Understanding and Debugging Native Crashes on Android: Tombstone and Coredump Analysis

The article introduces native crashes as a critical issue for Android applications and presents a comprehensive workflow for diagnosing them, starting from signal types like SIGSEGV, SIGABRT, SIGILL, SIGBUS, and SIGFPE.

It explains how to capture crash information using adb logcat -b crash , then details the structure of tombstone files, including ABI, timestamps, process IDs, registers, and backtraces, and shows how to map PC addresses to functions in shared libraries.

For deeper analysis, the article describes generating full coredumps via AOSP scripts ( coredump_setup and coredump_enable ), configuring /proc/sys/kernel/core_pattern , and adjusting coredump_filter and suid_dumpable settings.

It covers memory‑checking tools such as AddressSanitizer (ASAN), HWASAN, and the newer Memory Tagging Extension (MTE), providing build‑time flags and module‑level disabling instructions.

Several C++ examples illustrate the dangers of wild pointers, virtual‑table corruption, and array out‑of‑bounds writes, showing how these bugs manifest in stack traces and can be caught by sanitizers.

The article also demonstrates manual assembly inspection: converting raw machine code to assembly with objdump , analyzing a faulty ldr instruction that caused a null‑pointer dereference, and modifying ELF code sections using custom assembly files.

Finally, it walks through a real‑world crash case, reconstructing the call stack from tombstone and coredump data, identifying the offending functions ( android::MediaCodec::queueInputBuffer and android::AMessage::setTarget ), and showing how to patch the offending instruction to prevent the segfault.