Android Crash实例分析与解决

蓝牙连接问题

错误Log如下：

--------- beginning of crash
10-21 20:06:31.883 F/libc    ( 6709): Fatal signal 6 (SIGABRT), code -6 in tid 6737 (BT Service Call), pid 6709 (droid.bluetooth)
10-21 20:06:31.899 W/hpplay-java( 1424): [main]:IPManager:getActiveNets invalid networkInfo:null
10-21 20:06:31.901 I/WifiService(  412): getWifiApEnabledState uid=10023
10-21 20:06:31.901 I/hpplay-java( 1424): [main]:IPManager:getActiveNets eth0:false wifi:false mobile:false ap:false
10-21 20:06:31.902 I/hpplay-java( 1424): [main]:ServerTaskManager:get local ip:null
10-21 20:06:31.903 W/hpplay-java( 1424): [main]:IPManager:getActiveNets invalid networkInfo:null
10-21 20:06:31.904 I/WifiService(  412): getWifiApEnabledState uid=10023
10-21 20:06:31.905 I/hpplay-java( 1424): [main]:IPManager:getActiveNets eth0:false wifi:false mobile:false ap:false
10-21 20:06:31.905 I/hpplay-java( 1424): [main]:ServerTaskManager:get local ip:null
10-21 20:06:31.907 W/hpplay-java( 1424): [main]:IPManager:getActiveNets invalid networkInfo:null
10-21 20:06:31.908 I/WifiService(  412): getWifiApEnabledState uid=10023
10-21 20:06:31.909 I/hpplay-java( 1424): [main]:IPManager:getActiveNets eth0:false wifi:false mobile:false ap:false
10-21 20:06:31.909 I/hpplay-java( 1424): [main]:ServerTaskManager:get local ip:null
10-21 20:06:31.950 D/CpeAndroidService(  412): cpe get product class from cpe_init.cfg： EOS03326KLS0MP00
10-21 20:06:31.951 D/CpeAndroidService(  412): cpe get product class: EOS03326KLS0MP00
10-21 20:06:31.951 D/CpeServiceImpl(  412): ---getProductClassEOS03326KLS0MP00
10-21 20:06:32.024 I/crash_dump64( 6995): obtaining output fd from tombstoned, type: kDebuggerdTombstone
10-21 20:06:32.025 I//system/bin/tombstoned(  292): received crash request for pid 6709
10-21 20:06:32.026 I/crash_dump64( 6995): performing dump of process 6709 (target tid = 6737)
10-21 20:06:32.027 F/DEBUG   ( 6995): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10-21 20:06:32.027 F/DEBUG   ( 6995): Build fingerprint: 'eostek/scifly_rk312x_x3/scifly_x3:8.1.0/OPM8.190305.001/143821:userdebug/dev-keys'
10-21 20:06:32.027 F/DEBUG   ( 6995): Revision: '0'
10-21 20:06:32.028 F/DEBUG   ( 6995): ABI: 'arm64'
10-21 20:06:32.028 F/DEBUG   ( 6995): pid: 6709, tid: 6737, name: BT Service Call  >>> com.android.bluetooth <<<
10-21 20:06:32.028 F/DEBUG   ( 6995): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
10-21 20:06:32.046 F/DEBUG   ( 6995): Abort message: '[FATAL:list.cc(70)] Check failed: !list_is_empty(list). 
10-21 20:06:32.046 F/DEBUG   ( 6995): '
10-21 20:06:32.046 F/DEBUG   ( 6995):     x0   0000000000000000  x1   0000000000001a51  x2   0000000000000006  x3   0000000000000008
10-21 20:06:32.046 F/DEBUG   ( 6995):     x4   6c3a4c415441465b  x5   6c3a4c415441465b  x6   6c3a4c415441465b  x7   372863632e747369
10-21 20:06:32.046 F/DEBUG   ( 6995):     x8   0000000000000083  x9   0000000010000000  x10  000000710c2c8c00  x11  0000000000000001
10-21 20:06:32.047 F/DEBUG   ( 6995):     x12  287974706d655f73  x13  0a202e297473696c  x14  ff00000000000000  x15  ffffffffffffffff
10-21 20:06:32.047 F/DEBUG   ( 6995):     x16  000000569ae47fa8  x17  00000071a42294ec  x18  00000071a4294000  x19  0000000000001a35
10-21 20:06:32.047 F/DEBUG   ( 6995):     x20  0000000000001a51  x21  0000000000000083  x22  000000710c2ca588  x23  000000710ce1f000
10-21 20:06:32.047 F/DEBUG   ( 6995):     x24  000000710c2c8c81  x25  0000000000001106  x26  cccccccccccccccd  x27  000000710c2ca588
10-21 20:06:32.047 F/DEBUG   ( 6995):     x28  000000710cb9a3d1  x29  000000710c2c8c40  x30  00000071a41de720
10-21 20:06:32.047 F/DEBUG   ( 6995):     sp   000000710c2c8c00  pc   00000071a41de748  pstate 0000000060000000
10-21 20:06:32.125 F/DEBUG   ( 6995): 
10-21 20:06:32.125 F/DEBUG   ( 6995): backtrace:
10-21 20:06:32.125 F/DEBUG   ( 6995):     #00 pc 000000000001d748  /system/lib64/libc.so (abort+120)
10-21 20:06:32.125 F/DEBUG   ( 6995):     #01 pc 0000000000083470  /system/lib64/libchrome.so (base::debug::BreakDebugger()+20)
10-21 20:06:32.125 F/DEBUG   ( 6995):     #02 pc 000000000009affc  /system/lib64/libchrome.so (logging::LogMessage::~LogMessage()+1068)
10-21 20:06:32.125 F/DEBUG   ( 6995):     #03 pc 000000000019b320  /system/lib64/hw/bluetooth.default.so (list_front(list_t const*)+212)
10-21 20:06:32.125 F/DEBUG   ( 6995):     #04 pc 00000000000bed8c  /system/lib64/hw/bluetooth.default.so (handle_get_capability_response(tBTA_AV_META_MSG*, tAVRC_GET_CAPS_RSP*)+212)
10-21 20:06:32.126 F/DEBUG   ( 6995):     #05 pc 00000000000bc540  /system/lib64/hw/bluetooth.default.so (handle_avk_rc_metamsg_rsp(tBTA_AV_META_MSG*)+288)
10-21 20:06:32.126 F/DEBUG   ( 6995):     #06 pc 000000000007eeec  /system/lib64/hw/bluetooth.default.so (btif_av_state_opened_handler(unsigned int, void*)+608)
10-21 20:06:32.126 F/DEBUG   ( 6995):     #07 pc 00000000000c4fcc  /system/lib64/hw/bluetooth.default.so (btif_sm_dispatch(void*, unsigned int, void*)+32)
10-21 20:06:32.126 F/DEBUG   ( 6995):     #08 pc 000000000007d39c  /system/lib64/hw/bluetooth.default.so (btif_av_handle_event(unsigned short, char*)+264)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #09 pc 000000000008ee40  /system/lib64/hw/bluetooth.default.so (bt_jni_msg_ready(void*)+116)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #10 pc 00000000000849cc  /system/lib64/libchrome.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)+188)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #11 pc 000000000009efa4  /system/lib64/libchrome.so (base::MessageLoop::RunTask(base::PendingTask const&)+444)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #12 pc 000000000009f26c  /system/lib64/libchrome.so (base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)+52)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #13 pc 000000000009f698  /system/lib64/libchrome.so (base::MessageLoop::DoWork()+356)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #14 pc 00000000000a08a8  /system/lib64/libchrome.so (base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+220)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #15 pc 00000000000ba124  /system/lib64/libchrome.so (base::RunLoop::Run()+136)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #16 pc 000000000008d3f8  /system/lib64/hw/bluetooth.default.so (run_message_loop(void*)+256)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #17 pc 00000000001a1270  /system/lib64/hw/bluetooth.default.so (work_queue_read_cb(void*)+92)
10-21 20:06:32.127 F/DEBUG   ( 6995):     #18 pc 000000000019f4cc  /system/lib64/hw/bluetooth.default.so (run_reactor(reactor_t*, int)+320)
10-21 20:06:32.128 F/DEBUG   ( 6995):     #19 pc 000000000019f360  /system/lib64/hw/bluetooth.default.so (reactor_start(reactor_t*)+84)
10-21 20:06:32.128 F/DEBUG   ( 6995):     #20 pc 00000000001a0d08  /system/lib64/hw/bluetooth.default.so (run_thread(void*)+184)
10-21 20:06:32.128 F/DEBUG   ( 6995):     #21 pc 0000000000067d40  /system/lib64/libc.so (__pthread_start(void*)+36)
10-21 20:06:32.128 F/DEBUG   ( 6995):     #22 pc 000000000001ebd8  /system/lib64/libc.so (__start_thread+68)

通过上面log中的crash信息可以看出是list.cc文件中的list_front方法出现问题，因此追根溯源找该方法处。

void* list_front(const list_t* list) {
  CHECK(list != NULL);
  //CHECK(!list_is_empty(list));
  if(list_is_empty(list))
	 return NULL;
  return list->head->data;
 
}

void* list_back(const list_t* list) {
  CHECK(list != NULL);
  //CHECK(!list_is_empty(list));
  if(list_is_empty(list))
	 return NULL;
  return list->tail->data;
}

list_node_t* list_back_node(const list_t* list) {
  CHECK(list != NULL);
  //CHECK(!list_is_empty(list));
  if(list_is_empty(list))
	 return NULL;
  return list->tail;
}

以上方法中都使用了CHECK宏来进行判断导致com.android.bluetooth进程挂掉，所以在这里进行了修改，问题解决。