0

I'm having android app that heavily uses ffmpeg ported to android. It works pretty well on most devices but crashes on Galaxy Tab 10:

06-20 13:16:36.136      505-561/? D/CrashAnrDetector﹕ Build: samsung/espresso10rfxx/espresso10rf:4.2.2/JDQ39/P5100XXDMJ2:user/release-keys
    Hardware: piranha
    Revision: 9
    Bootloader: unknown
    Radio: unknown
    Kernel: Linux version 3.0.31-1919150 (se.infra@SEP-107) (gcc version 4.4.1 (Sourcery G++ Lite 2010q1-202) ) #1 SMP PREEMPT Fri Oct 18 15:31:19 KST 2013
    *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
    Build fingerprint: 'samsung/espresso10rfxx/espresso10rf:4.2.2/JDQ39/P5100XXDMJ2:user/release-keys'
    Revision: '9'
    pid: 22003, tid: 22003, name: om.company.project  >>> com.company.project <<<
    signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
    r0 00000027  r1 deadbaad  r2 401b5258  r3 00000000
    r4 00000000  r5 bebb936c  r6 00000004  r7 40d63400
    r8 00000000  r9 409d81b0  sl 4000c0d8  fp 00000001
    ip 62675144  sp bebb9368  lr 4018854d  pc 40184be2  cpsr 60000030
    d0  65706d666662696c  d1  732e6e6f656e2d67
    d2  732e30323763692e  d3  2f322d6c6f6f6863
    d4  ff00edc0e4c09680  d5  000c000c000c000c
    d6  03fc0378033000e0  d7  3f8000003f800000
    d8  41c0000000000000  d9  000000a13f000000
    d10 0000000000000000  d11 0000000000000000
    d12 0000000000000000  d13 0000000000000000
    d14 0000000000000000  d15 0000000000000000
    d16 00ffffffffffffff  d17 004c481a004aca6e
    d18 004f4372004dc5c6  d19 00523eca0050c11e
    d20 00f5403e00ef803c  d21 0101404100fb403f
    d22 0000004400000042  d23 0000004700000045
    d24 010d404401074042  d25 0119404701134045
    d26 0000004300000041  d27 0000004600000044
    d28 00f5400000ef8000  d29 0101400000fb4000
    d30 0000000100000001  d31 0000000100000001
    scr 60000010
    backtrace:
    #00  pc 0001abe2  /system/lib/libc.so
    #01  pc 00018208  /system/lib/libc.so (abort+4)
    #02  pc 0066b8e0  /data/app-lib/com.company.project-2/libffmpeg-neon.so
    #03  pc 000032b3  /system/bin/linker
    #04  pc 0000510b  /system/bin/linker
    #05  pc 0004f973  /system/lib/libdvm.so (dvmLoadNativeCode(char const*, Object*, char**)+186)
    #06  pc 0006681d  /system/lib/libdvm.so
    #07  pc 000276e0  /system/lib/libdvm.so
    #08  pc 0002b5c4  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)
    #09  pc 0005fc79  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
    #10  pc 0005fca3  /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
    #11  pc 0006ad49  /system/lib/libdvm.so (dvmInitClass+1036)
    #12  pc 000225dc  /system/lib/libdvm.so (dvmAsmSisterStart+412)
    #13  pc 0002b5c4  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)
    #14  pc 0005ff4f  /system/lib/libdvm.so (dvmInvokeMethod(Object*, Method const*, ArrayObject*, ArrayObject*, ClassObject*, bool)+374)
    #15  pc 00067879  /system/lib/libdvm.so
    #16  pc 000276e0  /system/lib/libdvm.so
    #17  pc 0002b5c4  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)
    #18  pc 0005fc79  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
    #19  pc 00049a43  /system/lib/libdvm.so
    #20  pc 00047f43  /system/lib/libandroid_runtime.so
    #21  pc 000492df  /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, char const*)+390)
    #22  pc 00000db7  /system/bin/app_process
    #23  pc 0001287f  /system/lib/libc.so (__libc_init+38)
    #24  pc 00000ae8  /system/bin/app_process
    stack:
    bebb9328  f930001d
    bebb932c  5f7a1cc8
    bebb9330  4015bcf8  /system/bin/linker
    bebb9334  4015bf40  /system/bin/linker
    bebb9338  4015c4f4
    bebb933c  4015b0ac  /system/bin/linker
    bebb9340  401b2254  /system/lib/libc.so
    bebb9344  401b21b4  /system/lib/libc.so
    bebb9348  00000000
    bebb934c  4018854d  /system/lib/libc.so (_fwalk+32)
    bebb9350  00000001
    bebb9354  bebb936c  [stack]
    bebb9358  00000004
    bebb935c  40d63400  [heap]
    bebb9360  df0027ad
    bebb

Since no app symbols are in output (no my methods in JNI code) how can i understand what's wrong? Is it missing .so lib that should be loaded before loading libffmpeg.so ?

Improve this question

2 Answers 2

Reset to default
1

Look at the address- DEADBAAD. Notice its in english? That means it was set that way purposely (the odds against it are astronomical). In particular its a value used by the JVM to overwrite pointers inside Java references that are no longer valid. So you're passing a value to C code that is no longer valid, or the C code is holding onto a reference without properly telling the VM it's doing so by incrementing its reference count. This can frequently be a result of a race condition if your code is multithreaded.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Ok, that can help. Since there are no my methods in stack trace how can i understand what should i check? According to my experience signal 11 (SIGSEGV) means i try to access null pointer.
You can take the address of the code at /data/app-lib/com.company.project-2/libffmpeg-neon.so, 0066b8e0, and look it up in the symbol table spit out by the compiler to map it to a function. Sometimes that helps. Otherwise you need to check all Java objects going to the library to make sure they aren't being held with reference count incrementing. If that fails and you have multithreading (especially multithreading in C) its likely there. Make sure no Java objects cross thread boundaries in C if avoidable, be careful with reference counting if they do.
It's really hard to fix smth when you don't know starting point. How can i do "and look it up in the symbol table spit out by the compiler to map it to a function." step-by-step please. i can't debug the code, only log
Actually, deadd00d is for a Dalvik VM crash. deadbaad is used by libc abort(). Some code in libffmpeg-neon.so is deliberately aborting. This is often the result of an assert(), in which case there would be a message in logcat. FWIW, in recent versions of Android, abort() has changed to simply throw a SIGABRT (signal 6), so you won't see the characteristic signature anymore.
1

You can utilize ndk-stack tool provided by Android NDK. The details can be found from NDK doc: android-ndk-r10d\docs\Programmers_Guide\html\md_3__key__topics__debugging__n_d_k-_s_t_a_c_k.htm

This tool basically helps you convert the content in the memory into human-readable debug information. Sometimes, it is extremely helpful.

The following is copied from the NDK document:

The tool can convert the following information

  I/DEBUG   (   31): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
  I/DEBUG   (   31): Build fingerprint: 'generic/google_sdk/generic/:2.2/FRF91/43546:eng/test-keys'
  I/DEBUG   (   31): pid: 351, tid: 351  %gt;%gt;%gt; /data/local/ndk-tests/crasher <<<
  I/DEBUG   (   31): signal 11 (SIGSEGV), fault addr 0d9f00d8
  I/DEBUG   (   31):  r0 0000af88  r1 0000a008  r2 baadf00d  r3 0d9f00d8
  I/DEBUG   (   31):  r4 00000004  r5 0000a008  r6 0000af88  r7 00013c44
  I/DEBUG   (   31):  r8 00000000  r9 00000000  10 00000000  fp 00000000
  I/DEBUG   (   31):  ip 0000959c  sp be956cc8  lr 00008403  pc 0000841e  cpsr 60000030
  I/DEBUG   (   31):          #00  pc 0000841e  /data/local/ndk-tests/crasher
  I/DEBUG   (   31):          #01  pc 000083fe  /data/local/ndk-tests/crasher
  I/DEBUG   (   31):          #02  pc 000083f6  /data/local/ndk-tests/crasher
  I/DEBUG   (   31):          #03  pc 000191ac  /system/lib/libc.so
  I/DEBUG   (   31):          #04  pc 000083ea  /data/local/ndk-tests/crasher
  I/DEBUG   (   31):          #05  pc 00008458  /data/local/ndk-tests/crasher
  I/DEBUG   (   31):          #06  pc 0000d362  /system/lib/libc.so
  I/DEBUG   (   31):

into the more readable output: 

  ********** Crash dump: **********
  Build fingerprint: 'generic/google_sdk/generic/:2.2/FRF91/43546:eng/test-keys'
  pid: 351, tid: 351  >>> /data/local/ndk-tests/crasher <<<
  signal 11 (SIGSEGV), fault addr 0d9f00d8
  Stack frame #00  pc 0000841e  /data/local/ndk-tests/crasher : Routine zoo in /tmp/foo/crasher/jni/zoo.c:13
  Stack frame #01  pc 000083fe  /data/local/ndk-tests/crasher : Routine bar in /tmp/foo/crasher/jni/bar.c:5
  Stack frame #02  pc 000083f6  /data/local/ndk-tests/crasher : Routine my_comparison in /tmp/foo/crasher/jni/foo.c:9
  Stack frame #03  pc 000191ac  /system/lib/libc.so
  Stack frame #04  pc 000083ea  /data/local/ndk-tests/crasher : Routine foo in /tmp/foo/crasher/jni/foo.c:14
  Stack frame #05  pc 00008458  /data/local/ndk-tests/crasher : Routine main in /tmp/foo/crasher/jni/main.c:19
  Stack frame #06  pc 0000d362  /system/lib/libc.so
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.