Android signal 11 (SIGSEGV) with no fault address

Question

What could be a possible cause that a SIGSEGV reported in tombstone.log has no "fault addr"?

This is what was reported by the tombstone (and the fault addr is simply --------),

signal 11 (SIGSEGV), code 0 (SI_USER from pid 4956, uid 0), fault addr --------
    rax fffffffffffffffc  rbx 000075d08fa0d2e0  rcx 000075d0901f98ca  rdx 0000000000000010
    r8  0000000000000000  r9  0000000000000008  r10 00000000ffffffff  r11 0000000000000246
    r12 00000000ffffffff  r13 000075d08fa23000  r14 000075d08fa230a8  r15 7fffffffffffffff
    rdi 0000000000000005  rsi 00007ffd21eddb90
    rbp 00000000ffffffff  rsp 00007ffd21eddb38  rip 000075d0901f98ca

and the backtrace seemed reasonable (not a stack corruption).

backtrace:
      #00 pc 00000000000ea8ca  /apex/com.android.runtime/lib64/bionic/libc.so (__epoll_pwait+10)
      #01 pc 0000000000040bf0  /system/bin/wificond (android::Looper::pollInner(int)+160)
      #02 pc 0000000000040aee  /system/bin/wificond (android::Looper::pollOnce(int, int*, int*, void**)+126)
      #03 pc 000000000003fdd4  /system/bin/wificond (android::wificond::LooperBackedEventLoop::Poll()+36)
      #04 pc 000000000001feaf  /system/bin/wificond (main+959)
      #05 pc 000000000008e4f5  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+101)

Answer 1

The fault addr is set to ------- by the tombstone (formerly debugd) tool when the si_code in the received siginfo_t is either SI_USER, SI_QUEUE, or SI_TKILL (see [signal_has_si_addr()] in AOSP source).

si_code, according to [man sigaction(2)]. indicates why this signal was sent; and in the following case, the si_code is SI_USER which means the signal is coming from another user process (e.g. kill).

signal 11 (SIGSEGV), code 0 (SI_USER from pid 4956, uid 0), fault addr --------