0

I have native sources compiling with Android NDK tool chain. This shared library is loaded by the mediaserver process running on the android device. Usually when any of the user space process crashes, the debugger daemon in android takes the stack trace of the crashing process and print it in logcat messages. But sometimes, I see mediaserver process crashes, with no stack traces in the logcat logs, but the kernel logs print out the stack trace saying there is a page fault in the mediaserver process. It prints out PC, LR and other registers. So how do I decode this info to locate the address in faulty code?

Here is a sample trace:

<7>[  198.755417] mediaserver: unhandled page fault (11) at 0x7b969000, code 0x817
<1>[  198.755424] pgd = e005c000
<1>[  198.757092] [7b969000] *pgd=25865831, *pte=00000000, *ppte=00000000
<4>[  198.764864] Pid: 1957, comm:          mediaserver
<4>[  198.769647] CPU: 2    Tainted: G        W     (3.4.0-gf77558a-00009-gb024756 #2)
<4>[  198.777010] PC is at 0x40082728
<4>[  198.780007] LR is at 0x408
<4>[  198.782702] pc : [<40082728>]    lr : [<00000408>]    psr: 20000010
<4>[  198.782703] sp : 75393dd0  ip : 00001ba0  fp : 00000002
<4>[  198.794310] r10: 483463c0  r9 : 00000000  r8 : 00001200
<4>[  198.799373] r7 : 6afdf950  r6 : 6aff0db8  r5 : 412ef814  r4 : 7b68c008
<4>[  198.806293] r3 : ff1b1517  r2 : 0034bc00  r1 : 48346000  r0 : 7b968fe8
<4>[  198.812546] Flags: nzCv  IRQs on  FIQs on  Mode USER_32  ISA ARM  Segment user
<4>[  198.819848] Control: 10c5787d  Table: 2805c06a  DAC: 00000015
<4>[  198.825432] 
<4>[  198.825433] R3: 0xff1b1497:
<4>[  198.829572] 1494  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.837734] 14b4  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.845893] 14d4  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.854070] 14f4  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.862211] 1514  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.870371] 1534  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.878532] 1554  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.886693] 1574  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.894851] 1594  ******** ******** ******** ******** ******** ******** ******** ********
<4>[  198.903028] [<c0013da4>] (unwind_backtrace+0x0/0x11c) from [<c0019980>] (__do_user_fault+0x110/0x15c)
<4>[  198.912347] [<c0019980>] (__do_user_fault+0x110/0x15c) from [<c0786384>] (do_page_fault+0x380/0x3d0)
<4>[  198.921358] [<c0786384>] (do_page_fault+0x380/0x3d0) from [<c0008514>] (do_DataAbort+0x134/0x1a8)
<4>[  198.930251] [<c0008514>] (do_DataAbort+0x134/0x1a8) from [<c0784bb4>] (__dabt_usr+0x34/0x40)
<4>[  198.938631] Exception stack(0xddd8bfb0 to 0xddd8bff8)
<4>[  198.943658] bfa0:                                     7b968fe8 48346000 0034bc00 
ff1b1517
<4>[  198.951801] bfc0: 7b68c008 412ef814 6aff0db8 6afdf950 00001200 00000000 483463c0 00000002
<4>[  198.960035] bfe0: 00001ba0 75393dd0 00000408 40082728 20000010 ffffffff
sandrstar
  • 12,503
  • 8
  • 58
  • 65
Kinjal
  • 21
  • 5
  • `PC` - program counter. But, it's going to be different for every run. How will it help? – Simon Sep 12 '13 at 19:09
  • 1
    That's going to be tough. Without /proc//maps you don't even know what library is mapped at the PC address -- because of ASLR it can be different every time you run the app. If you can work that out you can try addr2line (see http://stackoverflow.com/questions/2314273/get-function-names-from-call-stack/2480465#2480465). – fadden Sep 12 '13 at 20:15
  • One could (at least during development) save the maps file in advance on the chance that the process might crash. The adb shell user cannot (any longer?) access the maps file for mediaserver on a secured device, but it sounds from the question intro that the poster is running a custom build or has somehow convinced mediaserver to load their custom library, so presumably they have the necessary access (amongst other things, the library could write out a copy of the maps file before it does anything else). – Chris Stratton Sep 12 '13 at 21:14
  • Yes I do have my custom android build. The problem is I don't control over all the devices that may run this code, so I don't really have maps for each of the runs. I am not sure why debuggerd doesn't catch this exception. Is there a way in android to prelink the shared lib symbols to a given address range? – Kinjal Sep 14 '13 at 03:00

0 Answers0