HarmonyOS鸿蒙Next中应用崩溃crash,该如何下手分析非自身打包so库地址报错

HarmonyOS鸿蒙Next中应用崩溃crash,该如何下手分析非自身打包so库地址报错

请问如何分析crash 报错,报错里的so库是系统的库嘛,都不是我项目里打包出来的so库

Device info:HUAWEI Pura 70 Build info:ADY-AL00 5.0.1.130(SP8C00E130R5P4) Fingerprint:27ca0ebe479cb69392ebf76c92299986145ee1ac9939016900a356dce4041961 Module name:com.dptech.vpnclient Version:1.0.0 VersionCode:1 PreInstalled:No Foreground:Yes Timestamp:2025-07-14 11:31:26.463 Pid:48878 Uid:20020196 Process life time:18446744073708659270s Reason:Signal:SIGSEGV(SEGV_MAPERR)@0x003634623762347e

Fault thread info: Tid:53143, Name:OS_TaskWorker

#00 pc 00000000001bf274 /system/lib/ld-musl-aarch64.so.1(pthread_mutex_destroy+12)(f77c0346c0084ebbadf721ea319f5f77) #01 pc 00000000000c45e8 /system/lib64/libc++.so(std::h::mutex::~mutex()+8)(7817a009937816a1f11f1e7673c1e796f9d24b58) #02 pc 00000000000c3ea4 /system/lib64/platformsdk/libwindow_native_kit.z.so(OHOS::Rosen::JsWindowRegisterManager::~JsWindowRegisterManager()+24)(0b23cd9b75489d48a314fcfb7077b947) #03 pc 00000000000102d0 /system/lib64/module/libwindow_napi.z.so(OHOS::Rosen::JsWindowManager::~JsWindowManager()+32)(5e99329c06a9c4d5b04f35091bc1e42f) #04 pc 0000000000010354 /system/lib64/module/libwindow_napi.z.so(OHOS::Rosen::JsWindowManager::Finalizer(napi_env, void, void*) (.cfi)+92)(5e99329c06a9c4d5b04f35091bc1e42f) #05 pc 0000000000056bb4 /system/lib64/platformsdk/libace_napi.z.so(ArkNativeReference::~ArkNativeReference()+100)(6c1a8d774d3ae619f3694983d88e25d3) #06 pc 0000000000056e20 /system/lib64/platformsdk/libace_napi.z.so(ArkNativeReference::~ArkNativeReference()+16)(6c1a8d774d3ae619f3694983d88e25d3) #07 pc 00000000000752f8 /system/lib64/platformsdk/libace_napi.z.so(NativeReferenceManager::~NativeReferenceManager()+56)(6c1a8d774d3ae619f3694983d88e25d3) #08 pc 0000000000075320 /system/lib64/platformsdk/libace_napi.z.so(NativeReferenceManager::~NativeReferenceManager()+16)(6c1a8d774d3ae619f3694983d88e25d3) #09 pc 0000000000068878 /system/lib64/platformsdk/libace_napi.z.so(NativeEngine::Deinit()+248)(6c1a8d774d3ae619f3694983d88e25d3) #10 pc 0000000000040cf8 /system/lib64/platformsdk/libace_napi.z.so(ArkNativeEngine::~ArkNativeEngine()+152)(6c1a8d774d3ae619f3694983d88e25d3) #11 pc 0000000000040ef0 /system/lib64/platformsdk/libace_napi.z.so(ArkNativeEngine::~ArkNativeEngine()+16)(6c1a8d774d3ae619f3694983d88e25d3) #12 pc 000000000003ce5c /system/lib64/module/libtaskpool.z.so(Commonlibrary::Concurrent::TaskPoolModule::Worker::ReleaseWorkerThreadContent()+508)(de411301af629c943b9c193f8fa921d9) #13 pc 000000000003b42c /system/lib64/module/libtaskpool.z.so(Commonlibrary::Concurrent::TaskPoolModule::Worker::ExecuteInThread(void const*) (.cfi)+844)(de411301af629c943b9c193f8fa921d9) #14 pc 0000000000036a84 /system/lib64/module/libtaskpool.z.so(Commonlibrary::Concurrent::TaskPoolModule::TaskRunner::TaskInnerRunner::Run()+72)(de411301af629c943b9c193f8fa921d9) #15 pc 00000000001bdcac /system/lib/ld-musl-aarch64.so.1(start+236)(f77c0346c0084ebbadf721ea319f5f77)

Registers: x0:303634623762347e x1:0000005c6586d460 x2:0000000000000003 x3:0000000000000003 x4:000000000000002b x5:000000000000001c x6:0000000000008080 x7:feff686067666d60 x8:0000005b53bf17e8 x9:3684098ef3b77ef4 x10:6b6b000000000000 x11:ffffffffc4653600 x12:0000000000000016 x13:0000000082355555 x14:0000000068737e0b x15:0000000000000000 x16:0000005abb0753b0 x17:0000005ab9f52268 x18:ffff000000000006 x19:3036346237623466 x20:0000000000000001 x21:0000005b56a5d650 x22:0000005b439e728e x23:0000005b56bb5600 x24:0000005aba196000 x25:0000005c6586e988 x26:0000005c6586e978 x27:0000005c6586e968 x28:0000005aba19f000 x29:0000005c6586e640 lr:0000005abb0045ec sp:0000005c6586e640 pc:0000005ab9f52274

Other thread info: Tid:48878, Name:ptech.vpnclient

#00 pc 00000000001b9438 /system/lib/ld-musl-aarch64.so.1(__timedwait_cp+192)(f77c0346c0084ebbadf721ea319f5f77) #01 pc 00000000001bf5b4 /system/lib/ld-musl-aarch64.so.1(__pthread_mutex_timedlock_inner+592)(f77c0346c0084ebbadf721ea319f5f77) #02 pc 00000000001dc158 /system/lib/ld-musl-aarch64.so.1(PauseMainThreadHandler+76)(f77c0346c0084ebbadf721ea319f5f77) #03 pc 0000000000001a20 [shmm] #04 pc 0000000000001468 [shmm] #05 pc 0000000000156a70 /system/lib/ld-musl-aarch64.so.1(epoll_wait+76)(f77c0346c0084ebbadf721ea319f5f77) #06 pc 00000000000192bc /system/lib64/chipset-pub-sdk/libeventhandler.z.so(OHOS::AppExecFwk::EpollIoWaiter::WaitFor(std::__h::unique_lock<std::__h::mutex>&, long)+232)(4f4eb5c696148d35cce6d2e07f75f1ea) #07 pc 0000000000021660 /system/lib64/chipset-pub-sdk/libeventhandler.z.so(OHOS::AppExecFwk::EventQueue::WaitUntilLocked(std::__h::chrono::time_point<std::__h::chrono::steady_clock, std::__h::chrono::duration<long long, std::__h::ratio<1l, 1000000000l>>> const&, std::_h::unique_lock<std::h::mutex>&)+140)(4f4eb5c696148d35cce6d2e07f75f1ea) #08 pc 0000000000022fdc /system/lib64/chipset-pub-sdk/libeventhandler.z.so(OHOS::AppExecFwk::EventQueueBase::GetEvent()+216)(4f4eb5c696148d35cce6d2e07f75f1ea) #09 pc 000000000002cf60 /system/lib64/chipset-pub-sdk/libeventhandler.z.so(OHOS::AppExecFwk::(anonymous namespace)::EventRunnerImpl::Run()+928)(4f4eb5c696148d35cce6d2e07f75f1ea) #10 pc 00000000000302f0 /system/lib64/chipset-pub-sdk/libeventhandler.z.so(OHOS::AppExecFwk::EventRunner::Run()+528)(4f4eb5c696148d35cce6d2e07f75f1ea) #11 pc 00000000000b9d14 /system/lib64/platformsdk/libappkit_native.z.so(OHOS::AppExecFwk::MainThread::Start()+400)(6ec7d0aac3d4f52bb1043f5b9136753f) #12 pc 0000000000004e34 /system/lib64/appspawn/appspawn/libappspawn_ace.z.so(RunChildProcessor(AppSpawnContent*, AppSpawnClient*)+568)(a0b5e4940952fa5fce259ad5024fc630) #13 pc 000000000000ccec /system/bin/appspawn(AppSpawnChild+496)(875362ddbcdfbca41fc2410f37bf4d00) #14 pc 000000000001712c /system/bin/appspawn(ProcessSpawnReqMsg+3392)(875362ddbcdfbca41fc2410f37bf4d00) #15 pc 0000000000014b30 /system/bin/appspawn(OnReceiveRequest+848)(875362ddbcdfbca41fc2410f37bf4d00) #16 pc 0000000000016da4 /system/lib64/chipset-pub-sdk/libbegetutil.z.so(HandleRecvMsg+344)(1598655ed170c3c436eb642ce6f7439d) #17 pc 0000000000016878 /system/lib64/chipset-pub-sdk/libbegetutil.z.so(HandleStreamEvent+192)(1598655ed170c3c436eb642ce6f7439d) #18 pc 0000000000013f58 /system/lib64/chipset-pub-sdk/libbegetutil.z.so(ProcessEvent+88)(1598655ed170c3c436eb642ce6f7439d) #19 pc 0000000000013b18 /system/lib64/chipset-pub-sdk/libbegetutil.z.so(RunLoop+320)(1598655ed170c3c436eb642ce6f7439d) #20 pc 0000000000012658 /system/bin/appspawn(AppSpawnRun+212)(875362ddbcdfbca41fc2410f37bf4d00) #21 pc 000000000000ff30 /system/bin/appspawn(main+764)(875362ddbcdfbca41fc2410f37bf4d00) #22 pc 00000000000a1920 /system/lib/ld-musl-aarch64.so.1(libc_start_main_stage2+64)(f77c0346c0084ebbadf721ea319f5f77)


更多关于HarmonyOS鸿蒙Next中应用崩溃crash,该如何下手分析非自身打包so库地址报错的实战教程也可以访问 https://www.itying.com/category-93-b0.html

2 回复

在HarmonyOS Next中分析第三方so库崩溃时:

  1. 获取crash日志:通过hilog工具抓取完整崩溃堆栈
  2. 定位关键信息:重点关注"backtrace"中非应用包名的内存地址段
  3. 使用addr2line工具:将so库的加载基地址与崩溃偏移地址相加,通过命令arm64-linux-musleabi-addr2line -e xxx.so 0x[计算后地址]解析符号
  4. 确认so版本:检查崩溃so库与当前运行设备架构的匹配性(arm64-v8a/armeabi-v7a)
  5. 检查依赖冲突:使用ldd查看so库的依赖关系是否完整

更多关于HarmonyOS鸿蒙Next中应用崩溃crash,该如何下手分析非自身打包so库地址报错的实战系列教程也可以访问 https://www.itying.com/category-93-b0.html


从crash日志看,这是一个系统级线程(OS_TaskWorker)在销毁互斥锁时触发的SIGSEGV错误。关键点分析:

  1. 崩溃发生在系统库调用链:
  • pthread_mutex_destroy (musl库)
  • libc++.so的mutex析构
  • libwindow_native_kit.z.so的JsWindowRegisterManager析构
  • libwindow_napi.z.so的JsWindowManager析构
  1. 崩溃原因:
  • 地址0x003634623762347e非法访问(SEGV_MAPERR)
  • 可能是线程销毁时资源释放顺序问题导致的野指针访问
  1. 排查建议:
  • 检查应用是否在Native层有不当的线程操作
  • 确认是否正确处理了HarmonyOS窗口生命周期回调
  • 查看应用是否在后台线程操作了UI相关组件

这属于系统服务线程崩溃,建议重点检查应用与窗口管理相关的异步操作,特别是涉及多线程的部分。

回到顶部