I followed the pjsip 'get started' document and built the pjsip libs for android 9 successfully. But when I use it in my android project (though JNI calls), it usually crash when I register user to sip sever or make calls out.I create pjsua modules in the main thread with APIs such as pjsua_create and pjsua_init, then I call pjsua_acc_add or pjsua_call_make_call in another thread, it usually crash.However, the point it crashed on is quite random.Besides, some times it doesn't crash, but it failed on pjsip_resolve function.It make sip message destination IP and port information, something like '192.168.0.1:5060', to a string without IP information, something like ':5060'.And I have made pj thread check yet, so it doesn't crash for that.Anybody met this problem yet? I had searched out through google and trac.pjsip.org, but can't get any useful information.
Any help will be very appreciated!
********** Crash dump: **********
Build fingerprint: 'Xiaomi/aries/aries:4.1.1/JRO03L/JLB22.0:user/release-keys'
pid: 3927, tid: 4082, name: Thread-1052 >>> com.ailiao.vp <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000017
Stack frame #00 pc 0013c124 /data/data/com.ailiao.vp/lib/libsua.so: Routine ioqueue_on_accept_complete in ../src/pj/activesock.c:916
Stack frame #01 pc 0013c3e4 /data/data/com.ailiao.vp/lib/libsua.so (pj_hash_get_lower+76): Routine pj_array_erase in ../src/pj/array.c:46
Crash dump is completed
********** Crash dump: **********
Build fingerprint: 'Xiaomi/aries/aries:4.1.1/JRO03L/JLB22.0:user/release-keys'
pid: 4387, tid: 4415, name: Thread-1051 >>> com.ailiao.vp <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000f09
Stack frame #00 pc 0013c124/data/data/com.ailiao.vp/lib/libsua.so: Routine ioqueue_on_accept_complete in ../src/pj/activesock.c:916
Stack frame #01 pc 0013c3e4 /data/data/com.ailiao.vp/lib/libsua.so (pj_hash_get_lower+76): Routine pj_array_erase in ../src/pj/array.c:46
Crash dump is completed
********** Crash dump: **********
Build fingerprint: 'Xiaomi/aries/aries:4.1.1/JRO03L/JLB22.0:user/release-keys'
pid: 4532, tid: 4613, name: Thread-1060 >>> com.ailiao.vp <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000038
Stack frame #00 pc 0013c124 /data/data/com.ailiao.vp/lib/libsua.so: Routine ioqueue_on_accept_complete in ../src/pj/activesock.c:916
Stack frame #01 pc 0013c468 /data/data/com.ailiao.vp/lib/libsua.so: Routine pj_array_find in ../src/pj/array.c:60
Crash dump is completed
********** Crash dump: **********
Build fingerprint: 'Xiaomi/aries/aries:4.1.1/JRO03L/JLB22.0:user/release-keys'
pid: 6317, tid: 6572, name: Thread-1115 >>> com.ailiao.vp <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr e92d4808
Stack frame #00 pc 0013f484 /data/data/com.ailiao.vp/lib/libsua.so: Routine pj_list_insert_nodes_before in ../include/pj/list_i.h:54
Stack frame #01 pc 0013f744 /data/data/com.ailiao.vp/lib/libsua.so (pj_hash_get_lower+76): Routine pj_list_init in ../include/pj/list.h:90
Stack frame #02 pc 0008e80c /data/data/com.ailiao.vp/lib/libsua.so (pjsip_ua_register_dlg+360): Routine pjsip_ua_destroy in ../src/pjsip/sip_ua_layer.c:230
Stack frame #03 pc 0008934c /data/data/com.ailiao.vp/lib/libsua.so (pjsip_dlg_create_uac+1880): Routine pjsip_dlg_create_uac in ../src/pjsip/sip_dialog.c:240
Stack frame #04 pc 00032f50 /data/data/com.ailiao.vp/lib/libsua.so (pjsua_call_make_call+1152): Routine on_make_call_med_tp_complete in ../src/pjsua-lib/pjsua_call.c:459
Stack frame #05 pc 00026038 /data/data/com.ailiao.vp/lib/libsua.so (Java_sua_Pjsua_makeCall+728): Routine Java_sua_Pjsua_InnerInit in jni/../src/pjsuawrapper.cc:767
Stack frame #06 pc 0001fb70 /system/lib/libdvm.so (dvmPlatformInvoke+112)
Stack frame #07 pc 0004e8b9 /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+360)
Stack frame #08 pc 00050603 /system/lib/libdvm.so (dvmResolveNativeMethod(unsigned int const*, JValue*, Method const*, Thread*)+174)
Stack frame #09 pc 00029020 /system/lib/libdvm.so
Stack frame #10 pc 0002d7e8 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+180)
Stack frame #11 pc 0005fed5 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
Stack frame #12 pc 0005feff /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
Stack frame #13 pc 00055327 /system/lib/libdvm.so
Stack frame #14 pc 00012e70 /system/lib/libc.so (__thread_entry+48)
Stack frame #15 pc 000125c8 /system/lib/libc.so (pthread_create+172)
Stack frame #16 pc ffffffff <unknown>: Unable to open symbol file obj\local\armeabi-v7a/<unknown>. Error (123): Unknown error
Crash dump is completed
********** Crash dump: **********
Build fingerprint: 'Xiaomi/aries/aries:4.1.1/JRO03L/JLB22.0:user/release-keys'
pid: 7766, tid: 8023, name: Thread-1123 >>> com.ailiao.vp <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 20e7a813
Stack frame #00 pc 00014682 /system/lib/libc.so (dlmalloc+1589)
Stack frame #01 pc 00016fef /system/lib/libc.so (malloc+10)
Stack frame #02 pc 0014a728 /data/data/com.ailiao.vp/lib/libsua.so: Routine default_block_alloc in ../src/pj/pool_policy_malloc.c:46
Build with NDK_DEBUG=1 and you will get a more verbose stack trace. For me, the crash is coming from:
: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I: Build fingerprint: 'asus/WW_Z00T/ASUS_Z00T:5.0.2/LRX22G/WW_user_1.17.40.1234_20160304:user/release-keys'
I: Revision: '0'
I: ABI: 'arm64'
I: pid: 5618, tid: 5924, name: OutgoingCall-si >>> com.siptest.android <<<
I: signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
I: Abort message: '../src/pjsip/sip_ua_layer.c:290: pjsip_ua_register_dlg: assertion "dlg->local.info && dlg->local.info->tag.slen && dlg->local.tag_hval != 0" failed'
I: x0 0000000000000000 x1 0000000000001724 x2 0000000000000006 x3 000000558de365b0
I: x4 000000558de365b0 x5 0000000000000005 x6 0000000000000001 x7 0000000000000020
I: x8 0000000000000083 x9 fefefefeff63646b x10 7f7f7f7f7f7f7f7f x11 0000000000000001
I: x12 0000000000000001 x13 0000000000000000 x14 0000000000000000 x15 002dee82e7a00ada
I: x16 0000007f7d43e483 x17 0000000000000001 x18 0000000000000000 x19 000000558de365b0
I: x20 0000007f7d43fbb0 x21 0000007fa017a000 x22 0000000000000058 x23 0000000000000006
I: x24 00000000130e4360 x25 00000000130785a0 x26 000000558dd88930 x27 00000000130e4a20
I: x28 00000000130785a0 x29 0000007f7d43e720 x30 0000007fa00f48bc
I: sp 0000007f7d43e720 pc 0000007fa0139de8 pstate 0000000060000000
I: #00 pc 000000000005ede8 /system/lib64/libc.so (tgkill+8)
I: #01 pc 00000000000198b8 /system/lib64/libc.so (pthread_kill+160)
I: #02 pc 000000000001ae18 /system/lib64/libc.so (raise+28)
I: #03 pc 000000000001467c /system/lib64/libc.so (abort+60)
I: #04 pc 0000000000016ca8 /system/lib64/libc.so (__libc_fatal+128)
I: #05 pc 0000000000014754 /system/lib64/libc.so (__assert2+40)
I: #06 pc 00000000001d5ddc /data/app/com.siptest.android-2/lib/arm64/libpjsua2.so (pjsip_ua_register_dlg+248)
I: #07 pc 00000000001d1588 /data/app/com.siptest.android-2/lib/arm64/libpjsua2.so (pjsip_dlg_create_uac+1688)
I: #08 pc 00000000001634a8 /data/app/com.siptest.android-2/lib/arm64/libpjsua2.so (pjsua_call_make_call+1088)
I: #09 pc 0000000000145ce0 /data/app/com.siptest.android-2/lib/arm64/libpjsua2.so (pj::Call::makeCall(std::string const&, pj::CallOpParam const&)+168)
I: #10 pc 00000000000fd1f8 /data/app/com.siptest.android-2/lib/arm64/libpjsua2.so (Java_org_pjsip_pjsua2_pjsua2JNI_Call_1makeCall+256)
I: #11 pc 000000000075b9d4 /data/dalvik-cache/arm64/data#app#com.siptest.android-2#base.apk#classes.dex
W: RecordThread: buffer overflow
Which seems to indicate a problem with the registration credentials. I dug into the C source, and discovered one of the following fields is NULL sip_dialog.c:
/*
* Create an UAC dialog.
*/
PJ_DEF(pj_status_t) pjsip_dlg_create_uac( pjsip_user_agent *ua,
const pj_str_t *local_uri,
const pj_str_t *local_contact,
const pj_str_t *remote_uri,
const pj_str_t *target,
pjsip_dialog **p_dlg)
{
pj_status_t status;
pj_str_t tmp;
pjsip_dialog *dlg;
/* Check arguments. */
PJ_ASSERT_RETURN(ua && local_uri && remote_uri && p_dlg, PJ_EINVAL);
I've also read other users complain that multi-threading on Android has issues. Be sure you attach the JVM before making pjsip library calls. Maybe try:
ua_cfg.setThreadCnt(1);
ua_cfg.setMainThreadOnly(true);
And then you will have to pass that thread any action. Alternatively, you can enable multiple threads and then attach like this:
static boolean attachJVM()
{
// ensure after possibly sleeping on take()
final Endpoint ep = endpoint();
try { if (!ep.libIsThreadRegistered()) ep.libRegisterThread(Thread.currentThread().getName()); return true; }
catch (Exception e) { log().e(e); return false; }
}
I realize I'm making calls to my own utilities there, but I think it's pretty self-descriptive (i.e. log() is a log file and endpoint() returns the instance of Endpoing you built at init).
I had some issues with this library for a long time - it crashes.
After some investigations on nicely caught error log I have found a common reason for most of the library crashes.
See my answer and comments here (not sure if copy-paste is allowed here):
https://stackoverflow.com/a/46111654/6248423
Related
We're trying to update unity from version 2019 to 2021.
After update android application randomly crashes. Session time from 3 minutes till 40.
Also, there no steps to repo.
Tried to disable all SDKs, update to 2020 and 2022, change stripping code, change compilation from il2cpp to mono and lof of other variants but without any results.
It would be great to hear any ideas. Thx!
2022-11-22 17:46:35.813 6299-6411/com.***.*** E/AndroidRuntime: FATAL EXCEPTION: UnityMain
Process: com.***.***, PID: 6299
java.lang.Error: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Version '2021.3.13f1 (9e7d58001ecf)', Build type 'Development', Scripting Backend 'mono', CPU 'armeabi-v7a'
Build fingerprint: 'samsung/m32xx/m32:12/SP1A.210812.016/M325FVXXS4BVJ1:user/release-keys'
Revision: '3'
ABI: 'arm'
Timestamp: 2022-11-22 17:46:34+0200
pid: 6299, tid: 6411, name: UnityMain >>> com.***.*** <<<
uid: 10762
signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x97
r0 0000008b r1 00000097 r2 a6045de0 r3 00000002
r4 0000008b r5 00000000 r6 c4447440 r7 c23cf264
r8 00000002 r9 a6045de0 r10 c23cf2a8 r11 00000000
ip bfc4f380 sp c60d7870 lr c6b6c093 pc c6b70ba8
backtrace:
#00 pc 0032fba8 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (EventManager::InvokeEventCommon(EventManager*, EventEntry*, void*, int)+26) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#01 pc 0032b08f /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (delete_object_internal_step1(Object*)+26) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#02 pc 0032ac1d /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (delete_object_internal(Object*)+8) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#03 pc 005fba11 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (DestroyObjectHighLevel(Object*, bool)+28) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#04 pc 0058b211 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (BackgroundJobQueue::ExecuteMainThreadJobs()+24) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#05 pc 005ff843 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (InitPlayerLoopCallbacks()::EarlyUpdateExecuteMainThreadJobsRegistrator::Forward()+30) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#06 pc 00600c41 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (ExecutePlayerLoop(NativePlayerLoopSystem*)+66) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#07 pc 00600c81 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (ExecutePlayerLoop(NativePlayerLoopSystem*)+130) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#08 pc 00600e41 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (PlayerLoop()+224) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#09 pc 009a53f9 /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (UnityPlayerLoop()+576) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#10 pc 009cdd9d /data/app/~~-yOypRKW_zJrZZDfaDURbQ==/com.***.***-zHyjP_HS-QJKpSjVK2hWuQ==/lib/arm/libunity.so (nativeRender(_JNIEnv*, _jobject*)+40) (BuildId: 60691ac925aaa903ed9fa2d3edd0b108518d4dbd)
#11 pc 003af19d /apex/com.android.art/lib/libart.so (art_quick_alloc_string_from_bytes_region_tlab_instrumented+44) (BuildId: 8a3405190074d955145af6042a9f3658)
at libunity.EventManager::InvokeEventCommon(EventManager*, EventEntry*, void*, int)(InvokeEventCommon:26)
at libunity.delete_object_internal_step1(Object*)(delete_object_internal_step1:26)
at libunity.delete_object_internal(Object*)(delete_object_internal:8)
at libunity.DestroyObjectHighLevel(Object*, bool)(DestroyObjectHighLevel:28)
at libunity.BackgroundJobQueue::ExecuteMainThreadJobs()(ExecuteMainThreadJobs:24)
2022-11-22 17:46:35.814 6299-6411/com.***.*** E/AndroidRuntime: at libunity.InitPlayerLoopCallbacks()::EarlyUpdateExecuteMainThreadJobsRegistrator::Forward()(InitPlayerLoopCallbacks:30)
at libunity.ExecutePlayerLoop(NativePlayerLoopSystem*)(ExecutePlayerLoop:66)
at libunity.ExecutePlayerLoop(NativePlayerLoopSystem*)(ExecutePlayerLoop:130)
at libunity.PlayerLoop()(PlayerLoop:224)
at libunity.UnityPlayerLoop()(UnityPlayerLoop:576)
at libunity.nativeRender(_JNIEnv*, _jobject*)(nativeRender:40)
at libart.art_quick_alloc_string_from_bytes_region_tlab_instrumented(art_quick_alloc_string_from_bytes_region_tlab_instrumented:44)
We face this issue also but on lower update: from 2021.3.9 to 2021.3.12. It was affecting 20% of our users on production.
According to logs, it is related to scene loading.
So looks like this issue started to appear somewhere after 2021.3.9.
Rolling back to this .9 version solved it for us.
Hi friends I uploaded my app to GooglePlay Console for internal testing, I got this strange report for a low-level device :( that app crashed, can you please help me with this issue to understand exactly what is wrong :( thanks in advance!
Error
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'generic/gce_x86_phone/gce_x86:9/PGR1.190916.001/5877764:userdebug/test-keys'
Revision: '0'
ABI: 'x86'
pid: 6928, tid: 8107, name: 1.raster >>> com.rainpixels.unipeople <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'vendor/unbundled_google/libs/ndk_translation/ndk_translation/ir/include/ndk_translation/ir/ir.h:685: CHECK failed: IsAligned(offset, GetFormatSize(format))'
eax 00000000 ebx 00001b10 ecx 00001fab edx 00000006
edi 00001b10 esi cbd86b5c
ebp cbd86b28 esp cbd86ab8 eip f6819be9
backtrace:
#00 pc 00000be9 [vdso:f6819000] (__kernel_vsyscall+9)
#01 pc 0001fdf8 /system/lib/libc.so (syscall+40)
#02 pc 00022e73 /system/lib/libc.so (abort+115)
#03 pc 00006c84 /system/lib/liblog.so (__android_log_assert+292)
#04 pc 0009f2b4 /system/lib/libndk_translation.so (ndk_translation::GetInsn::GetInsn(ndk_translation::IR*, ndk_translation::Format, unsigned int)+276)
#05 pc 0009f100 /system/lib/libndk_translation.so (ndk_translation::IRBuilder::Get(ndk_translation::Format, unsigned int)+144)
#06 pc 0009dd2e /system/lib/libndk_translation.so (ndk_translation::(anonymous namespace)::InsnBuilder::Get(ndk_translation::Format, unsigned int)+46)
#07 pc 000d0b4b /system/lib/libndk_translation.so (ndk_translation::SemanticsDecoder::VTBL(ndk_translation::VTBL_Args const&)+363)
#08 pc 00100568 /system/lib/libndk_translation.so (ndk_translation::ArmDecoder::TranslateThumbInsn(unsigned short const*)+86104)
#09 pc 0009c2b6 /system/lib/libndk_translation.so (ndk_translation::(anonymous namespace)::GenerateIRHelper(ndk_translation::CompilerHooks*, unsigned int, unsigned int, ndk_translation::IR*)+1142)
#10 pc 0009be1f /system/lib/libndk_translation.so (ndk_translation::GenerateIR(ndk_translation::CompilerHooks*, unsigned int, ndk_translation::IR*, unsigned int*)+47)
#11 pc 0009bbdf /system/lib/libndk_translation.so (ndk_translation::Compile(ndk_translation::CompilerHooks*, unsigned int, ndk_translation::GuestCodeEntry*, unsigned int*, ndk_translation::MachineCode*)+143)
#12 pc 0007a0da /system/lib/libndk_translation.so (ndk_translation::(anonymous namespace)::Translate(ndk_translation::TranslationCache*, unsigned int, ndk_translation::GuestCodeEntry*)+378)
#13 pc 00079f1c /system/lib/libndk_translation.so (ndk_translation_HandleNotTranslated+300)
#14 pc 0018db57 /system/lib/libndk_translation.so
Thanks!
#DorinBuraca I think that you are trying to run the app on an unsupported api level.
You should follow this step to check:
Try running that same functionality in other higher api device, if it works on a device with higher api level(preferably > 26) then your app's minimum sdk version is wrong. You are using a functionality which is not supported on such lower api levels.
For eg: If you try to use speech to text on api level lower than 21 then it will throw an error.
What could be a possible cause that a SIGSEGV reported in tombstone.log has no "fault addr"?
This is what was reported by the tombstone (and the fault addr is simply --------),
signal 11 (SIGSEGV), code 0 (SI_USER from pid 4956, uid 0), fault addr --------
rax fffffffffffffffc rbx 000075d08fa0d2e0 rcx 000075d0901f98ca rdx 0000000000000010
r8 0000000000000000 r9 0000000000000008 r10 00000000ffffffff r11 0000000000000246
r12 00000000ffffffff r13 000075d08fa23000 r14 000075d08fa230a8 r15 7fffffffffffffff
rdi 0000000000000005 rsi 00007ffd21eddb90
rbp 00000000ffffffff rsp 00007ffd21eddb38 rip 000075d0901f98ca
and the backtrace seemed reasonable (not a stack corruption).
backtrace:
#00 pc 00000000000ea8ca /apex/com.android.runtime/lib64/bionic/libc.so (__epoll_pwait+10)
#01 pc 0000000000040bf0 /system/bin/wificond (android::Looper::pollInner(int)+160)
#02 pc 0000000000040aee /system/bin/wificond (android::Looper::pollOnce(int, int*, int*, void**)+126)
#03 pc 000000000003fdd4 /system/bin/wificond (android::wificond::LooperBackedEventLoop::Poll()+36)
#04 pc 000000000001feaf /system/bin/wificond (main+959)
#05 pc 000000000008e4f5 /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+101)
The fault addr is set to ------- by the tombstone (formerly debugd) tool when the si_code in the received siginfo_t is either SI_USER, SI_QUEUE, or SI_TKILL (see [signal_has_si_addr()] in AOSP source).
si_code, according to [man sigaction(2)]. indicates why this signal was sent; and in the following case, the si_code is SI_USER which means the signal is coming from another user process (e.g. kill).
signal 11 (SIGSEGV), code 0 (SI_USER from pid 4956, uid 0), fault addr --------
Im developing an Android application and now I am getting a very strange error I have no idea why it happens.
I also found no similar problem in the internet.
My project is also really big and so with this error message I dont really know which code could cause this, that is why here is no code.
crash log:
pid: 4228, tid: 4235, name: Jit thread pool >>> com.application.norm <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc0000000018
x0 0000000000000014 x1 0000fbd4a757e530 x2 8000000000000003 x3 0000000000000014
x4 0000fbd4a75e6448 x5 0000000000000009 x6 0000000000000000 x7 0000000000000000
x8 0000000000000127 x9 8a1336e56e6fef71 x10 0000000000000000 x11 0000000000000000
x12 0000000000000000 x13 0000fbd4abe7ac90 x14 ffffffffffffffff x15 0000000000000000
x16 000000000000019e x17 00000000000001a1 x18 0000000000000038 x19 0000fbd4a95fe960
x20 00000c0000000000 x21 0000fbd4abe86678 x22 0000000000000014 x23 0000fbd4abe77bd0
x24 0000000000000128 x25 0000fbd4a9fc0828 x26 0000000000000126 x27 0000fbd4abe77bb0
x28 0000000000000000 x29 0000fbd4a95fe880
sp 0000fbd4a95fe800 lr 0000fbd4a9ef7090 pc 0000fbd4a9ef70c0
backtrace:
#00 pc 00000000002130c0 /system/lib64/libart-compiler.so (art::RegisterAllocationResolver::ConnectSiblings(art::LiveInterval*)+608)
#01 pc 000000000016cd64 /system/lib64/libart-compiler.so (art::RegisterAllocationResolver::Resolve(art::ArrayRef<art::HInstruction* const>, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, art::ArrayRef<art::LiveInterval* const>)+884)
#02 pc 000000000021490c /system/lib64/libart-compiler.so (art::RegisterAllocatorLinearScan::AllocateRegisters()+140)
#03 pc 0000000000209d90 /system/lib64/libart-compiler.so (art::AllocateRegisters(art::HGraph*, art::CodeGenerator*, art::PassObserver*, art::RegisterAllocator::Strategy, art::OptimizingCompilerStats*)+640)
#04 pc 0000000000209558 /system/lib64/libart-compiler.so (art::OptimizingCompiler::TryCompile(art::ArenaAllocator*, art::ArenaStack*, art::CodeVectorAllocator*, art::DexCompilationUnit const&, art::ArtMethod*, bool, art::VariableSizedHandleScope*) const+2120)
#05 pc 00000000001681fc /system/lib64/libart-compiler.so (art::OptimizingCompiler::JitCompile(art::Thread*, art::jit::JitCodeCache*, art::ArtMethod*, bool, art::jit::JitLogger*)+820)
#06 pc 000000000010d60c /system/lib64/libart-compiler.so (art::jit::JitCompiler::CompileMethod(art::Thread*, art::ArtMethod*, bool)+204)
#07 pc 0000000000309fcc /system/lib64/libart.so (art::jit::Jit::CompileMethod(art::ArtMethod*, art::Thread*, bool)+620)
#08 pc 000000000030c694 /system/lib64/libart.so (art::jit::JitCompileTask::Run(art::Thread*)+644)
#09 pc 00000000004b0bb8 /system/lib64/libart.so (art::ThreadPoolWorker::Run()+88)
#10 pc 00000000004b068c /system/lib64/libart.so (art::ThreadPoolWorker::Callback(void*)+148)
#11 pc 0000000000083114 /system/lib64/libc.so (__pthread_start(void*)+36)
#12 pc 00000000000233bc /system/lib64/libc.so (__start_thread+68)
Every time this crash occurs, The following information will be included in the dmesg information
Line 780: [ 7.247798] EXT4-fs (mmcblk0p12): 1 orphan inode deleted
Line 781: [ 7.253968] EXT4-fs (mmcblk0p12): recovery complete
Line 782: [ 7.266940] EXT4-fs (mmcblk0p12): mounted filesystem with ordered data mode. Opts: errors=remount-ro,nomblk_io_submit
Line 819: [ 7.826534] EXT4-fs (mmcblk0p12): Ignoring removed nomblk_io_submit option
I don't know if this exception message is related to this crash。
if you know, please help me,
thanks a lot
In my case (quite a large Qt-based project) this was caused by an attempt to use a dangling pointer to an instance of QObject derived class.
we recently launched our app and upgrade actually from previous version..
and suddenly we started to see this error in a ton of devices ..we have no clue whats happening and the logs are very vague ..
Attaching the logs here .But any help or some clue might help us debug the issue .
Build fingerprint: 'Verizon/zeroltevzw/zeroltevzw:5.1.1/LMY47X/G925VVRU4BOK7:user/release-keys'
Revision: '10'
ABI: 'arm64'
pid: 31610, tid: 31610, name: st.mediamanager >>> <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'sart/runtime/indirect_reference_table.cc:98] JNI ERROR (app bug): local reference table overflow (max=512)'
x0 0000000000000000 x1 0000000000007b7a x2 0000000000000006 x3 0000007fa219fe30
x4 0000007fa219fe30 x5 0000000000000005 x6 0000000000000001 x7 0000000000000020
x8 0000000000000083 x9 00000000000000ca x10 0000007fa1f2a000 x11 0000000000000001
x12 0000000000000001 x13 0000007fa1f2a000 x14 c4aa4c0daad90e20 x15 0000007f92002a31
x16 0000007fa1f2a610 x17 0000007fa1eca174 x18 0000000000000000 x19 0000007fa219fe30
x20 0000007fa21a00e8 x21 0000007fa1f30000 x22 0000000000000001 x23 0000000000000006
x24 0000007fee90e2d0 x25 0000007f9e0a6000 x26 0000007fee90e2c8 x27 0000007f9dffd520
x28 0000007f9e0a6000 x29 0000007fee90e150 x30 0000007fa1e8c264
sp 0000007fee90e150 pc 0000007fa1eca17c pstate 0000000060000000
backtrace:
#00 pc 000000000005e17c /system/lib64/libc.so (tgkill+8)
#01 pc 0000000000020260 /system/lib64/libc.so (pthread_kill+160)
#02 pc 0000000000021794 /system/lib64/libc.so (raise+28)
#03 pc 000000000001b17c /system/lib64/libc.so (abort+60)
#04 pc 0000000000310534 /system/lib64/libart.so (art::Runtime::Abort()+300)
#05 pc 00000000000d5378 /system/lib64/libart.so (art::LogMessage::~LogMessage()+2684)
#06 pc 00000000001e7ff0 /system/lib64/libart.so (art::IndirectReferenceTable::Add(unsigned int, art::mirror::Object*)+416)
#07 pc 00000000002e28cc /system/lib64/libart.so (art::VMClassLoader_findLoadedClass(_JNIEnv*, _jclass*, _jobject*, _jstring*)+248)
#08 pc 000000000002a5dc /system/framework/arm64/boot.oat
Build fingerprint: 'Verizon/trltevzw/trltevzw:5.1.1/LMY47X/N910VVRU2BPA1:user/release-keys'
Revision: '12'
ABI: 'arm'
pid: 481, tid: 481, name: st.mediamanager >>> <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'sart/runtime/indirect_reference_table.cc:109] JNI ERROR (app bug): local reference table overflow (max=512)'
r0 00000000 r1 000001e1 r2 00000006 r3 00000000
r4 b6fc3e38 r5 00000006 r6 00000016 r7 0000010c
r8 00000000 r9 b486f550 sl b4827800 fp 00000475
ip 000001e1 sp bebbaaf8 lr b6e22715 pc b6e46854 cpsr 60070010
backtrace:
#00 pc 00038854 /system/lib/libc.so (tgkill+12)
#01 pc 00014711 /system/lib/libc.so (pthread_kill+52)
#02 pc 0001532f /system/lib/libc.so (raise+10)
#03 pc 00011bc9 /system/lib/libc.so (__libc_android_abort+36)
#04 pc 0001003c /system/lib/libc.so (abort+4)
#05 pc 00230cd1 /system/lib/libart.so (art::Runtime::Abort()+160)
#06 pc 000ac58b /system/lib/libart.so (art::LogMessage::~LogMessage()+1322)
#07 pc 0016996d /system/lib/libart.so (art::IndirectReferenceTable::Add(unsigned int, art::mirror::Object*)+244)
#08 pc 00214f43 /system/lib/libart.so (art::VMClassLoader_findLoadedClass(_JNIEnv*, _jclass*, _jobject*, _jstring*)+162)
#09 pc 0001bd8d /system/framework/arm/boot.oat
Build fingerprint: 'Verizon/zenltevzw/zenltevzw:5.1.1/LMY47X/G928VVRU2AOJ3:user/release-keys'
Revision: '9'
ABI: 'arm64'
pid: 18658, tid: 18658, name: st.mediamanager >>> <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'sart/runtime/indirect_reference_table.cc:109] JNI ERROR (app bug): local reference table overflow (max=512)'
x0 0000000000000000 x1 00000000000048e2 x2 0000000000000006 x3 0000007fa3887e30
x4 0000007fa3887e30 x5 0000000000000005 x6 0000000000000001 x7 0000000000000020
x8 0000000000000083 x9 000000000000005e x10 0000007fa3613000 x11 0000000000000001
x12 0000000000000001 x13 0000007fa3613000 x14 24d3f27831b256ef x15 0000000000000001
x16 0000007fa3613610 x17 0000007fa35b30d4 x18 0000000000000000 x19 0000007fa3887e30
x20 0000007fa38880e8 x21 0000007fa3619000 x22 0000000000000001 x23 0000000000000006
x24 0000007fc7e2cbc0 x25 0000007f9f820d40 x26 0000000000000001 x27 0000007f8c101b60
x28 0000000000000000 x29 0000007fc7e2ca40 x30 0000007fa3575224
sp 0000007fc7e2ca40 pc 0000007fa35b30dc pstate 0000000060000000
backtrace:
#00 pc 000000000005e0dc /system/lib64/libc.so (tgkill+8)
#01 pc 0000000000020220 /system/lib64/libc.so (pthread_kill+160)
#02 pc 0000000000021754 /system/lib64/libc.so (raise+28)
#03 pc 000000000001b13c /system/lib64/libc.so (abort+60)
#04 pc 00000000002ffca4 /system/lib64/libart.so (art::Runtime::Abort()+300)
#05 pc 00000000000d15b8 /system/lib64/libart.so (art::LogMessage::~LogMessage()+2684)
#06 pc 00000000002ad730 /system/lib64/libart.so (art::Monitor::VisitLocks(art::StackVisitor*, void (*)(art::mirror::Object*, void*), void*, bool)+952
#07 pc 0000000000314978 /system/lib64/libart.so (art::StackDumpVisitor::VisitFrame()+568)
#08 pc 000000000030ba08 /system/lib64/libart.so (art::StackVisitor::WalkStack(bool)+308)
#09 pc 0000000000313754 /system/lib64/libart.so (art::Thread::DumpJavaStack(std::__1::basic_ostream<char, std::__1::char_traits<char> >&) const+268)
#10 pc 0000000000313968 /system/lib64/libart.so (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits<char> >&) const+272)
#11 pc 000000000031e8dc /system/lib64/libart.so (art::ThreadList::DumpLocked(std::__1::basic_ostream<char, std::__1::char_traits<char> >&)+100)
#12 pc 00000000002ffd34 /system/lib64/libart.so (art::Runtime::Abort()+444)
#13 pc 00000000000d15b8 /system/lib64/libart.so (art::LogMessage::~LogMessage()+2684)
#14 pc 00000000001d7468 /system/lib64/libart.so (art::IndirectReferenceTable::Add(unsigned int, art::mirror::Object*)+416)
#15 pc 00000000002d2018 /system/lib64/libart.so (art::VMClassLoader_findLoadedClass(_JNIEnv*, _jclass*, _jobject*, _jstring*)+248)
#16 pc 000000000002a5dc /system/framework/arm64/boot.oat
Build fingerprint: 'Verizon/kltevzw/kltevzw:5.0/LRX21T/G900VVRU2BOK3:user/release-keys'
Revision: '14'
ABI: 'arm'
pid: 32148, tid: 32148, name: st.mediamanager >>> <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'art/runtime/indirect_reference_table.cc:113] JNI ERROR (app bug): local reference table overflow (max=512)'
r0 00000000 r1 00007d94 r2 00000006 r3 00000000
r4 b6f92114 r5 00000006 r6 00000016 r7 0000010c
r8 00000000 r9 b4e4f520 sl b4e07800 fp 000004ba
ip 00007d94 sp be8a3b38 lr b6f1bfd1 pc b6f40268 cpsr 60070010
backtrace:
#00 pc 00038268 /system/lib/libc.so (tgkill+12)
#01 pc 00013fcd /system/lib/libc.so (pthread_kill+52)
#02 pc 00014beb /system/lib/libc.so (raise+10)
#03 pc 00011531 /system/lib/libc.so (__libc_android_abort+36)
#04 pc 0000fcbc /system/lib/libc.so (abort+4)
#05 pc 0021d5d9 /system/lib/libart.so (art::Runtime::Abort()+160)
#06 pc 000a834b /system/lib/libart.so (art::LogMessage::~LogMessage()+1322)
#07 pc 001574b7 /system/lib/libart.so (art::IndirectReferenceTable::Add(unsigned int, art::mirror::Object*)+346)
#08 pc 002010d5 /system/lib/libart.so (art::VMClassLoader_findLoadedClass(_JNIEnv*, _jclass*, _jobject*, _jstring*)+136)
#09 pc 0001b151 /system/framework/arm/boot.oat
I don't have a full answer, but its too lengthy for a comment so I'll post it as one.
So the error is just what you expect- its a call into native code that causes you to have more than 512 objects shared with native. Usually that happens because of a leak somewhere. And you don't need to be using native code directly to do it- the framework makes a LOT of native calls behind the scenes.
From the stack trace- I see its libart.so, not libdalvik.so. So this is happening on new devices which have switched from the Dalvik VM to Art. The stack trace looks like it was trying to load a class and add a reference to it for some JNI code, but I can't be certain of that. I do know that we've seen class loading bugs at work on Art that didn't exist on dalvik.
If you have any native code at all I'd make sure you were releasing all reference to java memory and classes properly. If you don't- this may be a bug in Art, knowing what the app was doing at the time of the crash would be useful. Is the crash consistent? If so, what are you doing?