常见 jni 崩溃时的信号及处理方法
1.官方文档
https://source.android.google.cn/devices/tech/debug
https://source.android.google.cn/devices/tech/debug/native-crash
2.死亡报告文件
2.1 示例
在目录 /data/tombstones/ 下记录了各native层崩溃的报告文件,文件内详细地记录了崩溃现场。如下:
1 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 2 Build fingerprint: 'google/sdk_gphone_x86_64_arm64/generic_x86_64_arm64:11/RSR1.201211.001.A1/7054069:userdebug/dev-keys' 3 Revision: '0' 4 ABI: 'x86_64' 5 Timestamp: 2021-06-20 23:44:25+0800 6 pid: 5487, tid: 5507, name: Thread-2 >>> com.example.nlive.process1 <<< 7 uid: 10216 8 signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 9 Abort message: 'JNI DETECTED ERROR IN APPLICATION: JNI CallVoidMethod called with pending exception java.lang.NoSuchMethodError: no non-static method "Lcom/example/nlive/NliveApp;.restartCallback(I)V" 10 at void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String) (:-2) 11 at void com.example.nlive.NliveApp$a.d() (:373) 12 at java.lang.Object com.example.nlive.NliveApp$a.c() (:358) 13 at void h.l.a$a.run() (:30) 14 15 in call to CallVoidMethod 16 from void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String)' 17 rax 0000000000000000 rbx 000000000000156f rcx 00007cd7c1c1f2a8 rdx 0000000000000006 18 r8 00007cd7c1bafbd1 r9 00007cd7c1bafbd1 r10 00007cd4d5551d50 r11 0000000000000246 19 r12 0000000000000026 r13 0000000000000001 r14 00007cd4d5551d48 r15 0000000000001583 20 rdi 000000000000156f rsi 0000000000001583 21 rbp 00007cd5ed688ff0 rsp 00007cd4d5551d38 rip 00007cd7c1c1f2a8 22 23 backtrace: 24 #00 pc 000000000005a2a8 /apex/com.android.runtime/lib64/bionic/libc.so (syscall+24) (BuildId: 3707c39fc397eeaa328142d90b50a973) 25 #01 pc 000000000005d212 /apex/com.android.runtime/lib64/bionic/libc.so (abort+194) (BuildId: 3707c39fc397eeaa328142d90b50a973) 26 #02 pc 0000000000634927 /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+2375) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 27 #03 pc 0000000000019cfc /system/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+60) (BuildId: 7101d4565a51dea09dc23901546cbb64) 28 #04 pc 00000000000192a0 /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+368) (BuildId: 7101d4565a51dea09dc23901546cbb64) 29 #05 pc 0000000000422022 /apex/com.android.art/lib64/libart.so (art::JavaVMExt::JniAbort(char const*, char const*)+2786) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 30 #06 pc 0000000000422085 /apex/com.android.art/lib64/libart.so (art::JavaVMExt::JniAbortV(char const*, char const*, __va_list_tag*)+85) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 31 #07 pc 0000000000412dbf /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::ScopedCheck::AbortF(char const*, ...)+191) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 32 #08 pc 00000000004117d4 /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::ScopedCheck::CheckPossibleHeapValue(art::ScopedObjectAccess&, char, art::(anonymous namespace)::JniValueType)+3316) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 33 #09 pc 0000000000410266 /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::ScopedCheck::Check(art::ScopedObjectAccess&, bool, char const*, art::(anonymous namespace)::JniValueType*)+758) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 34 #10 pc 0000000000415c5b /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::CheckCallArgs(art::ScopedObjectAccess&, art::(anonymous namespace)::ScopedCheck&, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, art::InvokeType, art::(anonymous namespace)::VarArgs const*)+155) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 35 #11 pc 0000000000414ded /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::CallMethodV(char const*, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, __va_list_tag*, art::Primitive::Type, art::InvokeType)+829) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 36 #12 pc 0000000000402b2c /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::CallVoidMethod(_JNIEnv*, _jobject*, _jmethodID*, ...)+188) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 37 #13 pc 0000000000002918 /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/lib/x86_64/libnal-lib.so (Java_com_example_nlive_NliveApp_doDaemon2+1352) (BuildId: e811f61cf3625e2c07475156d6e8d019ba3d3764) 38 #14 pc 00000000001840c7 /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+215) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 39 #15 pc 00000000001718a0 /apex/com.android.art/lib64/libart.so (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 40 #16 pc 00000000000faa82 /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/oat/x86_64/base.vdex (com.example.nlive.NliveApp$a.d+326) 41 #17 pc 0000000000170d5d /apex/com.android.art/lib64/libart.so (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 42 #18 pc 00000000000fa8fc /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/oat/x86_64/base.vdex (com.example.nlive.NliveApp$a.c) 43 #19 pc 00000000001718ea /apex/com.android.art/lib64/libart.so (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 44 #20 pc 0000000000129d48 /data/app/~~z2vTOzXlbZfObJdEb9CliA==/com.example.nlive-_Tyd-tvMEV529ldWDEiqBw==/oat/x86_64/base.vdex (h.l.a$a.run+4) 45 #21 pc 0000000000178cb4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+756) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 46 #22 pc 000000000020ba92 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+242) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 47 #23 pc 000000000062a1be /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+478) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 48 #24 pc 000000000068d843 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1411) (BuildId: 7fbaf2a1a3317bd634b00eb90e32291e) 49 #25 pc 00000000000c7d2a /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+58) (BuildId: 3707c39fc397eeaa328142d90b50a973) 50 #26 pc 000000000005f0c7 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55) (BuildId: 3707c39fc397eeaa328142d90b50a973) 51 52 memory near rbx: 53 0000000000001548 ---------------- ---------------- ................ 54 0000000000001558 ---------------- ---------------- ................ 55 0000000000001568 ---------------- ---------------- ................ 56 0000000000001578 ---------------- ---------------- ................ 57 0000000000001588 ---------------- ---------------- ................ 58 0000000000001598 ---------------- ---------------- ................ 59 00000000000015a8 ---------------- ---------------- ................ 60 00000000000015b8 ---------------- ---------------- ................ 61 00000000000015c8 ---------------- ---------------- ................ 62 00000000000015d8 ---------------- ---------------- ................ 63 00000000000015e8 ---------------- ---------------- ................ 64 00000000000015f8 ---------------- ---------------- ................ 65 0000000000001608 ---------------- ---------------- ................ 66 0000000000001618 ---------------- ---------------- ................ 67 0000000000001628 ---------------- ---------------- ................ 68 0000000000001638 ---------------- ---------------- ................ 69 70 ... 71 72 memory near rip (/apex/com.android.runtime/lib64/bionic/libc.so): 73 00007cd7c1c1f288 ccccccccccccccff d68948f78948f889 ..........H..H.. 74 00007cd7c1c1f298 894dc2894dca8948 050f08244c8b4cc8 H..M..M..L.L$... 75 00007cd7c1c1f2a8 0972fffff0013d48 057727e8c789d8f7 H=....r......'w. 76 00007cd7c1c1f2b8 ccccccccccccc300 000025048b4c645f ........_dL..%.. 77 00007cd7c1c1f2c8 8b4508408b4d0000 00001440c7411448 ..M.@.E.H.A.@... 78 00007cd7c1c1f2d8 0f0000003ab88000 89451574c0855705 ...:.....W..t.E. 79 00007cd7c1c1f2e8 fffff0013d481448 e5e8c789d8f70972 H.H=....r....... 80 00007cd7c1c1f2f8 ccccccccc3000576 4155415641574155 v.......UAWAVAUA 81 00007cd7c1c1f308 894868ec83485354 6f8bfd8949102474 TSH..hH.t$.I...o 82 00007cd7c1c1f318 244c8948ed854814 1174302454894838 .H..H.L$8H.T$0t. 83 00007cd7c1c1f328 c0310b73086d3941 ebed310824448948 A9m.s.1.H.D$.1.. 84 00007cd7c1c1f338 4ce8894ced014c0b c0760f6608246c89 .L..L..L.l$.f.v. 85 00007cd7c1c1f348 7f0f6648246c894c 1024748b4c502444 L.l$Hf..D$PL.t$. 86 00007cd7c1c1f358 0000002ebef7894c 4489480007177be8 L........{...H.D 87 00007cd7c1c1f368 eb894800458b4024 7e0ff308246c8b48 $@.E.H..H.l$...~ 88 00007cd7c1c1f378 66c16f0f6608054c 66fffc607905760f L..f.o.f.v.y`..f 89 90 memory map (1928 entries): 91 00000000'12c00000-00000000'2abfffff rw- 0 18000000 [anon:dalvik-main space (region space)] 92 00000000'4105d000-00000000'41061fff rw- 0 5000 [anon:dalvik-large object space allocation] 93 00000000'52c00000-00000000'52c00fff rw- 0 1000 94 00000000'52c01000-00000000'54c00fff r-- 0 2000000 /memfd:jit-zygote-cache (deleted) 95 ... 96 97 98 --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- 99 pid: 5487, tid: 5496, name: perfetto_hprof_ >>> com.example.nlive.process1 <<< 100 uid: 10216 101 rax fffffffffffffe00 rbx 00007cd5251f2008 rcx 00007cd7c1c76ec7 rdx 0000000000000001 102 r8 0000000000000000 r9 0000000000000000 r10 0000000000000000 r11 0000000000000202 103 r12 00007cd51ea77c87 r13 00007cd51ea77d88 r14 00007cd53d66e5b0 r15 00007cd69d676570 104 rdi 0000000000000027 rsi 00007cd51ea77c87 105 rbp 000000000000156f rsp 00007cd51ea77c68 rip 00007cd7c1c76ec7 106 107 backtrace: 108 #00 pc 00000000000b1ec7 /apex/com.android.runtime/lib64/bionic/libc.so (read+7) (BuildId: 3707c39fc397eeaa328142d90b50a973) 109 #01 pc 000000000001cb70 /apex/com.android.art/lib64/libperfetto_hprof.so (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, ArtPlugin_Initialize::$_29> >(void*)+288) (BuildId: 389f643e3949f377b8ed814829c730) 110 #02 pc 00000000000c7d2a /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+58) (BuildId: 3707c39fc397eeaa328142d90b50a973) 111 #03 pc 000000000005f0c7 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55) (BuildId: 3707c39fc397eeaa328142d90b50a973) 112 113 114 ... 115 116 117 open files: 118 fd 0: /dev/null (unowned) 119 fd 1: /dev/null (unowned) 120 fd 2: /dev/null (unowned) 121 fd 3: socket:[99149] (unowned) 122 ... 123 fd 50: /proc/5487/cmdline (owned by FileInputStream 0x2c98fa8) 124 fd 51: anon_inode:[eventfd] (owned by unique_fd 0x7cd5dd67bfe4) 125 fd 52: anon_inode:[eventpoll] (owned by unique_fd 0x7cd5dd67c03c) 126 fd 53: /storage/emulated/0/pro1 (unowned) 127 fd 54: /storage/emulated/0/binder (unowned) 128 fd 55: /storage/emulated/0/pro2 (unowned) 129 --------- log main 130 06-20 23:44:23.954 5487 5487 I .nlive.process: Not late-enabling -Xcheck:jni (already on) 131 06-20 23:44:23.978 5487 5487 I .nlive.process: Unquickening 12 vdex files! 132 06-20 23:44:23.980 5487 5487 W .nlive.process: Unexpected CPU variant for X86 using defaults: x86_64 133 06-20 23:44:24.014 5487 5487 D ApplicationLoaders: Returning zygote-cached class loader: /system/framework/android.test.base.jar 134 06-20 23:44:24.026 5487 5487 D NetworkSecurityConfig: No Network Security Config specified, using platform default 135 ... 136 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] JNI DETECTED ERROR IN APPLICATION: JNI CallVoidMethod called with pending exception java.lang.NoSuchMethodError: no non-static method "Lcom/example/nlive/NliveApp;.restartCallback(I)V" 137 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String) (:-2) 138 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at void com.example.nlive.NliveApp$a.d() (:373) 139 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at java.lang.Object com.example.nlive.NliveApp$a.c() (:358) 140 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] at void h.l.a$a.run() (:30) 141 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] 142 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] in call to CallVoidMethod 143 06-20 23:44:24.447 5487 5507 F .nlive.process: runtime.cc:663] from void com.example.nlive.NliveApp.doDaemon2(int, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
其中:
- Build fingerprint值 与 ro.build.fingerprint 系统属性完全相同
Reversion值 与 ro.revision系统属性完全相同- ABI 是 arm、arm64、x86 或 x86-64 之一
- 第6行标注崩溃的线程名,pid与tid相同时表示主线程,其中 >>> 和 <<< 中间的是进程名
- 第8行指出是哪个信号、错误码、地址。
- 第9行是abort的描述信息。
- 第17-21行,收到信号时 CPU 寄存器的内容 第15-50行:调用栈记录
- 第1列:帧号
- 第2、3 列: PC 值与共享库的位置相关
- 第4列:代码所在位置:通常是共享库或可执行文件
- 第5列:PC 值对应的符号以及到该符号的偏移量(以字节为单位)
- 其它信息:如打开的文件、寄存器中地址附近的内存转储、完整的内存映射、main log等。
- 多条记录用 “--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---” 分隔。
2.2 死亡报告关联
可在Logcat中得知本次崩溃记录到哪个死亡报告文件中。debuggerd 会在该目录中保留最多 N 个 Tombstone(api30是50,api26 是10),从编号 00 至 N-1 循环覆盖。
2.3 定位及分析
注意有前缀“--->”的行:通过查看故障地址周围的映射,通常可以了解发生的问题。一般有以下几个原因:
- 读/写延伸到内存块末尾之外。
- 在内存块开始之前读/写。
- 尝试执行非代码内容。
- 在堆栈末尾之外运行。
- 尝试写入代码(如以上示例所述)。
从死亡报告文件中找到本项目中的最后一条代码。
3.常见的信号及错误码
3.1 错误码表
| 信号 | 信号值 | 错误码 | 错误码值 | 描述 | 示例 |
|
SIGABRT |
-6 |
SI_TKILL | -6 | ||
| FORTIFY | -6 |
代码可能产生安全漏洞 |
例2.Abort message: 'FORTIFY: | ||
| SI_TKILL | -6 |
堆栈损坏 |
|||
| SIGSEGV | 11 | SEGV_MAPERR | 1 | 空指针 | 例4. SEGV_MAPERR |
| SEGV_ACCERR | 2 | 只执行内存违规(仅限 Android 10) | 例5. SEGV_ACCERR | ||
| SIGSYS | 31 | SYS_SECCOMP | 1 | 调用受限系统调用 | 例6. SYS_SECCOMP |
| - | 35 | SI_QUEUE | -1 | fdsan 检测到的错误 | 例7. fdsan |
| 更多 | https://www.cnblogs.com/sjjg/p/6209846.html | ||||
3.2 示例
1 pid: 4637, tid: 4637, name: crasher >>> crasher <<< 2 signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 3 Abort message: 'some_file.c:123: some_function: assertion "false" failed' 4 r0 00000000 r1 0000121d r2 00000006 r3 00000008 5 r4 0000121d r5 0000121d r6 ffb44a1c r7 0000010c 6 r8 00000000 r9 00000000 r10 00000000 r11 00000000 7 ip ffb44c20 sp ffb44a08 lr eace2b0b pc eace2b16 8 backtrace: 9 #00 pc 0001cb16 /system/lib/libc.so (abort+57) 10 #01 pc 0001cd8f /system/lib/libc.so (__assert2+22) 11 #02 pc 00001531 /system/bin/crasher (do_action+764) 12 #03 pc 00002301 /system/bin/crasher (main+68) 13 #04 pc 0008a809 /system/lib/libc.so (__libc_init+48) 14 #05 pc 00001097 /system/bin/crasher (_start_main+38)
1 pid: 25579, tid: 25579, name: crasher >>> crasher <<< 2 signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 3 Abort message: 'FORTIFY: read: prevented 32-byte write into 10-byte buffer' 4 r0 00000000 r1 000063eb r2 00000006 r3 00000008 5 r4 ff96f350 r5 000063eb r6 000063eb r7 0000010c 6 r8 00000000 r9 00000000 sl 00000000 fp ff96f49c 7 ip 00000000 sp ff96f340 lr ee83ece3 pc ee86ef0c cpsr 000d0010 8 9 backtrace: 10 #00 pc 00049f0c /system/lib/libc.so (tgkill+12) 11 #01 pc 00019cdf /system/lib/libc.so (abort+50) 12 #02 pc 0001e197 /system/lib/libc.so (__fortify_fatal+30) 13 #03 pc 0001baf9 /system/lib/libc.so (__read_chk+48) 14 #04 pc 0000165b /system/xbin/crasher (do_action+534) 15 #05 pc 000021e5 /system/xbin/crasher (main+100) 16 #06 pc 000177a1 /system/lib/libc.so (__libc_init+48) 17 #07 pc 00001110 /system/xbin/crasher (_start+96)
例3.Abort message :'stack corruption detected'
1 pid: 26717, tid: 26717, name: crasher >>> crasher <<< 2 signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 3 Abort message: 'stack corruption detected' 4 r0 00000000 r1 0000685d r2 00000006 r3 00000008 5 r4 ffd516d8 r5 0000685d r6 0000685d r7 0000010c 6 r8 00000000 r9 00000000 sl 00000000 fp ffd518bc 7 ip 00000000 sp ffd516c8 lr ee63ece3 pc ee66ef0c cpsr 000e0010 8 9 backtrace: 10 #00 pc 00049f0c /system/lib/libc.so (tgkill+12) 11 #01 pc 00019cdf /system/lib/libc.so (abort+50) 12 #02 pc 0001e07d /system/lib/libc.so (__libc_fatal+24) 13 #03 pc 0004863f /system/lib/libc.so (__stack_chk_fail+6) 14 #04 pc 000013ed /system/xbin/crasher (smash_stack+76) 15 #05 pc 00001591 /system/xbin/crasher (do_action+280) 16 #06 pc 00002219 /system/xbin/crasher (main+100) 17 #07 pc 000177a1 /system/lib/libc.so (__libc_init+48) 18 #08 pc 00001144 /system/xbin/crasher (_start+96)
1 pid: 25405, tid: 25405, name: crasher >>> crasher <<< 2 signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc 3 r0 0000000c r1 00000000 r2 00000000 r3 3d5f0000 4 r4 00000000 r5 0000000c r6 00000002 r7 ff8618f0 5 r8 00000000 r9 00000000 sl 00000000 fp ff8618dc 6 ip edaa6834 sp ff8617a8 lr eda34a1f pc eda618f6 cpsr 600d0030 7 8 backtrace: 9 #00 pc 000478f6 /system/lib/libc.so (pthread_mutex_lock+1) 10 #01 pc 0001aa1b /system/lib/libc.so (readdir+10) 11 #02 pc 00001b35 /system/xbin/crasher (readdir_null+20) 12 #03 pc 00001815 /system/xbin/crasher (do_action+976) 13 #04 pc 000021e5 /system/xbin/crasher (main+100) 14 #05 pc 000177a1 /system/lib/libc.so (__libc_init+48) 15 #06 pc 00001110 /system/xbin/crasher (_start+96)
1 pid: 2938, tid: 2940, name: crasher64 >>> crasher64 <<< 2 signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x5f2ced24a8 3 Cause: execute-only (no-read) memory access error; likely due to data in .text. 4 x0 0000000000000000 x1 0000005f2cecf21f x2 0000000000000078 x3 0000000000000053 5 x4 0000000000000074 x5 8000000000000000 x6 ff71646772607162 x7 00000020dcf0d16c 6 x8 0000005f2ced24a8 x9 000000781251c55e x10 0000000000000000 x11 0000000000000000 7 x12 0000000000000014 x13 ffffffffffffffff x14 0000000000000002 x15 ffffffffffffffff 8 x16 0000005f2ced52f0 x17 00000078125c0ed8 x18 0000007810e8e000 x19 00000078119fbd50 9 x20 00000078125d6020 x21 00000078119fbd50 x22 00000b7a00000b7a x23 00000078119fbdd8 10 x24 00000078119fbd50 x25 00000078119fbd50 x26 00000078119fc018 x27 00000078128ea020 11 x28 00000078119fc020 x29 00000078119fbcb0 12 sp 00000078119fba40 lr 0000005f2ced1b94 pc 0000005f2ced1ba4 13 14 backtrace: 15 #00 pc 0000000000003ba4 /system/bin/crasher64 (do_action+2348) 16 #01 pc 0000000000003234 /system/bin/crasher64 (thread_callback+44) 17 #02 pc 00000000000e2044 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) 18 #03 pc 0000000000083de0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
1 pid: 11046, tid: 11046, name: crasher >>> crasher <<< 2 signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr -------- 3 Cause: seccomp prevented call to disallowed arm system call 99999 4 r0 cfda0444 r1 00000014 r2 40000000 r3 00000000 5 r4 00000000 r5 00000000 r6 00000000 r7 0001869f 6 r8 00000000 r9 00000000 sl 00000000 fp fffefa58 7 ip fffef898 sp fffef888 lr 00401997 pc f74f3658 cpsr 600f0010 8 9 backtrace: 10 #00 pc 00019658 /system/lib/libc.so (syscall+32) 11 #01 pc 00001993 /system/bin/crasher (do_action+1474) 12 #02 pc 00002699 /system/bin/crasher (main+68) 13 #03 pc 0007c60d /system/lib/libc.so (__libc_init+48) 14 #04 pc 000011b0 /system/bin/crasher (_start_main+72)
1 pid: 32315, tid: 32315, name: crasher64 >>> crasher64 <<< 2 signal 35 (), code -1 (SI_QUEUE), fault addr -------- 3 Abort message: 'attempted to close file descriptor 3, expected to be unowned, actually owned by FILE* 0x7d8e413018' 4 x0 0000000000000000 x1 0000000000007e3b x2 0000000000000023 x3 0000007fe7300bb0 5 x4 3033313465386437 x5 3033313465386437 x6 3033313465386437 x7 3831303331346538 6 x8 00000000000000f0 x9 0000000000000000 x10 0000000000000059 x11 0000000000000034 7 x12 0000007d8ebc3a49 x13 0000007fe730077a x14 0000007fe730077a x15 0000000000000000 8 x16 0000007d8ec9a7b8 x17 0000007d8ec779f0 x18 0000007d8f29c000 x19 0000000000007e3b 9 x20 0000000000007e3b x21 0000007d8f023020 x22 0000007d8f3b58dc x23 0000000000000001 10 x24 0000007fe73009a0 x25 0000007fe73008e0 x26 0000007fe7300ca0 x27 0000000000000000 11 x28 0000000000000000 x29 0000007fe7300c90 12 sp 0000007fe7300860 lr 0000007d8ec2f22c pc 0000007d8ec2f250 13 14 backtrace: 15 #00 pc 0000000000088250 /bionic/lib64/libc.so (fdsan_error(char const*, ...)+384) 16 #01 pc 0000000000088060 /bionic/lib64/libc.so (android_fdsan_close_with_tag+632) 17 #02 pc 00000000000887e8 /bionic/lib64/libc.so (close+16) 18 #03 pc 000000000000379c /system/bin/crasher64 (do_action+1316) 19 #04 pc 00000000000049c8 /system/bin/crasher64 (main+96) 20 #05 pc 000000000008021c /bionic/lib64/libc.so (_start_main)
4.信号处理
4.1 自定义信号的中断处理程序
A.使用signal函数
1 void 2 signal_USR1(int signal){ 3 LOGE("catch SIGUSR1 = %d",signal); 4 } 5 void 6 signal_reg(){ 7 if(signal(SIGUSR1,signal_USR1) == SIG_ERR){ 8 LOGE("SIGUSR1 error"); 9 } 10 if (!fork()){ 11 kill(getpid(),SIGUSR1); 12 } 13 }
SIGUSR1可以使用kill函数发送,也可以使用 kill命令发送,
$kill -USR1 pid
B.使用sigaction函数
1 void 2 alarm_action(int signal, struct siginfo *info, void *data){ 3 LOGE("signal_SIGALRM catch signal = %d",signal); 4 } 5 void 6 alarm_restorer(){ 7 LOGE("signal_SIGALRM restorer"); 8 } 9 void 10 signal_act(){ 11 struct itimerval timer; 12 struct sigaction tact; 13 14 tact.sa_sigaction = alarm_action; 15 tact.sa_restorer = alarm_restorer; 16 tact.sa_flags = 0; 17 18 sigemptyset (&tact.sa_mask); 19 sigaction(SIGALRM, &tact, NULL); 20 21 timer.it_value.tv_sec = 30 ; 22 timer.it_value.tv_usec = 0 ; 23 timer.it_interval = timer.it_value; 24 25 /* set ITIMER_REAL */ 26 setitimer (ITIMER_REAL, &timer, NULL); 27 }
4.2 捕获异常,避免程序退出
- 使用signal()函数指定信号的处理程序
- 使用c语言中的非本地跳转可以,捕获异常,避免程序退出。
对信号的处理要使用sig开头非本地跳转版本
- int sigsetjmp(sigjmp_buf env, int savemask); 设置跳转点a,直接调用返回0,从siglongjmp调用则返回siglongjmp第2个参数值
- void siglongjmp(sigjmp_buf env, int val); 代码跳转到a 断续执行
- 如果savemask非0,则sigsetjmp在env中保存进程的当前信号屏蔽字。调用siglongjmp时,如savemask的调用已经保存在env,则siglongjmp从其中恢复保存的信号屏蔽字。
- 单线程使用
示例如下:
1 static sigjmp_buf sig_jmp; 2 void 3 signal_SEGV2(int signal){ 4 LOGE("signal_SEGV2 catch signal = %d",signal); 5 siglongjmp(sig_jmp,1); 6 } 7 void 8 signal2(){ 9 int *pi = NULL; 10 for (int i = 0; i < 5; ++i) { 11 int ret = sigsetjmp(sig_jmp,1); 12 if (!ret){ 13 if(signal(SIGSEGV,signal_SEGV2) == SIG_ERR){ 14 LOGE("signal error"); 15 } 16 *pi = 2; 17 }else{ 18 LOGE("ret = %d",ret); 19 } 20 } 21 }
