版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/abm1993/article/details/56489835
从事andriod系统开发以来接触了不少crash相关的问题,对于Crash分为Framework/App Crash, Native Crash,以及Kernel Crash
对于他们的解释
- 对于framework层或者app层的Crash(即Java层面Crash),那么往往是通过抛出未捕获异常而导致的Crash,这个内容在本文的姊妹篇理解Android Crash处理流程已详细介绍过。
- 至于Kernel Crash,很多情况是发生Kernel panic,对于内核崩溃往往是驱动或者硬件出现故障。
- Native Crash,即C/C++层面的Crash,这是介于系统framework层与Linux层之间的一层,这是本文接下来要讲解的内容。
来自http://gityuan.com/2016/06/25/android-native-crash/
直接贴上一个实际遇到的问题:
【测试步骤】
1.执行Monkey,观察结果
【预期结果】
1.步骤1后,不会出现各模块报错现象
【实际结果】
1.步骤1后,出现com.android.chrome报错2次
1.执行Monkey,观察结果
【预期结果】
1.步骤1后,不会出现各模块报错现象
【实际结果】
1.步骤1后,出现com.android.chrome报错2次
Log:
01-03 06:37:34.853 W/System (17354): ClassLoader referenced unknown path: /system/app/Chrome/lib/arm
01-03 06:37:34.913 W/DynamiteModule(17354): Local module descriptor class for com.google.android.gms.googlecertificates not found.
01-03 06:37:34.999 W/System (17354): ClassLoader referenced unknown path: /system/priv-app/GmsCore/lib/arm
01-03 06:37:35.018 W/System (17354): ClassLoader referenced unknown path:
01-03 06:37:35.019 W/System (17354): ClassLoader referenced unknown path: /system/priv-app/GmsCore/lib/arm
01-03 06:37:35.278 W/System (17354): ClassLoader referenced unknown path: /data/user/0/com.google.android.gms/app_chimera/m/00000001/n/armeabi
01-03 06:37:35.467 W/art (17354): Verification of void lz.<clinit>() took 133.298ms
01-03 06:37:35.795 W/chromium(17354): [WARNING:dns_config_service_posix.cc(316)] Failed to read DnsConfig.
01-03 06:37:36.138 W/cr_KnoxSettingsProvider(17354): Permission to read device policy denied.
01-03 06:37:36.157 W/cr_ChildProcLauncher(17354): Create a new ChildConnectionAllocator with package name = com.android.chrome, inSandbox = true
01-03 06:37:36.397 E/JavaBinder(17354): !!! FAILED BINDER TRANSACTION !!! (parcel size = 9576)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): Failed to setup connection.
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.BinderProxy.transactNative(Native Method)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.BinderProxy.transact(Binder.java:615)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at org.chromium.content.common.IChildProcessService$Stub$Proxy.setupConnection(IChildProcessService.java:102)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at org.chromium.content.browser.ChildProcessConnectionImpl.doConnectionSetupLocked(ChildProcessConnectionImpl.java:374)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at org.chromium.content.browser.ChildProcessConnectionImpl$ChildServiceConnection.onServiceConnected(ChildProcessConnectionImpl.java:15032)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:1453)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:1481)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.Handler.handleCallback(Handler.java:751)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.Handler.dispatchMessage(Handler.java:95)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.Looper.loop(Looper.java:154)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.app.ActivityThread.main(ActivityThread.java:6119)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at java.lang.reflect.Method.invoke(Native Method)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776)
01-03 06:37:36.437 W/InstanceID/Rpc(17354): Found 10013
01-03 06:37:36.478 W/cr_ChildProcessConnect(17354): onServiceDisconnected (crash or killed by oom): pid=0
01-03 06:38:02.350 W/cr_ChildProcessConnect(17354): onServiceDisconnected (crash or killed by oom): pid=17425
01-03 06:38:15.547 W/cr_tabmodel(17354): Starting to fetch tab list.
01-03 06:38:15.551 W/cr_tabmodel(17354): Finished fetching tab list.
01-03 06:38:15.551 W/cr_tabmodel(17354): Starting to fetch tab list.
01-03 06:38:15.552 E/cr_tabmodel(17354): State file does not exist.
01-03 06:38:15.652 W/Adreno-ES20(17354): <get_gpu_clk:229>: open failed: errno 13
01-03 06:38:16.304 E/cr_tabmodel(17354): Tab load still in progress when merge was attempted.
01-03 06:38:29.059 W/cr_ChildProcessConnect(17354): onServiceDisconnected (crash or killed by oom): pid=17638
01-03 06:38:35.859 F/chromium(17354): [FATAL:context_provider_factory_impl_android.cc(243)] Timed out waiting for GPU channel.
01-03 06:38:36.644 W/google-breakpad(17354): Output crash dump file:
01-03 06:38:36.644 W/google-breakpad(17354): /data/user/0/com.android.chrome/cache/Crash Reports/1ec54077-39cc-f1f0-1e85cf48-4f7c1af2.dmp
01-03 06:38:36.650 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.650 W/google-breakpad(17354): Chrome build fingerprint:
01-03 06:38:36.650 W/google-breakpad(17354): 55.0.2883.91
01-03 06:38:36.651 W/google-breakpad(17354): 288309152
01-03 06:38:36.651 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.784 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.784 W/google-breakpad(17354): Chrome build fingerprint:
01-03 06:38:36.785 W/google-breakpad(17354): 55.0.2883.91
01-03 06:38:36.785 W/google-breakpad(17354): 288309152
01-03 06:38:36.785 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.791 F/libc (17354): Fatal signal 6 (SIGABRT), code -6 in tid 17354 (.android.chrome)
01-03 06:38:36.791 F/libc (17354): Fatal signal 6 (SIGABRT), code -6 in tid 17354 (.android.chrome)
01-03 06:38:36.792 W/ ( 352): debuggerd: handling request: pid=17354 uid=10057 gid=10057 tid=17354
01-03 06:38:36.792 W/ ( 352): debuggerd: handling request: pid=17354 uid=10057 gid=10057 tid=17354
01-03 06:38:36.891 F/DEBUG (17731): pid: 17354, tid: 17354, name: .android.chrome >>> com.android.chrome <<<
01-03 06:38:36.891 F/DEBUG (17731): pid: 17354, tid: 17354, name: .android.chrome >>> com.android.chrome <<<
01-03 06:38:38.361 W/ ( 352): debuggerd: resuming target 17354
01-03 06:37:34.913 W/DynamiteModule(17354): Local module descriptor class for com.google.android.gms.googlecertificates not found.
01-03 06:37:34.999 W/System (17354): ClassLoader referenced unknown path: /system/priv-app/GmsCore/lib/arm
01-03 06:37:35.018 W/System (17354): ClassLoader referenced unknown path:
01-03 06:37:35.019 W/System (17354): ClassLoader referenced unknown path: /system/priv-app/GmsCore/lib/arm
01-03 06:37:35.278 W/System (17354): ClassLoader referenced unknown path: /data/user/0/com.google.android.gms/app_chimera/m/00000001/n/armeabi
01-03 06:37:35.467 W/art (17354): Verification of void lz.<clinit>() took 133.298ms
01-03 06:37:35.795 W/chromium(17354): [WARNING:dns_config_service_posix.cc(316)] Failed to read DnsConfig.
01-03 06:37:36.138 W/cr_KnoxSettingsProvider(17354): Permission to read device policy denied.
01-03 06:37:36.157 W/cr_ChildProcLauncher(17354): Create a new ChildConnectionAllocator with package name = com.android.chrome, inSandbox = true
01-03 06:37:36.397 E/JavaBinder(17354): !!! FAILED BINDER TRANSACTION !!! (parcel size = 9576)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): Failed to setup connection.
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.BinderProxy.transactNative(Native Method)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.BinderProxy.transact(Binder.java:615)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at org.chromium.content.common.IChildProcessService$Stub$Proxy.setupConnection(IChildProcessService.java:102)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at org.chromium.content.browser.ChildProcessConnectionImpl.doConnectionSetupLocked(ChildProcessConnectionImpl.java:374)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at org.chromium.content.browser.ChildProcessConnectionImpl$ChildServiceConnection.onServiceConnected(ChildProcessConnectionImpl.java:15032)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:1453)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:1481)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.Handler.handleCallback(Handler.java:751)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.Handler.dispatchMessage(Handler.java:95)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.os.Looper.loop(Looper.java:154)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at android.app.ActivityThread.main(ActivityThread.java:6119)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at java.lang.reflect.Method.invoke(Native Method)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886)
01-03 06:37:36.400 E/cr_ChildProcessConnect(17354): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776)
01-03 06:37:36.437 W/InstanceID/Rpc(17354): Found 10013
01-03 06:37:36.478 W/cr_ChildProcessConnect(17354): onServiceDisconnected (crash or killed by oom): pid=0
01-03 06:38:02.350 W/cr_ChildProcessConnect(17354): onServiceDisconnected (crash or killed by oom): pid=17425
01-03 06:38:15.547 W/cr_tabmodel(17354): Starting to fetch tab list.
01-03 06:38:15.551 W/cr_tabmodel(17354): Finished fetching tab list.
01-03 06:38:15.551 W/cr_tabmodel(17354): Starting to fetch tab list.
01-03 06:38:15.552 E/cr_tabmodel(17354): State file does not exist.
01-03 06:38:15.652 W/Adreno-ES20(17354): <get_gpu_clk:229>: open failed: errno 13
01-03 06:38:16.304 E/cr_tabmodel(17354): Tab load still in progress when merge was attempted.
01-03 06:38:29.059 W/cr_ChildProcessConnect(17354): onServiceDisconnected (crash or killed by oom): pid=17638
01-03 06:38:35.859 F/chromium(17354): [FATAL:context_provider_factory_impl_android.cc(243)] Timed out waiting for GPU channel.
01-03 06:38:36.644 W/google-breakpad(17354): Output crash dump file:
01-03 06:38:36.644 W/google-breakpad(17354): /data/user/0/com.android.chrome/cache/Crash Reports/1ec54077-39cc-f1f0-1e85cf48-4f7c1af2.dmp
01-03 06:38:36.650 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.650 W/google-breakpad(17354): Chrome build fingerprint:
01-03 06:38:36.650 W/google-breakpad(17354): 55.0.2883.91
01-03 06:38:36.651 W/google-breakpad(17354): 288309152
01-03 06:38:36.651 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.784 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.784 W/google-breakpad(17354): Chrome build fingerprint:
01-03 06:38:36.785 W/google-breakpad(17354): 55.0.2883.91
01-03 06:38:36.785 W/google-breakpad(17354): 288309152
01-03 06:38:36.785 W/google-breakpad(17354): ### ### ### ### ### ### ### ### ### ### ### ### ###
01-03 06:38:36.791 F/libc (17354): Fatal signal 6 (SIGABRT), code -6 in tid 17354 (.android.chrome)
01-03 06:38:36.791 F/libc (17354): Fatal signal 6 (SIGABRT), code -6 in tid 17354 (.android.chrome)
01-03 06:38:36.792 W/ ( 352): debuggerd: handling request: pid=17354 uid=10057 gid=10057 tid=17354
01-03 06:38:36.792 W/ ( 352): debuggerd: handling request: pid=17354 uid=10057 gid=10057 tid=17354
01-03 06:38:36.891 F/DEBUG (17731): pid: 17354, tid: 17354, name: .android.chrome >>> com.android.chrome <<<
01-03 06:38:36.891 F/DEBUG (17731): pid: 17354, tid: 17354, name: .android.chrome >>> com.android.chrome <<<
01-03 06:38:38.361 W/ ( 352): debuggerd: resuming target 17354
对于上面一大堆的Log,看了就头疼,我们只关注其中几点
01-03 06:38:36.891 F/DEBUG (17731): pid: 17354, tid: 17354, name: .android.chrome >>> com.android.chrome <<<
01-03 06:38:36.891 F/DEBUG (17731): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
01-03 06:38:36.891 F/DEBUG (17731): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
该条Log告诉了我们Crash的进程号pid: 17354,线程号tid: 17354,进程名name: .android.chrome,以及Crash发送给系统的信号以及错误地址signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
因此我们初步判断chrome应用发生了native crash,那么问题来了怎么定位错误的原因呢?
这就得继续看Log了
01-03 06:38:36.926 F/DEBUG (17731): backtrace:
01-03 06:38:36.928 F/DEBUG (17731): #00 pc 00049d78 /system/lib/libc.so (tgkill+12)
01-03 06:38:36.928 F/DEBUG (17731): #01 pc 000474f3 /system/lib/libc.so (pthread_kill+34)
01-03 06:38:36.928 F/DEBUG (17731): #02 pc 0001d745 /system/lib/libc.so (raise+10)
01-03 06:38:36.928 F/DEBUG (17731): #03 pc 00019281 /system/lib/libc.so (__libc_android_abort+34)
01-03 06:38:36.928 F/DEBUG (17731): #04 pc 000172e8 /system/lib/libc.so (abort+4)
01-03 06:38:36.928 F/DEBUG (17731): #05 pc 008fa231 /system/app/Chrome/Chrome.apk (offset 0x4236000)
01-03 06:38:36.928 F/DEBUG (17731): #00 pc 00049d78 /system/lib/libc.so (tgkill+12)
01-03 06:38:36.928 F/DEBUG (17731): #01 pc 000474f3 /system/lib/libc.so (pthread_kill+34)
01-03 06:38:36.928 F/DEBUG (17731): #02 pc 0001d745 /system/lib/libc.so (raise+10)
01-03 06:38:36.928 F/DEBUG (17731): #03 pc 00019281 /system/lib/libc.so (__libc_android_abort+34)
01-03 06:38:36.928 F/DEBUG (17731): #04 pc 000172e8 /system/lib/libc.so (abort+4)
01-03 06:38:36.928 F/DEBUG (17731): #05 pc 008fa231 /system/app/Chrome/Chrome.apk (offset 0x4236000)
以上Log就是出错时寄存器中出错的地方,我们可以通过NDK中的工具包解析出具体出错的地方,步骤如下:
使用arm-linux-androideabi-objdump 定位出错的函数信息
D:\tool\Ndk\android-ndk-r13b\toolchains\arm-linux-androideabi-4.9\prebuilt\windows-x86_64\bin>arm-linux-androideabi-objdump.exe-S -D D:\tool\parse_stack.rev6\libc.so > D:\tool\parse_stack.rev6\log.txt
使用如上命令别可以解析出so库中具体函数汇编码(具体的现在我也看不懂)
类似下面一大坨
172bc: e2922008 adds r2, r2, #8
172c0: 03a00000 moveq r0, #0
172c4: 0affffb1 beq 17190 <memcmp+0x134>
172c8: eaffffaa b 17178 <memcmp+0x11c>
172cc: e2411004 sub r1, r1, #4
172d0: e04111a6 sub r1, r1, r6, lsr #3
172d4: e2444004 sub r4, r4, #4
172d8: e3a02004 mov r2, #4
172dc: e8bd00e0 pop {r5, r6, r7}
172e0: eaffffa4 b 17178 <memcmp+0x11c>
000172e4 <abort>:
172e4: e92d4008 push {r3, lr}
172e8: fb0007db blx 1925e <__libc_android_abort>
172c0: 03a00000 moveq r0, #0
172c4: 0affffb1 beq 17190 <memcmp+0x134>
172c8: eaffffaa b 17178 <memcmp+0x11c>
172cc: e2411004 sub r1, r1, #4
172d0: e04111a6 sub r1, r1, r6, lsr #3
172d4: e2444004 sub r4, r4, #4
172d8: e3a02004 mov r2, #4
172dc: e8bd00e0 pop {r5, r6, r7}
172e0: eaffffa4 b 17178 <memcmp+0x11c>
000172e4 <abort>:
172e4: e92d4008 push {r3, lr}
172e8: fb0007db blx 1925e <__libc_android_abort>
.......
其中我们就可以根据backtrace提供的错误栈信息搜索出出错位置比如根据#04 pc 000172e8 /system/lib/libc.so (abort+4)中的172e8,然后搜索我们发现
1
72e8:
fb0007db
blx
1925e <__libc_android_abort>这样的一条信息,但是这还是不具体,对于到了这步,还不能得到具体的出错原因的我们就应该回头再看看整体的Log
一般情况下内存地址被挤占了,或者因为内存不够的原因,我们往前寻找Log发现果然有相关的Log
onServiceDisconnected (crash or killed by oom): pid=0
不难推测该Native Crash是由于系统oom或者其他外力因素导致的.
至此这个问题的大致分析的思路就清楚了