Android weird lib.c crash

shiami picture shiami · Sep 29, 2011 · Viewed 6.9k times · Source

I'm writing an Android app. I totally have no idea why it happenes often. Could someone tell me what reason might cause it happened? Thanks!

09-29 13:58:00.540: INFO/DEBUG(4658): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-29 13:58:00.540: INFO/DEBUG(4658): Build fingerprint: 'MOTO/wifi_hubble/wifi_hubble:3.1/H.6.4-20/1310119769:user/ota-rel-keys,release-keys'
09-29 13:58:00.540: INFO/DEBUG(4658): pid: 23390, tid: 23390  >>> com.aaa.bbb <<<
09-29 13:58:00.540: INFO/DEBUG(4658): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
09-29 13:58:00.540: INFO/DEBUG(4658):  r0 deadbaad  r1 00000001  r2 a0000000  r3 00000000
09-29 13:58:00.540: INFO/DEBUG(4658):  r4 00000000  r5 00000027  r6 00000028  r7 00000005
09-29 13:58:00.540: INFO/DEBUG(4658):  r8 00000002  r9 001aa540  10 00000005  fp 0000005e
09-29 13:58:00.540: INFO/DEBUG(4658):  ip ffffffff  sp bed42ee8  lr afe164ad  pc afe12c1c  cpsr 68000030
09-29 13:58:00.540: INFO/DEBUG(4658):  d0  000000a043208000  d1  0000000043208000
09-29 13:58:00.540: INFO/DEBUG(4658):  d2  0000000000000000  d3  3ff0000000000000
09-29 13:58:00.540: INFO/DEBUG(4658):  d4  0000000000000000  d5  4082780000000000
09-29 13:58:00.540: INFO/DEBUG(4658):  d6  c413c000c30c0000  d7  0000000000000000
09-29 13:58:00.540: INFO/DEBUG(4658):  d8  0000000043fa8000  d9  3f80000000000000
09-29 13:58:00.540: INFO/DEBUG(4658):  d10 4004cccd430e0000  d11 0000000040951f28
09-29 13:58:00.540: INFO/DEBUG(4658):  d12 00000000bfd55580  d13 0000000000000000
09-29 13:58:00.540: INFO/DEBUG(4658):  d14 0000000000000000  d15 0000000000000000
09-29 13:58:00.540: INFO/DEBUG(4658):  scr 8000001b
09-29 13:58:00.640: INFO/DEBUG(4658):          #00  pc 00015c1c  /system/lib/libc.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #01  pc 00013efe  /system/lib/libc.so (dlfree)
09-29 13:58:00.640: INFO/DEBUG(4658):          #02  pc 0001445c  /system/lib/libc.so (free)
09-29 13:58:00.640: INFO/DEBUG(4658):          #03  pc 0002239e  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #04  pc 0000483c  /system/lib/libsqlite.so (sqlite3_free)
09-29 13:58:00.640: INFO/DEBUG(4658):          #05  pc 00005b28  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #06  pc 00005b60  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #07  pc 00005d20  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #08  pc 00005e76  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #09  pc 0000a7c2  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #10  pc 0000a7e0  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #11  pc 0001cd96  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #12  pc 0001d8fa  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #13  pc 0001da3c  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #14  pc 0001e31c  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658):          #15  pc 0003b68e  /system/lib/libsqlite.so
09-29 13:58:00.640: INFO/DEBUG(4658): libc base address: afdfd000
09-29 13:58:00.640: INFO/DEBUG(4658): code around pc:
09-29 13:58:00.640: INFO/DEBUG(4658): afe12bfc 4623b15c 2c006824 e026d1fb b12368db 
09-29 13:58:00.640: INFO/DEBUG(4658): afe12c0c 21014a17 6011447a 48124798 24002527 
09-29 13:58:00.640: INFO/DEBUG(4658): afe12c1c f7f57005 2106eb8a ec18f7f6 460aa901 
09-29 13:58:00.640: INFO/DEBUG(4658): afe12c2c f04f2006 94015380 94029303 efe2f7f5 
09-29 13:58:00.640: INFO/DEBUG(4658): afe12c3c 4622a905 f7f52002 f7f5efec 2106eb76 
09-29 13:58:00.640: INFO/DEBUG(4658): code around lr:
09-29 13:58:00.640: INFO/DEBUG(4658): afe1648c 41f0e92d 46804c0c 447c2600 68a56824 
09-29 13:58:00.640: INFO/DEBUG(4658): afe1649c e0076867 300cf9b5 dd022b00 47c04628 
09-29 13:58:00.640: INFO/DEBUG(4658): afe164ac 35544306 37fff117 6824d5f4 d1ee2c00 
09-29 13:58:00.640: INFO/DEBUG(4658): afe164bc e8bd4630 bf0081f0 0002802e 41f0e92d 
09-29 13:58:00.640: INFO/DEBUG(4658): afe164cc fb01b086 9004f602 461f4815 4615460c 
09-29 13:58:00.640: INFO/DEBUG(4658): stack:
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ea8  00af9de0  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42eac  008aa8f8  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42eb0  00000000  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42eb4  00000007  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42eb8  afe3e700  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ebc  afe3e690  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ec0  00000000  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ec4  afe164ad  /system/lib/libc.so
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ec8  00000000  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ecc  bed42efc  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ed0  00000028  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ed4  00000005  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ed8  00000002  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42edc  afe15619  /system/lib/libc.so
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ee0  df002777  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ee4  e3a070ad  
09-29 13:58:00.640: INFO/DEBUG(4658): #00 bed42ee8  00000002  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42eec  00000001  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ef0  00afe158  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ef4  00afe5cc  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42ef8  00afe150  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42efc  fffffbdf  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f00  00000002  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f04  afe434a0  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f08  00000888  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f0c  afe10f03  /system/lib/libc.so
09-29 13:58:00.640: INFO/DEBUG(4658): #01 bed42f10  00afe158  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f14  00afe5cc  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f18  00000002  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f1c  005e6c90  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f20  00000002  
09-29 13:58:00.640: INFO/DEBUG(4658):     bed42f24  afe1145f  /system/lib/libc.so
09-29 13:58:04.160: INFO/DEBUG(4658): debuggerd committing suicide to free the zombie!
09-29 13:58:04.170: INFO/BootReceiver(148): Copying /data/tombstones/tombstone_05 to DropBox (SYSTEM_TOMBSTONE)
09-29 13:58:04.180: INFO/DEBUG(25207): debuggerd: Jul  8 2011 03:35:12

EDIT: Add another log.

10-04 10:21:31.210: INFO/DEBUG(2375): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10-04 10:21:31.210: INFO/DEBUG(2375): Build fingerprint: 'asus/TW_epad/TF101:3.2.1/HTK75/TW_epad-8.6.5.13-20110925:user/release-keys'
10-04 10:21:31.210: INFO/DEBUG(2375): pid: 4044, tid: 4045  >>> com.aaa.bbb <<<
10-04 10:21:31.210: INFO/DEBUG(2375): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
10-04 10:21:31.210: INFO/DEBUG(2375):  r0 deadbaad  r1 00000001  r2 a0000000  r3 00000000
10-04 10:21:31.210: INFO/DEBUG(2375):  r4 00000000  r5 00000027  r6 002f3540  r7 0000b000
10-04 10:21:31.210: INFO/DEBUG(2375):  r8 100ffad0  r9 4002bfa0  10 4002bf8c  fp fffffe90
10-04 10:21:31.210: INFO/DEBUG(2375):  ip ffffffff  sp 100ffa78  lr aff194ad  pc aff15c1c  cpsr 60000030
10-04 10:21:31.210: INFO/DEBUG(2375):  d0  42c8000042a982a6  d1  0000005f01997918
10-04 10:21:31.210: INFO/DEBUG(2375):  d2  4e19740842be9580  d3  42c8000000670ff0
10-04 10:21:31.210: INFO/DEBUG(2375):  d4  000001fd006235c8  d5  3fe999999999999a
10-04 10:21:31.210: INFO/DEBUG(2375):  d6  01e31fe000000000  d7  000000544f1ff34d
10-04 10:21:31.210: INFO/DEBUG(2375):  d8  0000000000000000  d9  0000000000000000
10-04 10:21:31.210: INFO/DEBUG(2375):  d10 0000000000000000  d11 0000000000000000
10-04 10:21:31.210: INFO/DEBUG(2375):  d12 0000000000000000  d13 0000000000000000
10-04 10:21:31.210: INFO/DEBUG(2375):  d14 0000000000000000  d15 0000000000000000
10-04 10:21:31.210: INFO/DEBUG(2375):  scr 80000012
10-04 10:21:31.330: INFO/DEBUG(2375):          #00  pc 00015c1c  /system/lib/libc.so
10-04 10:21:31.330: INFO/DEBUG(2375):          #01  pc 00013efe  /system/lib/libc.so (dlfree)
10-04 10:21:31.330: INFO/DEBUG(2375):          #02  pc 0001445c  /system/lib/libc.so (free)
10-04 10:21:31.330: INFO/DEBUG(2375):          #03  pc 000009bc  /system/lib/libstdc++.so (_ZdaPvRKSt9nothrow_t)
10-04 10:21:31.330: INFO/DEBUG(2375):          #04  pc 0005cccc  /system/lib/libandroid_runtime.so
10-04 10:21:31.330: INFO/DEBUG(2375): libc base address: aff00000
10-04 10:21:31.330: INFO/DEBUG(2375): code around pc:
10-04 10:21:31.330: INFO/DEBUG(2375): aff15bfc 4623b15c 2c006824 e026d1fb b12368db 
10-04 10:21:31.330: INFO/DEBUG(2375): aff15c0c 21014a17 6011447a 48124798 24002527 
10-04 10:21:31.330: INFO/DEBUG(2375): aff15c1c f7f57005 2106eb8a ec18f7f6 460aa901 
10-04 10:21:31.330: INFO/DEBUG(2375): aff15c2c f04f2006 94015380 94029303 efe2f7f5 
10-04 10:21:31.330: INFO/DEBUG(2375): aff15c3c 4622a905 f7f52002 f7f5efec 2106eb76 
10-04 10:21:31.330: INFO/DEBUG(2375): code around lr:
10-04 10:21:31.330: INFO/DEBUG(2375): aff1948c 41f0e92d 46804c0c 447c2600 68a56824 
10-04 10:21:31.330: INFO/DEBUG(2375): aff1949c e0076867 300cf9b5 dd022b00 47c04628 
10-04 10:21:31.330: INFO/DEBUG(2375): aff194ac 35544306 37fff117 6824d5f4 d1ee2c00 
10-04 10:21:31.330: INFO/DEBUG(2375): aff194bc e8bd4630 bf0081f0 0002802e 41f0e92d 
10-04 10:21:31.330: INFO/DEBUG(2375): aff194cc fb01b086 9004f602 461f4815 4615460c 
10-04 10:21:31.330: INFO/DEBUG(2375): stack:
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa38  0023aa60  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa3c  0000b000  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa40  100ffad0  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa44  4002bf80  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa48  aff41700  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa4c  aff41690  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa50  00000000  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa54  aff194ad  /system/lib/libc.so
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa58  00000000  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa5c  100ffa8c  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa60  002f3540  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa64  0000b000  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa68  100ffad0  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa6c  aff18619  /system/lib/libc.so
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa70  df002777  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa74  e3a070ad  
10-04 10:21:31.330: INFO/DEBUG(2375): #00 100ffa78  8bfffbfc  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa7c  00000001  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa80  002f3578  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa84  00000000  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa88  002f3578  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa8c  fffffbdf  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa90  100ffad0  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa94  00000006  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa98  00000080  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffa9c  aff13f03  /system/lib/libc.so
10-04 10:21:31.330: INFO/DEBUG(2375): #01 100ffaa0  002f3578  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffaa4  00000000  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffaa8  100ffb78  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffaac  4002bfa8  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffab0  100ffad0  
10-04 10:21:31.330: INFO/DEBUG(2375):     100ffab4  aff1445f  /system/lib/libc.so
10-04 10:21:34.920: INFO/BootReceiver(140): Copying /data/tombstones/tombstone_08 to DropBox (SYSTEM_TOMBSTONE)
10-04 10:21:34.930: INFO/DEBUG(2375): debuggerd committing suicide to free the zombie!

Answer

P.T. picture P.T. · Oct 4, 2011

The system is crashing trying to dereference the address 'deadbaad'. That looks like a debugging hint (someone is initializing a pointer to deadbaad to make crashes a bit easier to identify).

Looks like you're not the first to hit this: http://groups.google.com/group/android-ndk/browse_thread/thread/8d083a0ccebe0faa

Looks like 'deadbaad' means the Dalvik heap got corrupted. So some JNI code or C library is messing with the heap. Do you have any Native code in your app? Blame it.

Update #1

No native code to blame....

Are there any interesting log lines before the crash happens? From looking at the android source the 0xdeadbaad crash is used to implement 'abort()'. And both backtraces are in the C 'free' routine (some simple sanity checks on the memory range are done there). Note 'free' is just detecting the memory corruption and isn't likely the source of the corruption.

Does your app do a lot of native memory allocations indirectly? E.g., through OpenGL textures or loading of audio? Are you doing any SQL directly?

Can you add some details to the question about what's going on in your app when this happens? (How long is the app running? Anything happening on the UI or the network? etc)