MediaMetrics crash happens [142738900]

Assigned

Bug

Status Update

No update yet.

Description

xi...@harman.corp-partner.google.com

created issue #1

Oct 16, 2019 01:16AM

We see MediaMetrics crash happens during Head Unit ignition cycle. And Tombstone files are observed.

Crash stack is shown below:
backtrace: #00 pc 00000000000258f8 /system/lib64/libc.so (syscall+24)
#01 pc 0000000000025b05 /system/lib64/libc.so (abort+101)
#02 pc 0000000000007d6b /system/lib64/liblog.so (__android_log_assert+363)
#03 pc 000000000000dd4c /system/lib64/libutils.so (android::RefBase::decStrong(void const*) const+124)
#04 pc 000000000000dd0a /system/lib64/libutils.so (android::RefBase::decStrong(void const*) const+58)
#05 pc 0000000000006ec8 /system/bin/mediametrics (android::MediaAnalyticsService::setPkgInfo(android::MediaAnalyticsItem*, unsigned int, bool, bool)+2344)
#06 pc 0000000000006711 /system/bin/mediametrics (android::MediaAnalyticsService::setPkgInfo(android::MediaAnalyticsItem*, unsigned int, bool, bool)+369) #07 pc 0000000000006354 /system/bin/mediametrics (android::MediaAnalyticsService::submit(android::MediaAnalyticsItem*, bool)+260)
#08 pc 0000000000009432 /system/lib64/libmediametrics.so (android::BnMediaAnalyticsService::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+338)
#09 pc 0000000000059c66 /system/lib64/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+102) #10 pc 000000000006495f /system/lib64/libbinder.so (android::IPCThreadState::executeCommand(int)+559)
#11 pc 000000000006467c /system/lib64/libbinder.so (android::IPCThreadState::getAndExecuteCommand()+156)
#12 pc 0000000000064d0f /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+63)
#13 pc 0000000000004ca5 /system/bin/mediametrics (main+181)
#14 pc 00000000000b3b5c /system/lib64/libc.so (__libc_init+76)
#15 pc 0000000000004b34 /system/bin/mediametrics (_start_main+68)
#16 pc 0000000000004aeb /system/bin/mediametrics (_start+11)

Analysis:
Refer to link below for code trace.

https://android.googlesource.com/platform/frameworks/av/+/refs/tags/android-8.1.0_r69/services/mediaanalytics/MediaAnalyticsService.cpp#859

As per tombstone log, here is the issue. this issue is triggered from "MediaAnalyticsService" context.
Abort message: 'decStrong() called on 0x7b58b0c1c660 too many times'
sp<IBinder> binder = NULL;
binder = sm->getService(String16("package_native"));
sp<IPackageManagerNative> package_mgr = interface_cast<IPackageManagerNative>(binder);
As per objdump code, "m_ptr->decStrong(this);" is present multiple times as part of destructor of each 'sp'.

Proposal:
We check the same code logic in Android Q and find mPkgMapping is having lock for multi-thread handling. But this is not happening on Android O. Please check why mPkgMappings not add the lock in function setPkgInfo

https://android.googlesource.com/platform/frameworks/av/+/refs/tags/android-8.1.0_r69/services/mediaanalytics/MediaAnalyticsService.cpp#810. And is it possible to add it to Android O if it is the rooot cause?

Media.Metric_Tombstone_BuildSHMI96_S2R.zip

456 KB

Download

Comments

su...@google.com <su...@google.com> #2Oct 16, 2019 01:29AM

Reassigned to es...@google.com.

there are some image for help

es...@google.com <es...@google.com> #3Oct 17, 2019 04:29PM

Reassigned to xi...@harman.corp-partner.google.com.

hello?

xi...@harman.corp-partner.google.com <xi...@harman.corp-partner.google.com> #4Oct 24, 2019 06:50AM

Hi Google,

Is it possible for Google to provide this fix as some change of critical patch? I mean, it will happen on all kinds of SoC. If every SoC provider reports this to Google and requires fix, it is time-consuming and will waste a lot of time.

Issue 142738900

Description

Issue summary

Comments

su...@google.com <su...@google.com> #2Oct 16, 2019 01:29AM

es...@google.com <es...@google.com> #3Oct 17, 2019 04:29PM

xi...@harman.corp-partner.google.com <xi...@harman.corp-partner.google.com> #4Oct 24, 2019 06:50AM

Add comment

Issue metadata