Frequent "signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)" crashes on Android, caused by FP_AudioCallbac

[KupoGames]

Hi, my app "Epic Battle Fantasy 5" has a very high crash rate on Android, around 20% of sessions! Around 90-95% of crashes are "signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)" "libCore.so (offset 0x1000)". A few more crashes have a similar name "signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)" "libCore.so".

I don't see any obvious pattern when it comes to which devices are crashing - devices with a lot of RAM are crashing too. The crashes seems to happen on all versions of Android.

I'm currently using AIR 33.1.1.743, but I had a similar pattern of crashes when I was using 3.1.1.533. I'm using Distriqt's ANEs for In-App Purchases, Play Services/Achievements, and Adverts. I'm compiling the app from Adobe Flash CC15.

My app is a very long Turn-based RPG, which is designed to be played in long sessions. It uses GPU mode and the regular Flash Display List - it is mostly vector art, and cacheAsBitmap is used for graphics which are not animated. It uses around 400-600MB of RAM when running, though my phone says it used 1GB max, so maybe there's some specific circumstances where is uses more.

Some users say it crashes several times per hour, while others say they have played for 2 or 3 hours before a crash happens. The crashes do seem to happen randomly at specific points though - such as when the player takes an action in battle, causing a lot of code to run, and many MovieClips to be added and removed. The crash happens on my Galaxy Note 8 every few hours. I think this is the relevant part of the logcat: (let me know if you need more)

--------- beginning of crash 02-13 17:12:08.824 16456 24832 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0xd8 in tid 24832 (FP_AudioCallbac) 02-13 17:12:08.988 3469 3469 E audit : type=1400 audit(1644772328.981:1715): avc: denied { search } for pid=25849 comm="crash_dump64" name="air.EpicBattleFantasy5" dev="dm-1" ino=73755 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SM-N950F_8.0.0_0009 audit_filtered 02-13 17:12:08.989 3469 3469 E audit : type=1400 audit(1644772328.981:1716): avc: denied { search } for pid=25849 comm="crash_dump64" name="air.EpicBattleFantasy5" dev="dm-1" ino=73755 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SM-N950F_8.0.0_0009 audit_filtered 02-13 17:12:08.990 3469 3469 E audit : type=1400 audit(1644772328.985:1717): avc: denied { search } for pid=25849 comm="crash_dump64" name="com.google.android.gms" dev="dm-1" ino=393598 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SM-N950F_8.0.0_0009 audit_filtered 02-13 17:12:08.990 3469 3469 I chatty : uid=1999(audit) /system/bin/auditd identical 1 line 02-13 17:12:08.991 3469 3469 E audit : type=1400 audit(1644772328.985:1719): avc: denied { search } for pid=25849 comm="crash_dump64" name="com.google.android.gms" dev="dm-1" ino=393598 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SM-N950F_8.0.0_0009 audit_filtered 02-13 17:12:09.044 25849 25849 I crash_dump64: obtaining output fd from tombstoned 02-13 17:12:09.050 3529 3529 I /system/bin/tombstoned: received crash request for pid 16456 02-13 17:12:09.053 25849 25849 I crash_dump64: performing dump of process 16456 (target tid = 24832) 02-13 17:12:09.053 25849 25849 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 02-13 17:12:09.054 25849 25849 F DEBUG : Build fingerprint: 'samsung/greatltexx/greatlte:8.0.0/R16NW/N950FXXS5CRK4:user/release-keys' 02-13 17:12:09.054 25849 25849 F DEBUG : Revision: '9' 02-13 17:12:09.054 25849 25849 F DEBUG : ABI: 'arm64' 02-13 17:12:09.054 25849 25849 F DEBUG : pid: 16456, tid: 24832, name: FP_AudioCallbac >>> air.EpicBattleFantasy5 <<< 02-13 17:12:09.054 25849 25849 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd8 02-13 17:12:09.054 25849 25849 F DEBUG : Cause: null pointer dereference 02-13 17:12:09.054 25849 25849 F DEBUG : x0 0000000000000000 x1 00000076026cc7fe x2 0000000000000002 x3 00000075c5c517b0 02-13 17:12:09.054 25849 25849 F DEBUG : x4 0000007607203078 x5 00000076174d4ec2 x6 0000000000000017 x7 00000000000000ff 02-13 17:12:09.054 25849 25849 F DEBUG : x8 0000000000000062 x9 0000000000000001 x10 0000000000000064 x11 0000000000000000 02-13 17:12:09.054 25849 25849 F DEBUG : x12 0000000000000064 x13 0000000000000000 x14 0000000000000000 x15 0000000000000000 02-13 17:12:09.054 25849 25849 F DEBUG : x16 000000762965ead8 x17 000000764e1b2ab0 x18 000000000000001c x19 0000000000000000 02-13 17:12:09.054 25849 25849 F DEBUG : x20 0000007625020100 x21 0000007607203000 x22 00000076026cc000 x23 0000000000000000 02-13 17:12:09.054 25849 25849 F DEBUG : x24 0000000000000064 x25 0000000000000000 x26 0000000000000064 x27 0000000000000064 02-13 17:12:09.054 25849 25849 F DEBUG : x28 0000000000000000 x29 00000076174d4e40 x30 0000007628733a90 02-13 17:12:09.054 25849 25849 F DEBUG : sp 00000076174d4e30 pc 00000076287597cc pstate 0000000040000000 02-13 17:12:09.071 25849 25849 F DEBUG : 02-13 17:12:09.071 25849 25849 F DEBUG : backtrace: 02-13 17:12:09.071 25849 25849 F DEBUG : #00 pc 00000000004567cc /data/app/air.EpicBattleFantasy5-4gZNxh70p_rbGPcIcjTFPQ==/lib/arm64/libCore.so 02-13 17:12:09.071 25849 25849 F DEBUG : #01 pc 0000000000430a8c /data/app/air.EpicBattleFantasy5-4gZNxh70p_rbGPcIcjTFPQ==/lib/arm64/libCore.so 02-13 17:12:09.071 25849 25849 F DEBUG : #02 pc 0000000000430968 /data/app/air.EpicBattleFantasy5-4gZNxh70p_rbGPcIcjTFPQ==/lib/arm64/libCore.so 02-13 17:12:09.071 25849 25849 F DEBUG : #03 pc 00000000002ec9b0 /data/app/air.EpicBattleFantasy5-4gZNxh70p_rbGPcIcjTFPQ==/lib/arm64/libCore.so 02-13 17:12:09.072 25849 25849 F DEBUG : #04 pc 000000000031fe30 /data/app/air.EpicBattleFantasy5-4gZNxh70p_rbGPcIcjTFPQ==/lib/arm64/libCore.so 02-13 17:12:09.072 25849 25849 F DEBUG : #05 pc 000000000031f870 /data/app/air.EpicBattleFantasy5-4gZNxh70p_rbGPcIcjTFPQ==/lib/arm64/libCore.so 02-13 17:12:09.072 25849 25849 F DEBUG : #06 pc 000000000031ff04 /data/app/air.EpicBattleFantasy5-4gZNxh70p_rbGPcIcjTFPQ==/lib/arm64/libCore.so 02-13 17:12:09.072 25849 25849 F DEBUG : #07 pc 000000000006df14 /system/lib64/libc.so (_ZL15__pthread_startPv+36) 02-13 17:12:09.072 25849 25849 F DEBUG : #08 pc 000000000001f9a4 /system/lib64/libc.so (__start_thread+68) 02-13 17:12:09.904 3491 18327 V APM_AudioPolicyManager: getAudioPolicyConfig: audioParam;activeStream 02-13 17:12:09.904 3491 18327 V APM_AudioPolicyManager: ### active stream : 0 02-13 17:12:09.904 3879 7447 D AudioService: active stream is 0x0 02-13 17:12:09.904 3491 18327 V APM_AudioPolicyManager: getAudioPolicyConfig: audioParam;outDevice 02-13 17:12:09.905 3491 18327 V APM_AudioPolicyManager: getNewOutputDevice() selected device 0 02-13 17:12:09.905 3491 18327 V APM_AudioPolicyManager: ### curdevice : 2 02-13 17:12:09.905 3879 7447 W System.err: java.lang.NumberFormatException: s == null 02-13 17:12:09.905 3879 7447 W System.err: at java.lang.Integer.parseInt(Integer.java:570) 02-13 17:12:09.905 3879 7447 W System.err: at a.i.hI(:79) 02-13 17:12:09.905 3879 7447 W System.err: at a.l.id(:150) 02-13 17:12:09.905 3879 7447 W System.err: at a.t.run(:73) 02-13 17:12:09.905 3879 7447 W System.err: at android.os.Handler.handleCallback(Handler.java:789) 02-13 17:12:09.905 3879 7447 W System.err: at android.os.Handler.dispatchMessage(Handler.java:98) 02-13 17:12:09.905 3879 7447 W System.err: at android.os.Looper.loop(Looper.java:164) 02-13 17:12:09.905 3879 7447 W System.err: at android.os.HandlerThread.run(HandlerThread.java:65)

[ajwfrost]

Hi - just saw that I'd not responded to this, although we had investigated with that call stack and found a scenario where a sound may have completed and been cleaned up but during another thread that's processing the audio data, it was being checked to see if there was any sound left to play ... hence a null pointer dereference.

We've added protection for this which will be in our next release, so I would hope you then see some improvement in the stats...

thanks

[KupoGames]

I'd like to follow up and say that after updating from AIR 743 to AIR 929, and updating my app on the Google Play Store, the crash rate of my app has drastically fallen. The crash rate went from around 18% to 4% (and the rate is still going down every day). So I can confirm this issue has been solved. Thanks!