美文网首页
case art hang

case art hang

作者: lynn_doo | 来源:发表于2019-12-11 15:58 被阅读0次

一、抓取Coredump

二、debug coredump

1 找到gdb,以1881为例路径在

cd /prebuild 下./gdb/linux-x86/bin/gdb

2 执行gdb

3 装载可执行文件

cd ../../../dzh-3t/bug/717715/

file symbols/system/bin/app_process64

4 配置动态库的搜索路径

set solib-search-path symbols/system/lib64
``
5 装载corefile
``
core core-system_server-1727

(gdb) bt

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

#1  0x0000007f9c663f40 in futex (uaddr=0x7f9ccf75d0, op=0, val=48, val3=0, timeout=<optimized out>, uaddr2=<optimized out>) at art/runtime/base/mutex-inl.h:45

#2  art::ConditionVariable::WaitHoldingLocks (this=<optimized out>, self=<optimized out>) at art/runtime/base/mutex.cc:848

#3  0x0000007f9c8ff30c in TransitionFromSuspendedToRunnable (this=<optimized out>) at art/runtime/thread-inl.h:209

#4  ScopedThreadStateChange (self=<optimized out>, new_thread_state=art::kRunnable, this=<optimized out>) at art/runtime/scoped_thread_state_change.h:51

#5  ScopedObjectAccessUnchecked (this=<optimized out>, env=<optimized out>) at art/runtime/scoped_thread_state_change.h:224

#6  ScopedObjectAccess (this=<optimized out>, env=<optimized out>) at art/runtime/scoped_thread_state_change.h:255

#7  art::JNI::NewStringUTF (env=<optimized out>, utf=<optimized out>) at art/runtime/jni_internal.cc:1646

#8  0x0000007f9da03a60 in NewStringUTF (bytes=<optimized out>, this=0x7f9cc3e180) at libnativehelper/include/nativehelper/jni.h:842

#9  android::android_content_AssetManager_getArrayStringResource (env=0x7f9cc3e180, clazz=<optimized out>, arrayResId=<optimized out>) at frameworks/base/core/jni/android_util_AssetManager.cpp:1982

#10 0x000000007469d84c in ?? ()

Backtrace stopped: previous frame identical to this frame (corrupt stack?)

(gdb)

(gdb)  info threads

  146  LWP 2137          syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

  145  LWP 2160          __ppoll () at bionic/libc/arch-arm64/syscalls/__ppoll.S:7

  144  LWP 1943          syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

  143  LWP 1940          syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

  142  LWP 1737          syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

  141  LWP 2304          syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

  140  LWP 2353          syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

(gdb) t 142

[Switching to thread 142 (LWP 1737)]

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

41    in bionic/libc/arch-arm64/bionic/syscall.S

(gdb) bt

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

#1  0x0000007f9ca2afcc in futex (val3=0, uaddr=<optimized out>, op=<optimized out>, val=<optimized out>, timeout=<optimized out>, uaddr2=<optimized out>) at art/runtime/base/mutex-inl.h:45

#2  art::ThreadList::SuspendAllInternal (this=<optimized out>, self=<optimized out>, ignore1=<optimized out>, ignore2=<optimized out>, debug_suspend=<optimized out>) at art/runtime/thread_list.cc:591

#3  0x0000007f9ca2b69c in art::ThreadList::SuspendAll (this=0x7f9cced000, cause=0x7f9cb5dea8 "ScopedPause", long_suspend=<optimized out>) at art/runtime/thread_list.cc:481

#4  0x0000007f9c77dcec in art::gc::collector::MarkSweep::RunPhases (this=<optimized out>) at art/runtime/gc/collector/mark_sweep.cc:153

#5  0x0000007f9c7746a4 in art::gc::collector::GarbageCollector::Run (this=0x7f9cc88780, gc_cause=art::gc::kGcCauseBackground,

    clear_soft_references=<error reading variable: access outside bounds of object referenced via synthetic pointer>) at art/runtime/gc/collector/garbage_collector.cc:87

#6  0x0000007f9c7ab75c in art::gc::Heap::CollectGarbageInternal (this=<optimized out>, gc_type=<optimized out>, gc_cause=<optimized out>,

    clear_soft_references=<error reading variable: access outside bounds of object referenced via synthetic pointer>) at art/runtime/gc/heap.cc:2720

#7  0x0000007f9c7b3dd0 in art::gc::Heap::ConcurrentGC (this=0x7f9cc4c700, self=<optimized out>, force_full=<error reading variable: access outside bounds of object referenced via synthetic pointer>)

    at art/runtime/gc/heap.cc:3723

#8  0x0000007f9c7bbb90 in art::gc::Heap::ConcurrentGCTask::Run (this=<optimized out>, self=0x0) at art/runtime/gc/heap.cc:3686

#9  0x0000007f9c7e2048 in art::gc::TaskProcessor::RunAllTasks (this=<optimized out>, self=<optimized out>) at art/runtime/gc/task_processor.cc:124

#10 0x0000000072437bf4 in ?? ()

Backtrace stopped: previous frame identical to this frame (corrupt stack?)

(gdb) f 3

#3  0x0000007f9ca2b69c in art::ThreadList::SuspendAll (this=0x7f9cced000, cause=0x7f9cb5dea8 "ScopedPause", long_suspend=<optimized out>) at art/runtime/thread_list.cc:481

481    art/runtime/thread_list.cc: 没有那个文件或目录.

def dump_all_threads_state

set $current = list_.__end_.__next_

while $current != 0

p * $current.__value_

set $current = $current.__next_

end

end

(gdb) info variables instance_

All variables matching regular expression "instance_":

File art/runtime/arch/arm64/quick_entrypoints_arm64.S:

static __CORE_ADDR art_quick_check_instance_of;

File art/runtime/jit/profile_saver.h:

art::ProfileSaver *art::ProfileSaver::instance_;

File art/runtime/runtime.h:

art::Runtime *art::Runtime::instance_;

(gdb) f 5

#5  art::Thread::FullSuspendCheck (this=0x7944241400) at art/runtime/thread.cc:1561

1561    art/runtime/thread.cc: 没有那个文件或目录.

(gdb) p art::Runtime::instance_

$4 = (art::Runtime *) 0x794fab9600

(gdb) p (*art::Runtime::instance_).thread_list_

$5 = (art::ThreadList *) 0x794faee000

def dump_threads_state

    set $current = ((art::ThreadList *) 0x794faee000).list_.__end_.__next_

    while $current != 0

        p *(*(std::__1::__list_node<art::Thread*, void*> *)$current).__value_

        set $current = $current.__next_

    end

end

[ro.build.inside.id]: [8.1.0-20180621174504_I]

(gdb)  set print pretty on

(gdb)  set pagination off

(gdb)  dump_threads_state

参考 http://opengrok.rnd.meizu.com/xref/M1881_NF7_base/art/runtime/thread_state.h

找到state=67的线程,即runnable

$20 = {

  tls32_ = {

    state_and_flags = {

      as_struct = {

        flags = 5,

        state = 67

      },


    tid = 1942,

找到之后发现是tid=1942的线程
还是敲 info thread命令,通过pid 1942找到对应的线程号
60 LWP 1942 syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

(gdb) t 60

[Switching to thread 60 (LWP 1942)]

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

41    bionic/libc/arch-arm64/bionic/syscall.S: 没有那个文件或目录.

(gdb) bt

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

#1  0x0000007f9dff9a00 in __futex (op=<optimized out>, timeout=0x0, bitset=-1, ftx=<optimized out>, value=<optimized out>) at bionic/libc/private/bionic_futex.h:48

#2  __futex_wait_ex (ftx=<optimized out>, shared=<optimized out>, value=<optimized out>, use_realtime_clock=<optimized out>, abs_timeout=<optimized out>) at bionic/libc/private/bionic_futex.h:70

#3  __pthread_normal_mutex_lock (abs_timeout_or_null=<optimized out>, mutex=<optimized out>, shared=<optimized out>, use_realtime_clock=<optimized out>) at bionic/libc/bionic/pthread_mutex.cpp:327

#4  __pthread_mutex_lock_with_timeout (mutex=<optimized out>, use_realtime_clock=<optimized out>, abs_timeout_or_null=<optimized out>) at bionic/libc/bionic/pthread_mutex.cpp:430

#5  0x0000007f9da06f94 in android::android_content_AssetManager_applyStyle (env=0x7f8d441500, themeToken=1979122816, defStyleAttr=<optimized out>, defStyleRes=16974670, xmlParserToken=1953312172, attrs=0x70f1b958, outValues=0x746d2cac, outIndices=0x70fbfcc8, clazz=<optimized out>) at frameworks/base/core/jni/android_util_AssetManager. :1434

#6  0x000000007469cd8c in ?? ()

Backtrace stopped: previous frame identical to this frame (corrupt stack?)

查看android_util_AssetManager.cpp:1434

    // Now lock down the resource object and start pulling stuff from it.

static jboolean android_content_AssetManager_applyStyle(JNIEnv* env, jobject clazz,

    res.lock();

这里怀疑有别的线程持有了res锁,通过下面命令打印出所有的线程,搜索“AssetManager”

(gdb)thread apply all bt

找到了主线程

Thread 1 (LWP 1727):

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

#1  0x0000007f9c663f40 in futex (uaddr=0x7f9ccf75d0, op=0, val=48, val3=0, timeout=<optimized out>, uaddr2=<optimized out>) at art/runtime/base/mutex-inl.h:45

#2  art::ConditionVariable::WaitHoldingLocks (this=<optimized out>, self=<optimized out>) at art/runtime/base/mutex.cc:848

#3  0x0000007f9c8ff30c in TransitionFromSuspendedToRunnable (this=<optimized out>) at art/runtime/thread-inl.h:209

#4  ScopedThreadStateChange (self=<optimized out>, new_thread_state=art::kRunnable, this=<optimized out>) at art/runtime/scoped_thread_state_change.h:51

#5  ScopedObjectAccessUnchecked (this=<optimized out>, env=<optimized out>) at art/runtime/scoped_thread_state_change.h:224

#6  ScopedObjectAccess (this=<optimized out>, env=<optimized out>) at art/runtime/scoped_thread_state_change.h:255

#7  art::JNI::NewStringUTF (env=<optimized out>, utf=<optimized out>) at art/runtime/jni_internal.cc:1646

#8  0x0000007f9da03a60 in NewStringUTF (bytes=<optimized out>, this=0x7f9cc3e180) at libnativehelper/include/nativehelper/jni.h:842

#9  android::android_content_AssetManager_getArrayStringResource (env=0x7f9cc3e180, clazz=<optimized out>, arrayResId=<optimized out>) at frameworks/base/core/jni/android_util_AssetManager.cpp:1982

#10 0x000000007469d84c in ?? ()

Backtrace stopped: previous frame identical to this frame (corrupt stack?)

查看代码在android_util_AssetManager.cpp:1982 调用NewStringUTF 之前的确持有了锁

thread apply all bt 打印所有thread bt

art/runtime/runtime.h:

art::Runtime *art::Runtime::instance_;

(gdb) f 5

#5  art::Thread::FullSuspendCheck (this=0x7944241400) at art/runtime/thread.cc:1561

1561    art/runtime/thread.cc: 没有那个文件或目录.

(gdb) p art::Runtime::instance_

$4 = (art::Runtime *) 0x794fab9600

(gdb) p (*art::Runtime::instance_).thread_list_

$5 = (art::ThreadList *) 0x794faee000

def dump_threads_state

    set $current = ((art::ThreadList *) 0x794faee000).list_.__end_.__next_

    while $current != 0

        p *(*(std::__1::__list_node<art::Thread*, void*> *)$current).__value_

        set $current = $current.__next_

    end

end

[ro.build.inside.id]: [8.1.0-20180621174504_I]

(gdb)  set print pretty on

(gdb)  set pagination off

(gdb)  dump_threads_state

参考 http://opengrok.rnd.meizu.com/xref/M1881_NF7_base/art/runtime/thread_state.h

找到state=67的线程,即runnable

$20 = {

  tls32_ = {

    state_and_flags = {

      as_struct = {

        flags = 5,

        state = 67

      },

  ...

    tid = 1942,

...

找到之后发现是tid=1942的线程

还是敲 info thread命令,通过pid 1942找到对应的线程号

60 LWP 1942 syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

(gdb) t 60

[Switching to thread 60 (LWP 1942)]

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

41    bionic/libc/arch-arm64/bionic/syscall.S: 没有那个文件或目录.

(gdb) bt

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

#1  0x0000007f9dff9a00 in __futex (op=<optimized out>, timeout=0x0, bitset=-1, ftx=<optimized out>, value=<optimized out>) at bionic/libc/private/bionic_futex.h:48

#2  __futex_wait_ex (ftx=<optimized out>, shared=<optimized out>, value=<optimized out>, use_realtime_clock=<optimized out>, abs_timeout=<optimized out>) at bionic/libc/private/bionic_futex.h:70

#3  __pthread_normal_mutex_lock (abs_timeout_or_null=<optimized out>, mutex=<optimized out>, shared=<optimized out>, use_realtime_clock=<optimized out>) at bionic/libc/bionic/pthread_mutex.cpp:327

#4  __pthread_mutex_lock_with_timeout (mutex=<optimized out>, use_realtime_clock=<optimized out>, abs_timeout_or_null=<optimized out>) at bionic/libc/bionic/pthread_mutex.cpp:430

#5  0x0000007f9da06f94 in android::android_content_AssetManager_applyStyle (env=0x7f8d441500, themeToken=1979122816, defStyleAttr=<optimized out>, defStyleRes=16974670, xmlParserToken=1953312172, attrs=0x70f1b958, outValues=0x746d2cac, outIndices=0x70fbfcc8, clazz=<optimized out>) at frameworks/base/core/jni/android_util_AssetManager. :1434

#6  0x000000007469cd8c in ?? ()

Backtrace stopped: previous frame identical to this frame (corrupt stack?)

查看android_util_AssetManager.cpp:1434

    // Now lock down the resource object and start pulling stuff from it.

static jboolean android_content_AssetManager_applyStyle(JNIEnv* env, jobject clazz,

    res.lock();

这里怀疑有别的线程持有了res锁,通过下面命令打印出所有的线程,搜索“AssetManager”

(gdb)thread apply all bt

找到了主线程

Thread 1 (LWP 1727):

#0  syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41

#1  0x0000007f9c663f40 in futex (uaddr=0x7f9ccf75d0, op=0, val=48, val3=0, timeout=<optimized out>, uaddr2=<optimized out>) at art/runtime/base/mutex-inl.h:45

#2  art::ConditionVariable::WaitHoldingLocks (this=<optimized out>, self=<optimized out>) at art/runtime/base/mutex.cc:848

#3  0x0000007f9c8ff30c in TransitionFromSuspendedToRunnable (this=<optimized out>) at art/runtime/thread-inl.h:209

#4  ScopedThreadStateChange (self=<optimized out>, new_thread_state=art::kRunnable, this=<optimized out>) at art/runtime/scoped_thread_state_change.h:51

#5  ScopedObjectAccessUnchecked (this=<optimized out>, env=<optimized out>) at art/runtime/scoped_thread_state_change.h:224

#6  ScopedObjectAccess (this=<optimized out>, env=<optimized out>) at art/runtime/scoped_thread_state_change.h:255

#7  art::JNI::NewStringUTF (env=<optimized out>, utf=<optimized out>) at art/runtime/jni_internal.cc:1646

#8  0x0000007f9da03a60 in NewStringUTF (bytes=<optimized out>, this=0x7f9cc3e180) at libnativehelper/include/nativehelper/jni.h:842

#9  android::android_content_AssetManager_getArrayStringResource (env=0x7f9cc3e180, clazz=<optimized out>, arrayResId=<optimized out>) at frameworks/base/core/jni/android_util_AssetManager.cpp:1982

#10 0x000000007469d84c in ?? ()

Backtrace stopped: previous frame identical to this frame (corrupt stack?)

(gdb)

查看代码在android_util_AssetManager.cpp:1982 调用NewStringUTF 之前的确持有了锁

常用命令:
thread apply all bt 打印所有thread bt
disassemble 查看当前栈帧的机器码
x/d (0x7bebe41c10+152) x 查看该地址的内存, d表示
info registers 查看寄存器的值
info locals 查看当前stack frame局部变量
info variables 查看全局和静态变量
info args 查看当前stack frame参数

相关文章

网友评论

      本文标题:case art hang

      本文链接:https://www.haomeiwen.com/subject/sxzogctx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|case art hang|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!