TechQA.

Windowmanager crashed due to deleting pointer to InputChannel on android 4.2.2

139 views Asked by At

I'm struggling with this issue for a week.

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/full/generic:4.2.2/JDQ39/eng.nghia.20161128.131302:eng/test-keys'
Revision: '0'
pid: 427, tid: 453, name: WindowManager  >>> system_server <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
    r0 00000000  r1 73612c00  r2 ffffffff  r3 00000000
    r4 00000000  r5 719aba08  r6 73612c00  r7 71a53350
    r8 73612c48  r9 73512de0  sl 719b07f8  fp 73612c5c
    ip 401c6ee8  sp 73612be8  lr 401bbc03  pc 40193e9c  cpsr 20000010
    d0  3f00000000000000  d1  3f00000000000000
    d2  c19c000000000000  d3  3f000000c1a00000
    d4  0000000000000000  d5  3fe1ffffee00000d
    d6  000000018800759c  d7  000000003f000000
    d8  0000000000000000  d9  0000000000000000
    d10 0000000000000000  d11 0000000000000000
    d12 0000000000000000  d13 0000000000000000
    d14 0000000000000000  d15 0000000000000000
    scr 20000010

backtrace:
    #00  pc 00004e9c  /system/lib/libcutils.so (android_atomic_dec+8)
    #01  pc 0000fbff  /system/lib/libutils.so (android::RefBase::decStrong(void const*) const+10)
    #02  pc 0004a8ef  /system/lib/libandroid_runtime.so (android::sp<android::InputChannel>::~sp()+10)
    #03  pc 0005951f  /system/lib/libandroid_runtime.so
    #04  pc 0001e290  /system/lib/libdvm.so (dvmPlatformInvoke+112)
    #05  pc 0004d93d  /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+400)
    #06  pc 00038db7  /system/lib/libdvm.so (dvmCheckCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+10)
    #07  pc 000276a0  /system/lib/libdvm.so
    #08  pc 0002b6b4  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)
    #09  pc 000606b1  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
    #10  pc 000606db  /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
    #11  pc 00054ff3  /system/lib/libdvm.so
    #12  pc 0000e408  /system/lib/libc.so (__thread_entry+72)
    #13  pc 0000daf4  /system/lib/libc.so (pthread_create+160)

stack:
         73612ba8  408c91eb  /system/lib/libdvm.so
         73612bac  6cd4fd8c  /dev/ashmem/dalvik-LinearAlloc (deleted)
         73612bb0  00000000  
         73612bb4  6cd4fd8c  /dev/ashmem/dalvik-LinearAlloc (deleted)
         73612bb8  00000000  
         73612bbc  0000006c  
         73612bc0  00000000  
         73612bc4  71991e68  
         73612bc8  408de688  /system/lib/libdvm.so
         73612bcc  00000000  
         73612bd0  40522568  /system/lib/libgui.so
         73612bd4  7195ff30  
         73612bd8  719aba08  
         73612bdc  401beac5  /system/lib/libutils.so (android::VectorImpl::release_storage()+18)
         73612be0  df0027ad  
         73612be4  00000000  
    #00  73612be8  73612c00  [stack:453]
         ........  ........
    #01  73612be8  73612c00  [stack:453]
         73612bec  402b3e94  /system/lib/libandroid_runtime.so
         73612bf0  2fb00001  
         73612bf4  4025a8f3  /system/lib/libandroid_runtime.so (android::sp<android::InputChannel>::~sp()+14)
    #02  73612bf8  71991e68  
         73612bfc  40269523  /system/lib/libandroid_runtime.so
    #03  73612c00  719aba08  
         73612c04  00000000  
         73612c08  00000000  
         73612c0c  00000000  
         73612c10  00000000  
         73612c14  00000000  
         73612c18  00000000  
         73612c1c  00000000  
         73612c20  00000000  
         73612c24  00000000  
         73612c28  00000000  
         73612c2c  00000000  
         73612c30  719b07e8  
         73612c34  6cd50828  /dev/ashmem/dalvik-LinearAlloc (deleted)
         73612c38  719b07e8  
         73612c3c  00000000  
         ........  ........
    #04  73612c48  73512ddc  
         73612c4c  00000001  
         73612c50  412dd4f8  /dev/ashmem/dalvik-heap (deleted)
         73612c54  6e9a3c4c  /data/dalvik-cache/system@[email protected]@classes.dex
         73612c58  00000004  
         73612c5c  40886941  /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+404)
    #05  73612c60  73512ddc  
         73612c64  6e9a3c4a  /data/dalvik-cache/system@[email protected]@classes.dex
         73612c68  40269481  /system/lib/libandroid_runtime.so
         73612c6c  719b07f8  
         73612c70  6f4fd000  /dev/ashmem/dalvik-aux-structure (deleted)
         73612c74  00000000  
         73612c78  00000000  
         73612c7c  00000000  
         73612c80  b7ee814a  
         73612c84  4016b228  
         73612c88  00000000  
         73612c8c  6e91358f  /data/dalvik-cache/system@[email protected]@classes.dex
         73612c90  408e81b0  /system/lib/libdvm.so
         73612c94  408a2a77  /system/lib/libdvm.so (dvmLookupClass(char const*, Object*, bool)+62)
         73612c98  00000000  
         73612c9c  00000000  
         ........  ........
    #06  73612d78  6f52369c  /dev/ashmem/dalvik-aux-structure (deleted)
         73612d7c  6e70ebf4  /data/dalvik-cache/system@[email protected]@classes.dex
         73612d80  73512df8  
         73612d84  719b07e8  
         73612d88  00002070  
         73612d8c  6e70ebf4  /data/dalvik-cache/system@[email protected]@classes.dex
         73612d90  73512df8  
         73612d94  719b07e8  
         73612d98  40e6a0a8  /dev/ashmem/dalvik-heap (deleted)
         73612d9c  408606a4  /system/lib/libdvm.so
    #07  73612da0  61004d00  /dev/ashmem/dalvik-bitmap-1 (deleted)
         73612da4  719b07e8  
         73612da8  408e3c98  /system/lib/libdvm.so
         73612dac  6ce72e10  /dev/ashmem/dalvik-LinearAlloc (deleted)
         73612db0  fffffe6c  
         73612db4  73612dd4  [stack:453]
         73612db8  73612ea8  [stack:453]
         73612dbc  00000000  
         73612dc0  00000000  
         73612dc4  408646b8  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+188)
    #08  73612dc8  00000000  
         73612dcc  00000000  
         73612dd0  00000000  
         73612dd4  00000000  
         73612dd8  73512fe4  
         73612ddc  00000000  
         73612de0  00000000  
         73612de4  00000000  
         73612de8  00000000  
         73612dec  00000000  
         73612df0  00000000  
         73612df4  00000000  
         73612df8  00000000  
         73612dfc  00000000  
         73612e00  00000000  
         73612e04  00000000  
         ........  ........
    #09  73612e58  719b07e8  
         73612e5c  6ce72e10  /dev/ashmem/dalvik-LinearAlloc (deleted)
         73612e60  41101ad8  /dev/ashmem/dalvik-heap (deleted)
         73612e64  73612ea8  [stack:453]
         73612e68  719b07e8  
         73612e6c  408e81b0  /system/lib/libdvm.so
         73612e70  408e84b8  /system/lib/libdvm.so
         73612e74  408e84bc  /system/lib/libdvm.so
         73612e78  00100000  
         73612e7c  719b07e8  
         73612e80  00000016  
         73612e84  408996df  /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+24)
    #10  73612e88  73612ea8  [stack:453]
         73612e8c  73612ea8  [stack:453]
         73612e90  719b07e8  
         73612e94  73612ea8  [stack:453]
         73612e98  408e84b8  /system/lib/libdvm.so
         73612e9c  4016b228  
         73612ea0  4088dff7  /system/lib/libdvm.so
         73612ea4  73612ea8  [stack:453]
    #11  73612ea8  00000000  
         73612eac  00000000  
         73612eb0  00000000  
         73612eb4  646e6957  /dev/ashmem/dalvik-mark-stack (deleted)
         73612eb8  614d776f  /dev/ashmem/dalvik-bitmap-1 (deleted)
         73612ebc  6567616e  /dev/ashmem/dalvik-mark-stack (deleted)
         73612ec0  00000072  
         73612ec4  73612ec1  [stack:453]
         73612ec8  73612eb4  [stack:453]
         73612ecc  a91292d2  
         73612ed0  73612f00  [stack:453]
         73612ed4  71991e28  
         73612ed8  4088df55  /system/lib/libdvm.so
         73612edc  719b07e8  
         73612ee0  4088df55  /system/lib/libdvm.so
         73612ee4  4012e40c  /system/lib/libc.so (__thread_entry+76)
    #12  73612ee8  719b07e8  
         73612eec  73612f00  [stack:453]
         73612ef0  7340ad68  [stack:451]
         73612ef4  71991e28  
         73612ef8  00000078  
         73612efc  4012daf8  /system/lib/libc.so (pthread_create+164)
    #13  73612f00  73612f00  [stack:453]
         73612f04  71991e28  
         73612f08  00000016  
         73612f0c  00000000  
         73612f10  00000000  
         73612f14  00000000  
         73612f18  719b07e8  
         73612f1c  00000000  
         73612f20  00000000  
         73612f24  00000000  
         73612f28  00000000  
         73612f2c  00000000  
         73612f30  00000000  
         73612f34  00000000  
         73612f38  71986858  
         73612f3c  7199c268  

memory near r1:
    73612be0 df0027ad 00000000 73612c00 402b3e94  
    73612bf0 2fb00001 4025a8f3 71991e68 40269523  
    73612c00 719aba08 00000000 00000000 00000000  
    73612c10 00000000 00000000 00000000 00000000  
    73612c20 00000000 00000000 00000000 00000000  
    73612c30 719b07e8 6cd50828 719b07e8 00000000  
    73612c40 73512de8 40857294 73512ddc 00000001  
    73612c50 412dd4f8 6e9a3c4c 00000004 40886941  
    73612c60 73512ddc 6e9a3c4a 40269481 719b07f8  
    73612c70 6f4fd000 00000000 00000000 00000000  
    73612c80 b7ee814a 4016b228 00000000 6e91358f  
    73612c90 408e81b0 408a2a77 00000000 00000000  
    73612ca0 6e91358f 00000000 6cd50320 00000000  
    73612cb0 719b07e8 408a3de5 73512d38 6ce18ed8  
    73612cc0 00000000 410f9008 00000058 00000058  
    73612cd0 412849c0 412849c0 00000058 00000058  

memory near r5:
    719ab9e8 00000010 4016ac74 40e39048 4020af04  
    719ab9f8 719acf30 4016ac00 00000048 000003fb  
    719aba08 401c65a0 00000000 00000000 0000006c  
    719aba18 00000000 00000000 00000000 00000000  
    719aba28 40511b63 40511b39 00000000 00000000  
    719aba38 00000001 43a00000 43a00000 0000004f  
    719aba48 00000055 00000061 00000072 40511ac1  
    719aba58 40512705 40511b0b 40511b19 40511b2b  
    719aba68 40511b43 40511af9 40511acf 40511aeb  
    719aba78 40511add 7198e120 70251118 404e6c98  
    719aba88 70251200 00000001 00000007 00000010  
    719aba98 00000000 404e6c98 7035a2d8 00000001  
    719abaa8 00000007 00000010 00000000 404e6c98  
    719abab8 7024efe8 00000001 00000007 00000010  
    719abac8 00000000 404e6c98 738157e0 00000001  
    719abad8 00000007 00000010 00000000 404e6c98  

memory near r6:
    73612be0 df0027ad 00000000 73612c00 402b3e94  
    73612bf0 2fb00001 4025a8f3 71991e68 40269523  
    73612c00 719aba08 00000000 00000000 00000000  
    73612c10 00000000 00000000 00000000 00000000  
    73612c20 00000000 00000000 00000000 00000000  
    73612c30 719b07e8 6cd50828 719b07e8 00000000  
    73612c40 73512de8 40857294 73512ddc 00000001  
    73612c50 412dd4f8 6e9a3c4c 00000004 40886941  
    73612c60 73512ddc 6e9a3c4a 40269481 719b07f8  
    73612c70 6f4fd000 00000000 00000000 00000000  
    73612c80 b7ee814a 4016b228 00000000 6e91358f  
    73612c90 408e81b0 408a2a77 00000000 00000000  
    73612ca0 6e91358f 00000000 6cd50320 00000000  
    73612cb0 719b07e8 408a3de5 73512d38 6ce18ed8  
    73612cc0 00000000 410f9008 00000058 00000058  
    73612cd0 412849c0 412849c0 00000058 00000058  

memory near r7:
    71a53330 000a0100 000b0100 000a0100 000a0100  
    71a53340 000a0100 000a0100 000b0100 0000014b  
    71a53350 40443418 00000001 70251290 70251388  
    71a53360 00000058 00000000 00000001 00000000  
    71a53370 71a53388 70251300 0000006c 71a53388  
    71a53380 00000001 71a5339c 70251300 00000000  
    71a53390 71a5339c 71a53408 71a53408 00000000  
    71a533a0 71a533b4 71a533dc 00000000 70251960  
    71a533b0 70251960 3f800000 00000000 00000000  
    71a533c0 00000000 3f800000 00000000 00000000  
    71a533d0 00000000 3f800000 000b0110 00000000  
    71a533e0 00000000 00000000 00000000 ffffffff  
    71a533f0 00000000 00000000 00000000 00000000  
    71a53400 00000000 00000001 00000000 00000000  
    71a53410 00000000 00000001 00000000 00000000  
    71a53420 00000000 00000000 00000001 00000000  

memory near r8:
    73612c28 00000000 00000000 719b07e8 6cd50828  
    73612c38 719b07e8 00000000 73512de8 40857294  
    73612c48 73512ddc 00000001 412dd4f8 6e9a3c4c  
    73612c58 00000004 40886941 73512ddc 6e9a3c4a  
    73612c68 40269481 719b07f8 6f4fd000 00000000  
    73612c78 00000000 00000000 b7ee814a 4016b228  
    73612c88 00000000 6e91358f 408e81b0 408a2a77  
    73612c98 00000000 00000000 6e91358f 00000000  
    73612ca8 6cd50320 00000000 719b07e8 408a3de5  
    73612cb8 73512d38 6ce18ed8 00000000 410f9008  
    73612cc8 00000058 00000058 412849c0 412849c0  
    73612cd8 00000058 00000058 00000004 6f4fd000  
    73612ce8 73612d54 6cd5083c 00000001 40e6a0a8  
    73612cf8 00000001 6cd50828 00000a80 6ea4066a  
    73612d08 0000002f 00000000 73612d54 408a4c99  
    73612d18 6ea4066a 40e6a0a8 6ea4066a 00009634  

memory near r9:
    73512dc0 00000000 73512df4 73512df8 6e70ebf4  
    73512dd0 6cd50828 00000000 00000000 2fb00001  
    73512de0 1f600005 73512e14 6f3b1740 6cd51128  
    73512df0 6e70ebf4 00000000 412dd4f8 412dd558  
    73512e00 73512e50 6f3b17b6 6d09ef70 6f3b1740  
    73512e10 00000000 412dd558 00000000 412dd7a0  
    73512e20 00000000 412dd4f8 40f01348 00000000  
    73512e30 ffff0000 00000014 412dd4d8 73512e70  
    73512e40 6f3bb74e 6d09efe8 6f3b17b6 00000000  
    73512e50 412dd4f8 412dd4d8 00000000 73512eb0  
    73512e60 6f3b62d4 6d000f18 6f3bb74e 00000000  
    73512e70 4113e3e0 4113eaf8 00000000 412845c0  
    73512e80 412dd4d8 4119c100 4114bc88 4121ac08  
    73512e90 411dbe48 00000000 000001ab 73512ed0  
    73512ea0 6f3b5390 6cfffc10 6f3b62d4 00000000  
    73512eb0 411dbe48 00000000 000001ab 73512f84  

memory near sl:
    719b07d8 00000004 00000000 71945648 00000453  
    719b07e8 6e66f410 73512ddc 6cd51128 6ed9e000  
    719b07f8 00000000 00000000 73612da0 00000000  
    719b0808 73612dd4 0000000e 00000000 40857400  
    719b0818 00000000 00000000 6c0cd870 7350f300  
    719b0828 00000000 00000000 00000001 00004000  
    719b0838 00000000 71991e28 40857400 4085c2c0  
    719b0848 00000000 408603bc 40860430 408602e0  
    719b0858 40860300 4086035c 00000000 00000000  
    719b0868 760bc2d8 00000028 00000000 00000000  
    719b0878 00000000 00000000 00002000 408e88d4  
    719b0888 00000000 6cda2758 00000003 7199c060  
    719b0898 00000001 00000040 00000200 00000000  
    719b08a8 00000001 6dde757c 6dde757c 00000001  
    719b08b8 6dd832bc 6cda2758 b348126f b3481a40  
    719b08c8 b36a5ee2 b39a1104 b33bf6a6 b3f33bce  

memory near fp:
    73612c3c 00000000 73512de8 40857294 73512ddc  
    73612c4c 00000001 412dd4f8 6e9a3c4c 00000004  
    73612c5c 40886941 73512ddc 6e9a3c4a 40269481  
    73612c6c 719b07f8 6f4fd000 00000000 00000000  
    73612c7c 00000000 b7ee814a 4016b228 00000000  
    73612c8c 6e91358f 408e81b0 408a2a77 00000000  
    73612c9c 00000000 6e91358f 00000000 6cd50320  
    73612cac 00000000 719b07e8 408a3de5 73512d38  
    73612cbc 6ce18ed8 00000000 410f9008 00000058  
    73612ccc 00000058 412849c0 412849c0 00000058  
    73612cdc 00000058 00000004 6f4fd000 73612d54  
    73612cec 6cd5083c 00000001 40e6a0a8 00000001  
    73612cfc 6cd50828 00000a80 6ea4066a 0000002f  
    73612d0c 00000000 73612d54 408a4c99 6ea4066a  
    73612d1c 40e6a0a8 6ea4066a 00009634 6ed9e000  
    73612d2c 00000001 6e402ee0 4016b228 40d78d70  

memory near ip:
    401c6ec8 401452c1 40136f64 4015a12c 40158e34  
    401c6ed8 40138c10 40142f51 40144709 40193e5c  
    401c6ee8 40193e94 40193e38 40193ed0 40137044  
    401c6ef8 40158bd1 401414fd 4014547d 4014540d  
    401c6f08 4014503d 401758e7 401758d9 40141fd7  
    401c6f18 4013bff3 4014a9ad 40136e58 40136a7c  
    401c6f28 40145605 40145711 4019539d 4013ed8d  
    401c6f38 4012d144 4012d18c 4012d218 4012da54  
    401c6f48 4012d174 40136c0c 4012e9f0 40195709  
    401c6f58 40136d08 4012d0f0 4013beb9 4012e098  
    401c6f68 4012e4cc 4012ebd0 4012e0d4 4012e0f0  
    401c6f78 401377f0 40137780 40158efc 40158fd8  
    401c6f88 401374a8 40136d9c 4013bf8f 4012cf4d  
    401c6f98 40136dd4 40138978 401de218 401de464  
    401c6fa8 401e017c 40136db8 4013d9b1 4013eb1d  
    401c6fb8 4013e3d5 4013d2bd 4013d2e9 4013dfe9  

memory near sp:
    73612bc8 408de688 00000000 40522568 7195ff30  
    73612bd8 719aba08 401beac5 df0027ad 00000000  
    73612be8 73612c00 402b3e94 2fb00001 4025a8f3  
    73612bf8 71991e68 40269523 719aba08 00000000  
    73612c08 00000000 00000000 00000000 00000000  
    73612c18 00000000 00000000 00000000 00000000  
    73612c28 00000000 00000000 719b07e8 6cd50828  
    73612c38 719b07e8 00000000 73512de8 40857294  
    73612c48 73512ddc 00000001 412dd4f8 6e9a3c4c  
    73612c58 00000004 40886941 73512ddc 6e9a3c4a  
    73612c68 40269481 719b07f8 6f4fd000 00000000  
    73612c78 00000000 00000000 b7ee814a 4016b228  
    73612c88 00000000 6e91358f 408e81b0 408a2a77  
    73612c98 00000000 00000000 6e91358f 00000000  
    73612ca8 6cd50320 00000000 719b07e8 408a3de5  
    73612cb8 73512d38 6ce18ed8 00000000 410f9008  

code around pc:
    40193e7c e1930f9f e2801001 e1832f91 e3520000  
    40193e8c 1afffffa e12fff1e e1a03000 e3e02000  
    40193e9c e1930f9f e080c002 e1831f9c e3510000  
    40193eac 1afffffa e12fff1e e1a03000 e1910f9f  
    40193ebc e000c003 e1812f9c e3520000 1afffffa  
    40193ecc e12fff1e e1a03000 e1910f9f e180c003  
    40193edc e1812f9c e3520000 1afffffa e12fff1e  
    40193eec 4605b538 42a16884 f06fdd2a 2c004340  
    40193efc 2404bf08 bfd84299 dd0e461a 0060e022  
    40193f0c bfac42a0 24012400 bfc84290 0401f044  
    40193f1c bf0c2c00 f06f4604 428c4440 f06fdbef  
    40193f2c 428c4140 6828d80e b92000a1 f7fe4608  
    40193f3c b918ead6 f7fee006 b130eb0e 602860ac  
    40193f4c bd382000 30fff04f f04fbd38 bd3830ff  
    40193f5c 210c2001 bf76f005 4604b510 f7fe6800  
    40193f6c 4620ea8e 4010e8bd bf5cf005 460eb570  

code around lr:
    401bbbe0 68e34790 d50407da b11068a0 68536802  
    401bbbf0 bd384798 4605b570 460e6844 f7fd4620  
    401bbc00 2801ea86 68a0d10b 68ca6801 47904631  
    401bbc10 07d868e3 6828d403 46286843 46204798  
    401bbc20 e8bd4631 f7ff4070 0000bfbd 4604b570  
    401bbc30 460e3004 e9daf7fd 1c69e005 46224628  
    401bbc40 ea6af7fd 6825b160 bfd42d00 23012300  
    401bbc50 5f80f1b5 2300bf0c 0301f003 d1ec2b00  
    401bbc60 5180f1a5 eb404248 2d000301 461dbfcc  
    401bbc70 0501f043 d0262d00 68e2b11b d52607d2  
    401bbc80 68e3e002 d50607db 463268a0 690b6801  
    401bbc90 47982101 4620b9d8 f7ff4631 2000ff83  
    401bbca0 68a0bd70 68034631 479068da f1b0e00b  
    401bbcb0 d10a5f80 f04f4621 f7fd4070 68a0ea22  
    401bbcc0 68916802 20014788 2001bd70 4620bd70  
    401bbcd0 e98cf7fd 1e414b02 d8e84299 bf00e7e1

I traced the addresses of 

#02  pc 0004a8ef  /system/lib/libandroid_runtime.so (android::sp<android::InputChannel>::~sp()+10)
#03  pc 0005951f  /system/lib/libandroid_runtime.so

and found that the crash happens in function nativeUnlockCanvasAndPost of framework/base/core/jni/android_view_Surface.cpp. In this function it declares a local variable of Surface, when the function quits, system deletes the local variable cause deleting the strong pointer to InputChannel. I checked logcat and couldn't find any suspect point, the WindowMnager, InputManager, InputReader, InputDispatcher already started. I tried to test with InputChannel_test command, all testcases passed.

Please help me to point out some points to solve this issue. Thank you in advance

android android-windowmanager
Original Q&A
0

There are 0 answers

Related Questions in ANDROID

Related Questions in ANDROID-WINDOWMANAGER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions