diff options
Diffstat (limited to 'en/devices/tech/debug/native-crash.html')
-rw-r--r-- | en/devices/tech/debug/native-crash.html | 59 |
1 files changed, 49 insertions, 10 deletions
diff --git a/en/devices/tech/debug/native-crash.html b/en/devices/tech/debug/native-crash.html index 686af070..fbebb934 100644 --- a/en/devices/tech/debug/native-crash.html +++ b/en/devices/tech/debug/native-crash.html @@ -105,8 +105,8 @@ backtrace: #09 pc 00000abc /system/xbin/crasher </pre> <p> -You can reproduce an instance of this type of crash using: <code>crasher -abort</code> +You can reproduce an instance of this type of crash using <code>crasher +abort</code>. </p> <h3 id=nullpointer>Pure null pointer dereference</h3> <p> @@ -140,8 +140,8 @@ backtrace: #05 pc 000010e4 /system/xbin/crasher (_start+96) </pre> <p> -You can reproduce an instance of this type of crash using: <code>crasher -strlen-NULL</code> +You can reproduce an instance of this type of crash using <code>crasher +strlen-NULL</code>. </p> <h3 id=lowaddress>Low-address null pointer dereference</h3> <p> @@ -215,8 +215,8 @@ stack and directly accuse the calling code. But not always, and this is how you would present a compelling case. </p> <p> -You can reproduce instances of this kind of crash using: <code>crasher -fprintf-NULL</code> or <code>crasher readdir-NULL</code> +You can reproduce instances of this kind of crash using <code>crasher +fprintf-NULL</code> or <code>crasher readdir-NULL</code>. </p> <h3 id=fortify>FORTIFY failure</h3> <p> @@ -248,8 +248,8 @@ backtrace: #07 pc 00001110 /system/xbin/crasher (_start+96) </pre> <p> -You can reproduce an instance of this type of crash using: <code>crasher -fortify</code> +You can reproduce an instance of this type of crash using <code>crasher +fortify</code>. </p> <h3 id=stackcorruption>Stack corruption detected by -fstack-protector</h3> <p> @@ -288,9 +288,48 @@ You can distinguish this from other kinds of abort by the presence of <code>__stack_chk_fail</code> in the backtrace and the specific abort message. </p> <p> -You can reproduce an instance of this type of crash using: <code>crasher -smash-stack</code> +You can reproduce an instance of this type of crash using <code>crasher +smash-stack</code>. </p> +<h3 id="seccomp">Seccomp SIGSYS from a disallowed system call</h3> +<p> +The <a href="https://en.wikipedia.org/wiki/Seccomp">seccomp</a> system (specifically seccomp-bpf) +restricts access to system calls. For more information about seccomp for platform developers, see +the blog post +<a href="https://android-developers.googleblog.com/2017/07/seccomp-filter-in-android-o.html">Seccomp filter in Android O</a>. +A thread that calls a restricted system call +will receive a SIGSYS signal with code SYS_SECCOMP. The system call number will be shown in the +cause line, along with the architecture. It is important to note that system call numbers vary +between architectures. For example, the readlinkat(2) system call is number 305 on x86 +but 267 on x86-64. The call number is different again on both arm and arm64. Because system call +numbers vary between architectures, it's usually easier to use the stack trace to find out which +system call was disallowed rather than looking for the system call number in the headers. +</p> +<pre class="devsite-click-to-copy"> +pid: 11046, tid: 11046, name: crasher >>> crasher <<< +signal 31 (SIGSYS), code 1 (<i style="color:Orange">SYS_SECCOMP</i>), fault addr -------- +<i style="color:Orange">Cause: seccomp prevented call to disallowed arm system call 99999</a> + r0 cfda0444 r1 00000014 r2 40000000 r3 00000000 + r4 00000000 r5 00000000 r6 00000000 r7 0001869f + r8 00000000 r9 00000000 sl 00000000 fp fffefa58 + ip fffef898 sp fffef888 lr 00401997 pc f74f3658 cpsr 600f0010 + +backtrace: + #00 pc 00019658 /system/lib/libc.so (syscall+32) + #01 pc 00001993 /system/bin/crasher (do_action+1474) + #02 pc 00002699 /system/bin/crasher (main+68) + #03 pc 0007c60d /system/lib/libc.so (__libc_init+48) + #04 pc 000011b0 /system/bin/crasher (_start_main+72) +</pre> +<p> +You can distinguish disallowed system calls from other crashes by the presence of +<code>SYS_SECCOMP</code> on the signal line and the description on the cause line. +</p> +<p> +You can reproduce an instance of this type of crash using <code>crasher +seccomp</code>. +</p> + <h2 id=crashdump>Crash dumps</h2> |