利用 add2line 分析简单 NE

前言

简单介绍了如何使用 addr2line 定位 Android NE 问题

Addr2Line 介绍

Addr2line 主要用来将地址转换为文件名与行号

用法示例:

有时候崩溃的内核没有打出调用栈,没有个 PC 地址,如下:
    pc is at do_execve+0x35c/0x444
    LR is at do_execve+0x340/0x444 
    PC: c0140a64    lr: c0140a48    
    ....
    
    注:对于 .ko 问题,address 为异常点在 ko 中偏移,可以根据 log 信息计算得到。
    
    
./arm-linux-androideabi-addr2line -f -e ./vmlinux 0xc0140a64

使用示例

1. 查看 Log 文件:logcat.txt 
    --------- beginning of crash
    01-16 18:57:55.995   475   475 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x13b941472564 in tid 475 ([email protected])
    01-16 18:57:56.114  8457  8457 D AsusContactsTelephonyManager: isPhoneInCall[1] = false
    01-16 18:57:56.115  8457  8457 D AsusContactsTelephonyManager: isPhoneInCall[2] = false
    01-16 18:57:56.132  8762  8762 I crash_dump64: obtaining output fd from tombstoned
    01-16 18:57:56.135  1366  1366 I /system/bin/tombstoned: received crash request for pid 475
    01-16 18:57:56.138  8762  8762 I crash_dump64: performing dump of process 475 (target tid = 475)
    01-16 18:57:56.139  8762  8762 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
    01-16 18:57:56.139  8762  8762 F DEBUG   : Build fingerprint: 'unknown'
    01-16 18:57:56.139  8762  8762 F DEBUG   : Revision: '0'
    01-16 18:57:56.139  8762  8762 F DEBUG   : ABI: 'arm64'
    01-16 18:57:56.139  8762  8762 F DEBUG   : pid: 475, tid: 475, name: [email protected]  >>> /vendor/bin/hw/[email protected] <<<
    01-16 18:57:56.139  8762  8762 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x13b941472564
    01-16 18:57:56.139  8762  8762 F DEBUG   :     x0   000000000000001d  x1   0000000000000000  x2   0000000000000004  x3   0000007fdd685208
    01-16 18:57:56.140  8762  8762 F DEBUG   :     x4   0000007140b58784  x5   0000007fdd685ad5  x6   000000000000003a  x7   000000000000003a
    01-16 18:57:56.140  8762  8762 F DEBUG   :     x8   000013b941472440  x9   0000000000001348  x10  0000000000000100  x11  0000000000000000
    01-16 18:57:56.140  8762  8762 F DEBUG   :     x12  0000007141b941b8  x13  6e6f697469736f50  x14  0000007141b94514  x15  0000000000000000
    01-16 18:57:56.140  8762  8762 F DEBUG   :     x16  0000007141bb2188  x17  0000007141b07f50  x18  0000000000000003  x19  0000007141488bc0
    01-16 18:57:56.140  8762  8762 F DEBUG   :     x20  0000007141473788  x21  00000000000000b1  x22  0000007140db4068  x23  0000007141473788
    01-16 18:57:56.140  8762  8762 F DEBUG   :     x24  00000000000002fd  x25  0000007fdd687720  x26  0000000000000000  x27  0000007fdd687950
    01-16 18:57:56.140  8762  8762 F DEBUG   :     x28  0000000000000000  x29  0000007fdd686b60  x30  00000071409bdf78
    01-16 18:57:56.140  8762  8762 F DEBUG   :     sp   0000007fdd686af0  pc   00000071409bdfa8  pstate 0000000060000000
    01-16 18:57:56.173  8762  8762 F DEBUG   : 
    01-16 18:57:56.173  8762  8762 F DEBUG   : backtrace:
    01-16 18:57:56.173  8762  8762 F DEBUG   :     #00 pc 0000000000038fa8  /vendor/lib64/libsdmcore.so (_ZN3sdm8HWDevice17SetCursorPositionEPNS_8HWLayersEii+144)
    01-16 18:57:56.173  8762  8762 F DEBUG   :     #01 pc 0000000000024548  /vendor/lib64/libsdmcore.so (_ZN3sdm11DisplayBase17SetCursorPositionEii+128)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #02 pc 000000000002a878  /vendor/lib64/hw/hwcomposer.msm8937.so (_ZN3sdm10HWCDisplay17SetCursorPositionEmii+324)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #03 pc 000000000001f878  /vendor/lib64/hw/hwcomposer.msm8937.so (_ZN3sdmL17SetCursorPositionEP11hwc2_devicemmii+84)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #04 pc 000000000001666c  /vendor/lib64/hw/[email protected] (_ZN7android8hardware8graphics8composer4V2_114implementation14ComposerClient13CommandReader27parseSetLayerCursorPositionEt+80)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #05 pc 0000000000014da0  /vendor/lib64/hw/[email protected] (_ZN7android8hardware8graphics8composer4V2_114implementation14ComposerClient13CommandReader5parseEv+88)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #06 pc 0000000000014a98  /vendor/lib64/hw/[email protected] (_ZN7android8hardware8graphics8composer4V2_114implementation14ComposerClient15executeCommandsEjRKNS0_8hidl_vecINS0_11hidl_handleEEENSt3__18functionIFvNS3_5ErrorEbjSA_EEE+124)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #07 pc 0000000000057344  /system/lib64/[email protected] (_ZN7android8hardware8graphics8composer4V2_116BsComposerClient15executeCommandsEjRKNS0_8hidl_vecINS0_11hidl_handleEEENSt3__18functionIFvNS3_5ErrorEbjS9_EEE+180)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #08 pc 000000000004cbdc  /system/lib64/[email protected] (_ZN7android8hardware8graphics8composer4V2_118BnHwComposerClient10onTransactEjRKNS0_6ParcelEPS5_jNSt3__18functionIFvRS5_EEE+6776)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #09 pc 0000000000011be0  /system/lib64/vndk-sp/libhwbinder.so (_ZN7android8hardware9BHwBinder8transactEjRKNS0_6ParcelEPS2_jNSt3__18functionIFvRS2_EEE+132)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #10 pc 00000000000156fc  /system/lib64/vndk-sp/libhwbinder.so (_ZN7android8hardware14IPCThreadState14executeCommandEi+584)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #11 pc 0000000000015404  /system/lib64/vndk-sp/libhwbinder.so (_ZN7android8hardware14IPCThreadState20getAndExecuteCommandEv+156)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #12 pc 0000000000015b0c  /system/lib64/vndk-sp/libhwbinder.so (_ZN7android8hardware14IPCThreadState14joinThreadPoolEb+60)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #13 pc 0000000000000e70  /vendor/bin/hw/[email protected] (main+320)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #14 pc 000000000001b7f0  /system/lib64/libc.so (__libc_init+88)
    01-16 18:57:56.174  8762  8762 F DEBUG   :     #15 pc 0000000000000c90  /vendor/bin/hw/[email protected] (do_arm64_start+80)
    
    
2. 通过 add2line 反解析获取文件名:    
        ./prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin/aarch64-linux-android-addr2line -C -e out/target/product/E300L_WW/symbols/vendor/lib64/libsdmcore.so -f 地址 
    
    结果如下:
        wangjun@SOFT30-31:src$ ./prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin/aarch64-linux-android-addr2line -C -e out/target/product/E300L_WW/symbols/vendor/lib64/libsdmcore.so  -f 0000000000038fa8sdm::HWDevice::SetCursorPosition(sdm::HWLayers*, int, int)
            hardware/qcom/display/sdm/libs/core/fb/hw_device.cpp:1142
        wangjun@SOFT30-31:src$ ./prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin/aarch64-linux-android-addr2line -C -e out/target/product/E300L_WW/symbols/vendor/lib64/libsdmcore.so  -f 0000000000024548sdm::DisplayBase::SetCursorPosition(int, int)
            hardware/qcom/display/sdm/libs/core/display_base.cpp:954

3. 查看源码为数组越界,修改判断条件即可。

你可能感兴趣的:(Linux)