Understanding random reboots via logcat

123bot

New member
Jan 30, 2017
1
0
0
Hello there,

I am, like others, experiencing random reboots, at the tune of about 5 times per day.
Since this happened before and after software upgrades (even major ones such as OOS 4), I initially thought it was a hardware issue, but the fact that the reboot is only a soft one (no need to re-enter the decryption password or the SIM lock PINs), makes me rather think that the issue is in the software.
I have thus looked into the logs and found something perhaps interesting that I need help understanding. This is in fact NOT meant to be the start of another generic thread about reboots on the OP3T...

All my crashes can be found in the crash ring buffer with logcat -bcrash (dump to file with logcat -bcrash -d -f filename.log), and they all look like this:

Code:
01-29 02:34:02.764  5014  5018 F libc    : Fatal signal 6 (SIGABRT), code -6 in tid 5018 (Binder:5014_2)
01-29 02:34:02.824 27337 27337 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-29 02:34:02.825 27337 27337 F DEBUG   : Build fingerprint: 'OnePlus/OnePlus3/OnePlus3T:7.0/NRD90M/12311021:user/release-keys'
01-29 02:34:02.825 27337 27337 F DEBUG   : Revision: '0'
01-29 02:34:02.826 27337 27337 F DEBUG   : ABI: 'arm64'
01-29 02:34:02.826 27337 27337 F DEBUG   : pid: 5014, tid: 5018, name: Binder:5014_2  >>> /system/bin/surfaceflinger <<<
01-29 02:34:02.826 27337 27337 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
01-29 02:34:02.826 27337 27337 F DEBUG   :     x0   0000000000000000  x1   000000000000139a  x2   0000000000000006  x3   0000000000000008
01-29 02:34:02.826 27337 27337 F DEBUG   :     x4   0000007fac47aac5  x5   0000007fa9ffeb40  x6   0000000000000000  x7   0000007faba0f800
01-29 02:34:02.826 27337 27337 F DEBUG   :     x8   0000000000000083  x9   ffffffffffffffdf  x10  0000000000000000  x11  0000000000000001
01-29 02:34:02.827 27337 27337 F DEBUG   :     x12  ffffffffffffffff  x13  000000008000002f  x14  0000007fac28a0e8  x15  0000007fac289d8c
01-29 02:34:02.827 27337 27337 F DEBUG   :     x16  0000007fac2a5ed0  x17  0000007fac24f8c0  x18  00000000000000bc  x19  0000007fa9fff4f8
01-29 02:34:02.827 27337 27337 F DEBUG   :     x20  0000000000000006  x21  0000007fa9fff450  x22  0000000000000016  x23  0000000000000000
01-29 02:34:02.827 27337 27337 F DEBUG   :     x24  0000000000000000  x25  bd40e3ea6c4cd196  x26  0000000000000000  x27  0000000000000000
01-29 02:34:02.827 27337 27337 F DEBUG   :     x28  0000000000000000  x29  0000007fa9ffec70  x30  0000007fac24cd50
01-29 02:34:02.827 27337 27337 F DEBUG   :     sp   0000007fa9ffec50  pc   0000007fac24f8c8  pstate 0000000060000000
01-29 02:34:02.855 27337 27337 F DEBUG   : 
01-29 02:34:02.855 27337 27337 F DEBUG   : backtrace:
01-29 02:34:02.855 27337 27337 F DEBUG   :     #00 pc 000000000006b8c8  /system/lib64/libc.so (tgkill+8)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #01 pc 0000000000068d4c  /system/lib64/libc.so (pthread_kill+64)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #02 pc 00000000000242b8  /system/lib64/libc.so (raise+24)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #03 pc 000000000001ccd4  /system/lib64/libc.so (abort+52)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #04 pc 000000000000d220  /system/lib64/libui.so (_ZNK7android6Region4dumpERNS_7String8EPKcj+140)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #05 pc 0000000000035134  /system/lib64/libsurfaceflinger.so
01-29 02:34:02.855 27337 27337 F DEBUG   :     #06 pc 000000000004f588  /system/lib64/libsurfaceflinger.so
01-29 02:34:02.855 27337 27337 F DEBUG   :     #07 pc 000000000004e8bc  /system/lib64/libsurfaceflinger.so
01-29 02:34:02.855 27337 27337 F DEBUG   :     #08 pc 000000000004fa3c  /system/lib64/libsurfaceflinger.so
01-29 02:34:02.855 27337 27337 F DEBUG   :     #09 pc 000000000004a310  /system/lib64/libbinder.so (_ZN7android7BBinder10onTransactEjRKNS_6ParcelEPS1_j+256)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #10 pc 0000000000050160  /system/lib64/libsurfaceflinger.so
01-29 02:34:02.855 27337 27337 F DEBUG   :     #11 pc 0000000000049e44  /system/lib64/libbinder.so (_ZN7android7BBinder8transactEjRKNS_6ParcelEPS1_j+132)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #12 pc 0000000000055c40  /system/lib64/libbinder.so (_ZN7android14IPCThreadState14executeCommandEi+980)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #13 pc 00000000000557b0  /system/lib64/libbinder.so (_ZN7android14IPCThreadState20getAndExecuteCommandEv+156)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #14 pc 0000000000055e58  /system/lib64/libbinder.so (_ZN7android14IPCThreadState14joinThreadPoolEb+72)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #15 pc 0000000000072d70  /system/lib64/libbinder.so
01-29 02:34:02.855 27337 27337 F DEBUG   :     #16 pc 0000000000012430  /system/lib64/libutils.so (_ZN7android6Thread11_threadLoopEPv+272)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #17 pc 0000000000068554  /system/lib64/libc.so (_ZL15__pthread_startPv+196)
01-29 02:34:02.855 27337 27337 F DEBUG   :     #18 pc 000000000001df18  /system/lib64/libc.so (__start_thread+16)
01-29 02:34:02.897 27338 27338 F libc    : CANNOT LINK EXECUTABLE "/system/bin/sh": can't enable GNU RELRO protection for "": Permission denied
However, I don't quite understand what's going on here. Who's linking to what? And where is RELRO being enabled? sh already has it enabled:
Code:
$ file sh 
sh: ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /system/bin/linker64, BuildID[md5/uuid]=31393afb600e5f7fb8fd5699b343bfbf, stripped

$ ./checksec.sh --file sh
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Full RELRO      Canary found      NX enabled    PIE enabled     No RPATH   No RUNPATH   sh
If anybody has any idea I would be really glad! The reboots are kinda driving me crazy and I'd rather not have to go through the pain of a replacement (which might not even help).
My phone is stock OOS 4.0.2 + TWRP + SuperSU.