1.官方文檔
https://source.android.google.cn/devices/tech/debug
https://source.android.google.cn/devices/tech/debug/native-crash
2.死亡報告文件
2.1 示例
在目錄 /data/tombstones/ 下記錄了各native層崩潰的報告文件,文件內詳細地記錄了崩潰現場。如下:
1 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 2 Build fingerprint: 'google/sdk_gphone_x86_64_arm64/generic_x86_64_arm64:11/RSR1.201211.001.A1/7054069:userdebug/dev-keys' 3 Revision: '0' 4 ABI: 'x86_64' 5 Timestamp: 2021-06-20 23:44:25+0800 6 pid: 5487, tid: 5507, name: Thread-2 >>> com.example.nlive.process1 <<< 7 uid: 10216 8 signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 9 Abort message: 'JNI DETECTED ERROR IN APPLICATION: JNI CallVoidMethod called with pending exception java.lang.NoSuchMethodError: no non-static method "Lcom/example/nlive/NliveApp;.restartCallback(I)V" 10 at void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String) (:-2) 11 at void com.example.nlive.NliveApp$a.d() (:373) 12 at java.lang.Object com.example.nlive.NliveApp$a.c() (:358) 13 at void h.l.a$a.run() (:30) 14 15 in call to CallVoidMethod 16 from void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String)' 17 rax 0000000000000000 rbx 000000000000156f rcx 00007cd7c1c1f2a8 rdx 0000000000000006 18 r8 00007cd7c1bafbd1 r9 00007cd7c1bafbd1 r10 00007cd4d5551d50 r11 0000000000000246 19 r12 0000000000000026 r13 0000000000000001 r14 00007cd4d5551d48 r15 0000000000001583 20 rdi 000000000000156f rsi 0000000000001583 21 rbp 00007cd5ed688ff0 rsp 00007cd4d5551d38 rip 00007cd7c1c1f2a8 22 23 backtrace: 24 #00 pc 000000000005a2a8 /apex/com.android.runtime/lib64/bionic/libc.so (syscall+24) (BuildId: 3707c39fc397eeaa328142d90b50a973) 25 #01 pc 000000000005d212 /apex/com.android.runtime/lib64/bionic/libc.so (abort+194) (BuildId: 3707c39fc397eeaa328142d90b50a973) 26 #02 pc 0000000000634927 /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+2375) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 27 #03 pc 0000000000019cfc /system/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+60) (BuildId: 7101d4565a51dea09dc23901546cbb64) 28 #04 pc 00000000000192a0 /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+368) (BuildId: 7101d4565a51dea09dc23901546cbb64) 29 #05 pc 0000000000422022 /apex/com.android.art/lib64/libart.so (art::JavaVMExt::JniAbort(char const*, char const*)+2786) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 30 #06 pc 0000000000422085 /apex/com.android.art/lib64/libart.so (art::JavaVMExt::JniAbortV(char const*, char const*, __va_list_tag*)+85) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 31 #07 pc 0000000000412dbf /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::ScopedCheck::AbortF(char const*, ...)+191) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 32 #08 pc 00000000004117d4 /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::ScopedCheck::CheckPossibleHeapValue(art::ScopedObjectAccess&, char, art::(anonymous namespace)::JniValueType)+3316) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 33 #09 pc 0000000000410266 /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::ScopedCheck::Check(art::ScopedObjectAccess&, bool, char const*, art::(anonymous namespace)::JniValueType*)+758) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 34 #10 pc 0000000000415c5b /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::CheckCallArgs(art::ScopedObjectAccess&, art::(anonymous namespace)::ScopedCheck&, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, art::InvokeType, art::(anonymous namespace)::VarArgs const*)+155) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 35 #11 pc 0000000000414ded /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::CallMethodV(char const*, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, __va_list_tag*, art::Primitive::Type, art::InvokeType)+829) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 36 #12 pc 0000000000402b2c /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::CallVoidMethod(_JNIEnv*, _jobject*, _jmethodID*, ...)+188) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 37 #13 pc 0000000000002918 /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/lib/x86_64/libnal-lib.so (Java_com_example_nlive_NliveApp_doDaemon2+1352) (BuildId: e811f61cf3625e2c07475156d6e8d019ba3d3764) 38 #14 pc 00000000001840c7 /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+215) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 39 #15 pc 00000000001718a0 /apex/com.android.art/lib64/libart.so (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 40 #16 pc 00000000000faa82 /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/oat/x86_64/base.vdex (com.example.nlive.NliveApp$a.d+326) 41 #17 pc 0000000000170d5d /apex/com.android.art/lib64/libart.so (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 42 #18 pc 00000000000fa8fc /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/oat/x86_64/base.vdex (com.example.nlive.NliveApp$a.c) 43 #19 pc 00000000001718ea /apex/com.android.art/lib64/libart.so (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 44 #20 pc 0000000000129d48 /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/oat/x86_64/base.vdex (h.l.a$a.run+4) 45 #21 pc 0000000000178cb4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+756) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 46 #22 pc 000000000020ba92 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+242) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 47 #23 pc 000000000062a1be /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+478) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 48 #24 pc 000000000068d843 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1411) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 49 #25 pc 00000000000c7d2a /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+58) (BuildId: 3707c39fc397eeaa328142d90b50a973) 50 #26 pc 000000000005f0c7 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55) (BuildId: 3707c39fc397eeaa328142d90b50a973) 51 52 memory near rbx: 53 0000000000001548 ---------------- ---------------- ................ 54 0000000000001558 ---------------- ---------------- ................ 55 0000000000001568 ---------------- ---------------- ................ 56 0000000000001578 ---------------- ---------------- ................ 57 0000000000001588 ---------------- ---------------- ................ 58 0000000000001598 ---------------- ---------------- ................ 59 00000000000015a8 ---------------- ---------------- ................ 60 00000000000015b8 ---------------- ---------------- ................ 61 00000000000015c8 ---------------- ---------------- ................ 62 00000000000015d8 ---------------- ---------------- ................ 63 00000000000015e8 ---------------- ---------------- ................ 64 00000000000015f8 ---------------- ---------------- ................ 65 0000000000001608 ---------------- ---------------- ................ 66 0000000000001618 ---------------- ---------------- ................ 67 0000000000001628 ---------------- ---------------- ................ 68 0000000000001638 ---------------- ---------------- ................ 69 70 ... 71 72 memory near rip (/apex/com.android.runtime/lib64/bionic/libc.so): 73 00007cd7c1c1f288 ccccccccccccccff d68948f78948f889 ..........H..H.. 74 00007cd7c1c1f298 894dc2894dca8948 050f08244c8b4cc8 H..M..M..L.L$... 75 00007cd7c1c1f2a8 0972fffff0013d48 057727e8c789d8f7 H=....r......'w. 76 00007cd7c1c1f2b8 ccccccccccccc300 000025048b4c645f ........_dL..%.. 77 00007cd7c1c1f2c8 8b4508408b4d0000 00001440c7411448 ..M.@.E.H.A.@... 78 00007cd7c1c1f2d8 0f0000003ab88000 89451574c0855705 ...:.....W..t.E. 79 00007cd7c1c1f2e8 fffff0013d481448 e5e8c789d8f70972 H.H=....r....... 80 00007cd7c1c1f2f8 ccccccccc3000576 4155415641574155 v.......UAWAVAUA 81 00007cd7c1c1f308 894868ec83485354 6f8bfd8949102474 TSH..hH.t$.I...o 82 00007cd7c1c1f318 244c8948ed854814 1174302454894838 .H..H.L$8H.T$0t. 83 00007cd7c1c1f328 c0310b73086d3941 ebed310824448948 A9m.s.1.H.D$.1.. 84 00007cd7c1c1f338 4ce8894ced014c0b c0760f6608246c89 .L..L..L.l$.f.v. 85 00007cd7c1c1f348 7f0f6648246c894c 1024748b4c502444 L.l$Hf..D$PL.t$. 86 00007cd7c1c1f358 0000002ebef7894c 4489480007177be8 L........{...H.D 87 00007cd7c1c1f368 eb894800458b4024 7e0ff308246c8b48 $@.E.H..H.l$...~ 88 00007cd7c1c1f378 66c16f0f6608054c 66fffc607905760f L..f.o.f.v.y`..f 89 90 memory map (1928 entries): 91 00000000'12c00000-00000000'2abfffff rw- 0 18000000 [anon:dalvik-main space (region space)] 92 00000000'4105d000-00000000'41061fff rw- 0 5000 [anon:dalvik-large object space allocation] 93 00000000'52c00000-00000000'52c00fff rw- 0 1000 94 00000000'52c01000-00000000'54c00fff r-- 0 2000000 /memfd:jit-zygote-cache (deleted) 95 ... 96 97 98 --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- 99 pid: 5487, tid: 5496, name: perfetto_hprof_ >>> com.example.nlive.process1 <<< 100 uid: 10216 101 rax fffffffffffffe00 rbx 00007cd5251f2008 rcx 00007cd7c1c76ec7 rdx 0000000000000001 102 r8 0000000000000000 r9 0000000000000000 r10 0000000000000000 r11 0000000000000202 103 r12 00007cd51ea77c87 r13 00007cd51ea77d88 r14 00007cd53d66e5b0 r15 00007cd69d676570 104 rdi 0000000000000027 rsi 00007cd51ea77c87 105 rbp 000000000000156f rsp 00007cd51ea77c68 rip 00007cd7c1c76ec7 106 107 backtrace: 108 #00 pc 00000000000b1ec7 /apex/com.android.runtime/lib64/bionic/libc.so (read+7) (BuildId: 3707c39fc397eeaa328142d90b50a973) 109 #01 pc 000000000001cb70 /apex/com.android.art/lib64/libperfetto_hprof.so (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, ArtPlugin_Initialize::$_29> >(void*)+288) (BuildId: 389f643e3949f377b8ed814829c730) 110 #02 pc 00000000000c7d2a /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+58) (BuildId: 3707c39fc397eeaa328142d90b50a973) 111 #03 pc 000000000005f0c7 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55) (BuildId: 3707c39fc397eeaa328142d90b50a973) 112 113 114 ... 115 116 117 open files: 118 fd 0: /dev/null (unowned) 119 fd 1: /dev/null (unowned) 120 fd 2: /dev/null (unowned) 121 fd 3: socket:[99149] (unowned) 122 ... 123 fd 50: /proc/5487/cmdline (owned by FileInputStream 0x2c98fa8) 124 fd 51: anon_inode:[eventfd] (owned by unique_fd 0x7cd5dd67bfe4) 125 fd 52: anon_inode:[eventpoll] (owned by unique_fd 0x7cd5dd67c03c) 126 fd 53: /storage/emulated/0/pro1 (unowned) 127 fd 54: /storage/emulated/0/binder (unowned) 128 fd 55: /storage/emulated/0/pro2 (unowned) 129 --------- log main 130 06-20 23:44:23.954 5487 5487 I .nlive.process: Not late-enabling -Xcheck:jni (already on) 131 06-20 23:44:23.978 5487 5487 I .nlive.process: Unquickening 12 vdex files! 132 06-20 23:44:23.980 5487 5487 W .nlive.process: Unexpected CPU variant for X86 using defaults: x86_64 133 06-20 23:44:24.014 5487 5487 D ApplicationLoaders: Returning zygote-cached class loader: /system/framework/android.test.base.jar 134 06-20 23:44:24.026 5487 5487 D NetworkSecurityConfig: No Network Security Config specified, using platform default 135 ... 136 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] JNI DETECTED ERROR IN APPLICATION: JNI CallVoidMethod called with pending exception java.lang.NoSuchMethodError: no non-static method "Lcom/example/nlive/NliveApp;.restartCallback(I)V" 137 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String) (:-2) 138 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at void com.example.nlive.NliveApp$a.d() (:373) 139 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at java.lang.Object com.example.nlive.NliveApp$a.c() (:358) 140 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at void h.l.a$a.run() (:30) 141 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] 142 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] in call to CallVoidMethod 143 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] from void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
其中:
- Build fingerprint值 與 ro.build.fingerprint 系統屬性完全相同
Reversion值 與 ro.revision系統屬性完全相同- ABI 是 arm、arm64、x86 或 x86-64 之一
- 第6行標注崩潰的線程名,pid與tid相同時表示主線程,其中 >>> 和 <<< 中間的是進程名
- 第8行指出是哪個信號、錯誤碼、地址。
- 第9行是abort的描述信息。
- 第17-21行,收到信號時 CPU 寄存器的內容 第15-50行:調用棧記錄
- 第1列:幀號
- 第2、3 列: PC 值與共享庫的位置相關
- 第4列:代碼所在位置:通常是共享庫或可執行文件
- 第5列:PC 值對應的符號以及到該符號的偏移量(以字節為單位)
- 其它信息:如打開的文件、寄存器中地址附近的內存轉儲、完整的內存映射、main log等。
- 多條記錄用 “--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---” 分隔。
2.2 死亡報告關聯
可在Logcat中得知本次崩潰記錄到哪個死亡報告文件中。debuggerd 會在該目錄中保留最多 N 個 Tombstone(api30是50,api26 是10),從編號 00 至 N-1 循環覆蓋。
2.3 定位及分析
注意有前綴“--->”的行:通過查看故障地址周圍的映射,通常可以了解發生的問題。一般有以下幾個原因:
- 讀/寫延伸到內存塊末尾之外。
- 在內存塊開始之前讀/寫。
- 嘗試執行非代碼內容。
- 在堆棧末尾之外運行。
- 嘗試寫入代碼(如以上示例所述)。
從死亡報告文件中找到本項目中的最后一條代碼。
3.常見的信號及錯誤碼
3.1 錯誤碼表
| 信號 | 信號值 | 錯誤碼 | 錯誤碼值 | 描述 | 示例 |
| SIGABRT |
-6 |
SI_TKILL | -6 | ||
| FORTIFY | -6 | 代碼可能產生安全漏洞 |
例2.Abort message: 'FORTIFY: | ||
| SI_TKILL | -6 | 堆棧損壞 |
|||
| SIGSEGV | 11 | SEGV_MAPERR | 1 | 空指針 | 例4. SEGV_MAPERR |
| SEGV_ACCERR | 2 | 只執行內存違規(僅限 Android 10) | 例5. SEGV_ACCERR | ||
| SIGSYS | 31 | SYS_SECCOMP | 1 | 調用受限系統調用 | 例6. SYS_SECCOMP |
| - | 35 | SI_QUEUE | -1 | fdsan 檢測到的錯誤 | 例7. fdsan |
| 更多 | https://www.cnblogs.com/sjjg/p/6209846.html | ||||
3.2 示例
1 pid: 4637, tid: 4637, name: crasher >>> crasher <<< 2 signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 3 Abort message: 'some_file.c:123: some_function: assertion "false" failed' 4 r0 00000000 r1 0000121d r2 00000006 r3 00000008 5 r4 0000121d r5 0000121d r6 ffb44a1c r7 0000010c 6 r8 00000000 r9 00000000 r10 00000000 r11 00000000 7 ip ffb44c20 sp ffb44a08 lr eace2b0b pc eace2b16 8 backtrace: 9 #00 pc 0001cb16 /system/lib/libc.so (abort+57) 10 #01 pc 0001cd8f /system/lib/libc.so (__assert2+22) 11 #02 pc 00001531 /system/bin/crasher (do_action+764) 12 #03 pc 00002301 /system/bin/crasher (main+68) 13 #04 pc 0008a809 /system/lib/libc.so (__libc_init+48) 14 #05 pc 00001097 /system/bin/crasher (_start_main+38)
1 pid: 25579, tid: 25579, name: crasher >>> crasher <<< 2 signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 3 Abort message: 'FORTIFY: read: prevented 32-byte write into 10-byte buffer' 4 r0 00000000 r1 000063eb r2 00000006 r3 00000008 5 r4 ff96f350 r5 000063eb r6 000063eb r7 0000010c 6 r8 00000000 r9 00000000 sl 00000000 fp ff96f49c 7 ip 00000000 sp ff96f340 lr ee83ece3 pc ee86ef0c cpsr 000d0010 8 9 backtrace: 10 #00 pc 00049f0c /system/lib/libc.so (tgkill+12) 11 #01 pc 00019cdf /system/lib/libc.so (abort+50) 12 #02 pc 0001e197 /system/lib/libc.so (__fortify_fatal+30) 13 #03 pc 0001baf9 /system/lib/libc.so (__read_chk+48) 14 #04 pc 0000165b /system/xbin/crasher (do_action+534) 15 #05 pc 000021e5 /system/xbin/crasher (main+100) 16 #06 pc 000177a1 /system/lib/libc.so (__libc_init+48) 17 #07 pc 00001110 /system/xbin/crasher (_start+96)
例3.Abort message :'stack corruption detected'
1 pid: 26717, tid: 26717, name: crasher >>> crasher <<< 2 signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 3 Abort message: 'stack corruption detected' 4 r0 00000000 r1 0000685d r2 00000006 r3 00000008 5 r4 ffd516d8 r5 0000685d r6 0000685d r7 0000010c 6 r8 00000000 r9 00000000 sl 00000000 fp ffd518bc 7 ip 00000000 sp ffd516c8 lr ee63ece3 pc ee66ef0c cpsr 000e0010 8 9 backtrace: 10 #00 pc 00049f0c /system/lib/libc.so (tgkill+12) 11 #01 pc 00019cdf /system/lib/libc.so (abort+50) 12 #02 pc 0001e07d /system/lib/libc.so (__libc_fatal+24) 13 #03 pc 0004863f /system/lib/libc.so (__stack_chk_fail+6) 14 #04 pc 000013ed /system/xbin/crasher (smash_stack+76) 15 #05 pc 00001591 /system/xbin/crasher (do_action+280) 16 #06 pc 00002219 /system/xbin/crasher (main+100) 17 #07 pc 000177a1 /system/lib/libc.so (__libc_init+48) 18 #08 pc 00001144 /system/xbin/crasher (_start+96)
1 pid: 25405, tid: 25405, name: crasher >>> crasher <<< 2 signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc 3 r0 0000000c r1 00000000 r2 00000000 r3 3d5f0000 4 r4 00000000 r5 0000000c r6 00000002 r7 ff8618f0 5 r8 00000000 r9 00000000 sl 00000000 fp ff8618dc 6 ip edaa6834 sp ff8617a8 lr eda34a1f pc eda618f6 cpsr 600d0030 7 8 backtrace: 9 #00 pc 000478f6 /system/lib/libc.so (pthread_mutex_lock+1) 10 #01 pc 0001aa1b /system/lib/libc.so (readdir+10) 11 #02 pc 00001b35 /system/xbin/crasher (readdir_null+20) 12 #03 pc 00001815 /system/xbin/crasher (do_action+976) 13 #04 pc 000021e5 /system/xbin/crasher (main+100) 14 #05 pc 000177a1 /system/lib/libc.so (__libc_init+48) 15 #06 pc 00001110 /system/xbin/crasher (_start+96)
1 pid: 2938, tid: 2940, name: crasher64 >>> crasher64 <<< 2 signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x5f2ced24a8 3 Cause: execute-only (no-read) memory access error; likely due to data in .text. 4 x0 0000000000000000 x1 0000005f2cecf21f x2 0000000000000078 x3 0000000000000053 5 x4 0000000000000074 x5 8000000000000000 x6 ff71646772607162 x7 00000020dcf0d16c 6 x8 0000005f2ced24a8 x9 000000781251c55e x10 0000000000000000 x11 0000000000000000 7 x12 0000000000000014 x13 ffffffffffffffff x14 0000000000000002 x15 ffffffffffffffff 8 x16 0000005f2ced52f0 x17 00000078125c0ed8 x18 0000007810e8e000 x19 00000078119fbd50 9 x20 00000078125d6020 x21 00000078119fbd50 x22 00000b7a00000b7a x23 00000078119fbdd8 10 x24 00000078119fbd50 x25 00000078119fbd50 x26 00000078119fc018 x27 00000078128ea020 11 x28 00000078119fc020 x29 00000078119fbcb0 12 sp 00000078119fba40 lr 0000005f2ced1b94 pc 0000005f2ced1ba4 13 14 backtrace: 15 #00 pc 0000000000003ba4 /system/bin/crasher64 (do_action+2348) 16 #01 pc 0000000000003234 /system/bin/crasher64 (thread_callback+44) 17 #02 pc 00000000000e2044 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) 18 #03 pc 0000000000083de0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
1 pid: 11046, tid: 11046, name: crasher >>> crasher <<< 2 signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr -------- 3 Cause: seccomp prevented call to disallowed arm system call 99999 4 r0 cfda0444 r1 00000014 r2 40000000 r3 00000000 5 r4 00000000 r5 00000000 r6 00000000 r7 0001869f 6 r8 00000000 r9 00000000 sl 00000000 fp fffefa58 7 ip fffef898 sp fffef888 lr 00401997 pc f74f3658 cpsr 600f0010 8 9 backtrace: 10 #00 pc 00019658 /system/lib/libc.so (syscall+32) 11 #01 pc 00001993 /system/bin/crasher (do_action+1474) 12 #02 pc 00002699 /system/bin/crasher (main+68) 13 #03 pc 0007c60d /system/lib/libc.so (__libc_init+48) 14 #04 pc 000011b0 /system/bin/crasher (_start_main+72)
1 pid: 32315, tid: 32315, name: crasher64 >>> crasher64 <<< 2 signal 35 (), code -1 (SI_QUEUE), fault addr -------- 3 Abort message: 'attempted to close file descriptor 3, expected to be unowned, actually owned by FILE* 0x7d8e413018' 4 x0 0000000000000000 x1 0000000000007e3b x2 0000000000000023 x3 0000007fe7300bb0 5 x4 3033313465386437 x5 3033313465386437 x6 3033313465386437 x7 3831303331346538 6 x8 00000000000000f0 x9 0000000000000000 x10 0000000000000059 x11 0000000000000034 7 x12 0000007d8ebc3a49 x13 0000007fe730077a x14 0000007fe730077a x15 0000000000000000 8 x16 0000007d8ec9a7b8 x17 0000007d8ec779f0 x18 0000007d8f29c000 x19 0000000000007e3b 9 x20 0000000000007e3b x21 0000007d8f023020 x22 0000007d8f3b58dc x23 0000000000000001 10 x24 0000007fe73009a0 x25 0000007fe73008e0 x26 0000007fe7300ca0 x27 0000000000000000 11 x28 0000000000000000 x29 0000007fe7300c90 12 sp 0000007fe7300860 lr 0000007d8ec2f22c pc 0000007d8ec2f250 13 14 backtrace: 15 #00 pc 0000000000088250 /bionic/lib64/libc.so (fdsan_error(char const*, ...)+384) 16 #01 pc 0000000000088060 /bionic/lib64/libc.so (android_fdsan_close_with_tag+632) 17 #02 pc 00000000000887e8 /bionic/lib64/libc.so (close+16) 18 #03 pc 000000000000379c /system/bin/crasher64 (do_action+1316) 19 #04 pc 00000000000049c8 /system/bin/crasher64 (main+96) 20 #05 pc 000000000008021c /bionic/lib64/libc.so (_start_main)
4.信號處理
4.1 自定義信號的中斷處理程序
A.使用signal函數
1 void 2 signal_USR1(int signal){ 3 LOGE("catch SIGUSR1 = %d",signal); 4 } 5 void 6 signal_reg(){ 7 if(signal(SIGUSR1,signal_USR1) == SIG_ERR){ 8 LOGE("SIGUSR1 error"); 9 } 10 if (!fork()){ 11 kill(getpid(),SIGUSR1); 12 } 13 }
SIGUSR1可以使用kill函數發送,也可以使用 kill命令發送,
$kill -USR1 pid
B.使用sigaction函數
1 void 2 alarm_action(int signal, struct siginfo *info, void *data){ 3 LOGE("signal_SIGALRM catch signal = %d",signal); 4 } 5 void 6 alarm_restorer(){ 7 LOGE("signal_SIGALRM restorer"); 8 } 9 void 10 signal_act(){ 11 struct itimerval timer; 12 struct sigaction tact; 13 14 tact.sa_sigaction = alarm_action; 15 tact.sa_restorer = alarm_restorer; 16 tact.sa_flags = 0; 17 18 sigemptyset (&tact.sa_mask); 19 sigaction(SIGALRM, &tact, NULL); 20 21 timer.it_value.tv_sec = 30 ; 22 timer.it_value.tv_usec = 0 ; 23 timer.it_interval = timer.it_value; 24 25 /* set ITIMER_REAL */ 26 setitimer (ITIMER_REAL, &timer, NULL); 27 }
4.2 捕獲異常,避免程序退出
- 使用signal()函數指定信號的處理程序
- 使用c語言中的非本地跳轉可以,捕獲異常,避免程序退出。
對信號的處理要使用sig開頭非本地跳轉版本
- int sigsetjmp(sigjmp_buf env, int savemask); 設置跳轉點a,直接調用返回0,從siglongjmp調用則返回siglongjmp第2個參數值
- void siglongjmp(sigjmp_buf env, int val); 代碼跳轉到a 斷續執行
- 如果savemask非0,則sigsetjmp在env中保存進程的當前信號屏蔽字。調用siglongjmp時,如savemask的調用已經保存在env,則siglongjmp從其中恢復保存的信號屏蔽字。
- 單線程使用
示例如下:
1 static sigjmp_buf sig_jmp; 2 void 3 signal_SEGV2(int signal){ 4 LOGE("signal_SEGV2 catch signal = %d",signal); 5 siglongjmp(sig_jmp,1); 6 } 7 void 8 signal2(){ 9 int *pi = NULL; 10 for (int i = 0; i < 5; ++i) { 11 int ret = sigsetjmp(sig_jmp,1); 12 if (!ret){ 13 if(signal(SIGSEGV,signal_SEGV2) == SIG_ERR){ 14 LOGE("signal error"); 15 } 16 *pi = 2; 17 }else{ 18 LOGE("ret = %d",ret); 19 } 20 } 21 }