Android问题解决--“signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xxxxxxx” 又出现了
狄兴业
背景:
今天,调试一个app,又出现“signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xxxxxx”问题了。
而且只在Android10以上版本才会有,导致的现象是app崩溃,这怎么怎?
问题log:
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004全部log如下:
05-08 10:21:31.065 D/a.module(18905): so : start
05-08 10:21:31.066 I/ystandard.four(18905): jit_compiled:[OK] boolean java.util.HashSet.contains(java.lang.Object) @ /apex/com.android.runtime/javalib/core-oj.jar
05-08 10:21:31.067 F/libc (18905): Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004 in tid 18978 (pool-3-thread-1), pid 18905 (ystandard.fourg)
05-08 10:21:31.107 I/netd ( 631): trafficSwapActiveStatsMap() <0.26ms>
05-08 10:21:31.109 E/AppInfoMgr( 2307): not find pkgs by uid: 1051
05-08 10:21:31.109 I/DownloadState( 2307): singleUid: 10125 [com.a.app1] speed: 125 real speed: 125 (rxB:627 txB:0 rxP:4 txP:0) scroff: false
05-08 10:21:31.112 I/DownloadState( 2307): shareUid: 0 /system/bin/netd transmitting data speed : 85 bytes/s (rxB:0 txB:429 rxP:0 txP:7 iface:0) scroff: false
05-08 10:21:31.112 I/DownloadState( 2307): shareUid: 1000 ping transmitting data speed : 16 bytes/s (rxB:0 txB:84 rxP:0 txP:1 iface:0) scroff: false
05-08 10:21:31.134 I/crash_dump64(19031): obtaining output fd from tombstoned, type: kDebuggerdTombstone
05-08 10:21:31.135 I//system/bin/tombstoned( 946): received crash request for pid 18978
05-08 10:21:31.136 I/crash_dump64(19031): performing dump of process 18905 (target tid = 18978)
05-08 10:21:31.145 F/DEBUG (19031): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-08 10:21:31.145 F/DEBUG (19031): Build fingerprint: 'HUAWEI/TAS-AN00/HWTAS:10/HUAWEITAS-AN00/10.0.0.500SP504SP504A858:user/release-keys'
05-08 10:21:31.145 F/DEBUG (19031): Revision: '0'
05-08 10:21:31.145 F/DEBUG (19031): ABI: 'arm64'
05-08 10:21:31.145 F/DEBUG (19031): SYSVMTYPE: Maple
05-08 10:21:31.145 F/DEBUG (19031): APPVMTYPE: Art
05-08 10:21:31.146 F/DEBUG (19031): Timestamp: 2021-05-08 10:21:31+0800
05-08 10:21:31.146 F/DEBUG (19031): pid: 18905, tid: 18978, name: pool-3-thread-1 >>> com.a.app1 <<<
05-08 10:21:31.146 F/DEBUG (19031): uid: 10125
05-08 10:21:31.146 F/DEBUG (19031): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004
05-08 10:21:31.146 F/DEBUG (19031): Cause: execute-only (no-read) memory access error; likely due to data in .text.
05-08 10:21:31.146 F/DEBUG (19031): x0 000000739ae8d000 x1 000000728a5db848 x2 0000000000000004 x3 0000007315dd6974
05-08 10:21:31.146 F/DEBUG (19031): x4 0000000000000020 x5 8080808000000000 x6 fefefeff2f2f2f63 x7 7f7f7f7f7f7f7f7f
05-08 10:21:31.146 F/DEBUG (19031): x8 1aa4a933c310306c x9 1aa4a933c310306c x10 0000007275868600 x11 0000000000000000
05-08 10:21:31.146 F/DEBUG (19031): x12 0000007275868608 x13 ffffffffffffffff x14 0000000000000002 x15 0000000000000000
05-08 10:21:31.146 F/DEBUG (19031): x16 000000739af29938 x17 000000739af1d950 x18 000000727519a000 x19 000000739ae8d000
05-08 10:21:31.146 F/DEBUG (19031): x20 000000729dabce40 x21 0000007309a66300 x22 0000007309a660f8 x23 00000072893e7c6c
05-08 10:21:31.146 F/DEBUG (19031): x24 0000007289b3e940 x25 0000007309a660f8 x26 00000072ff3808b0 x27 0000000000000002
05-08 10:21:31.146 F/DEBUG (19031): x28 00000072893e7c70 x29 00000072893e7ba0
05-08 10:21:31.146 F/DEBUG (19031): sp 00000072893e7ba0 lr 000000728a58215c pc 000000728a581778
05-08 10:21:31.212 F/DEBUG (19031):
05-08 10:21:31.212 F/DEBUG (19031): backtrace:
05-08 10:21:31.212 F/DEBUG (19031): NOTE: Function names and BuildId information is missing for some frames due
05-08 10:21:31.212 F/DEBUG (19031): NOTE: to unreadable libraries. For unwinds of apps, only shared libraries
05-08 10:21:31.212 F/DEBUG (19031): NOTE: found under the lib/ directory are readable.
05-08 10:21:31.212 F/DEBUG (19031): #00 pc 0000000000023778 /data/data/com.a.app1/.thirdaa/.l/libthirdaa.so
05-08 10:21:31.212 F/DEBUG (19031): #01 pc 0000000000024158 /data/data/com.a.app1/.thirdaa/.l/libthirdaa.so
05-08 10:21:31.212 F/DEBUG (19031): #02 pc 000000000014d350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.212 F/DEBUG (19031): #03 pc 00000000001445b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #04 pc 00000000001531c4 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+284) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #05 pc 00000000002eed0c /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+384) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #06 pc 00000000002e9fdc /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+912) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #07 pc 00000000005bda68 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+368) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #08 pc 000000000013e994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #09 pc 000000000001634c /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.a.NativeBridge.hook_checker_get_head_by_name)
05-08 10:21:31.213 F/DEBUG (19031): #10 pc 00000000005c0ad4 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStaticRange+768) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #11 pc 000000000013ec94 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static_range+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #12 pc 00000000000254e4 /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.impl.InjectDetect.checkSystemLibIsHooked+1020)
05-08 10:21:31.213 F/DEBUG (19031): #13 pc 00000000005bdd68 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #14 pc 000000000013e994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #15 pc 0000000000025fb2 /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.impl.InjectDetect.getInjectInfo+158)
05-08 10:21:31.213 F/DEBUG (19031): #16 pc 00000000005bdd68 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #17 pc 000000000013e994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #18 pc 0000000000024486 /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.InjectChecker.processData+34)
05-08 10:21:31.213 F/DEBUG (19031): #19 pc 00000000005bb1c0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #20 pc 000000000013e814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #21 pc 000000000002442e /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.InjectChecker.check+14)
05-08 10:21:31.213 F/DEBUG (19031): #22 pc 00000000005bb1c0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #23 pc 000000000013e814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #24 pc 000000000001b6fe /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.CheckerEngine$2.run+166)
05-08 10:21:31.213 F/DEBUG (19031): #25 pc 00000000005bc9c0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #26 pc 000000000013ea14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #27 pc 00000000001e721c /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.Executors$RunnableAdapter.call+4)
05-08 10:21:31.213 F/DEBUG (19031): #28 pc 00000000005bc9c0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #29 pc 000000000013ea14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #30 pc 00000000001ecdd2 /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.FutureTask.runAndReset+66)
05-08 10:21:31.213 F/DEBUG (19031): #31 pc 00000000005bbe64 /apex/com.android.runtime/lib64/libart.so (MterpInvokeSuper+2312) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #32 pc 000000000013e894 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_super+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #33 pc 00000000001f3c3a /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run+46)
05-08 10:21:31.213 F/DEBUG (19031): #34 pc 00000000005bc9c0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #35 pc 000000000013ea14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #36 pc 00000000001f74c6 /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor.processTask+146)
05-08 10:21:31.213 F/DEBUG (19031): #37 pc 00000000005bd55c /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1168) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #38 pc 000000000013e914 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #39 pc 00000000001f8350 /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor.runWorker+12)
05-08 10:21:31.213 F/DEBUG (19031): #40 pc 00000000005bb1c0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #41 pc 000000000013e814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #42 pc 00000000001f7054 /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor$Worker.run+4)
05-08 10:21:31.213 F/DEBUG (19031): #43 pc 00000000005bc9c0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #44 pc 000000000013ea14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #45 pc 00000000000eac04 /apex/com.android.runtime/javalib/core-oj.jar (java.lang.Thread.run+8)
05-08 10:21:31.213 F/DEBUG (19031): #46 pc 00000000002bf948 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.8053280095303785888+240) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #47 pc 00000000005a609c /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1012) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #48 pc 000000000014d468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #49 pc 0000000000144334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #50 pc 00000000001531a4 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+252) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #51 pc 00000000004c6b6c /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #52 pc 00000000004c7c00 /apex/com.android.runtime/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*)+416) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #53 pc 0000000000507bd0 /apex/com.android.runtime/lib64/libart.so (art::Thread::CreateCallback(void*)+1176) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG (19031): #54 pc 00000000000ce190 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) (BuildId: 2f04208be3c24ae761428c0bcfa6bcdf)
05-08 10:21:31.214 F/DEBUG (19031): #55 pc 0000000000070ba8 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 2f04208be3c24ae761428c0bcfa6bcdf)
05-08 10:21:31.234 D/SensorHub( 919): huawei Hal get step event
05-08 10:21:31.236 E/ ( 1506): vsnprintf_s failed
05-08 10:21:31.358 E//system/bin/tombstoned( 946): Tombstone written to: /data/tombstones/tombstone_02
05-08 10:21:31.359 I/SysSvcCallUtils( 1506): reocrd enable
05-08 10:21:31.361 W/ActivityTaskManager( 1506): finishTopCrashedActivityLocked Force finishing activity com.a.app1/ccom.a.app1.home.MainActivity
05-08 10:21:31.361 I/WindowManager_transition( 1506): set app transition from TRANSIT_CRASHING_ACTIVITY_CLOSE to TRANSIT_UNSET
05-08 10:21:31.362 V/ActivityTaskManager( 1506): positionChild stackId=0 to top.
05-08 10:21:31.363 I/SysSvcCallUtils( 1506): reocrd enable
05-08 10:21:31.363 I/DropBoxManagerService( 1506): add tag=data_app_native_crash isTagEnabled=true flags=0x2
05-08 10:21:31.364 W/HwActivityTaskManagerServiceEx( 1506): setResumedActivityUncheckLocked start call, from: ActivityRecord{5ded809 u0 com.a.app1/ccom.a.app1.home.MainActivity t75 f}, to: ActivityRecord{5cdebc9 u0 com.huawei.android.launcher/.unihome.UniHomeLauncher t1}
05-08 10:21:31.364 W/HwActivityTaskManagerServiceEx( 1506): appSwitch from: com.a.app1 to: com.huawei.android.launcher问题分析与解决:
分析:
1. “signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004”说明有非法地址访问;
2. Cause: execute-only (no-read) memory access error; likely due to data in .text. 说明是.text段无法访问引起的程序崩溃。
解决:
通过分析log,再现问题,分析内存地址,发现是文件没有读权限(no-read),
使用mprotet更改对应的文件属性,问题解决。
res = mprotect((void*)b, a-b, PROT_READ|PROT_WRITE|PROT_EXEC);mprotect函数用于改变内存的读写属性。mprotect函数说明:
mprotect函数的原型,声明如下:
int mprotect(const void *addr, size_t len, int prot);参数说明:
addr:待保护的内存首地址,必须按页对齐;
len: 待保护内存的大小,必须是页的整数倍;
prot:代表模式,可能的取值有PROT_READ(表示可读)、PROT_WRITE(可写)等。
通过PAGE_SIZE宏或者getpagesize()系统调用可以获取一页的大小。
类似资料: