android 11 子进程dump会偶现crash

wanggaohui commented 2 years ago

12-09 16:50:30.891 6780 6780 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xdc590008 in tid 6780 (forked-dump-pro), pid 6780 (forked-dump-pro) 12-09 16:50:31.170 6783 6783 I crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone 12-09 16:50:31.173 838 838 I tombstoned: received crash request for pid 6780 12-09 16:50:31.173 6783 6783 I crash_dump32: performing dump of process 6780 (target tid = 6780) 12-09 16:50:31.182 6783 6783 F DEBUG : Process name is com.oapm.sample, not key_process 12-09 16:50:31.182 6783 6783 F DEBUG : 12-09 16:50:31.182 6783 6783 F DEBUG : Build fingerprint: 'OPPO/CPH2159T2/OP4F25L1:11/RKQ1.200903.002/1617887828404:user/release-keys' 12-09 16:50:31.182 6783 6783 F DEBUG : Revision: '0' 12-09 16:50:31.182 6783 6783 F DEBUG : ABI: 'arm' 12-09 16:50:31.182 6783 6783 F DEBUG : Timestamp: 2021-12-09 16:50:31+0800 12-09 16:50:31.182 6783 6783 F DEBUG : pid: 6780, tid: 6780, name: forked-dump-pro >>> com.oapm.sample <<< 12-09 16:50:31.182 6783 6783 F DEBUG : uid: 10515 12-09 16:50:31.182 6783 6783 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xdc590008 12-09 16:50:31.182 6783 6783 F DEBUG : r0 0000001f r1 00000014 r2 04000480 r3 00000000 12-09 16:50:31.182 6783 6783 F DEBUG : r4 d0843200 r5 ece067d8 r6 70cba318 r7 da3a4d38 12-09 16:50:31.182 6783 6783 F DEBUG : r8 ef3f3234 r9 dc590008 r10 ece06700 r11 00000014 12-09 16:50:31.182 6783 6783 F DEBUG : ip 00000000 sp da3a4c88 lr ec9cc0b3 pc ec8f77ec 12-09 16:50:31.328 1498 3128 I ColorHansManager : stateRToFFreeze--imporant case: pkgName: com.oapm.sample, reason: top 12-09 16:50:31.328 1498 2650 D ORMS_CORE: T(O) 12-09 16:50:31.329 1498 2650 D ORMS_CORE: Remove app timeout handle: 2642937431363685888scene/action: 1000/2 timeout_left:-139 12-09 16:50:31.329 1498 2650 D ORMS_CORE: FinalSceneAction null 12-09 16:50:31.329 1498 2650 D ORMS_Platform : OplusBasePlatformQcSysFs: reset ,mask . 12-09 16:50:31.329 1498 2650 D ORMS_CORE: TCpuL:4 TGpuL:1 TCtrlL:1 TModeOn:0 IdleS:0 PowerMode:NORMAL_MODE BenchMark:0 HaveCtrlD:0 12-09 16:50:31.329 1498 2650 D ORMS_CORE: request mDecision:SAResult Info{ minCpuCore: -1 -1 , minCpuFreq: -1 -1 , maxCpuCore: -1 -1 , maxCpuFreq: -1 -1 , minGpuCore: -1 , minGpuFreq: -1 , maxGpuCore: -1 , maxGpuFreq: -1 , Lpm=-1, clkscale=-1, schedwinstats=-1, twinpolicy=-1, fgwinpolicy=-1, bgwinpolicy=-1, schedPreferSpread=-1, colocate=-1, slb=-1, fpsgo=-1, schedBoost=-1, ddrFreq=-1, migrate= migfrate: -1 -1 , hardLevel=false} 12-09 16:50:31.330 1498 2650 D ORMS_Platform : OplusBasePlatformQcSysFs: perflockAcquireEnd ,mask : 0xd078c000 12-09 16:50:31.332 1063 1161 E ANDR-PERF-OPTSHANDLER: Perflock resource /sys/class/devfreq/soc:qcom,cpubw/bw_hwmon/io_percent not supported 12-09 16:50:31.332 1063 1161 E ANDR-PERF-RESOURCEQS: Failed to apply optimization [6, 2] 12-09 16:50:31.332 1063 1161 E ANDR-PERF-OPTSHANDLER: Perflock resource /sys/class/devfreq/soc:qcom,cpubw/bw_hwmon/sample_ms not supported 12-09 16:50:31.332 1063 1161 E ANDR-PERF-RESOURCEQS: Failed to apply optimization [6, 8] 12-09 16:50:31.332 1063 1161 E ANDR-PERF-OPTSHANDLER: Perflock resource /sys/class/devfreq/soc:qcom,cpubw/min_freq not supported 12-09 16:50:31.332 1063 1161 E ANDR-PERF-RESOURCEQS: Failed to apply optimization [6, 0] 12-09 16:50:31.481 6783 6783 F DEBUG : backtrace: 12-09 16:50:31.481 6783 6783 F DEBUG : #00 pc 001997ec /apex/com.android.art/lib/libart.so (mspace_malloc+16) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #01 pc 0026e0af /apex/com.android.art/lib/libart.so (art::jit::JitMemoryRegion::AllocateData(unsigned int)+8) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #02 pc 0026a13f /apex/com.android.art/lib/libart.so (art::jit::JitCodeCache::AddProfilingInfoInternal(art::Thread, art::ArtMethod, std::1::vector<unsigned int, std::1::allocator > const&)+78) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #03 pc 0026a0a3 /apex/com.android.art/lib/libart.so (art::jit::JitCodeCache::AddProfilingInfo(art::Thread, art::ArtMethod, std::1::vector<unsigned int, std::1::allocator > const&, bool)+74) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #04 pc 0026e265 /apex/com.android.art/lib/libart.so (art::ProfilingInfo::Create(art::Thread, art::ArtMethod, bool)+232) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #05 pc 00260f1b /apex/com.android.art/lib/libart.so (art::jit::Jit::MaybeCompileMethod(art::Thread, art::ArtMethod, unsigned int, unsigned int, bool)+582) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #06 pc 002406cb /apex/com.android.art/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+390) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #07 pc 00238b47 /apex/com.android.art/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+746) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #08 pc 004ed013 /apex/com.android.art/lib/libart.so (MterpInvokeStatic+478) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.481 6783 6783 F DEBUG : #09 pc 000ce794 /apex/com.android.art/lib/libart.so (mterp_op_invoke_static+20) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #10 pc 0025ccf0 /system/framework/framework.jar (offset 0x12ad000) (android.util.Log.i+4) 12-09 16:50:31.482 6783 6783 F DEBUG : #11 pc 004ed24b /apex/com.android.art/lib/libart.so (MterpInvokeStatic+1046) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #12 pc 000ce794 /apex/com.android.art/lib/libart.so (mterp_op_invoke_static+20) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #13 pc 002aab56 [anon:dalvik-classes.dex extracted in memory from /data/app/~~3ty7jDOCZAlNkdCaL0uTdg==/com.oapm.sample-8hlyI_l6j1R2ihLgsrcnKA==/base.apk] (com.squareup.leakcanary.DumpUtil.dumpInSubProcess+66) 12-09 16:50:31.482 6783 6783 F DEBUG : #14 pc 002318ff /apex/com.android.art/lib/libart.so (art::interpreter::Execute(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.7330382826911846054)+250) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #15 pc 00238377 /apex/com.android.art/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame, art::JValue)+138) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #16 pc 00238b2f /apex/com.android.art/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+722) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #17 pc 004ed013 /apex/com.android.art/lib/libart.so (MterpInvokeStatic+478) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #18 pc 000ce794 /apex/com.android.art/lib/libart.so (mterp_op_invoke_static+20) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #19 pc 0026f24e [anon:dalvik-classes.dex extracted in memory from /data/app/~~3ty7jDOCZAlNkdCaL0uTdg==/com.oapm.sample-8hlyI_l6j1R2ihLgsrcnKA==/base.apk] (com.oapm.perftest.leak.core.OnlineLeakCheck.startDumpHprof+30) 12-09 16:50:31.482 6783 6783 F DEBUG : #20 pc 004eca27 /apex/com.android.art/lib/libart.so (MterpInvokeDirect+1114) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #21 pc 000ce714 /apex/com.android.art/lib/libart.so (mterp_op_invoke_direct+20) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #22 pc 0026f352 [anon:dalvik-classes.dex extracted in memory from /data/app/~~3ty7jDOCZAlNkdCaL0uTdg==/com.oapm.sample-8hlyI_l6j1R2ihLgsrcnKA==/base.apk] (com.oapm.perftest.leak.core.OnlineLeakCheck.uploadHprof+6) 12-09 16:50:31.482 6783 6783 F DEBUG : #23 pc 004ea83f /apex/com.android.art/lib/libart.so (MterpInvokeVirtual+1290) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #24 pc 000ce614 /apex/com.android.art/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #25 pc 0026f1c6 [anon:dalvik-classes.dex extracted in memory from /data/app/~~3ty7jDOCZAlNkdCaL0uTdg==/com.oapm.sample-8hlyI_l6j1R2ihLgsrcnKA==/base.apk] (com.oapm.perftest.leak.core.OnlineLeakCheck.run+122) 12-09 16:50:31.482 6783 6783 F DEBUG : #26 pc 002318ff /apex/com.android.art/lib/libart.so (art::interpreter::Execute(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.7330382826911846054)+250) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #27 pc 002382b3 /apex/com.android.art/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame)+114) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #28 pc 004dbc11 /apex/com.android.art/lib/libart.so (artQuickToInterpreterBridge+684) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #29 pc 000d8761 /apex/com.android.art/lib/libart.so (art_quick_to_interpreter_bridge+32) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #30 pc 0200bc89 /memfd:jit-cache (deleted) (offset 0x2000000) (android.os.Handler.handleCallback+56) 12-09 16:50:31.482 6783 6783 F DEBUG : #31 pc 020499df /memfd:jit-cache (deleted) (offset 0x2000000) (android.os.Handler.dispatchMessage+62) 12-09 16:50:31.482 6783 6783 F DEBUG : #32 pc 000d3bd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #33 pc 004f8ed5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub+280) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #34 pc 0012c29f /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+142) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #35 pc 0024063f /apex/com.android.art/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+250) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #36 pc 00238b47 /apex/com.android.art/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+746) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #37 pc 004ea5ed /apex/com.android.art/lib/libart.so (MterpInvokeVirtual+696) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #38 pc 000ce614 /apex/com.android.art/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #39 pc 00404182 /system/framework/framework.jar (offset 0x979000) (android.os.Looper.loop+674) 12-09 16:50:31.482 6783 6783 F DEBUG : #40 pc 004ed24b /apex/com.android.art/lib/libart.so (MterpInvokeStatic+1046) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #41 pc 000ce794 /apex/com.android.art/lib/libart.so (mterp_op_invoke_static+20) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #42 pc 003d1044 /system/framework/framework.jar (offset 0x979000) (android.os.HandlerThread.run+56) 12-09 16:50:31.482 6783 6783 F DEBUG : #43 pc 002318ff /apex/com.android.art/lib/libart.so (art::interpreter::Execute(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.7330382826911846054)+250) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #44 pc 002382b3 /apex/com.android.art/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame)+114) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #45 pc 004dbc11 /apex/com.android.art/lib/libart.so (artQuickToInterpreterBridge+684) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #46 pc 000d8761 /apex/com.android.art/lib/libart.so (art_quick_to_interpreter_bridge+32) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #47 pc 000d3bd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #48 pc 004f8ed5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub+280) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #49 pc 0012c29f /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+142) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #50 pc 00404bed /apex/com.android.art/lib/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, art::ArtMethod, jvalue const)+372) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #51 pc 00404cfb /apex/com.android.art/lib/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<_jmethodID>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jmethodID, jvalue const)+42) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #52 pc 004470ef /apex/com.android.art/lib/libart.so (art::Thread::CreateCallback(void)+1090) (BuildId: b5956632ab15608a0adda3ea411dac58) 12-09 16:50:31.482 6783 6783 F DEBUG : #53 pc 000a158b /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void)+40) (BuildId: b8f8db1bfeb45929e2f80e5c07a2b847) 12-09 16:50:31.482 6783 6783 F DEBUG : #54 pc 0005a10d /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: b8f8db1bfeb45929e2f80e5c07a2b847)

alhah commented 2 years ago

JIT分配内存的时候SIGSEGV，应该是父进程就有内存越界，快手app使用过程中没遇到过这个崩溃。 dump子进程的崩溃父进程有waitpid异常处理，不会影响用户操作，但是会导致dump镜像失败。

wanggaohui commented 2 years ago

JIT分配内存的时候SIGSEGV，应该是父进程就有内存越界，快手app使用过程中没遇到过这个崩溃。 dump子进程的崩溃父进程有waitpid异常处理，不会影响用户操作，但是会导致dump镜像失败。

那是不是父进程存在内存越界就会导致dump镜像失败，我们是以sdk的方式集成到业务，很难去把控他们应用不出现内存越界

alhah commented 2 years ago

内存越界不是一定会失败，而且失败不影响用户操作，子进程崩溃用户感知不到，只是镜像收集不到。并且父进程对子进程的失败做了处理，记录了失败原因，代码链接

KwaiAppTeam / KOOM

android 11 子进程dump会偶现crash #171