本机Android崩溃:000218a8 /system/lib/libc。所以(__futex_syscall3 + 8)

时间:2021-12-16 15:32:07

I'm getting the following crash report from my android application:

我从我的android应用程序中得到如下崩溃报告:

I had crash reports before and they all were about the source of my program but this time it is a native crash. I'm pretty lost in how to figure out what is going wrong. Could someone please help me understand what the problem could be and how I can read the stack trace to get the information myself?

我之前有过崩溃报告,它们都是关于我的程序的源代码,但这次是一个本机崩溃。我完全不知道怎么搞清楚哪里出了问题。是否有人能帮助我理解问题可能是什么,以及我如何读取堆栈跟踪来获取信息?

I think it has something to do with a key release...?

我认为这和关键发布有关…?

   *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'oneplus/bacon/A0001:4.4.4/KTU84Q/XNPH05Q:user/release-keys'
Revision: '0'
pid: 21249, tid: 21249, name: .application.android >>> com.my.application.android <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
r0 838c7408 r1 00000080 r2 00000002 r3 00000000
r4 838c7408 r5 00000002 r6 00000000 r7 000000f0
r8 00000000 r9 838c7408 sl 41dbb3f8 fp 00000001
ip 00000000 sp bec11f90 lr 401056c4 pc 401188a8 cpsr 600a0010
d0 0000000000000000 d1 000000004432d59c
d2 000003f500000000 d3 0000000000000008
d4 fe8000003f000001 d5 000122e800000000
d6 0000000000000000 d7 4432d59c00000000
d8 0000000000000000 d9 3fe0000000000000
d10 0000000000000000 d11 0000000000000000
d12 0000000000000000 d13 0000000000000000
d14 0000000000000000 d15 0000000000000000
d16 ffffffffffffffff d17 00790061006c0050
d18 0000009ebdc4e22a d19 002e006900750067
d20 0061007200470049 d21 0063006900680070
d22 0066006600750042 d23 0072005000720065
d24 3f5243eca0000000 d25 8000000000000000
d26 3ff0000000000000 d27 bf95555560000000
d28 8000000000000000 d29 0000000000000000
d30 0000000000000000 d31 0000000000000000
scr 68000013

backtrace:
#00 pc 000218a8 /system/lib/libc.so (__futex_syscall3+8)
#01 pc 0000e6c0 /system/lib/libc.so
#02 pc 00055ac9 /system/lib/libdvm.so
#03 pc 00055fe9 /system/lib/libdvm.so (dvmLockObject+228)
#04 pc 00020d9c /system/lib/libdvm.so
#05 pc 00030ea4 /system/lib/libdvm.so (dvmMterpStd(Thread*)+76)
#06 pc 0002e508 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)
#07 pc 000635bd /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+336)
#08 pc 0004f765 /system/lib/libdvm.so
#09 pc 00053e75 /system/lib/libandroid_runtime.so
#10 pc 00067a69 /system/lib/libandroid_runtime.so (android::NativeInputEventReceiver::consumeEvents(_JNIEnv*, bool, long long, bool*)+368)
#11 pc 00067b4d /system/lib/libandroid_runtime.so (android::NativeInputEventReceiver::handleEvent(int, int, void*)+52)
#12 pc 000109ff /system/lib/libutils.so (android::Looper::pollInner(int)+474)
#13 pc 00010aad /system/lib/libutils.so (android::Looper::pollOnce(int, int*, int*, void**)+92)
#14 pc 0006ed5d /system/lib/libandroid_runtime.so (android::NativeMessageQueue::pollOnce(_JNIEnv*, int)+22)
#15 pc 000204d0 /system/lib/libdvm.so (dvmPlatformInvoke+116)
#16 pc 0005118f /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+398)
#17 pc 00000214 /dev/ashmem/dalvik-jit-code-cache (deleted)

code around pc:
40118888 e5900000 e2601000 e0100001 116f0f10
40118898 12600020 e12fff1e e1a0c007 e3a070f0
401188a8 ef000000 e1a0700c e12fff1e eafffff9
401188b8 e1a0c007 e1a03002 e1a02001 e3a01000
401188c8 e3a070f0 ef000000 e1a0700c e12fff1e
401188d8 e1a0c007 e1a02001 e3a01001 e3a070f0
401188e8 ef000000 e1a0700c e12fff1e e1a0000d
401188f8 e12fff1e e92d50f0 e3a07025 ef000000
40118908 e8bd50f0 e3700a01 912fff1e e2600000
40118918 ea006f6a f5d0f000 f5d1f000 e1500001
40118928 13520000 03a00000 012fff1e e1a03000
40118938 e352000c 5a000008 f5d0f020 f5d1f020
40118948 e0d300b2 e0d1c0b2 e050000c 112fff1e
40118958 e2522001 1afffff9 e12fff1e e92d4010
40118968 e3130002 0a000005 e0d300b2 e0d1c0b2
40118978 e2422001 e050000c 18bd4010 112fff1e

code around lr:
401056a4 01841f90 e3510000 1afffff9 e1560003
401056b4 13865002 1a000001 ea000009 ebffff74
401056c4 e194cf9f e1843f95 e3530000 e1a00004
401056d4 e1a01006 e1a02005 1afffff8 e156000c
401056e4 1afffff5 f57ff05b e3a00000 e8bd81f0
401056f4 e3a00016 e8bd81f0 fa001211 e5903020
40105704 e1530825 0a000025 e1867007 e1a0c803
40105714 e1550007 0a000033 e38c0002 e1808007
40105724 ea000012 e2053003 e3530001 1a000009
40105734 e225c003 e1942f9f e3a0e000 e1320005
40105744 0184ef9c e35e0000 1afffff9 e1550002
40105754 01a0500c 1a000004 e1a02005 e1a00004
40105764 e1a01006 e3a03000 ebffff49 e5945000
40105774 e1550007 1affffea e1941f9f e3a00000
40105784 e1310007 01840f98 e3500000 1afffff9
40105794 e1570001 1afffff4 f57ff05b e8bd81f0 

1 个解决方案

#1


6  

From the stack trace, it appears to be crashing inside the Dalvik VM. You didn't include the full crash report, which would show the fault address and version of Android, but the fact that it's in dvmLockObject() suggests corruption of the managed heap.

从堆栈跟踪来看,它似乎正在Dalvik虚拟机中崩溃。您没有包含完整的崩溃报告,它将显示Android的错误地址和版本,但是它在dvmLockObject()中的事实表明托管堆已经损坏。

Heap corruption is usually caused by native code libraries. It can be difficult to track down because the crash doesn't necessarily happen in the vicinity of the corruption.

堆损坏通常由本机代码库引起。追踪起来可能很困难,因为事故不一定发生在腐败的附近。

Update: With the full native crash dump, the situation appears to be quite different. The thread is crashing with a SIGABRT, which generally happens when something (like assert() or a failed call tofree()) calls abort(). However, the stack trace shows that the code was sitting in a futex syscall -- futexes provide the underpinnings for libc features like pthread mutexes -- and the futex syscall doesn't cause SIGABRT.

更新:使用完整的本机崩溃转储,情况似乎完全不同。该线程使用SIGABRT发生崩溃,通常发生在调用abort()时(比如assert()或调用tofree()失败时)。但是,堆栈跟踪显示代码位于futex syscall中——futexes提供了pthread互斥体等libc特性的基础——futex syscall不会导致SIGABRT。

My guess is that some other thread caused the signal 6. You'll note that the pid and tid have the same value (21249), which means this is the main thread of the app, and is the thread that will catch a signal sent to the process by kill().

我猜是别的线引起了信号。您将注意到pid和tid具有相同的值(21249),这意味着这是应用程序的主线程,并且是通过kill()捕获发送给进程的信号的线程。

Android's abort() used to dereference 0xdeadbaad to ensure that the failing thread appeared in the stack trace. That was changed in recent releases to send a SIGABRT with tgkill(), which should ensure that the correct thread receives the signal. So either that mechanism isn't working, or some other bit of code is sending SIGABRT, perhaps using kill().

Android的abort()用于取消引用0xdeadbaad,以确保失败的线程出现在堆栈跟踪中。这在最近的版本中被更改为使用tgkill()发送SIGABRT,它应该确保正确的线程接收到信号。因此,要么该机制不起作用,要么其他代码位正在发送SIGABRT,可能使用kill()。

If you have the full logcat output, you may be able to see some sort of failure indication before the start of the crash log.

如果您有完整的logcat输出,您可能可以在崩溃日志开始之前看到某种失败指示。

#1


6  

From the stack trace, it appears to be crashing inside the Dalvik VM. You didn't include the full crash report, which would show the fault address and version of Android, but the fact that it's in dvmLockObject() suggests corruption of the managed heap.

从堆栈跟踪来看,它似乎正在Dalvik虚拟机中崩溃。您没有包含完整的崩溃报告,它将显示Android的错误地址和版本,但是它在dvmLockObject()中的事实表明托管堆已经损坏。

Heap corruption is usually caused by native code libraries. It can be difficult to track down because the crash doesn't necessarily happen in the vicinity of the corruption.

堆损坏通常由本机代码库引起。追踪起来可能很困难,因为事故不一定发生在腐败的附近。

Update: With the full native crash dump, the situation appears to be quite different. The thread is crashing with a SIGABRT, which generally happens when something (like assert() or a failed call tofree()) calls abort(). However, the stack trace shows that the code was sitting in a futex syscall -- futexes provide the underpinnings for libc features like pthread mutexes -- and the futex syscall doesn't cause SIGABRT.

更新:使用完整的本机崩溃转储,情况似乎完全不同。该线程使用SIGABRT发生崩溃,通常发生在调用abort()时(比如assert()或调用tofree()失败时)。但是,堆栈跟踪显示代码位于futex syscall中——futexes提供了pthread互斥体等libc特性的基础——futex syscall不会导致SIGABRT。

My guess is that some other thread caused the signal 6. You'll note that the pid and tid have the same value (21249), which means this is the main thread of the app, and is the thread that will catch a signal sent to the process by kill().

我猜是别的线引起了信号。您将注意到pid和tid具有相同的值(21249),这意味着这是应用程序的主线程,并且是通过kill()捕获发送给进程的信号的线程。

Android's abort() used to dereference 0xdeadbaad to ensure that the failing thread appeared in the stack trace. That was changed in recent releases to send a SIGABRT with tgkill(), which should ensure that the correct thread receives the signal. So either that mechanism isn't working, or some other bit of code is sending SIGABRT, perhaps using kill().

Android的abort()用于取消引用0xdeadbaad,以确保失败的线程出现在堆栈跟踪中。这在最近的版本中被更改为使用tgkill()发送SIGABRT,它应该确保正确的线程接收到信号。因此,要么该机制不起作用,要么其他代码位正在发送SIGABRT,可能使用kill()。

If you have the full logcat output, you may be able to see some sort of failure indication before the start of the crash log.

如果您有完整的logcat输出,您可能可以在崩溃日志开始之前看到某种失败指示。