0

I have a multi-threaded CPP program(a listener thread, a data processor thread) shifted on the arm64-v8a Android platform.

Recently it continues to crash due to the same reason shown below:

E CRASH   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr fffffffffffffffc

To my best knowledge, since the fault addr remains the same, it cannot be occasions like "Accessing an array out of bounds" or "Dereferencing NULL/uninitialized pointers", so the only reason I can think of is the "stack overflow", am I right?

So what really happens to my program, and more importantly how could I do to find the real cause and solution to this?

Thanks in advance.

xtluo
  • 1,961
  • 18
  • 26
  • Have you seen: [Android Fatal signal 11 (SIGSEGV) at 0x636f7d89 (code=1). How can it be tracked down?](https://stackoverflow.com/q/17840521/295004) – Morrison Chang May 17 '21 at 08:10
  • @MorrisonChang Yes, I checked the question you mentioned and didn't found the solution to my question. I was wondering why the fault address is always `fffffffffffffffc`. – xtluo May 17 '21 at 08:15
  • What really happened is that you dereferenced a pointer whose value was all `F`s. No reason why that should change until you fix it. – user207421 May 17 '21 at 08:17
  • @user207421 I'm talking about 100 times crash on the same address, is it possible the same pointer pointed at the same address between different runs? – xtluo May 17 '21 at 08:21
  • Also: https://source.android.com/devices/tech/debug/native-crash – Morrison Chang May 17 '21 at 08:24
  • You can't draw any conclusions from it being the same. -4 is a pretty likely offset from a null pointer, and these can occur in many ways. You need to figure out where it happens and then work your way backwards until you find the cause. (In my experience, this will be in a place that you believe can't possibly be wrong.) – molbdnilo May 17 '21 at 08:26
  • @molbdnilo Thanks for your advice. What about the `SEGV_MAPERR` that came along with the `SIGSEGV`, any clue? – xtluo May 17 '21 at 08:31
  • That says that the address in question isn't mapped to your address space. – molbdnilo May 17 '21 at 08:37
  • If you got the same crash 100 times on the address `0xfffffffffffffffc` it is because you atempted to dereference that address 100 times. Surely this is obvious? Solution: don't. – user207421 May 17 '21 at 10:16

1 Answers1

1

The fault address remaining same does not mean you can rule out the issues you mention. In fact, it seems likely to me that a pointer arithmetic (e.g. array indexing) with a NULL value is being performed, resulting in -4 being used as an address.

You can run your program under a debugger or at least analyze the core dump with one. Also, use {Memory, Address, Thread}Sanitizers or similar instrumentation tools.

mkayaalp
  • 2,631
  • 10
  • 17