Android libc.so crash?

2019-02-02 21:50发布

问题:

I'm using AndEngine with the PhysicsBox2DExtension to make a game. My game keeps crashing and I get this in the unfiltered LogCat:

07-06 13:25:27.266: I/DEBUG(19582): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
07-06 13:25:27.266: I/DEBUG(19582): Build fingerprint: 'TMOUS/SGH-T959V/SGH-T959V/SGH-T959V:2.2.1/FROYO/VUVKD1:user/release-keys'
07-06 13:25:27.274: I/DEBUG(19582): pid: 22238, tid: 22263  >>> com.prattia.webs.testgfx5 <<<
07-06 13:25:27.274: I/DEBUG(19582): signal 11 (SIGSEGV), fault addr deadbaad
07-06 13:25:27.286: I/DEBUG(19582):  r0 00000000  r1 afd14921  r2 00000027  r3 00000070
07-06 13:25:27.286: I/DEBUG(19582):  r4 afd42328  r5 00000000  r6 00000000  r7 43095ba0
07-06 13:25:27.297: I/DEBUG(19582):  r8 447d75ac  r9 43095b5c  10 80aa23f4  fp 43095b58
07-06 13:25:27.297: I/DEBUG(19582):  ip 00001730  sp 447d74c8  lr deadbaad  pc afd11f74  cpsr 60000030
07-06 13:25:27.301: I/DEBUG(19582):  d0  6472656767756265  d1  646f426574616572
07-06 13:25:27.301: I/DEBUG(19582):  d2  2074736e6f632879  d3  654479646f423262
07-06 13:25:27.305: I/DEBUG(19582):  d4  73656e69676e655f  d5  69676e45646e412f
07-06 13:25:27.309: I/DEBUG(19582):  d6  6e45646e412f656e  d7  73796850656e6967
07-06 13:25:27.309: I/DEBUG(19582):  d8  40c9de1ed6a7d420  d9  43e0000000000000
07-06 13:25:27.313: I/DEBUG(19582):  d10 41dfffffffc00000  d11 c3e0000000000000
07-06 13:25:27.313: I/DEBUG(19582):  d12 0000000000000000  d13 0000000000000000
07-06 13:25:27.313: I/DEBUG(19582):  d14 0000000000000000  d15 0000000000000000
07-06 13:25:27.317: I/DEBUG(19582):  d16 000000c247d403f0  d17 400921fb54442d18
07-06 13:25:27.317: I/DEBUG(19582):  d18 3f810f1cab7c1816  d19 3f651bd7d319330c
07-06 13:25:27.317: I/DEBUG(19582):  d20 bfc55034095fd11a  d21 be5ae514498b308e
07-06 13:25:27.321: I/DEBUG(19582):  d22 0000000000000000  d23 3de5d93a5acfd57c
07-06 13:25:27.325: I/DEBUG(19582):  d24 bfb3b25552016f7e  d25 3fb10e9526779bed
07-06 13:25:27.325: I/DEBUG(19582):  d26 bfaddfe9639fbb1a  d27 3fa97c111b7b144e
07-06 13:25:27.325: I/DEBUG(19582):  d28 bfa2b4442c6a6c2f  d29 0000000000000000
07-06 13:25:27.325: I/DEBUG(19582):  d30 0000000000000000  d31 0000000000000000
07-06 13:25:27.325: I/DEBUG(19582):  scr 60000012
07-06 13:25:27.469: I/DEBUG(19582):          #00  pc 00011f74  /system/lib/libc.so
07-06 13:25:27.473: I/DEBUG(19582):          #01  pc 0001921e  /system/lib/libc.so
07-06 13:25:27.473: I/DEBUG(19582):          #02  pc 00026558  /data/data/com.prattia.webs.testgfx5/lib/libandenginephysicsbox2dextension.so
07-06 13:25:27.473: I/DEBUG(19582):          #03  pc 00013e7c  /data/data/com.prattia.webs.testgfx5/lib/libandenginephysicsbox2dextension.so
07-06 13:25:27.473: I/DEBUG(19582):          #04  pc 00016e34  /system/lib/libdvm.so
07-06 13:25:27.473: I/DEBUG(19582): code around pc:
07-06 13:25:27.473: I/DEBUG(19582): afd11f54 2d00682d e029d1fb b12b68db c05cf8df 
07-06 13:25:27.473: I/DEBUG(19582): afd11f64 f8442001 4798000c e054f8df 26002227 
07-06 13:25:27.473: I/DEBUG(19582): afd11f74 2000f88e eec2f7fb f7fc2106 f04feff8 
07-06 13:25:27.473: I/DEBUG(19582): afd11f84 91035180 460aa901 96012006 f7fc9602 
07-06 13:25:27.473: I/DEBUG(19582): afd11f94 a905eb7e 20024632 eb88f7fc eeaef7fb 
07-06 13:25:27.473: I/DEBUG(19582): code around lr:
07-06 13:25:27.477: I/DEBUG(19582): deadba8c ffffffff ffffffff ffffffff ffffffff 
07-06 13:25:27.477: I/DEBUG(19582): deadba9c ffffffff ffffffff ffffffff ffffffff 
07-06 13:25:27.477: I/DEBUG(19582): deadbaac ffffffff ffffffff ffffffff ffffffff 
07-06 13:25:27.477: I/DEBUG(19582): deadbabc ffffffff ffffffff ffffffff ffffffff 
07-06 13:25:27.477: I/DEBUG(19582): deadbacc ffffffff ffffffff ffffffff ffffffff 
07-06 13:25:27.477: I/DEBUG(19582): stack:
07-06 13:25:27.477: I/DEBUG(19582):     447d7488  00000000  
07-06 13:25:27.477: I/DEBUG(19582):     447d748c  00000000  
07-06 13:25:27.477: I/DEBUG(19582):     447d7490  afd425a0  /system/lib/libc.so
07-06 13:25:27.477: I/DEBUG(19582):     447d7494  afd4254c  /system/lib/libc.so
07-06 13:25:27.477: I/DEBUG(19582):     447d7498  00000000  
07-06 13:25:27.477: I/DEBUG(19582):     447d749c  afd1596b  /system/lib/libc.so
07-06 13:25:27.481: I/DEBUG(19582):     447d74a0  afd14921  /system/lib/libc.so
07-06 13:25:27.481: I/DEBUG(19582):     447d74a4  afd14921  /system/lib/libc.so
07-06 13:25:27.481: I/DEBUG(19582):     447d74a8  00000070  
07-06 13:25:27.481: I/DEBUG(19582):     447d74ac  afd42328  /system/lib/libc.so
07-06 13:25:27.481: I/DEBUG(19582):     447d74b0  00000000  
07-06 13:25:27.481: I/DEBUG(19582):     447d74b4  447d74dc  
07-06 13:25:27.481: I/DEBUG(19582):     447d74b8  43095ba0  
07-06 13:25:27.481: I/DEBUG(19582):     447d74bc  afd14bc3  /system/lib/libc.so
07-06 13:25:27.481: I/DEBUG(19582):     447d74c0  df002777  
07-06 13:25:27.481: I/DEBUG(19582):     447d74c4  e3a070ad  
07-06 13:25:27.481: I/DEBUG(19582): #00 447d74c8  00000003  
07-06 13:25:27.481: I/DEBUG(19582):     447d74cc  43095b58  
07-06 13:25:27.481: I/DEBUG(19582):     447d74d0  43095ba0  
07-06 13:25:27.485: I/DEBUG(19582):     447d74d4  afd14f29  /system/lib/libc.so
07-06 13:25:27.485: I/DEBUG(19582):     447d74d8  afd4254c  /system/lib/libc.so
07-06 13:25:27.485: I/DEBUG(19582):     447d74dc  fffffbdf  
07-06 13:25:27.485: I/DEBUG(19582):     447d74e0  00000054  
07-06 13:25:27.485: I/DEBUG(19582):     447d74e4  00000003  
07-06 13:25:27.485: I/DEBUG(19582):     447d74e8  43095b58  
07-06 13:25:27.489: I/DEBUG(19582):     447d74ec  afd19223  /system/lib/libc.so
07-06 13:25:27.489: I/DEBUG(19582): #01 447d74f0  00000054  
07-06 13:25:27.489: I/DEBUG(19582):     447d74f4  821412bc  /data/data/com.prattia.webs.testgfx5/lib/libandenginephysicsbox2dextension.so
07-06 13:25:27.489: I/DEBUG(19582):     447d74f8  447d75d0  
07-06 13:25:27.489: I/DEBUG(19582):     447d74fc  8212655c  /data/data/com.prattia.webs.testgfx5/lib/libandenginephysicsbox2dextension.so
07-06 13:25:28.040: I/DEBUG(19582): dumpstate /data/log/dumpstate_app_native.txt
07-06 13:25:28.114: I/dumpstate(22478): begin
07-06 13:25:28.122: I/dalvikvm(2480): threadid=3: reacting to signal 3
07-06 13:25:28.157: I/dalvikvm(2480): Wrote stack traces to '/data/anr/traces.txt'
07-06 13:25:28.192: I/BootReceiver(2480): Copying /data/tombstones/tombstone_09 to DropBox (SYSTEM_TOMBSTONE)
07-06 13:25:28.239: I/dalvikvm(2604): threadid=3: reacting to signal 3
07-06 13:25:28.239: I/dalvikvm(2604): Wrote stack traces to '/data/anr/traces.txt'

Can anyone explain to me what's going on and how I might find what exactly is causing the crash?

There are two places in my code where it crashes, but it's fairly random when it does. After executing this method:

private void destroyFiller(){ //Deletes filler
        if(filler[fillerNum].active){
            Log.e("destroyFiller","Destroying filler");
            filler[fillerNum].active=false;
            filler[fillerNum].body.setActive(false);
            scene.detachChild(filler[fillerNum].sprite);
            fillerCount--;
            fillersLeftText.setText("Balls left: "+Integer.toString(fillerCount));

            if(fillerCount==0)
                gameOver();
            Log.e("destroyFiller","Destroyed");
        }
    }

And after executing the indicated line in this method:

private void levelComplete(){
        runOnUiThread(new Runnable() {
            public void run() {
                 Toast.makeText(TestGFX5Activity.this, "Level Complete", Toast.LENGTH_SHORT).show();
            }
        });
        Log.e("Level Complete","Going to reset values");
        //Reset values
        level++;
        destroyerNum++;
        fillerCount = (originalNumberOfFillers + level - 1);
        areaFilled=0;
        fillAreaPercent = 0;

        //Rid scene of sprites
        for(int x=0;x<=fillerNum;x++){  
            filler[x].body.setActive(false);
            scene.detachChild(filler[x].sprite);
            filler[x].active=false;
            filler[x].scale=originalSpriteScale;
            filler[x].body.setUserData("inactive");
        }
        levelText.setText("Level: "+Integer.toString(level));
        fillersLeftText.setText("Balls left: "+Integer.toString(fillerCount));
        percentFilledText.setText("0%");
        fillerNum = -1;

        Log.e("Level Complete","values reset");

        randx = random.nextInt(650) + 25;
        randy = random.nextInt(400) + 25;
        randix = random.nextInt(10);
        randiy = random.nextInt(10);
        if(randix%2==0)
            ix = 5;
        else
            ix = -5;
        if(randiy%2==0)
            iy = 5;
        else
            iy = -5;

        Log.e("Level Complete","Creating destroyer");
        destroyer[destroyerNum] = new Ball(randx, randy, destroyerTR, getVertexBufferObjectManager(), ix, iy); //crashes here
        Log.e("Level Complete","complete"); //This line never reached.
    }

回答1:

You should use addr2line tool as described here and lookup these two addresses in your library to find what causes the crash:

#02  pc 00026558  /data/data/com.prattia.webs.testgfx5/lib/libandenginephysicsbox2dextension.so
#03  pc 00013e7c  /data/data/com.prattia.webs.testgfx5/lib/libandenginephysicsbox2dextension.so

So under Windows you should:

  1. Copy the library from device:

    adb pull /data/data/com.prattia.webs.testgfx5/lib/libandenginephysicsbox2dextension.so C:\
    
  2. Run addr2line tool for it using command line:

    cd %PATH_TO_YOUR_NDK%\toolchains\arm-linux-androideabi-4.4.3\prebuilt\linux-x86\bin
    arm-linux-androideabi-addr2line -C -f -e C:\libandenginephysicsbox2dextension.so
    
  3. Enter adress by adress:

    00026558 [ENTER]
    > here will be function name and line
    00013e7c [ENTER]
    > and again
    

Note: running this tool under Windows may give you less information than under Linux, so you may choose to install the distro as a virtual machine and follow instructions from the link to original answer above.

Update

Another (easier?) way is to use ndk-stack:

  1. As previously
  2. Save your dump into file. Let's call it 'dump.txt'.
  3. Run ndk-stack:

    cd %PATH_TO_YOUR_NDK%
    ndk-stack -sym C:\libandenginephysicsbox2dextension.so -dump C:\dump.txt
    


回答2:

libc is experiencing a segmentation violation, almost certainly because andengine gave it a bad pointer. You probably don't have debug symbols for libc, but you can adb pull and objdump it to figure out what dynamic function is being given bad arguments. Or if your andengine library has debug symbols, you can track down the address there using the address to line tool.

You will have to figure out if it is a bug in what you are asking andengine to do, or if the bug is in andengine itself.