Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fatal crash on Samsung Galaxy J5 (SM-J530F) #41

Open
jakoss opened this issue Mar 12, 2020 · 8 comments
Open

Fatal crash on Samsung Galaxy J5 (SM-J530F) #41

jakoss opened this issue Mar 12, 2020 · 8 comments

Comments

@jakoss
Copy link

jakoss commented Mar 12, 2020
edited

Hi,

I have it only on android device: Samsung Galaxy J5 (SM-J530F), but possibly there are other devices affected.

We have fatal crash that always happens when trying to hash byte array (contents does not seem to matter) using xxHash:

LongHashFunction
        .xx().hashBytes(value)

Taken from LogCat:

    --------- beginning of crash
2020-03-12 12:07:08.966 16010-16280/? A/libc: Fatal signal 7 (SIGBUS), code 1, fault addr 0x1338520c in tid 16280 (.pl/...), pid 16010 ()
2020-03-12 12:07:09.051 16283-16283/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2020-03-12 12:07:09.051 16283-16283/? A/DEBUG: Build fingerprint: 'samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRJ2:user/release-keys'
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG: Revision: '7'
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG: ABI: 'arm'
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG: pid: 16010, tid: 16280, name: .pl/...  >>> com.erfg.music <<<
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG: signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x1338520c
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG:     r0 1338520c  r1 0000000c  r2 ca9e95cc  r3 0000000c
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG:     r4 6f31be58  r5 00000004  r6 00000000  r7 ca9e98c8
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG:     r8 00000000  r9 cb5f2c00  sl ca9e96c8  fp ca9e9654
2020-03-12 12:07:09.052 16283-16283/? A/DEBUG:     ip eae9fced  sp ca9e95a8  lr eae9fcf7  pc eae9fcfa  cpsr 600d0030
2020-03-12 12:07:09.185 16283-16283/? A/DEBUG: backtrace:
2020-03-12 12:07:09.185 16283-16283/? A/DEBUG:     #00 pc 00310cfa  /system/lib/libart.so (art::Unsafe_getLong(_JNIEnv*, _jobject*, _jobject*, long long)+13)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #01 pc 005db08f  /system/framework/arm/boot.oat (offset 0x1cb000) (sun.misc.Unsafe.getLong [DEDUPED]+110)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #02 pc 0040c575  /system/lib/libart.so (art_quick_invoke_stub_internal+68)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #03 pc 004116e5  /system/lib/libart.so (art_quick_invoke_stub+228)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #04 pc 000b0227  /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+138)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #05 pc 00204005  /system/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+224)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #06 pc 001ff54d  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+588)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #07 pc 003f8c87  /system/lib/libart.so (MterpInvokeVirtualQuick+598)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #08 pc 00402714  /system/lib/libart.so (ExecuteMterpImpl+29972)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #09 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #10 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #11 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #12 pc 003f8c87  /system/lib/libart.so (MterpInvokeVirtualQuick+598)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #13 pc 00402714  /system/lib/libart.so (ExecuteMterpImpl+29972)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #14 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #15 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #16 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #17 pc 003f8c87  /system/lib/libart.so (MterpInvokeVirtualQuick+598)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #18 pc 00402714  /system/lib/libart.so (ExecuteMterpImpl+29972)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #19 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #20 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #21 pc 00200159  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb1ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+444)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #22 pc 003f8fa5  /system/lib/libart.so (MterpInvokeVirtualQuickRange+472)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #23 pc 00402794  /system/lib/libart.so (ExecuteMterpImpl+30100)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #24 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #25 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #26 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #27 pc 003f8c87  /system/lib/libart.so (MterpInvokeVirtualQuick+598)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #28 pc 00402714  /system/lib/libart.so (ExecuteMterpImpl+29972)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #29 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.186 16283-16283/? A/DEBUG:     #30 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #31 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #32 pc 003f77b9  /system/lib/libart.so (MterpInvokeStatic+184)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #33 pc 003feb14  /system/lib/libart.so (ExecuteMterpImpl+14612)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #34 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #35 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #36 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #37 pc 003f8c87  /system/lib/libart.so (MterpInvokeVirtualQuick+598)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #38 pc 00402714  /system/lib/libart.so (ExecuteMterpImpl+29972)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #39 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #40 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #41 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #42 pc 003f8c87  /system/lib/libart.so (MterpInvokeVirtualQuick+598)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #43 pc 00402714  /system/lib/libart.so (ExecuteMterpImpl+29972)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #44 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #45 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #46 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #47 pc 003f7391  /system/lib/libart.so (MterpInvokeInterface+1080)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #48 pc 003feb94  /system/lib/libart.so (ExecuteMterpImpl+14740)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #49 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #50 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #51 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #52 pc 003f7391  /system/lib/libart.so (MterpInvokeInterface+1080)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #53 pc 003feb94  /system/lib/libart.so (ExecuteMterpImpl+14740)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #54 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #55 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.187 16283-16283/? A/DEBUG:     #56 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.188 16283-16283/? A/DEBUG:     #57 pc 003f7391  /system/lib/libart.so (MterpInvokeInterface+1080)
2020-03-12 12:07:09.188 16283-16283/? A/DEBUG:     #58 pc 003feb94  /system/lib/libart.so (ExecuteMterpImpl+14740)
2020-03-12 12:07:09.188 16283-16283/? A/DEBUG:     #59 pc 001e6bc1  /system/lib/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+340)
2020-03-12 12:07:09.188 16283-16283/? A/DEBUG:     #60 pc 001eb36f  /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+142)
2020-03-12 12:07:09.188 16283-16283/? A/DEBUG:     #61 pc 001ff535  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+564)
2020-03-12 12:07:09.188 16283-16283/? A/DEBUG:     #62 pc 003f7391  /system/lib/libart.so (MterpInvokeInterface+1080)
2020-03-12 12:07:09.188 16283-16283/? A/DEBUG:     #63 pc 003feb94  /system/lib/libart.so (ExecuteMterpImpl+14740)
2020-03-12 12:07:11.258 2748-2748/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_07
2020-03-12 12:07:11.266 2693-2693/? E/audit: type=1701 audit(1584011231.251:1220): auid=4294967295 uid=10219 gid=10219 ses=4294967295 subj=u:r:untrusted_app:s0:c512,c768 pid=16280 comm=".pl/..." exe="/system/bin/app_process32" sig=7
2020-03-12 12:07:11.301 2962-16284/? E/ActivityManager: Found activity ActivityRecord{dc4c01c u0 com.efgd.music/.MainActivity t-1 f} in proc activity list using null instead of expected ProcessRecord{ca03534 16010:com.efgd.music/u0a219}
2020-03-12 12:07:11.398 3338-3338/? E/SKBD: bbw getInstance start
2020-03-12 12:07:11.398 3338-3338/? E/SKBD: bbw sendSIPInformation state: 6   isAbstractKeyboardView :  true
2020-03-12 12:07:11.404 3338-16293/? E/SKBD: bbw sending null keyboardInfo as SIP is closed
2020-03-12 12:07:11.419 5224-5254/? E/PBSessionCacheImpl: sessionId[22976978907188413] not persisted.
@dpisklov
Copy link
Contributor

@gzm55 I remember you looked at some other Android-related issues, would you be able to check this one out?
Thanks

@gzm55
Copy link
Collaborator

gzm55 commented Mar 12, 2020

are other hash functions than xx() produce the same crash? does value equal to null? what is the length of value? hashBytes(new byte[0-16]) always produce the same crash?

@jakoss
Copy link
Author

jakoss commented Mar 12, 2020
edited

I have no physical access to this device now, since all our work is remote due to covid spread. All information i have is from QA team in my company, so i have limited options here.

We are using xxHash to generate HMAC for requests. So value is mostly around 200-300 bytes long UTF-8 encoded string. It can never be null (it's kotlin, value is based on NonNullable string). If you need more data on that i will try to get this device somehow.

@gzm55
Copy link
Collaborator

gzm55 commented Mar 12, 2020

how can relate this stack to hash function?

@jakoss
Copy link
Author

jakoss commented Mar 12, 2020

That's the weird part. There is no my code on the stack. But if I remove call to hash function - everything else runs just fine. Add this to only one device it happens on - i think this might be some framework issue. And it's Samsung, which have a long history of breaking Android framework in many ways..

I know that this might be impossible to fix, but I hoped somebody might have some idea

@gzm55
Copy link
Collaborator

gzm55 commented Mar 13, 2020

sorry, i have no idea~
need more info, so better to get the device for debugging and test some other hash methods.

@gzm55
Copy link
Collaborator

gzm55 commented Mar 13, 2020

@NekroMancer can u try to catch exceptions when call hash method:

LongHashFunction h = null;
long v= 0;
try {
  h = LongHashFunction.xx();
} catch (Throwable e) { throw new Exception(e); }
try {
  v = h.hashBytes(value);
} catch (Throwable e) { throw new Exception(e); }

@jakoss
Copy link
Author

jakoss commented Mar 13, 2020

I tried to capture exception, but it's fatal crash so nothing was caught. It just crashes the process entirely, bypassing even global exception handlers.

I will try more as soon as I will get the device

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jakoss @gzm55 @dpisklov