【xlog】 Signal 6 (SIGABRT), code -6

lucky-chen commented 6 years ago

碰到一个很神奇的bug，几率出现在4.x机型上（各种机型都有）调用到jni接口logWrite2时，提示jobject地址无效(Invalid indirect reference 0x43234eb0 in decodeIndirectRef) ndk-stack之后，指向代码

JNIEXPORT void JNICALL Java_com_applock_wireless_log_TLogNative_logWrite2
  (JNIEnv *env, jclass, int _level, jstring _module, jstring _tag ...) {

    const char* tag_cstr = NULL;

    if (NULL != _tag) {
       //这里报_tag地址无效，(下面native crash的 /jni/Java2C_Xlog.cc:154 指向就是这句代码)
        tag_cstr = env->GetStringUTFChars(_tag, NULL);
    }
//...
}

********** Crash dump: **********
Build fingerprint: ''
pid: 319, tid: 319  >>> com.applock.wireless <<<
signal 6 (SIGABRT), code -6 (?), fault addr --------
Stack frame #00  pc 000221a8  /system/lib/libc.so (tgkill)
Stack frame #01  pc 00013266  /system/lib/libc.so (pthread_kill)
Stack frame #02  pc 00013478  /system/lib/libc.so (raise)
Stack frame #03  pc 000121ae  /system/lib/libc.so
Stack frame #04  pc 00021a5c  /system/lib/libc.so (abort)
Stack frame #05  pc 00046dd8  /system/lib/libdvm.so (dvmAbort)
Stack frame #06  pc 0004b6fc  /system/lib/libdvm.so (_Z20dvmDecodeIndirectRefP6ThreadP8_jobject)
Stack frame #07  pc 0004c620  /system/lib/libdvm.so
Stack frame #08  pc 000045c6  /data/app-lib/com.applock.wireless-1/libmarsxlog.so: Routine _JNIEnv::GetStringUTFChars(_jstring*, unsigned char*) at /Users/luo/Library/Android/sdk/ndk-bundle/platforms/android-9/arch-arm/usr/include/jni.h:879
Stack frame #09  pc 0000463a  /data/app-lib/com.applock.wireless-1/libmarsxlog.so (Java_com_applock_wireless_log_TLogNative_logWrite2): Routine Java_com_applock_wireless_log_TLogNative_logWrite2 at /Users/luo/Documents/code/tlog_xlog_sdk/mars/log/jni/../jni/Java2C_Xlog.cc:154
Stack frame #10  pc 0001eb8c  /system/lib/libdvm.so (dvmPlatformInvoke)
Stack frame #11  pc 0004f254  /system/lib/libdvm.so (_Z16dvmCallJNIMethodPKjP6JValuePK6MethodP6Thread)
Stack frame #12  pc 00050c98  /system/lib/libdvm.so (_Z22dvmResolveNativeMethodPKjP6JValuePK6MethodP6Thread)
Stack frame #13  pc 00027fa0  /system/lib/libdvm.so
Stack frame #14  pc 0002f110  /system/lib/libdvm.so (_Z11dvmMterpStdP6Thread)
Stack frame #15  pc 0002c774  /system/lib/libdvm.so (_Z12dvmInterpretP6ThreadPK6MethodP6JValue)
Stack frame #16  pc 000619ea  /system/lib/libdvm.so (_Z15dvmInvokeMethodP6ObjectPK6MethodP11ArrayObjectS5_P11ClassObjectb)
Stack frame #17  pc 00069af6  /system/lib/libdvm.so
Stack frame #18  pc 00027fa0  /system/lib/libdvm.so
Stack frame #19  pc 0002f110  /system/lib/libdvm.so (_Z11dvmMterpStdP6Thread)
Stack frame #20  pc 0002c774  /system/lib/libdvm.so (_Z12dvmInterpretP6ThreadPK6MethodP6JValue)
Stack frame #21  pc 000619ea  /system/lib/libdvm.so (_Z15dvmInvokeMethodP6ObjectPK6MethodP11ArrayObjectS5_P11ClassObjectb)
Stack frame #22  pc 00069af6  /system/lib/libdvm.so
Stack frame #23  pc 00027fa0  /system/lib/libdvm.so
Stack frame #24  pc 0002f110  /system/lib/libdvm.so (_Z11dvmMterpStdP6Thread)
Stack frame #25  pc 0002c774  /system/lib/libdvm.so (_Z12dvmInterpretP6ThreadPK6MethodP6JValue)
Stack frame #26  pc 00061706  /system/lib/libdvm.so (_Z14dvmCallMethodVP6ThreadPK6MethodP6ObjectbP6JValueSt9__va_list)
Stack frame #27  pc 0004ae1a  /system/lib/libdvm.so
Stack frame #28  pc 00050546  /system/lib/libandroid_runtime.so
Stack frame #29  pc 000512d2  /system/lib/libandroid_runtime.so (_ZN7android14AndroidRuntime5startEPKcS2_)
Stack frame #30  pc 4004105c  /system/bin/app_process
Stack frame #31  pc 0000e5e6  /system/lib/libc.so (__libc_init)
Crash dump is completed

garryyan commented 6 years ago

什么情况下出现的？是刚启动就出现？还是运行了一段时间后出现？ crash率是多少？

lucky-chen commented 6 years ago

看crash的规律，进程刚启动的时候概率较高（占80%），运行一段时间后，概率低很多。
crash率万分之一左右，华为H60-L01,H60-L0X机型占比多一点，但是不是必现

猜测可能是4.x gc的bug，尝试在java端的方法logWrite 里面静态持有传过来的参数，用完再释放，依然crash

garryyan commented 6 years ago

看这两行代码没什么问题，关注下是否别处野指针导致的。

Tencent / mars

【xlog】 Signal 6 (SIGABRT), code -6 #316