Android tombstones are not always generated. How to enforce its generation?
The dumps are created by debuggerd when a program crashes under Linux. When this happens, the kernel will send a signal to the dying program. This signal is caught by a special signal handler installed in every native Android application by the bionic C library (this is why tombstones aren't generated for Java-based Android apps). The signal handler contacts debuggerd (via a named pipe), which then connects back to the dying program using ptrace to read registers and memory to produce the tombstone and log entries.
./bionic/linker/debugger.cpp installs the debuggerd_signal_handler() signal handler for several signals that when invoked will try to use the pipe to communicate to debuggerd to create the tombstone file. I suppose that if the pipe communication fails or the ptrace back to the crashing process fails then the tombstone won't be generated. But those failures should still be logged (in the tombstone file or logcat or maybe both - I'm not sure). There may be other problems that result in a tombstone file not being generated.
See the following for how the signal handling is set up by the bionic linker (all function names and files mentioned here are from Android 4.4, but should be similar in other versions):
__linker_init_post_relocation()in./bionic/linker/linker.cppdebuggerd_init()in./bionic/linker/debugger.cppdebuggerd_signal_handler()in./bionic/linker/debugger.cpp
And see the following for how debuggerd responds to the request to deal with a crashing process:
do_server()in./system/core/debuggerd/debuggerd.c// opens the pipe to receive requestshandle_request()in./system/core/debuggerd/debuggerd.c// handles the request to deal with a crashing process
Keep in mind that in most of cases tombstone could be generated on rooted devices.
First Identify PID for your app:
adb shell ps | grep <your app>
Sample:
adb shell ps | grep br
root 257 2 0 0 rescuer_th 0000000000 S k_gbridge
u0_a7 9404 537 2052020 45460 SyS_epoll_ 7f921a99d0 S com.android.cellbroadcastreceiver
Second Send SIGSEGV signal to your PID (9404 in our sample):
adb shell kill -11 <YOUR PID>
Example:
adb shell kill -11 9404
List of signals:
SIGHUP 1 Exit Hang up
SIGINT 2 Exit Interrupt
SIGQUIT 3 Core Quit
SIGILL 4 Core Illegal Instruction
SIGTRAP 5 Core Trace/Breakpoint Trap
SIGABRT 6 Core Abort
SIGEMT 7 Core Emulation Trap
SIGFPE 8 Core Arithmetic Exception
SIGKILL 9 Exit Killed
SIGBUS 10 Core Bus Error
SIGSEGV 11 Core Segmentation Fault
SIGSYS 12 Core Bad System Call
SIGPIPE 13 Exit Broken Pipe
Third Check generated file:
adb shell ls -la /data/tombstones/
Example:
adb shell cat /data/tombstones/tombstone_00
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
LineageOS Version: '14.1-20170512-NIGHTLY-zl1'
Build fingerprint: 'LeEco/le_zl1/LePro3:6.0.1/MMB29M/362280:user/release-keys'
Revision: '0'
ABI: 'arm64'
pid: 9404, tid: 9404, name: oadcastreceiver >>> com.android.cellbroadcastreceiver <<<
signal 11 (SIGSEGV), code 0 (SI_USER), fault addr 0x3aab
x0 fffffffffffffffc x1 0000007fc3ad89a8 x2 0000000000000010 x3 00000000ffffffff
x4 0000000000000000 x5 0000000000000008 x6 0000007f92808000 x7 0000000000000000
x8 0000000000000016 x9 7fffffffffffffff x10 0000000000000000 x11 0000007fc3ad8a98
x12 0000000000000000 x13 ffffffffa26d50eb x14 00010bc3b9000000 x15 003b9aca00000000
x16 0000007f92200470 x17 0000007f9215c374 x18 0000000000000011 x19 3a3580d85807b977
x20 0000007f8e8a3188 x21 00000000ffffffff x22 00000000ffffffff x23 0000007f8e8a30e0
x24 0000000000000028 x25 0000000000000000 x26 00000000716d0b90 x27 000000007a258060
x28 0000007f834e1680 x29 0000007fc3ad8950 x30 0000007f9215c3b8
sp 0000007fc3ad8930 pc 0000007f921a99d0 pstate 0000000060000000
Note: If you have message about permission for command "adb shell ls -la /data/tombstones/" You need run following:
adb root
adb remount