Debugging Opus crash on Android

Question

I've been trying to implement the Opus codec in my Android app, and I can't figure out why it is crashing. The app correctly implements other codecs (like iLBC), so I know the java audio implementation is solid. The Java code gets a frame of audio, passes it to the JNI for encoding/decoding, then receives the audio back.

I first assumed the JNI implementation was incorrect.
However:

1) The encoder/decoder are created without error

// Encoder/Decoder states are global
OpusEncoder *enc;
OpusDecoder *dec;

jint Java_org_sipdroid_codecs_Opus_encoderCreate(
    JNIEnv *env, jobject obj, jint sampleRate, jint channels, jint application)
{
   int err;
   enc = opus_encoder_create(sampleRate, channels, OPUS_APPLICATION_VOIP, &err);
   return (jint)err; // returns OPUS_OK
}

2) The data is passed down in the same way as the other codecs, and appears to function normally (no odd return values):

// Java input and output byteArrays are grabbed
jbyte *input;
jbyte *output;
input =  (*env)->GetByteArrayElements(env, inputJbyteArray, 0);
output = (*env)->GetByteArrayElements(env, outputJbyteArray,0);

// Encode data
jint nbytes = opus_encode(enc, input, frameSize, output, maxPacketSize);

// Clean up and return
(*env)->ReleaseByteArrayElements(env, inputJbyteArray, input, 0);
(*env)->ReleaseByteArrayElements(env, outputJbyteArray, output, 0);
return nbytes;

When running the application, Opus will process a few frames of audio (encode/decode are called without crashing), then the application will throw a segfault. Here is part of the JNI stacktrace:

07-24 16:09:41.642: A/dalvikvm(32168): @@@ ABORTING: DALVIK: HEAP MEMORY CORRUPTION IN     mspace_malloc addr=0x0
07-24 16:09:41.642: A/libc(32168): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1),     thread 32498 (Thread-1674)
07-24 16:09:41.742: I/DEBUG(19804): *** *** *** *** *** *** *** *** *** *** *** *** ***     *** *** ***
07-24 16:09:41.742: I/DEBUG(19804): Build fingerprint:     'lge/g2_vzw/g2:4.4.2/KOT49I.VS98024A/VS98024A.1394607468:user/release-keys'
07-24 16:09:41.742: I/DEBUG(19804): Revision: '10'
07-24 16:09:41.742: I/DEBUG(19804): pid: 32168, tid: 32498, name: Thread-1674 
07-24 16:09:41.742: I/DEBUG(19804): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR),     fault addr deadbaad
07-24 16:09:41.782: I/Vold(263): [LGE][VOLD][NetlinkHandler.cpp][onEvent()] subsys:cpu,     action:0
07-24 16:09:41.822: I/DEBUG(19804):     r0 00000051  r1 bb8d8cdb  r2 bb8d8cdb  r3     deadbaad
07-24 16:09:41.822: I/DEBUG(19804):     r4 00000000  r5 00000013  r6 42c86ec8  r7     00000001
07-24 16:09:41.822: I/DEBUG(19804):     r8 00000094  r9 417b3d50  sl 6202ae68  fp     00000000
07-24 16:09:41.822: I/DEBUG(19804):     ip 00000003  sp 6291ab10  lr 41761d75  pc     41761d76  cpsr 600f0030
07-24 16:09:41.822: I/DEBUG(19804):     d0  000000000000000f  d1  0000000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d2  0000000000000000  d3  0000000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d4  c6d70e48453e7e94  d5  4020000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d6  4024000000000000  d7  0000000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d8  0000000000000000  d9  4487000043160000
07-24 16:09:41.822: I/DEBUG(19804):     d10 0000000044de0000  d11 0000000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d12 0000000000000000  d13 0000000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d14 0000000000000000  d15 0000000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d16 4d454d2050414548  d17 52524f432059524f
07-24 16:09:41.822: I/DEBUG(19804):     d18 00640069006f0072  d19 00640065006d002e
07-24 16:09:41.822: I/DEBUG(19804):     d20 0053002e00610069  d21 0061006500720074
07-24 16:09:41.822: I/DEBUG(19804):     d22 006e006f0043006d  d23 0065006d00750073
07-24 16:09:41.822: I/DEBUG(19804):     d24 3fa2d5157e3a5749  d25 bfa2d5157c96b856
07-24 16:09:41.822: I/DEBUG(19804):     d26 3dea39ef35793c76  d27 4000000000000000
07-24 16:09:41.822: I/DEBUG(19804):     d28 40026143afbf1f95  d29 3fcfa6de9c5a51ea
07-24 16:09:41.822: I/DEBUG(19804):     d30 3ff0000000000000  d31 3ff61a4bb8e2a975
07-24 16:09:41.822: I/DEBUG(19804):     scr 88000012
07-24 16:09:41.822: I/DEBUG(19804): backtrace:
07-24 16:09:41.822: I/DEBUG(19804):     #00  pc 00072d76  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):     #01  pc 00074981  /system/lib/libdvm.so     (mspace_malloc+4172)
07-24 16:09:41.822: I/DEBUG(19804):     #02  pc 0007530d  /system/lib/libdvm.so     (mspace_calloc+44)
07-24 16:09:41.822: I/DEBUG(19804):     #03  pc 00076375  /system/lib/libdvm.so     (dvmHeapSourceAlloc(unsigned int)+128)
07-24 16:09:41.822: I/DEBUG(19804):     #04  pc 0002cbc4  /system/lib/libdvm.so     (dvmMalloc(unsigned int, int)+64)
07-24 16:09:41.822: I/DEBUG(19804):     #05  pc 0006c22b  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):     #06  pc 00024834  /system/lib/libdvm.so     (dvmAsmSisterStart+500)
07-24 16:09:41.822: I/DEBUG(19804):     #07  pc 00030ec8  /system/lib/libdvm.so     (dvmMterpStd(Thread*)+76)
07-24 16:09:41.822: I/DEBUG(19804):     #08  pc 0002e560  /system/lib/libdvm.so     (dvmInterpret(Thread*, Method const*, JValue*)+184)
07-24 16:09:41.822: I/DEBUG(19804):     #09  pc 00063795  /system/lib/libdvm.so     (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+336)
07-24 16:09:41.822: I/DEBUG(19804):     #10  pc 000637b9  /system/lib/libdvm.so     (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
07-24 16:09:41.822: I/DEBUG(19804):     #11  pc 0005848f  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):     #12  pc 0000d2e0  /system/lib/libc.so     (__thread_entry+72)
07-24 16:09:41.822: I/DEBUG(19804):     #13  pc 0000d478  /system/lib/libc.so     (pthread_create+240)
07-24 16:09:41.822: I/DEBUG(19804): stack:
07-24 16:09:41.822: I/DEBUG(19804):          6291aad0  400b0394  
07-24 16:09:41.822: I/DEBUG(19804):          6291aad4  442cbb38  /dev/ashmem/dalvik-    heap (deleted)
07-24 16:09:41.822: I/DEBUG(19804):          6291aad8  400b0394  
07-24 16:09:41.822: I/DEBUG(19804):          6291aadc  bb8d8cdb  
07-24 16:09:41.822: I/DEBUG(19804):          6291aae0  000000a0  
07-24 16:09:41.822: I/DEBUG(19804):          6291aae4  57b56d40  /dev/ashmem/dalvik-    LinearAlloc (deleted)
07-24 16:09:41.822: I/DEBUG(19804):          6291aae8  62025008  
07-24 16:09:41.822: I/DEBUG(19804):          6291aaec  00000004  
07-24 16:09:41.822: I/DEBUG(19804):          6291aaf0  6202af78  
07-24 16:09:41.822: I/DEBUG(19804):          6291aaf4  bb8d8cdb  
07-24 16:09:41.822: I/DEBUG(19804):          6291aaf8  00000000  
07-24 16:09:41.822: I/DEBUG(19804):          6291aafc  00000013  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab00  42c86ec8  /dev/ashmem/dalvik-    heap (deleted)
07-24 16:09:41.822: I/DEBUG(19804):          6291ab04  41761d75  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):          6291ab08  417a0151  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):          6291ab0c  417a0178  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):     #00  6291ab10  417a876c  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):          6291ab14  00000000  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab18  42817008  /dev/ashmem/dalvik-    heap (deleted)
07-24 16:09:41.822: I/DEBUG(19804):          6291ab1c  41763985  /system/lib/libdvm.so     (mspace_malloc+4176)
07-24 16:09:41.822: I/DEBUG(19804):     #01  6291ab20  00000000  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab24  00000094  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab28  00000094  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab2c  42817008  /dev/ashmem/dalvik-    heap (deleted)
07-24 16:09:41.822: I/DEBUG(19804):          6291ab30  00000001  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab34  00000094  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab38  417b3d50  /system/lib/libdvm.so
07-24 16:09:41.822: I/DEBUG(19804):          6291ab3c  6202ae68  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab40  00000000  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab44  41764311  /system/lib/libdvm.so     (mspace_calloc+48)
07-24 16:09:41.822: I/DEBUG(19804):     #02  6291ab48  ffffffff  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab4c  416ecc88  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab50  00000094  
07-24 16:09:41.822: I/DEBUG(19804):          6291ab54  41765379  /system/lib/libdvm.so             (dvmHeapSourceAlloc(unsigned int)+132)
07-24 16:09:41.842: I/DEBUG(19804): memory map around fault addr deadbaad:
07-24 16:09:41.842: I/DEBUG(19804):     beebd000-beede000 rw- [stack]
07-24 16:09:41.842: I/DEBUG(19804):     (no map for address)
07-24 16:09:41.842: I/DEBUG(19804):     ffff0000-ffff1000 r-x [vectors]

It looks like Then I looked into the compilation of libOpus again. I originally downloaded the source, and compiled it using the Android NDK and this module description in my Android.mk. Compilation was a success. I've played around with the flags a bit, but to no avail.

What could be going on here?

It looks like increasing the size of the buffer I was passing to the JNI seems to have alleviated the problem -- for now, at least. Still looking into the issue. — HarryHippo, Jul 29 '14 at 18:15

score 1 · Answer 1 · answered Jul 25 '14 at 22:59

DEADBAAD is the value Java writes to its memory when a pointer is deleted. It means you're accessing some value in C that is no longer valid. Make sure you're not keeping arrays without copying the data, that you aren't keeping java objects without incrementing the global reference count, and that you're correctly allocating and releasing arrays and strings.

Debugging Opus crash on Android

1 Answers1