- 项目背景
signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: ‘FORTIFY: pthread_mutex_lock called on a destroyed mutex (0xb400007b225d1938)’
x0 0000000000000000 x1 0000000000007199 x2 0000000000000006 x3 00000079e44a4930
x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 0000000000000028
x8 00000000000000f0 x9 ff3fa4f6fadc4297 x10 0000000000000000 x11 ffffffc0ffffffdf
x12 0000000000000001 x13 0000018d670490b7 x14 001017d7d7862a00 x15 0000000034155555
x16 0000007ce2957c80 x17 0000007ce2939a10 x18 00000079e1adc000 x19 00000000000003b0
x20 0000000000007199 x21 00000000ffffffff x22 00000079e44a5000 x23 0000005cc2f9f5a3
x24 0000000000000064 x25 b400007ab25d0dd0 x26 00000079e44a4bb1 x27 00000079e44a4bc9
x28 0000000000000063 x29 00000079e44a49b0
lr 0000007ce28ed420 sp 00000079e44a4910 pc 0000007ce28ed44c pst 0000000000000000
backtrace:
#00 pc 000000000004e44c /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: daf4f281be7a85835df7041bdf36ddc1)
#01 pc 00000000000b15c8 /apex/com.android.runtime/lib64/bionic/libc.so (__fortify_fatal(char const*, …)+124) (BuildId: daf4f281be7a85835df7041bdf36ddc1)
#02 pc 00000000000b0bc4 /apex/com.android.runtime/lib64/bionic/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+52) (BuildId: daf4f281be7a85835df7041bdf36ddc1)
#03 pc 00000000000b0a1c /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+160) (BuildId: daf4f281be7a85835df7041bdf36ddc1)
#04 pc 00000000000963a8 /system/lib64/libc++.so (std::__1::mutex::lock()+8) (BuildId: 0258740b928b138ce564c516fd6b9141)
#05 pc 000000000003a4e0 /system/bin/modulemgr (LockQueue<std::_1::shared_ptr >::wait_and_pop(std::__1::shared_ptr&)+48) (BuildId: 56c5e754e5edcb57b32f0e15ac54f4c1)
#06 pc 000000000003a2ac /system/bin/modulemgr (Archiver::msgThreadLoop()+108) (BuildId: 56c5e754e5edcb57b32f0e15ac54f4c1)
#07 pc 000000000003ab38 /system/bin/modulemgr (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_deletestd::__1::__thread_struct >, Archiver::Archiver(int):😒_0> >(void*)+40) (BuildId: 56c5e754e5edcb57b32f0e15ac54f4c1)
#08 pc 00000000000afeec /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64) (BuildId: daf4f281be7a85835df7041bdf36ddc1)
#09 pc 0000000000050408 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: daf4f281be7a85835df7041bdf36ddc1)
- crash追根溯源
- 问题的认识
Abort message: ‘FORTIFY: pthread_mutex_lock called on a destroyed mutex (0xb400007b225d1938)’
这个错误表明 程序尝试锁定 (pthread_mutex_lock()) 一个已经被销毁 (pthread_mutex_destroy()) 的互斥锁(mutex)。
-
FORTIFY 是 Android 或 GNU C Library (glibc) 提供的一个 运行时检查机制,它在检测到 非法的 pthread_mutex_lock() 调用 后终止程序,以防止潜在的未定义行为(如访问无效内存)。
-
0xb400007b225d1938 是出错的 互斥锁的地址,可能已经被释放或破坏。
-
可能的原因
1️⃣ 互斥锁在销毁后仍被使用
互斥锁 被 pthread_mutex_destroy() 释放,但代码仍然尝试调用 pthread_mutex_lock()。
pthread_mutex_t mutex;
void* thread_func(void* arg) {
pthread_mutex_lock(&mutex); // ❌ 可能锁住已经销毁的 mutex
pthread_mutex_unlock(&mutex);
return NULL;
}
int main() {
pthread_mutex_init(&mutex, NULL);
pthread_t thread;
pthread_create(&thread, NULL, thread_func, NULL);
pthread_mutex_destroy(&mutex); // ❌ 线程可能仍在访问 mutex
pthread_join(thread, NULL);
return 0;
}
2️⃣ 互斥锁所在的内存已被释放
互斥锁可能 是动态分配的,但在仍然被使用时 其内存已经被 free() 释放了。
pthread_mutex_t* mutex = (pthread_mutex_t*)malloc(sizeof(pthread_mutex_t));
pthread_mutex_init(mutex, NULL);
pthread_mutex_destroy(mutex); // ❌ 销毁后仍然可能被访问
free(mutex); // ❌ 释放已销毁的 mutex 内存
pthread_mutex_lock(mutex); // ❌ 访问已释放的内存
3️⃣ 线程竞争问题
一个线程销毁了互斥锁,而另一个线程仍在试图加锁。
pthread_mutex_t mutex;
void* thread_func(void* arg) {
pthread_mutex_lock(&mutex); // ❌ 可能访问已销毁的 mutex
pthread_mutex_unlock(&mutex);
return NULL;
}
int main() {
pthread_mutex_init(&mutex, NULL);
pthread_t thread;
pthread_create(&thread, NULL, thread_func, NULL);
pthread_mutex_destroy(&mutex); // ❌ 另一个线程可能仍在使用
pthread_join(thread, NULL);
return 0;
}
扫一扫
2752
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
