| 定位到crash问题, 见2015-01-05-18-19-49.log 236629-238000行, 错误如下: signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 40b6ca9a FFMpegPacketRea (2443): undefined instruction: pc=40b6ca9a [01:05:19:06:22]I/DEBUG ( 104): backtrace: [01:05:19:06:22]I/DEBUG ( 104): #00 pc 005eda9a /system/lib/libadal.so (_DEV_FP_OpenBlast+314) [01:05:19:06:22]I/DEBUG ( 104): #01 pc 000a2c9b /system/lib/libstagefright.so (android::FFMpegPacketReader::threadLoop()+454) [01:05:19:06:22]I/DEBUG ( 104): #02 pc 00011253 /system/lib/libutils.so (android::Thread::_threadLoop(void*)+94) [01:05:19:06:22]I/DEBUG ( 104): #03 pc 00010dcd /system/lib/libutils.so [01:05:19:06:22]I/DEBUG ( 104): #04 pc 0000e518 /system/lib/libc.so (__thread_entry+72) [01:05:19:06:22]I/DEBUG ( 104): #05 pc 0000dc04 /system/lib/libc.so (pthread_create+160) [01:05:19:06:24]I/DEBUG ( 104): memory map around fault addr 40b6ca9a: [01:05:19:06:24]I/DEBUG ( 104): 4057f000-40d6c000 /system/lib/libadal.so [01:05:19:06:24]I/DEBUG ( 104): 40d6c000-40d74000 /system/lib/libadal.so objdump –s –d -l libadal.so > libadal.so.dis 反汇编/system/lib/libadal.so 定位如下: /run/shm/work/72667_N62001_AndroidTV_N62001A_HS/source-72667_N62001_AndroidTV_N62001A_HS-20150105-154523-SP_TVSW-r164677/code/device/src/dev_fp.c:1197 5eda60: e51b21e8 ldr r2, [fp, #-488] ; 0x1e8 5eda64: e1a03002 mov r3, r2 5eda68: e1a03183 lsl r3, r3, #3 5eda6c: e0833002 add r3, r3, r2 5eda70: e1a03183 lsl r3, r3, #3 5eda74: e2832018 add r2, r3, #24 5eda78: e59f3474 ldr r3, [pc, #1140] ; 5edef4 <_DEV_FP_OpenBlast+0x594> 5eda7c: e08f3003 add r3, pc, r3 5eda80: e0823003 add r3, r2, r3 5eda84: e24bc080 sub ip, fp, #128 ; 0x80 5eda88: e1a0e003 mov lr, r3 5eda8c: e8be000f ldm lr!, {r0, r1, r2, r3} 5eda90: e8ac000f stmia ip!, {r0, r1, r2, r3} 5eda94: e89e000f ldm lr, {r0, r1, r2, r3} 5eda98: e88c000f stm ip, {r0, r1, r2, r3} /run/shm/work/72667_N62001_AndroidTV_N62001A_HS/source-72667_N62001_AndroidTV_N62001A_HS-20150105-154523-SP_TVSW-r164677/code/device/src/dev_fp.c:1199 5eda9c: e59f2454 ldr r2, [pc, #1108] ; 5edef8 <_DEV_FP_OpenBlast+0x598> 对应的dev_fp.c:1197 为: memcpy(&(stOpenParam.stProtocolParam), &(gstaDEV_FP_IR_Protocol[enIRProtocol].stProtocolParam), sizeof(ST_KER_BLAST_PROTOCOL_PARAM)); 但这部分code没有问题的。 |
| 针对[01:05:19:06:22]I/DEBUG ( 104): #01 pc 000a2c9b /system/lib/libstagefright.so (android::FFMpegPacketReader::threadLoop()+454) 000a2ad4 <_ZN7android18FFMpegPacketReader10threadLoopEv>: 000a2ad4+ 0x1c6 (454)= 000a2c9a 但backtrace打印是000a2c9b, 错了一个bit; 这一行信息 继续定位如下: objdump 测试版本的libstagefright.so: a2b72: e090 b.n a2c96 <_ZN7android18FFMpegPacketReader10threadLoopEv+0x1c2> a2b74: 6ce3 ldr r3, [r4, #76] ; 0x4c a2b76: 00af lsls r7, r5, #2 ... a2c92: f108 0801 add.w r8, r8, #1 a2c96: 6ea3 ldr r3, [r4, #104] ; 0x68 a2c98: 429d cmp r5, r3 a2c9a: f6ff af6b blt.w a2b74 <_ZN7android18FFMpegPacketReader10threadLoopEv+0xa0> a2c9e: a807 add r0, sp, #28 因为没法定位是哪行code, 所以使用本地编译的libstagefright.so objdump来对应定位: a2b12: e090 b.n a2c36 <_ZN7android18FFMpegPacketReader10threadLoopEv+0x1c2> _ZN7android18FFMpegPacketReader10threadLoopEv(): /home/xa00087/72668_hs/Android/android/frameworks/av/media/libstagefright/FFMpegExtractor.cpp:2762 //问题行 a2b14: 6ce3 ldr r3, [r4, #76] ; 0x4c /home/xa00087/72668_hs/Android/android/frameworks/av/media/libstagefright/FFMpegExtractor.cpp:2721 a2b16: 00af lsls r7, r5, #2 ... a2c2e: 63e0 str r0, [r4, #60] ; 0x3c /home/xa00087/72668_hs/Android/android/frameworks/av/media/libstagefright/FFMpegExtractor.cpp:2760 a2c30: 3501 adds r5, #1 a2c32: f108 0801 add.w r8, r8, #1 a2c36: 6ea3 ldr r3, [r4, #104] ; 0x68 a2c38: 429d cmp r5, r3 a2c3a: f6ff af6b blt.w a2b14 <_ZN7android18FFMpegPacketReader10threadLoopEv+0xa0> /home/xa00087/72668_hs/Android/android/frameworks/av/media/libstagefright/FFMpegExtractor.cpp:2828 对应的libstagefright/FFMpegExtractor.cpp:2760 if(mEOSCount != mTotalTracks) //2760 { for(int i = 0; i < mTotalTracks; i++) { if(mTracks[i] && !mEOS[i]) { bNeedRead = false; if(bEnlargePreLoad == true){ 目前此问题还无法定位原因, 怀疑是板子不稳定引起。 |