) returned by not
> restoring the registers correctly. From the disassembly, r6 is to hold
> the backup of outFd and we see in the logs it is not null. The other
> two pointer args (held in r8 and r7) seem to be proper (NULL).
>
> I've provided the details below. I'm still trying to find an
> explanation for this problem and will appreciate any suggestions.
>
> Regards,
> Shridhar
>
> LOGS:
> I/DEBUG ( 108): pid: 184, tid: 225 >>> system_server <<<
> I/DEBUG ( 108): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault
> addr 20000000
> I/DEBUG ( 108): r0 fffffffe r1 00000001 r2 6d344489 r3
> 00000000
> I/DEBUG ( 108): r4 00388bf0 r5 ffffffff r6 20000000 r7
> 00000000
> I/DEBUG ( 108): r8 00000000 r9 00000014 10 31359f10 fp
> 2b498a30
> I/DEBUG ( 108): ip 68127cb0 sp 31459b38 lr 6f904a1c pc
> 68121b0a cpsr 60000030
>
> STACK TRACE WITH RELEVANT CODE INLINED:
> #00 pc 00021b0a /system/lib/libutils.so
> android::Looper::pollOnce(int, int*, int*, void**)
> frameworks/base/libs/utils/Looper.cpp:182
>
> 159 int Looper::pollOnce(int timeoutMillis, int* outFd, int*
> outEvents, void** outData) {
> 160 int result = 0;
> 161 for (;;) {
> 162 while (mResponseIndex < mResponses.size()) {
> 163 const Response& response =
> mResponses.itemAt(mResponseIndex++);
> 164 if (! response.request.callback) {
> 165 #if DEBUG_POLL_AND_WAKE
> 166 LOGD("%p ~ pollOnce - returning signalled
> identifier %d: "
> 167 "fd=%d, events=0x%x, data=%p", this,
> 168 response.request.ident,
> response.request.fd,
> 169 response.events,
> response.request.data);
> 170 #endif
> 171 if (outFd != NULL) *outFd =
> response.request.fd;
> 172 if (outEvents != NULL) *outEvents =
> response.events;
> 173 if (outData != NULL) *outData =
> response.request.data;
> 174 return response.request.ident;
> 175 }
> 176 }
> 177
> 178 if (result != 0) {
> 179 #if DEBUG_POLL_AND_WAKE
> 180 LOGD("%p ~ pollOnce - returning result %d", this,
> result);
> 181 #endif
> <HERE> 182 if (outFd != NULL) *outFd = 0;
> 183 if (outEvents != NULL) *outEvents = NULL;
> 184 if (outData != NULL) *outData = NULL;
> 185 return result;
> 186 }
> 187
> 188 result = pollInner(timeoutMillis);
> 189 }
> 190 }
>
> #01 pc 00046b04 /system/lib/libandroid_runtime.so
> android::Looper::pollOnce(int)
> frameworks/base/include/utils/Looper.h:101
>
> 99 int pollOnce(int timeoutMillis, int* outFd, int*
> outEvents,
> void** outData);
> 100 inline int pollOnce(int timeoutMillis) {
> <HERE> 101 return pollOnce(timeoutMillis, NULL, NULL,
> NULL);
> 102 }
>
> #02 pc 00046b0e /system/lib/libandroid_runtime.so
> _ZN7androidL38android_os_MessageQueue_nativePollOnceEP7_JNIEnvP8_jobjectii
> frameworks/base/core/jni/android_os_MessageQueue.cpp:118
>
> 115 static void android_os_MessageQueue_nativePollOnce(JNIEnv*
> env,
> jobject obj,
> 116 jint ptr, jint timeoutMillis) {
> 117 NativeMessageQueue* nativeMessageQueue =
> reinterpret_cast<NativeMessageQueue*>(ptr);
> <HERE> 118 nativeMessageQueue->pollOnce(timeoutMillis);
> 119 }
>
> #03 pc 00011ef4 /system/lib/libdvm.so
> dvmPlatformInvoke
> dalvik/vm/arch/arm/CallEABI.S:243
>
> #04 pc 00043754 /system/lib/libdvm.so
> dvmCallJNIMethod_virtualNoRef
> system/core/include/cutils/atomic-arm.h:25
>
--
--
unsubscribe: [email protected]
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
