Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why application is dying randomly?

I am developing an music player app. All works fine except the app dies suddenly. Sometimes this happens when the app starts, and sometimes after running for long time. Sometimes all goes well without app getting died. I observed the log to get to know what is the causing the app to die and found this:

11-02 16:39:39.293: A/libc(3556): @@@ ABORTING: INVALID HEAP ADDRESS IN dlfree
11-02 16:39:39.293: A/libc(3556): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)

The full log is given below, what I found in logcat when the app died:

11-02 16:39:39.293: A/libc(3556): @@@ ABORTING: INVALID HEAP ADDRESS IN dlfree
11-02 16:39:39.293: A/libc(3556): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
11-02 16:39:39.793: I/DEBUG(3257): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-02 16:39:39.793: I/DEBUG(3257): Build fingerprint: 'Polaroid/nuclear_md7008/nuclear-md7008:4.0.4/IMM76D/20120929:eng/test-keys'
11-02 16:39:39.793: I/DEBUG(3257): pid: 3556, tid: 3556  >>> com.polaroid.kidsmusic <<<
11-02 16:39:39.793: I/DEBUG(3257): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
11-02 16:39:39.793: I/DEBUG(3257):  r0 deadbaad  r1 00000001  r2 40000000  r3 00000000
11-02 16:39:39.793: I/DEBUG(3257):  r4 00000000  r5 00000027  r6 400f4db0  r7 40103474
11-02 16:39:39.793: I/DEBUG(3257):  r8 021821c0  r9 40061840  10 00000008  fp beb666e4
11-02 16:39:39.793: I/DEBUG(3257):  ip ffffffff  sp beb66538  lr 400d5f71  pc 400d26d0  cpsr 60000030
11-02 16:39:39.793: I/DEBUG(3257):  d0  000001e000000000  d1  43f00000000001e0
11-02 16:39:39.793: I/DEBUG(3257):  d2  443f000000000000  d3  4a8688c00000004a
11-02 16:39:39.793: I/DEBUG(3257):  d4  3f800000020922a8  d5  0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d6  0000000000000000  d7  0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d8  0000000000000000  d9  43f0000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d10 3fec2014384e6205  d11 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d12 0000000000000000  d13 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d14 0000000000000000  d15 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d16 0000000000000001  d17 3ff0000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d18 3e56d3ae604f8858  d19 bfb0b3f66e58abf6
11-02 16:39:39.793: I/DEBUG(3257):  d20 4000000000000000  d21 3f1149926a1476f9
11-02 16:39:39.793: I/DEBUG(3257):  d22 bebba89f4215f5e0  d23 3fd5ce9e44d86000
11-02 16:39:39.793: I/DEBUG(3257):  d24 3e66376972bea4d0  d25 c014000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d26 3ff5bf0a00000000  d27 bfb0b3f66e58abf8
11-02 16:39:39.793: I/DEBUG(3257):  d28 bffadb73617eb466  d29 3fd5ce9e5bac0e60
11-02 16:39:39.793: I/DEBUG(3257):  d30 3c7aa87621713b5a  d31 3e56d3ae60000000
11-02 16:39:39.793: I/DEBUG(3257):  scr 80000013
11-02 16:39:39.883: I/DEBUG(3257):          #00  pc 000176d0  /system/lib/libc.so
11-02 16:39:39.883: I/DEBUG(3257):          #01  pc 0001355a  /system/lib/libc.so
11-02 16:39:39.883: I/DEBUG(3257):          #02  pc 00015898  /system/lib/libc.so (dlfree)
11-02 16:39:39.883: I/DEBUG(3257):          #03  pc 00015f10  /system/lib/libc.so (free)
11-02 16:39:39.893: I/DEBUG(3257):          #04  pc 000009ac  /system/lib/libstdc++.so (_ZdlPvRKSt9nothrow_t)
11-02 16:39:39.893: I/DEBUG(3257):          #05  pc 0000bf94  /system/lib/libhwui.so
11-02 16:39:39.893: I/DEBUG(3257):          #06  pc 000104c0  /system/lib/libhwui.so (_ZN7android10uirenderer14OpenGLRenderer7prepareEb)
11-02 16:39:39.893: I/DEBUG(3257):          #07  pc 00055ec0  /system/lib/libandroid_runtime.so
11-02 16:39:39.893: I/DEBUG(3257):          #08  pc 0001ec30  /system/lib/libdvm.so (dvmPlatformInvoke)
11-02 16:39:39.893: I/DEBUG(3257):          #09  pc 00058c70  /system/lib/libdvm.so (_Z16dvmCallJNIMethodPKjP6JValuePK6MethodP6Thread)
11-02 16:39:39.893: I/DEBUG(3257): code around pc:
11-02 16:39:39.893: I/DEBUG(3257): 400d26b0 4623b15c 2c006824 e026d1fb b12368db  \.#F$h.,..&..h#.
11-02 16:39:39.893: I/DEBUG(3257): 400d26c0 21014a17 6011447a 48124798 24002527  .J.!zD.`.G.H'%.$
11-02 16:39:39.893: I/DEBUG(3257): 400d26d0 f7f47005 2106ef48 efe4f7f5 460aa901  .p..H..!.......F
11-02 16:39:39.893: I/DEBUG(3257): 400d26e0 f04f2006 94015380 94029303 eba0f7f5  . O..S..........
11-02 16:39:39.893: I/DEBUG(3257): 400d26f0 4622a905 f7f52002 f7f4ebaa 2106ef34  .."F. ......4..!
11-02 16:39:39.893: I/DEBUG(3257): code around lr:
11-02 16:39:39.893: I/DEBUG(3257): 400d5f50 41f0e92d 46804c0c 447c2600 68a56824  -..A.L.F.&|D$h.h
11-02 16:39:39.893: I/DEBUG(3257): 400d5f60 e0076867 300cf9b5 dd022b00 47c04628  gh.....0.+..(F.G
11-02 16:39:39.893: I/DEBUG(3257): 400d5f70 35544306 37fff117 6824d5f4 d1ee2c00  .CT5...7..$h.,..
11-02 16:39:39.893: I/DEBUG(3257): 400d5f80 e8bd4630 bf0081f0 0002858a 41f0e92d  0F..........-..A
11-02 16:39:39.893: I/DEBUG(3257): 400d5f90 fb01b086 9004f602 461f4815 4615460c  .........H.F.F.F
11-02 16:39:39.893: I/DEBUG(3257): memory map around addr deadbaad:
11-02 16:39:39.893: I/DEBUG(3257): beb46000-beb67000 [stack]
11-02 16:39:39.893: I/DEBUG(3257): (no map for address)
11-02 16:39:39.893: I/DEBUG(3257): ffff0000-ffff1000 [vectors]
11-02 16:39:39.893: I/DEBUG(3257): stack:
11-02 16:39:39.893: I/DEBUG(3257):     beb664f8  00000001  
11-02 16:39:39.893: I/DEBUG(3257):     beb664fc  beb66538  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66500  400fe778  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66504  0000000c  
11-02 16:39:39.903: I/DEBUG(3257):     beb66508  400fe70c  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb6650c  40103808  
11-02 16:39:39.903: I/DEBUG(3257):     beb66510  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb66514  400d5f71  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66518  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb6651c  beb6654c  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66520  400f4db0  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66524  40103474  
11-02 16:39:39.903: I/DEBUG(3257):     beb66528  021821c0  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb6652c  400d50dd  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66530  df0027ad  
11-02 16:39:39.903: I/DEBUG(3257):     beb66534  00000000  
11-02 16:39:39.903: I/DEBUG(3257): #00 beb66538  beb66534  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb6653c  00000001  
11-02 16:39:39.903: I/DEBUG(3257):     beb66540  400f4d94  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66544  00000005  
11-02 16:39:39.903: I/DEBUG(3257):     beb66548  beb66564  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb6654c  fffffbdf  
11-02 16:39:39.903: I/DEBUG(3257):     beb66550  beb66564  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66554  beb66564  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66558  400f82ec  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb6655c  400ce55f  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): #01 beb66560  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb66564  20404040  
11-02 16:39:39.903: I/DEBUG(3257):     beb66568  524f4241  
11-02 16:39:39.903: I/DEBUG(3257):     beb6656c  474e4954  /data/dalvik-cache/system@[email protected]@classes.dex
11-02 16:39:39.903: I/DEBUG(3257):     beb66570  4e49203a  
11-02 16:39:39.903: I/DEBUG(3257):     beb66574  494c4156  /system/lib/libbcc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66578  45482044  /dev/ashmem/dalvik-mark-stack (deleted)
11-02 16:39:39.903: I/DEBUG(3257):     beb6657c  41205041  /dev/ashmem/dalvik-heap (deleted)
11-02 16:39:39.903: I/DEBUG(3257):     beb66580  45524444  /dev/ashmem/dalvik-mark-stack (deleted)
11-02 16:39:39.903: I/DEBUG(3257):     beb66584  49205353  /system/lib/libbcc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66588  6c64204e  
11-02 16:39:39.903: I/DEBUG(3257):     beb6658c  65657266  
11-02 16:39:39.903: I/DEBUG(3257):     beb66590  02079100  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb66594  40103498  
11-02 16:39:39.903: I/DEBUG(3257):     beb66598  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb6659c  400cfa4d  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb665a0  021800a8  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb665a4  401034e0  
11-02 16:39:39.903: I/DEBUG(3257):     beb665a8  0202ed20  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb665ac  0202ed60  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb665b0  beb666d0  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb665b4  40103498  
11-02 16:39:39.903: I/DEBUG(3257):     beb665b8  47821416  /data/dalvik-cache/system@[email protected]@classes.dex
11-02 16:39:39.903: I/DEBUG(3257):     beb665bc  400cfa4d  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb665c0  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665c4  40135525  /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257):     beb665c8  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665cc  00000000  
11-02 16:39:39.913: I/DEBUG(3257):     beb665d0  02079f84  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665d4  40135525  /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257):     beb665d8  02079f84  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665dc  00000000  
11-02 16:39:39.913: I/DEBUG(3257):     beb665e0  beb66624  [stack]
11-02 16:39:39.913: I/DEBUG(3257):     beb665e4  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665e8  00000001  
11-02 16:39:39.913: I/DEBUG(3257):     beb665ec  401355ff  /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257):     beb665f0  02079da8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665f4  0208ecb8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665f8  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665fc  02079da8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66600  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66604  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66608  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb6660c  409c17e5  /system/lib/libhwui.so
11-02 16:39:39.913: I/DEBUG(3257):     beb66610  beb666d0  [stack]
11-02 16:39:39.913: I/DEBUG(3257):     beb66614  0208ecb8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66618  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb6661c  0208ecb8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66620  43f00000  /dev/ashmem/dalvik-heap (deleted)
11-02 16:39:39.913: I/DEBUG(3257):     beb66624  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66628  020e1f58  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb6662c  40103588  
11-02 16:39:39.923: I/DEBUG(3257):     beb66630  0218eff0  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66634  0218f0d8  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66638  40103588  
11-02 16:39:39.923: I/DEBUG(3257):     beb6663c  40103588  
11-02 16:39:39.923: I/DEBUG(3257):     beb66640  020e1f60  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66644  020e2048  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66648  beb666d0  [stack]
11-02 16:39:39.923: I/DEBUG(3257):     beb6664c  40103498  
11-02 16:39:39.923: I/DEBUG(3257):     beb66650  00000008  
11-02 16:39:39.923: I/DEBUG(3257):     beb66654  400cfa4d  /system/lib/libc.so
11-02 16:39:39.923: I/DEBUG(3257):     beb66658  020e1f60  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb6665c  020b9348  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66660  021821c0  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66664  16335a17  
11-02 16:39:39.923: I/DEBUG(3257):     beb66668  021821b8  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb6666c  021822a0  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66670  000000e8  
11-02 16:39:39.923: I/DEBUG(3257):     beb66674  400d089d  /system/lib/libc.so
11-02 16:39:42.593: I/DEBUG(3257): debuggerd committing suicide to free the zombie!
11-02 16:39:42.603: I/ActivityManager(149): Process com.polaroid.kidsmusic (pid 3556) has died.
11-02 16:39:42.603: W/ActivityManager(149): Force removing ActivityRecord{40f93768 com.polaroid.kidsmusic/.MainActivity}: app died, no saved state
11-02 16:39:42.613: W/AudioFlinger(86): session id 829 not found for pid 86
11-02 16:39:42.613: I/DEBUG(3882): debuggerd: Sep 29 2012 11:09:03
11-02 16:39:42.623: I/WindowManager(149): WIN DEATH: Window{4118d898 com.polaroid.kidsmusic/com.polaroid.kidsmusic.MainActivity paused=false}
11-02 16:39:42.623: W/WindowManager(149): Force-removing child win Window{41574080 SurfaceView paused=false} from container Window{4118d898 com.polaroid.kidsmusic/com.polaroid.kidsmusic.MainActivity paused=false}
11-02 16:39:42.643: W/WindowManager(149): Failed looking up window
11-02 16:39:42.643: W/WindowManager(149): java.lang.IllegalArgumentException: Requested window android.os.BinderProxy@41159418 does not exist
11-02 16:39:42.643: W/WindowManager(149):   at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:7168)
11-02 16:39:42.643: W/WindowManager(149):   at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:7159)
11-02 16:39:42.643: W/WindowManager(149):   at com.android.server.wm.WindowState$DeathRecipient.binderDied(WindowState.java:1545)
11-02 16:39:42.643: W/WindowManager(149):   at android.os.BinderProxy.sendDeathNotice(Binder.java:417)
11-02 16:39:42.643: W/WindowManager(149):   at dalvik.system.NativeStart.run(Native Method)
11-02 16:39:42.643: I/WindowManager(149): MediaPlayer.is not PlayingVideo
11-02 16:39:42.643: I/WindowManager(149): WIN DEATH: null
11-02 16:39:42.713: V/TabletStatusBar(209): setLightsOn(true)
11-02 16:39:42.723: W/InputManagerService(149): Got RemoteException sending setActive(false) notification to pid 3556 uid 10032
like image 401
Junaid Avatar asked Nov 02 '12 13:11

Junaid


4 Answers

Looks like there are a few possibilities (go figure), with quite a bit here on SO.

Might be running out of memory

Certainly one of the risks of going native!

  • Fatal Signal 11

  • Android NDK Segmentation Error

  • SIGNAL 11 SIGSEGV crash Android

Function call being made from two different threads at the same time

  • Invalid heap address and fatal signal 11

Memory Corruption

  • Fatal signal 11 and INVALID HEAP ADDRESS IN dlfree error when using glShaderBinary

So... good luck with that one! :/

like image 59
CodeShane Avatar answered Nov 09 '22 04:11

CodeShane


I found out the problem.

I had been initializing a Visualizer class which object inside the onPrepareListener() of a media player.

So whenever media player was calling prepare() function, the Visualizer object had been created again and again, thus it affected the memory and resulted into app die.

Removing the Visualizer initialization code from onPrepareListener() and initializing the object only once solved the problem. Now the app no longer crashes.

like image 33
Junaid Avatar answered Nov 09 '22 04:11

Junaid


The error more than likely comes from trying to delete or use a non-initialized pointer.

Since you are not directly messing with pointers, but using other libraries, it is possible that you are not initializing the library the way they want you to. Or there is a chance the library implementor neglected to initialize their pointers and simply haven't realized it because the error may or may not always reveal itself - as you have discovered.

Because pointers point to an address in memory, if a pointer is not initialized, it will likely contain a garbage value (not a valid memory address).

The error comes from trying to access/delete a memory address which does not exist or you do not have access to. The thing that makes it seem random is often memory is already pre-initialized to 0 which is also the value of NULL on most systems. Run your system/app long enough memory becomes more dirty.

Also, I have found that the chance of encountering 0's when declaring a non-initialized variable varies on different systems, so some systems may experience more crashing than others.

Personal example:

I ran into this error when I had instanced a class which had a pointer as a private member, but I forgot to initialize the pointer during class initialization.

Later when that class destructed it was trying to delete the pointer, however because the pointer was not initialized to NULL, it may or may not have some garbage value, so sometimes it would cause a crash and other times it would not.

Here's a stripped down example of the problem I recently encountered:

class BadFoo
{
public:
    BadFoo() {} // BAD! We didn't initialize the pointer
    ~BadFoo() {
        if (myPtr) {
            delete myPtr; // CRASH HERE IF INVALID ADDRESS
        }
    }
    // OTHER MEMBER FUNCTIONS HERE

private:
    int* myPtr;
}




class GoodFoo
{
public:
    GoodFoo() : myPtr(NULL) {} // GOOD! Can't be garbage value now
    ~GoodFoo() {
        if (myPtr) {
            delete myPtr;
        }
    }
    // OTHER MEMBER FUNCTIONS HERE

private:
    int* myPtr;
}
like image 6
PolyMesh Avatar answered Nov 09 '22 05:11

PolyMesh


In my case, problem was to set a bad Typeface onto a TextView. On process death, a good typeface became bad. And, when user came back to my app, I was not initialising this typeface again, I was using same bad typeface. And so, that triggered fatal error.

2020-03-06 10:35:58.122 com.xxxxxx.xxxxxx A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2000 in tid 24474 (com.xxxxxx.xxxxxx), pid 24474 (com.xxxxxx.xxxxxx)
2020-03-06 10:35:58.141 ? E/DEBUG: failed to readlink /proc/24474/fd/47: No such file or directory
2020-03-06 10:35:58.141 ? E/DEBUG: failed to readlink /proc/24474/fd/48: No such file or directory
2020-03-06 10:35:58.176 ? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2020-03-06 10:35:58.176 ? A/DEBUG: Build fingerprint: 'google/sdk_gphone_x86/generic_x86:10/QSR1.190920.001/5891938:user/release-keys'
2020-03-06 10:35:58.176 ? A/DEBUG: Revision: '0'
2020-03-06 10:35:58.176 ? A/DEBUG: ABI: 'x86'
2020-03-06 10:35:58.176 ? A/DEBUG: Timestamp: 2020-03-06 10:35:58+0530
2020-03-06 10:35:58.176 ? A/DEBUG: pid: 24474, tid: 24474, name: com.xxxxxx.xxxxxx  >>> com.xxxxxx.xxxxxx <<<
2020-03-06 10:35:58.176 ? A/DEBUG: uid: 10140
2020-03-06 10:35:58.176 ? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2000

Full stach trace

like image 1
rupinderjeet Avatar answered Nov 09 '22 04:11

rupinderjeet