Android问题解决–“signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xxxxxxx” 又出现了

  • Post author:
  • Post category:其他



背景:

今天,调试一个app,又出现“signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xxxxxx”问题了。

而且只在Android10以上版本才会有,导致的现象是app崩溃,这怎么怎?


问题log:

signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004

全部log如下:

05-08 10:21:31.065 D/a.module(18905): so : start
05-08 10:21:31.066 I/ystandard.four(18905): jit_compiled:[OK] boolean java.util.HashSet.contains(java.lang.Object) @ /apex/com.android.runtime/javalib/core-oj.jar
05-08 10:21:31.067 F/libc    (18905): Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004 in tid 18978 (pool-3-thread-1), pid 18905 (ystandard.fourg)
05-08 10:21:31.107 I/netd    (  631): trafficSwapActiveStatsMap() <0.26ms>
05-08 10:21:31.109 E/AppInfoMgr( 2307): not find pkgs by uid: 1051
05-08 10:21:31.109 I/DownloadState( 2307): singleUid: 10125 [com.a.app1] speed: 125 real speed: 125 (rxB:627 txB:0 rxP:4 txP:0) scroff: false
05-08 10:21:31.112 I/DownloadState( 2307): shareUid: 0 /system/bin/netd transmitting data speed : 85 bytes/s (rxB:0 txB:429 rxP:0 txP:7 iface:0) scroff: false
05-08 10:21:31.112 I/DownloadState( 2307): shareUid: 1000 ping transmitting data speed : 16 bytes/s (rxB:0 txB:84 rxP:0 txP:1 iface:0) scroff: false
05-08 10:21:31.134 I/crash_dump64(19031): obtaining output fd from tombstoned, type: kDebuggerdTombstone
05-08 10:21:31.135 I//system/bin/tombstoned(  946): received crash request for pid 18978
05-08 10:21:31.136 I/crash_dump64(19031): performing dump of process 18905 (target tid = 18978)
05-08 10:21:31.145 F/DEBUG   (19031): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-08 10:21:31.145 F/DEBUG   (19031): Build fingerprint: 'HUAWEI/TAS-AN00/HWTAS:10/HUAWEITAS-AN00/10.0.0.500SP504SP504A858:user/release-keys'
05-08 10:21:31.145 F/DEBUG   (19031): Revision: '0'
05-08 10:21:31.145 F/DEBUG   (19031): ABI: 'arm64'
05-08 10:21:31.145 F/DEBUG   (19031): SYSVMTYPE: Maple
05-08 10:21:31.145 F/DEBUG   (19031): APPVMTYPE: Art
05-08 10:21:31.146 F/DEBUG   (19031): Timestamp: 2021-05-08 10:21:31+0800
05-08 10:21:31.146 F/DEBUG   (19031): pid: 18905, tid: 18978, name: pool-3-thread-1  >>> com.a.app1 <<<
05-08 10:21:31.146 F/DEBUG   (19031): uid: 10125
05-08 10:21:31.146 F/DEBUG   (19031): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004
05-08 10:21:31.146 F/DEBUG   (19031): Cause: execute-only (no-read) memory access error; likely due to data in .text.
05-08 10:21:31.146 F/DEBUG   (19031):     x0  000000739ae8d000  x1  000000728a5db848  x2  0000000000000004  x3  0000007315dd6974
05-08 10:21:31.146 F/DEBUG   (19031):     x4  0000000000000020  x5  8080808000000000  x6  fefefeff2f2f2f63  x7  7f7f7f7f7f7f7f7f
05-08 10:21:31.146 F/DEBUG   (19031):     x8  1aa4a933c310306c  x9  1aa4a933c310306c  x10 0000007275868600  x11 0000000000000000
05-08 10:21:31.146 F/DEBUG   (19031):     x12 0000007275868608  x13 ffffffffffffffff  x14 0000000000000002  x15 0000000000000000
05-08 10:21:31.146 F/DEBUG   (19031):     x16 000000739af29938  x17 000000739af1d950  x18 000000727519a000  x19 000000739ae8d000
05-08 10:21:31.146 F/DEBUG   (19031):     x20 000000729dabce40  x21 0000007309a66300  x22 0000007309a660f8  x23 00000072893e7c6c
05-08 10:21:31.146 F/DEBUG   (19031):     x24 0000007289b3e940  x25 0000007309a660f8  x26 00000072ff3808b0  x27 0000000000000002
05-08 10:21:31.146 F/DEBUG   (19031):     x28 00000072893e7c70  x29 00000072893e7ba0
05-08 10:21:31.146 F/DEBUG   (19031):     sp  00000072893e7ba0  lr  000000728a58215c  pc  000000728a581778
05-08 10:21:31.212 F/DEBUG   (19031): 
05-08 10:21:31.212 F/DEBUG   (19031): backtrace:
05-08 10:21:31.212 F/DEBUG   (19031):     NOTE: Function names and BuildId information is missing for some frames due
05-08 10:21:31.212 F/DEBUG   (19031):     NOTE: to unreadable libraries. For unwinds of apps, only shared libraries
05-08 10:21:31.212 F/DEBUG   (19031):     NOTE: found under the lib/ directory are readable.
05-08 10:21:31.212 F/DEBUG   (19031):       #00 pc 0000000000023778  /data/data/com.a.app1/.thirdaa/.l/libthirdaa.so
05-08 10:21:31.212 F/DEBUG   (19031):       #01 pc 0000000000024158  /data/data/com.a.app1/.thirdaa/.l/libthirdaa.so
05-08 10:21:31.212 F/DEBUG   (19031):       #02 pc 000000000014d350  /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.212 F/DEBUG   (19031):       #03 pc 00000000001445b8  /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #04 pc 00000000001531c4  /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+284) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #05 pc 00000000002eed0c  /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+384) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #06 pc 00000000002e9fdc  /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+912) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #07 pc 00000000005bda68  /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+368) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #08 pc 000000000013e994  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #09 pc 000000000001634c  /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.a.NativeBridge.hook_checker_get_head_by_name)
05-08 10:21:31.213 F/DEBUG   (19031):       #10 pc 00000000005c0ad4  /apex/com.android.runtime/lib64/libart.so (MterpInvokeStaticRange+768) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #11 pc 000000000013ec94  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static_range+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #12 pc 00000000000254e4  /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.impl.InjectDetect.checkSystemLibIsHooked+1020)
05-08 10:21:31.213 F/DEBUG   (19031):       #13 pc 00000000005bdd68  /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #14 pc 000000000013e994  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #15 pc 0000000000025fb2  /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.impl.InjectDetect.getInjectInfo+158)
05-08 10:21:31.213 F/DEBUG   (19031):       #16 pc 00000000005bdd68  /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #17 pc 000000000013e994  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #18 pc 0000000000024486  /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.InjectChecker.processData+34)
05-08 10:21:31.213 F/DEBUG   (19031):       #19 pc 00000000005bb1c0  /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #20 pc 000000000013e814  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #21 pc 000000000002442e  /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.inject.InjectChecker.check+14)
05-08 10:21:31.213 F/DEBUG   (19031):       #22 pc 00000000005bb1c0  /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #23 pc 000000000013e814  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #24 pc 000000000001b6fe  /data/data/com.a.app1/.thirdaa/.l/thirdaa.dex (com.coralline.sea.checkers.CheckerEngine$2.run+166)
05-08 10:21:31.213 F/DEBUG   (19031):       #25 pc 00000000005bc9c0  /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #26 pc 000000000013ea14  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #27 pc 00000000001e721c  /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.Executors$RunnableAdapter.call+4)
05-08 10:21:31.213 F/DEBUG   (19031):       #28 pc 00000000005bc9c0  /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #29 pc 000000000013ea14  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #30 pc 00000000001ecdd2  /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.FutureTask.runAndReset+66)
05-08 10:21:31.213 F/DEBUG   (19031):       #31 pc 00000000005bbe64  /apex/com.android.runtime/lib64/libart.so (MterpInvokeSuper+2312) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #32 pc 000000000013e894  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_super+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #33 pc 00000000001f3c3a  /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run+46)
05-08 10:21:31.213 F/DEBUG   (19031):       #34 pc 00000000005bc9c0  /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #35 pc 000000000013ea14  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #36 pc 00000000001f74c6  /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor.processTask+146)
05-08 10:21:31.213 F/DEBUG   (19031):       #37 pc 00000000005bd55c  /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1168) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #38 pc 000000000013e914  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #39 pc 00000000001f8350  /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor.runWorker+12)
05-08 10:21:31.213 F/DEBUG   (19031):       #40 pc 00000000005bb1c0  /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #41 pc 000000000013e814  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #42 pc 00000000001f7054  /apex/com.android.runtime/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor$Worker.run+4)
05-08 10:21:31.213 F/DEBUG   (19031):       #43 pc 00000000005bc9c0  /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1752) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #44 pc 000000000013ea14  /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #45 pc 00000000000eac04  /apex/com.android.runtime/javalib/core-oj.jar (java.lang.Thread.run+8)
05-08 10:21:31.213 F/DEBUG   (19031):       #46 pc 00000000002bf948  /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.8053280095303785888+240) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #47 pc 00000000005a609c  /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1012) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #48 pc 000000000014d468  /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #49 pc 0000000000144334  /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #50 pc 00000000001531a4  /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+252) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #51 pc 00000000004c6b6c  /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #52 pc 00000000004c7c00  /apex/com.android.runtime/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*)+416) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #53 pc 0000000000507bd0  /apex/com.android.runtime/lib64/libart.so (art::Thread::CreateCallback(void*)+1176) (BuildId: 756bb09899d855cad5160602c742fb8f)
05-08 10:21:31.213 F/DEBUG   (19031):       #54 pc 00000000000ce190  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) (BuildId: 2f04208be3c24ae761428c0bcfa6bcdf)
05-08 10:21:31.214 F/DEBUG   (19031):       #55 pc 0000000000070ba8  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 2f04208be3c24ae761428c0bcfa6bcdf)
05-08 10:21:31.234 D/SensorHub(  919): huawei Hal get step event
05-08 10:21:31.236 E/        ( 1506): vsnprintf_s failed
05-08 10:21:31.358 E//system/bin/tombstoned(  946): Tombstone written to: /data/tombstones/tombstone_02
05-08 10:21:31.359 I/SysSvcCallUtils( 1506): reocrd enable
05-08 10:21:31.361 W/ActivityTaskManager( 1506):   finishTopCrashedActivityLocked Force finishing activity com.a.app1/ccom.a.app1.home.MainActivity
05-08 10:21:31.361 I/WindowManager_transition( 1506): set app transition from TRANSIT_CRASHING_ACTIVITY_CLOSE to TRANSIT_UNSET
05-08 10:21:31.362 V/ActivityTaskManager( 1506): positionChild stackId=0 to top.
05-08 10:21:31.363 I/SysSvcCallUtils( 1506): reocrd enable
05-08 10:21:31.363 I/DropBoxManagerService( 1506): add tag=data_app_native_crash isTagEnabled=true flags=0x2
05-08 10:21:31.364 W/HwActivityTaskManagerServiceEx( 1506): setResumedActivityUncheckLocked start call, from: ActivityRecord{5ded809 u0 com.a.app1/ccom.a.app1.home.MainActivity t75 f}, to: ActivityRecord{5cdebc9 u0 com.huawei.android.launcher/.unihome.UniHomeLauncher t1}
05-08 10:21:31.364 W/HwActivityTaskManagerServiceEx( 1506): appSwitch from: com.a.app1 to: com.huawei.android.launcher


问题分析与解决:

分析:

1. “signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x739ae8d004”说明有非法地址访问;

2. Cause: execute-only (no-read) memory access error; likely due to data in .text. 说明是.text段无法访问引起的程序崩溃。

解决:

通过分析log,再现问题,分析内存地址,发现是文件没有读权限(no-read),

使用mprotet更改对应的文件属性,问题解决。

res = mprotect((void*)b, a-b, PROT_READ|PROT_WRITE|PROT_EXEC);
mprotect函数用于改变内存的读写属性。

mprotect函数说明:

mprotect函数的原型,声明如下:

int mprotect(const void *addr, size_t len, int prot);

参数说明:

addr:待保护的内存首地址,必须按页对齐;

len: 待保护内存的大小,必须是页的整数倍;

prot:代表模式,可能的取值有PROT_READ(表示可读)、PROT_WRITE(可写)等。

通过PAGE_SIZE宏或者getpagesize()系统调用可以获取一页的大小。




版权声明:本文为liranke原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。