I compiled v8 for ARM and it loads fine on the majority of arm6/7 phones. Some specific devices like the HTC Wildfire S crash when loading the native library.
This is the SIGILL (invalid instruction) I get:
31-31/? I/DEBUG﹕ *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
31-31/? I/DEBUG﹕ Build fingerprint: 'generic/sdk/generic/:2.2/FRF91/43546:eng/test-keys'
31-31/? I/DEBUG﹕ pid: 312, tid: 312 >>> org.myapp <<<
31-31/? I/DEBUG﹕ signal 4 (SIGILL), fault addr 81494f98
31-31/? I/DEBUG﹕ r0 00000001 r1 00000003 r2 81494f8e r3 81494f8c
31-31/? I/DEBUG﹕ r4 8198a26c r5 00000003 r6 00000004 r7 00000000
31-31/? I/DEBUG﹕ r8 42189eac r9 00000374 10 0000ce04 fp bef6765c
31-31/? I/DEBUG﹕ ip 8124695c sp bef67658 lr b0001169 pc 81494f98 cpsr 80000010
31-31/? I/DEBUG﹕ #00 pc 00494f98 /data/data/org.myapp/lib/libjv8.so
I could use ndk-stack to get the specific line in v8 that's crashing, but it actually refers to a macro so I don't know which specific instruction is being executed.
I tried to connect to the device with gdb-server, but it doesn't give me more details about the instruction:
Program received signal SIGILL, Illegal instruction.
0x81494f98 in ?? ()
So I'm a bit lost. Is there a way to translate 0x81494f98 to a specific ARM instruction?
Thanks to #ChrisStratton, this is how I was able to find the specific ARM instructions that causes a SIGILL:
$ arm-whatever-objdump -d <lib_path> | grep <pc_address>
or in my case:
$ arm-whatever-objdump -d libjv8.so | grep 494f98
It produced the following line:
494f98: e30f1fff movw r1, #65535 ; 0xffff
Related
I'm currently debugging an app where it shows the map and it goes to the current location. When I look at the logs, it only shows this log
08-02 20:40:48.907 12558-12568/ph.com.appsample A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x5c in tid 12568 (FinalizerDaemon)
I tried removing the filtering of the logs and was able to retrieve this log
08-02 20:40:48.967 275-275/? I/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'samsung/j53gxx/j53g:5.1.1/LMY48B/J500HXXS1AQG1:'
Revision: '5'
ABI: 'arm'
pid: 12558, tid: 12568, name: FinalizerDaemon >>> ph.com.appsample <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x5c
08-02 20:40:48.997 275-275/? I/DEBUG: r0 b7e1e8e0 r1 00000000 r2
9b60f000 r3 00000000
r4 b7e1e8e0 r5 0000005d r6 136959c0 r7 ffffffff
r8 712a9430 r9 b7a6fad0 sl 137295b0 fp 136959c0
ip b6f80fa8 sp b45fca88 lr b6e86be1 pc 0000005c cpsr 60070030
backtrace:
#00 pc 0000005c <unknown>
#01 pc 0001fbdf /system/lib/libbinder.so (_ZN7android6Parcel14freeDataNoInitEv+22)
#02 pc 0001fc39 /system/lib/libbinder.so (_ZN7android6ParcelD1Ev+4)
#03 pc 00083cbf /system/lib/libandroid_runtime.so
#04 pc 00017f45 /system/framework/arm/boot.oat
Is there anyway I can make this readable and does someone encounter this problem also?
Since the rollout of Android 8 Oreo, our app has been consistently crashing in different places. All the play store crash reports show native crashes. The most frequently occuring one seems to be at native library.
The most frequent device that crashes is the Google Pixel and Pixel XL have also shown a few.
I ll post the crash log below. I m struggling to find what causes the crash.
Any help is appreciated.
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/sailfish/sailfish:8.0.0/OPR6.170623.012/4283428:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 9857, tid: 9857, name: stampphoto >>> com.******.***** <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
Cause: null pointer dereference
r0 ea26cec8 r1 00000001 r2 0000007f r3 00000002
r4 000030ca r5 00000000 r6 ff7ed650 r7 ff7ed628
r8 13b40240 r9 00000043 sl ea26b470 fp ff7ed664
ip ea0985d1 sp ff7ed5a8 lr ea168b15 pc ea168b1e cpsr 600b0030
backtrace:
#00 pc 00332b1e /system/lib/libart.so (_ZN3art35InvokeVirtualOrInterfaceWithVarArgsERKNS_33ScopedObjectAccessAlreadyRunnableEP8_jobjectP10_jmethodIDSt9__va_list+89)
#01 pc 00262785 /system/lib/libart.so (_ZN3art3JNI17CallObjectMethodVEP7_JNIEnvP8_jobjectP10_jmethodIDSt9__va_list+436)
#02 pc 0006398b /data/app/com.a.a-h8bA8DmI-3kJ2bP4GkGvoA==/base.apk (offset 0x3c4000)
#03 pc 0006468b /data/app/com.a.a-h8bA8DmI-3kJ2bP4GkGvoA==/base.apk (offset 0x3c4000)
#04 pc 0006fddf /data/app/com.a.a-h8bA8DmI-3kJ2bP4GkGvoA==/oat/arm/base.odex (offset 0x45000)
Thanks in advance...
Recently I have got some crash report of my app. It seemed that it's only happened on some Samsung Android 5.x devices. Currently we have got samsung/a5ltezt and samsung/tbltezt on the error list. While it's all OK when those devices running Android 4.x system.
Below is the crash log:
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'samsung/a5ltezt/a5ltezt:5.0.2/LRX22G/A500YZZTU1BOK2:user/release-keys'
Revision: '10'
ABI: 'arm'
pid: 15001, tid: 15034, name: Thread-3294 >>> com.tecom.sip <<<
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xb0cb2c38
r0 b90eb578 r1 b0cb2c58 r2 0000000c r3 b5a7d363
r4 0000000c r5 b90eb578 r6 b0cf2cac r7 b0cf2c58
r8 00000000 r9 b0cf2c64 sl 0000000c fp b0cb2c58
ip 00000050 sp b0cb2c50 lr b5ac4f5b pc b5a7d362 cpsr 600f0030
backtrace:
#00 pc 00155362 /system/lib/libskia.so (FrontBufferedStream::readDirectlyFromStream(char*, unsigned int)+41)
#01 pc e1520001 <unknown>
Really thanks if someone shows me a clue.
I have a library in Haskell that I have generated wrappers for via FFI and Swig. I have also managed to cross-compile a shared library that I can load from Java. The wrapped library contains some functions and input/output types for these.
On my Arch machine I am able to use my library from Java. However, when I now tried it out on Android, it segfaults. After some investigation, It seems that if the input object has no fields, it sometimes work. I think it's a problem with data marshalling. However it's hard to debug. In the crash log I find this
W/linker ( 4783): libAPIsJava.so has text relocations. This is wasting memory and prevents security hardening. Please fix.
and this
--------- beginning of crash
F/libc ( 4783): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x200019 in tid 4783 (api.flic.io.api)
I/Icing ( 1689): Indexing 17F83E8EEF17AFFA030207AF16B79084CE236092 from com.google.android.googlequicksearchbox
I/DEBUG ( 357): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 357): Build fingerprint: 'google/shamu/shamu:5.1/LMY47D/1743759:user/release-keys'
I/DEBUG ( 357): Revision: '33696'
I/DEBUG ( 357): ABI: 'arm'
I/DEBUG ( 357): pid: 4783, tid: 4783, name: api.flic.io.api >>> app.api.flic.io.api <<<
I/DEBUG ( 357): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x200019
I/DEBUG ( 357): r0 af2033d4 r1 af2033d0 r2 00000000 r3 00200018
I/DEBUG ( 357): r4 a2bbf950 r5 af2033dc r6 af2029a0 r7 af202fff
I/DEBUG ( 357): r8 a2af06b0 r9 00200019 sl af2033c8 fp af2030a4
I/DEBUG ( 357): ip b6e627dc sp bec8eee0 lr af2029b0 pc a0b4d248 cpsr 800d0010
I/DEBUG ( 357):
I/DEBUG ( 357): backtrace:
I/DEBUG ( 357): #00 pc 01be4248 /data/app/app.api.flic.io.api-2/lib/arm/libAPIsJava.so
However, Issuing arm-linux-androideabi-addr2line -f -e libAPIsJava.so 01be4248, the output is
$a
/tmp/ghc27404_0/ghc27404_3.bc:?
Which is not of much help. What I would really like is to run the app with valgrind, is something like that possible?
Update: I have now installed valgrind and tried to run the app. However I get
valgrind: mmap(0x108000, 42770432) failed in UME with error 22 (Invalid argument).
valgrind: this can be caused by executables with very large text, data or bss segments.
Which seems to be a no-go.
It turned out the problem was that my cross compile toolchain (https://github.com/neurocyte/ghc-android) has a bug in its hsc2hs script. It's implemented as a wrapper that calls /usr/bin/hsc2hs with some flags. However, it wasn't using the --cc and --ld flag, so the resulting .hs file targeted my build host. By adding these flags, everything works great!
I am stuck with my app, as I am unable to debug as it is a multithreaded one and crashes with error SIGSEGV. I get lot of information from LogCat, which gives me addresses in my native library. It would be helpful if I could convert these addresses into my code.
Does anybody have any idea how to use addr2line, which is provided with android-ndk?
Let's say that logcat show you the following crash log (this is from one of my projects):
I/DEBUG ( 31): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 31): Build fingerprint: 'generic/sdk/generic:2.3/GRH55/79397:eng/test-keys'
I/DEBUG ( 31): pid: 378, tid: 386 >>> com.example.gltest <<<
I/DEBUG ( 31): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
I/DEBUG ( 31): r0 001dbdc0 r1 00000001 r2 00000000 r3 00000000
I/DEBUG ( 31): r4 00000000 r5 40a40000 r6 4051a480 r7 42ddbee8
I/DEBUG ( 31): r8 43661b24 r9 42ddbed0 10 42ddbebc fp 41e462d8
I/DEBUG ( 31): ip 00000001 sp 436619d0 lr 83a12f5d pc 8383deb4 cpsr 20000010
I/DEBUG ( 31): #00 pc 0003deb4 /data/data/com.example.gltest/lib/libnativemaprender.so
I/DEBUG ( 31): #01 pc 00039b76 /data/data/com.example.gltest/lib/libnativemaprender.so
I/DEBUG ( 31): #02 pc 00017d34 /system/lib/libdvm.so
Look at the last 3 lines; this is your callstack. 'pc' is the program counter, and the pc for stack frame #00 gives you the address where the crash occurred. This is the number to pass to addr2line.
I'm using NDK r5, so the executable I'm using is located at $NDK/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin; make sure that is in your $PATH. The command to use looks like
arm-linux-androideabi-addr2line -C -f -e obj/local/armeabi/libXXX.so <address>
Or, for the case above:
arm-linux-androideabi-addr2line -C -f -e obj/local/armeabi/libnativemaprender.so 0003deb4
Which gives you the location of the crash.
Note:
The -C flag is to demangle C++ code
Use the .so file under
obj/local/armeabi, since this is the
non-stripped version
Also, when using NDK r5 with a 2.3 AVD, it is actually possible to debug multithreaded code.
There's an easier way to do this now (ndk-r7). Check out the ndk-stack command. The docs are in you_android_ndk_path/docs/NDK-STACK.html