平台 高通 msm8909：
安卓 7.0

问题：

Fatal signal 11 (SIGSEGV), code 1, fault addr 0x4 in tid 5939 (CAM_c2d)
log

=================== beginning of crash
06-05 16:49:48.429   404  5939 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x4 in tid 5939 (CAM_c2d)
06-05 16:49:48.693  5983  5983 F DEBUG   : xtc_crash_begin:
06-05 16:49:48.693  5983  5983 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-05 16:49:48.697  5983  5983 F DEBUG   : Build fingerprint: 'XTC/msm8909w_i18/msm8909w_i18:7.1.1/NMF26F/root06042213:user/release-keys'
06-05 16:49:48.698  5983  5983 F DEBUG   : Revision: '0'
06-05 16:49:48.698  5983  5983 F DEBUG   : ABI: 'arm'
06-05 16:49:48.699  5983  5983 F DEBUG   : pid: 404, tid: 5939, name: CAM_c2d  >>> /system/bin/mm-qcamera-daemon <<<
06-05 16:49:48.699  5983  5983 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4
06-05 16:49:48.700  5983  5983 F DEBUG   :     r0 00000000  r1 b368014c  r2 000056ba  r3 00000000
06-05 16:49:48.700  5983  5983 F DEBUG   :     r4 b3680208  r5 b3e22ac0  r6 b368014c  r7 b3680028
06-05 16:49:48.700  5983  5983 F DEBUG   :     r8 b3680228  r9 00000000  sl 00000000  fp b3e23cd0
06-05 16:49:48.701  5983  5983 F DEBUG   :     ip b481e870  sp b367fff0  lr b47db057  pc b4fd4baa  cpsr 60010030
06-05 16:49:48.736  5983  5983 F DEBUG   : 
06-05 16:49:48.736  5983  5983 F DEBUG   : backtrace:
06-05 16:49:48.775  5983  5983 F DEBUG   :     #00 pc 00005baa  /system/vendor/lib/libmmcamera2_pproc_modules.so
06-05 16:49:48.775  5983  5983 F DEBUG   :     #01 pc 0000324d  /system/vendor/lib/libmmcamera2_c2d_module.so (c2d_module_send_event_upstream+116)
06-05 16:49:48.775  5983  5983 F DEBUG   :     #02 pc 0000350f  /system/vendor/lib/libmmcamera2_c2d_module.so (c2d_module_do_ack+486)
06-05 16:49:48.776  5983  5983 F DEBUG   :     #03 pc 00008a53  /system/vendor/lib/libmmcamera2_c2d_module.so
06-05 16:49:48.776  5983  5983 F DEBUG   :     #04 pc 00008dcb  /system/vendor/lib/libmmcamera2_c2d_module.so (c2d_thread_process_pipe_message+622)
06-05 16:49:48.776  5983  5983 F DEBUG   :     #05 pc 00009003  /system/vendor/lib/libmmcamera2_c2d_module.so
06-05 16:49:48.777  5983  5983 F DEBUG   :     #06 pc 000473b3  /system/lib/libc.so (_ZL15__pthread_startPv+22)
06-05 16:49:48.777  5983  5983 F DEBUG   :     #07 pc 0001a0bd  /system/lib/libc.so (__start_thread+6)
06-05 16:49:49.420  5983  5983 F DEBUG   : xtc_crash_end:

log截图

image.png

解决过程

内核栈报错打印
#00 pc 00005baa /system/vendor/lib/libmmcamera2_pproc_modules.so
#01 pc 0000324d /system/vendor/lib/libmmcamera2_c2d_module.so (c2d_module_send_event_upstream+116)
#02 pc 0000350f /system/vendor/lib/libmmcamera2_c2d_module.so (c2d_module_do_ack+486)
#03 pc 00008a53 /system/vendor/lib/libmmcamera2_c2d_module.so
#04 pc 00008dcb /system/vendor/lib/libmmcamera2_c2d_module.so (c2d_thread_process_pipe_message+622)
#05 pc 00009003 /system/vendor/lib/libmmcamera2_c2d_module.so
#06 pc 000473b3 /system/lib/libc.so (_ZL15__pthread_startPv+22)
#07 pc 0001a0bd /system/lib/libc.so (__start_thread+6)
分析：
第一行，报错的so库路径：/system/vendor/lib/ 地址：00005baa 对应的so库：libmmcamera2_pproc_modules.so
定位报错函数和行数：
cd out/target/product/msm8909w_i18/ [进入你编译的项目的生成目录]
cd symbols/system/vendor/lib/ [先进入symbols，在进入报错的so库路径]
addr2line -f -e libmmcamera2_pproc_modules.so 00005baa

操作截图

注意：
报错路径是vendor/qcom/proprietary/mm-camera/mm-camera2/media-controller/modules/pproc-new/pproc_port.c
前面的/proc/self/cwd/要去掉

static int32_t pproc_port_dump_metadata(pproc_port_stream_info_t *port_stream,
  isp_buf_divert_ack_t *buf_divert_ack)
{
  uint32_t i = 0; 
···

  time(&current_time);
  timeinfo = localtime(&current_time);

  if (!port_stream || !buf_divert_ack || !timeinfo) {
    CDBG_ERROR("%s:%d fail port_private %p buf_divert_ack %p timeinfo:%p\n",
      __func__, __LINE__, port_stream, buf_divert_ack, timeinfo);
    return -EINVAL;
  }

  memset(buf, 0, sizeof(buf));
  memset(stream_type_str, 0, sizeof(stream_type_str));

  strftime(timeBuf, sizeof(timeBuf),"/data/misc/camera/PPROC_%Y%m%d_%H%M%S_", timeinfo);
  stream_type = port_stream->stream_info->stream_type;【1700行】

报错原因：
port_stream->stream_info->stream_type为NULL
后面的打印该结构体的相关信息，因此crash了

解决方案

@@ -1687,7 +1687,7 @@ static int32_t pproc_port_dump_metadata(pproc_port_stream_info_t *port_stream, 
time(&current_time); 
timeinfo = localtime(&current_time); 
{
···
- if (!port_stream || !buf_divert_ack || !timeinfo) { 
+ if (!port_stream || !buf_divert_ack || !timeinfo || !port_stream->stream_info) { 
CDBG_ERROR("%s:%d fail port_private %p buf_divert_ack %p timeinfo:%p\n", 
__func__, __LINE__, port_stream, buf_divert_ack, timeinfo); 
return -EINVAL; 
  memset(buf, 0, sizeof(buf));
  memset(stream_type_str, 0, sizeof(stream_type_str));

  strftime(timeBuf, sizeof(timeBuf),"/data/misc/camera/PPROC_%Y%m%d_%H%M%S_", timeinfo);
  stream_type = port_stream->stream_info->stream_type;【1700行】
}

在前面这个if判里，如果port_stream->stream_info是NULL，就直接return即可！

Stay Hungry！Stay Foolish！