I am developing an music player app. All works fine except the app dies suddenly. Sometimes this happens when the app starts, and sometimes after running for long time. Sometimes all goes well without app getting died. I observed the log to get to know what is the causing the app to die and found this:
11-02 16:39:39.293: A/libc(3556): @@@ ABORTING: INVALID HEAP ADDRESS IN dlfree
11-02 16:39:39.293: A/libc(3556): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
The full log is given below, what I found in logcat when the app died:
11-02 16:39:39.293: A/libc(3556): @@@ ABORTING: INVALID HEAP ADDRESS IN dlfree
11-02 16:39:39.293: A/libc(3556): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
11-02 16:39:39.793: I/DEBUG(3257): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-02 16:39:39.793: I/DEBUG(3257): Build fingerprint: 'Polaroid/nuclear_md7008/nuclear-md7008:4.0.4/IMM76D/20120929:eng/test-keys'
11-02 16:39:39.793: I/DEBUG(3257): pid: 3556, tid: 3556 >>> com.polaroid.kidsmusic <<<
11-02 16:39:39.793: I/DEBUG(3257): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
11-02 16:39:39.793: I/DEBUG(3257): r0 deadbaad r1 00000001 r2 40000000 r3 00000000
11-02 16:39:39.793: I/DEBUG(3257): r4 00000000 r5 00000027 r6 400f4db0 r7 40103474
11-02 16:39:39.793: I/DEBUG(3257): r8 021821c0 r9 40061840 10 00000008 fp beb666e4
11-02 16:39:39.793: I/DEBUG(3257): ip ffffffff sp beb66538 lr 400d5f71 pc 400d26d0 cpsr 60000030
11-02 16:39:39.793: I/DEBUG(3257): d0 000001e000000000 d1 43f00000000001e0
11-02 16:39:39.793: I/DEBUG(3257): d2 443f000000000000 d3 4a8688c00000004a
11-02 16:39:39.793: I/DEBUG(3257): d4 3f800000020922a8 d5 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257): d6 0000000000000000 d7 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257): d8 0000000000000000 d9 43f0000000000000
11-02 16:39:39.793: I/DEBUG(3257): d10 3fec2014384e6205 d11 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257): d12 0000000000000000 d13 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257): d14 0000000000000000 d15 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257): d16 0000000000000001 d17 3ff0000000000000
11-02 16:39:39.793: I/DEBUG(3257): d18 3e56d3ae604f8858 d19 bfb0b3f66e58abf6
11-02 16:39:39.793: I/DEBUG(3257): d20 4000000000000000 d21 3f1149926a1476f9
11-02 16:39:39.793: I/DEBUG(3257): d22 bebba89f4215f5e0 d23 3fd5ce9e44d86000
11-02 16:39:39.793: I/DEBUG(3257): d24 3e66376972bea4d0 d25 c014000000000000
11-02 16:39:39.793: I/DEBUG(3257): d26 3ff5bf0a00000000 d27 bfb0b3f66e58abf8
11-02 16:39:39.793: I/DEBUG(3257): d28 bffadb73617eb466 d29 3fd5ce9e5bac0e60
11-02 16:39:39.793: I/DEBUG(3257): d30 3c7aa87621713b5a d31 3e56d3ae60000000
11-02 16:39:39.793: I/DEBUG(3257): scr 80000013
11-02 16:39:39.883: I/DEBUG(3257): #00 pc 000176d0 /system/lib/libc.so
11-02 16:39:39.883: I/DEBUG(3257): #01 pc 0001355a /system/lib/libc.so
11-02 16:39:39.883: I/DEBUG(3257): #02 pc 00015898 /system/lib/libc.so (dlfree)
11-02 16:39:39.883: I/DEBUG(3257): #03 pc 00015f10 /system/lib/libc.so (free)
11-02 16:39:39.893: I/DEBUG(3257): #04 pc 000009ac /system/lib/libstdc++.so (_ZdlPvRKSt9nothrow_t)
11-02 16:39:39.893: I/DEBUG(3257): #05 pc 0000bf94 /system/lib/libhwui.so
11-02 16:39:39.893: I/DEBUG(3257): #06 pc 000104c0 /system/lib/libhwui.so (_ZN7android10uirenderer14OpenGLRenderer7prepareEb)
11-02 16:39:39.893: I/DEBUG(3257): #07 pc 00055ec0 /system/lib/libandroid_runtime.so
11-02 16:39:39.893: I/DEBUG(3257): #08 pc 0001ec30 /system/lib/libdvm.so (dvmPlatformInvoke)
11-02 16:39:39.893: I/DEBUG(3257): #09 pc 00058c70 /system/lib/libdvm.so (_Z16dvmCallJNIMethodPKjP6JValuePK6MethodP6Thread)
11-02 16:39:39.893: I/DEBUG(3257): code around pc:
11-02 16:39:39.893: I/DEBUG(3257): 400d26b0 4623b15c 2c006824 e026d1fb b12368db \.#F$h.,..&..h#.
11-02 16:39:39.893: I/DEBUG(3257): 400d26c0 21014a17 6011447a 48124798 24002527 .J.!zD.`.G.H'%.$
11-02 16:39:39.893: I/DEBUG(3257): 400d26d0 f7f47005 2106ef48 efe4f7f5 460aa901 .p..H..!.......F
11-02 16:39:39.893: I/DEBUG(3257): 400d26e0 f04f2006 94015380 94029303 eba0f7f5 . O..S..........
11-02 16:39:39.893: I/DEBUG(3257): 400d26f0 4622a905 f7f52002 f7f4ebaa 2106ef34 .."F. ......4..!
11-02 16:39:39.893: I/DEBUG(3257): code around lr:
11-02 16:39:39.893: I/DEBUG(3257): 400d5f50 41f0e92d 46804c0c 447c2600 68a56824 -..A.L.F.&|D$h.h
11-02 16:39:39.893: I/DEBUG(3257): 400d5f60 e0076867 300cf9b5 dd022b00 47c04628 gh.....0.+..(F.G
11-02 16:39:39.893: I/DEBUG(3257): 400d5f70 35544306 37fff117 6824d5f4 d1ee2c00 .CT5...7..$h.,..
11-02 16:39:39.893: I/DEBUG(3257): 400d5f80 e8bd4630 bf0081f0 0002858a 41f0e92d 0F..........-..A
11-02 16:39:39.893: I/DEBUG(3257): 400d5f90 fb01b086 9004f602 461f4815 4615460c .........H.F.F.F
11-02 16:39:39.893: I/DEBUG(3257): memory map around addr deadbaad:
11-02 16:39:39.893: I/DEBUG(3257): beb46000-beb67000 [stack]
11-02 16:39:39.893: I/DEBUG(3257): (no map for address)
11-02 16:39:39.893: I/DEBUG(3257): ffff0000-ffff1000 [vectors]
11-02 16:39:39.893: I/DEBUG(3257): stack:
11-02 16:39:39.893: I/DEBUG(3257): beb664f8 00000001
11-02 16:39:39.893: I/DEBUG(3257): beb664fc beb66538 [stack]
11-02 16:39:39.903: I/DEBUG(3257): beb66500 400fe778 /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb66504 0000000c
11-02 16:39:39.903: I/DEBUG(3257): beb66508 400fe70c /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb6650c 40103808
11-02 16:39:39.903: I/DEBUG(3257): beb66510 00000000
11-02 16:39:39.903: I/DEBUG(3257): beb66514 400d5f71 /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb66518 00000000
11-02 16:39:39.903: I/DEBUG(3257): beb6651c beb6654c [stack]
11-02 16:39:39.903: I/DEBUG(3257): beb66520 400f4db0 /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb66524 40103474
11-02 16:39:39.903: I/DEBUG(3257): beb66528 021821c0 [heap]
11-02 16:39:39.903: I/DEBUG(3257): beb6652c 400d50dd /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb66530 df0027ad
11-02 16:39:39.903: I/DEBUG(3257): beb66534 00000000
11-02 16:39:39.903: I/DEBUG(3257): #00 beb66538 beb66534 [stack]
11-02 16:39:39.903: I/DEBUG(3257): beb6653c 00000001
11-02 16:39:39.903: I/DEBUG(3257): beb66540 400f4d94 /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb66544 00000005
11-02 16:39:39.903: I/DEBUG(3257): beb66548 beb66564 [stack]
11-02 16:39:39.903: I/DEBUG(3257): beb6654c fffffbdf
11-02 16:39:39.903: I/DEBUG(3257): beb66550 beb66564 [stack]
11-02 16:39:39.903: I/DEBUG(3257): beb66554 beb66564 [stack]
11-02 16:39:39.903: I/DEBUG(3257): beb66558 400f82ec /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb6655c 400ce55f /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): #01 beb66560 00000000
11-02 16:39:39.903: I/DEBUG(3257): beb66564 20404040
11-02 16:39:39.903: I/DEBUG(3257): beb66568 524f4241
11-02 16:39:39.903: I/DEBUG(3257): beb6656c 474e4954 /data/dalvik-cache/system@[email protected]@classes.dex
11-02 16:39:39.903: I/DEBUG(3257): beb66570 4e49203a
11-02 16:39:39.903: I/DEBUG(3257): beb66574 494c4156 /system/lib/libbcc.so
11-02 16:39:39.903: I/DEBUG(3257): beb66578 45482044 /dev/ashmem/dalvik-mark-stack (deleted)
11-02 16:39:39.903: I/DEBUG(3257): beb6657c 41205041 /dev/ashmem/dalvik-heap (deleted)
11-02 16:39:39.903: I/DEBUG(3257): beb66580 45524444 /dev/ashmem/dalvik-mark-stack (deleted)
11-02 16:39:39.903: I/DEBUG(3257): beb66584 49205353 /system/lib/libbcc.so
11-02 16:39:39.903: I/DEBUG(3257): beb66588 6c64204e
11-02 16:39:39.903: I/DEBUG(3257): beb6658c 65657266
11-02 16:39:39.903: I/DEBUG(3257): beb66590 02079100 [heap]
11-02 16:39:39.903: I/DEBUG(3257): beb66594 40103498
11-02 16:39:39.903: I/DEBUG(3257): beb66598 00000000
11-02 16:39:39.903: I/DEBUG(3257): beb6659c 400cfa4d /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb665a0 021800a8 [heap]
11-02 16:39:39.903: I/DEBUG(3257): beb665a4 401034e0
11-02 16:39:39.903: I/DEBUG(3257): beb665a8 0202ed20 [heap]
11-02 16:39:39.903: I/DEBUG(3257): beb665ac 0202ed60 [heap]
11-02 16:39:39.903: I/DEBUG(3257): beb665b0 beb666d0 [stack]
11-02 16:39:39.903: I/DEBUG(3257): beb665b4 40103498
11-02 16:39:39.903: I/DEBUG(3257): beb665b8 47821416 /data/dalvik-cache/system@[email protected]@classes.dex
11-02 16:39:39.903: I/DEBUG(3257): beb665bc 400cfa4d /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): beb665c0 02079f98 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665c4 40135525 /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257): beb665c8 02079f98 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665cc 00000000
11-02 16:39:39.913: I/DEBUG(3257): beb665d0 02079f84 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665d4 40135525 /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257): beb665d8 02079f84 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665dc 00000000
11-02 16:39:39.913: I/DEBUG(3257): beb665e0 beb66624 [stack]
11-02 16:39:39.913: I/DEBUG(3257): beb665e4 02079f98 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665e8 00000001
11-02 16:39:39.913: I/DEBUG(3257): beb665ec 401355ff /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257): beb665f0 02079da8 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665f4 0208ecb8 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665f8 0202ed20 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb665fc 02079da8 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb66600 0202ed20 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb66604 0202ed20 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb66608 02079f98 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb6660c 409c17e5 /system/lib/libhwui.so
11-02 16:39:39.913: I/DEBUG(3257): beb66610 beb666d0 [stack]
11-02 16:39:39.913: I/DEBUG(3257): beb66614 0208ecb8 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb66618 0202ed20 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb6661c 0208ecb8 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb66620 43f00000 /dev/ashmem/dalvik-heap (deleted)
11-02 16:39:39.913: I/DEBUG(3257): beb66624 0202ed20 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb66628 020e1f58 [heap]
11-02 16:39:39.913: I/DEBUG(3257): beb6662c 40103588
11-02 16:39:39.923: I/DEBUG(3257): beb66630 0218eff0 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb66634 0218f0d8 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb66638 40103588
11-02 16:39:39.923: I/DEBUG(3257): beb6663c 40103588
11-02 16:39:39.923: I/DEBUG(3257): beb66640 020e1f60 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb66644 020e2048 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb66648 beb666d0 [stack]
11-02 16:39:39.923: I/DEBUG(3257): beb6664c 40103498
11-02 16:39:39.923: I/DEBUG(3257): beb66650 00000008
11-02 16:39:39.923: I/DEBUG(3257): beb66654 400cfa4d /system/lib/libc.so
11-02 16:39:39.923: I/DEBUG(3257): beb66658 020e1f60 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb6665c 020b9348 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb66660 021821c0 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb66664 16335a17
11-02 16:39:39.923: I/DEBUG(3257): beb66668 021821b8 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb6666c 021822a0 [heap]
11-02 16:39:39.923: I/DEBUG(3257): beb66670 000000e8
11-02 16:39:39.923: I/DEBUG(3257): beb66674 400d089d /system/lib/libc.so
11-02 16:39:42.593: I/DEBUG(3257): debuggerd committing suicide to free the zombie!
11-02 16:39:42.603: I/ActivityManager(149): Process com.polaroid.kidsmusic (pid 3556) has died.
11-02 16:39:42.603: W/ActivityManager(149): Force removing ActivityRecord{40f93768 com.polaroid.kidsmusic/.MainActivity}: app died, no saved state
11-02 16:39:42.613: W/AudioFlinger(86): session id 829 not found for pid 86
11-02 16:39:42.613: I/DEBUG(3882): debuggerd: Sep 29 2012 11:09:03
11-02 16:39:42.623: I/WindowManager(149): WIN DEATH: Window{4118d898 com.polaroid.kidsmusic/com.polaroid.kidsmusic.MainActivity paused=false}
11-02 16:39:42.623: W/WindowManager(149): Force-removing child win Window{41574080 SurfaceView paused=false} from container Window{4118d898 com.polaroid.kidsmusic/com.polaroid.kidsmusic.MainActivity paused=false}
11-02 16:39:42.643: W/WindowManager(149): Failed looking up window
11-02 16:39:42.643: W/WindowManager(149): java.lang.IllegalArgumentException: Requested window android.os.BinderProxy@41159418 does not exist
11-02 16:39:42.643: W/WindowManager(149): at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:7168)
11-02 16:39:42.643: W/WindowManager(149): at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:7159)
11-02 16:39:42.643: W/WindowManager(149): at com.android.server.wm.WindowState$DeathRecipient.binderDied(WindowState.java:1545)
11-02 16:39:42.643: W/WindowManager(149): at android.os.BinderProxy.sendDeathNotice(Binder.java:417)
11-02 16:39:42.643: W/WindowManager(149): at dalvik.system.NativeStart.run(Native Method)
11-02 16:39:42.643: I/WindowManager(149): MediaPlayer.is not PlayingVideo
11-02 16:39:42.643: I/WindowManager(149): WIN DEATH: null
11-02 16:39:42.713: V/TabletStatusBar(209): setLightsOn(true)
11-02 16:39:42.723: W/InputManagerService(149): Got RemoteException sending setActive(false) notification to pid 3556 uid 10032
Looks like there are a few possibilities (go figure), with quite a bit here on SO.
Certainly one of the risks of going native!
Fatal Signal 11
Android NDK Segmentation Error
SIGNAL 11 SIGSEGV crash Android
So... good luck with that one! :/
I found out the problem.
I had been initializing a Visualizer class which object inside the onPrepareListener()
of a media player.
So whenever media player was calling prepare()
function, the Visualizer object had been created again and again, thus it affected the memory and resulted into app die.
Removing the Visualizer initialization code from onPrepareListener() and initializing the object only once solved the problem. Now the app no longer crashes.
The error more than likely comes from trying to delete or use a non-initialized pointer.
Since you are not directly messing with pointers, but using other libraries, it is possible that you are not initializing the library the way they want you to. Or there is a chance the library implementor neglected to initialize their pointers and simply haven't realized it because the error may or may not always reveal itself - as you have discovered.
Because pointers point to an address in memory, if a pointer is not initialized, it will likely contain a garbage value (not a valid memory address).
The error comes from trying to access/delete a memory address which does not exist or you do not have access to. The thing that makes it seem random is often memory is already pre-initialized to 0 which is also the value of NULL on most systems. Run your system/app long enough memory becomes more dirty.
Also, I have found that the chance of encountering 0's when declaring a non-initialized variable varies on different systems, so some systems may experience more crashing than others.
Personal example:
I ran into this error when I had instanced a class which had a pointer as a private member, but I forgot to initialize the pointer during class initialization.
Later when that class destructed it was trying to delete the pointer, however because the pointer was not initialized to NULL, it may or may not have some garbage value, so sometimes it would cause a crash and other times it would not.
Here's a stripped down example of the problem I recently encountered:
class BadFoo
{
public:
BadFoo() {} // BAD! We didn't initialize the pointer
~BadFoo() {
if (myPtr) {
delete myPtr; // CRASH HERE IF INVALID ADDRESS
}
}
// OTHER MEMBER FUNCTIONS HERE
private:
int* myPtr;
}
class GoodFoo
{
public:
GoodFoo() : myPtr(NULL) {} // GOOD! Can't be garbage value now
~GoodFoo() {
if (myPtr) {
delete myPtr;
}
}
// OTHER MEMBER FUNCTIONS HERE
private:
int* myPtr;
}
In my case, problem was to set a bad Typeface
onto a TextView
. On process death, a good typeface became bad. And, when user came back to my app, I was not initialising this typeface again, I was using same bad typeface. And so, that triggered fatal error.
2020-03-06 10:35:58.122 com.xxxxxx.xxxxxx A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2000 in tid 24474 (com.xxxxxx.xxxxxx), pid 24474 (com.xxxxxx.xxxxxx)
2020-03-06 10:35:58.141 ? E/DEBUG: failed to readlink /proc/24474/fd/47: No such file or directory
2020-03-06 10:35:58.141 ? E/DEBUG: failed to readlink /proc/24474/fd/48: No such file or directory
2020-03-06 10:35:58.176 ? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2020-03-06 10:35:58.176 ? A/DEBUG: Build fingerprint: 'google/sdk_gphone_x86/generic_x86:10/QSR1.190920.001/5891938:user/release-keys'
2020-03-06 10:35:58.176 ? A/DEBUG: Revision: '0'
2020-03-06 10:35:58.176 ? A/DEBUG: ABI: 'x86'
2020-03-06 10:35:58.176 ? A/DEBUG: Timestamp: 2020-03-06 10:35:58+0530
2020-03-06 10:35:58.176 ? A/DEBUG: pid: 24474, tid: 24474, name: com.xxxxxx.xxxxxx >>> com.xxxxxx.xxxxxx <<<
2020-03-06 10:35:58.176 ? A/DEBUG: uid: 10140
2020-03-06 10:35:58.176 ? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2000
Full stach trace
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With