Android Tombstones Are Not Always Generated. How To Enforce Its Generation?


Answer :

The dumps are created by debuggerd when a program crashes under Linux. When this happens, the kernel will send a signal to the dying program. This signal is caught by a special signal handler installed in every native Android application by the bionic C library (this is why tombstones aren't generated for Java-based Android apps). The signal handler contacts debuggerd (via a named pipe), which then connects back to the dying program using ptrace to read registers and memory to produce the tombstone and log entries.

./bionic/linker/debugger.cpp installs the debuggerd_signal_handler() signal handler for several signals that when invoked will try to use the pipe to communicate to debuggerd to create the tombstone file. I suppose that if the pipe communication fails or the ptrace back to the crashing process fails then the tombstone won't be generated. But those failures should still be logged (in the tombstone file or logcat or maybe both - I'm not sure). There may be other problems that result in a tombstone file not being generated.

See the following for how the signal handling is set up by the bionic linker (all function names and files mentioned here are from Android 4.4, but should be similar in other versions):

  • __linker_init_post_relocation() in ./bionic/linker/linker.cpp
  • debuggerd_init() in ./bionic/linker/debugger.cpp
  • debuggerd_signal_handler() in ./bionic/linker/debugger.cpp

And see the following for how debuggerd responds to the request to deal with a crashing process:

  • do_server() in ./system/core/debuggerd/debuggerd.c // opens the pipe to receive requests
  • handle_request() in ./system/core/debuggerd/debuggerd.c // handles the request to deal with a crashing process

Keep in mind that in most of cases tombstone could be generated on rooted devices.

First Identify PID for your app:

adb shell ps | grep <your app> 

Sample:

adb shell ps | grep br root      257   2     0      0     rescuer_th 0000000000 S k_gbridge u0_a7     9404  537   2052020 45460 SyS_epoll_ 7f921a99d0 S com.android.cellbroadcastreceiver 

Second Send SIGSEGV signal to your PID (9404 in our sample):

adb shell kill -11 <YOUR PID> 

Example:

adb shell kill -11 9404 

List of signals:

SIGHUP   1 Exit Hang up SIGINT   2 Exit Interrupt SIGQUIT  3 Core Quit SIGILL   4 Core Illegal Instruction SIGTRAP  5 Core Trace/Breakpoint Trap SIGABRT  6 Core Abort SIGEMT   7 Core Emulation Trap SIGFPE   8 Core Arithmetic Exception SIGKILL  9 Exit Killed SIGBUS   10 Core Bus Error SIGSEGV  11 Core Segmentation Fault SIGSYS   12 Core Bad System Call SIGPIPE  13 Exit Broken Pipe 

Third Check generated file:

adb shell ls -la /data/tombstones/ 

Example:

adb shell cat /data/tombstones/tombstone_00 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** LineageOS Version: '14.1-20170512-NIGHTLY-zl1' Build fingerprint: 'LeEco/le_zl1/LePro3:6.0.1/MMB29M/362280:user/release-keys' Revision: '0' ABI: 'arm64' pid: 9404, tid: 9404, name: oadcastreceiver  >>> com.android.cellbroadcastreceiver <<< signal 11 (SIGSEGV), code 0 (SI_USER), fault addr 0x3aab     x0   fffffffffffffffc  x1   0000007fc3ad89a8  x2   0000000000000010  x3   00000000ffffffff     x4   0000000000000000  x5   0000000000000008  x6   0000007f92808000  x7   0000000000000000     x8   0000000000000016  x9   7fffffffffffffff  x10  0000000000000000  x11  0000007fc3ad8a98     x12  0000000000000000  x13  ffffffffa26d50eb  x14  00010bc3b9000000  x15  003b9aca00000000     x16  0000007f92200470  x17  0000007f9215c374  x18  0000000000000011  x19  3a3580d85807b977     x20  0000007f8e8a3188  x21  00000000ffffffff  x22  00000000ffffffff  x23  0000007f8e8a30e0     x24  0000000000000028  x25  0000000000000000  x26  00000000716d0b90  x27  000000007a258060     x28  0000007f834e1680  x29  0000007fc3ad8950  x30  0000007f9215c3b8     sp   0000007fc3ad8930  pc   0000007f921a99d0  pstate 0000000060000000 

Note: If you have message about permission for command "adb shell ls -la /data/tombstones/" You need run following:

adb root adb remount 

Comments

Popular posts from this blog

Converting A String To Int In Groovy

"Cannot Create Cache Directory /home//.composer/cache/repo/https---packagist.org/, Or Directory Is Not Writable. Proceeding Without Cache"

Android SDK Location Should Not Contain Whitespace, As This Cause Problems With NDK Tools