Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)

[vyacheslav-volkov]

Android framework version

net8.0-android

Affected platform version

NET 8.0.403

Description

I'm encountering an error in my application, but only in the release build. In debug mode, the application works without any issues, but in the release build, I get an error at the same point during certain actions. Since the project is commercial, I cannot provide the specific code.

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x10008

Steps to Reproduce

Run the application in release mode

Did you find any workaround?

No response

Relevant log output

2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A  signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x10008
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x0  0000000000010000  x1  0000007ff23d5ce0  x2  ffffffffffffffe0  x3  02000074c890b100
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x4  02000074c890b120  x5  0000000000000000  x6  0000007ff23d5a68  x7  00000073e8958000
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x8  0000000000000075  x9  0000007588338d80  x10 0000007ff23d5ce0  x11 0000000000000002
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x12 0000007588353740  x13 0000007ff23d7f90  x14 0000007ff23d5bac  x15 0000000000000001
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x16 0000007769050078  x17 0000007768fd9fb0  x18 0000007778990000  x19 0000007ff23d5ce0
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x20 0000000000010000  x21 00000073e86bad29  x22 00000073bac24278  x23 00000075e8406f10
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x24 00000074c890b108  x25 00000075e8ed02a8  x26 00000075e84c6790  x27 00000000000001ee
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      x28 0000000000000241  x29 0000007ff23d5ca0
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A      lr  00000073e889aa4c  sp  0000007ff23d5ca0  pc  00000073e889a6c4  pst 0000000000000000
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A  backtrace:
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A        #00 pc 00000000002506c4  /data/app/~~wjcc1Wg6l4ADjoWSBeHaBQ==/com.enjin.mobile.wallet-lbMLBHQAEa-31C81eXWpRw==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A        #01 pc 0000000000250a48  /data/app/~~wjcc1Wg6l4ADjoWSBeHaBQ==/com.enjin.mobile.wallet-lbMLBHQAEa-31C81eXWpRw==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A        #02 pc 00000000002029f0  /data/app/~~wjcc1Wg6l4ADjoWSBeHaBQ==/com.enjin.mobile.wallet-lbMLBHQAEa-31C81eXWpRw==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (mono_class_inflate_generic_method_full_checked+404) (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A        #03 pc 000000000014d7ec  /data/app/~~wjcc1Wg6l4ADjoWSBeHaBQ==/com.enjin.mobile.wallet-lbMLBHQAEa-31C81eXWpRw==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A        #04 pc 000000000014de34  /data/app/~~wjcc1Wg6l4ADjoWSBeHaBQ==/com.enjin.mobile.wallet-lbMLBHQAEa-31C81eXWpRw==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A        #05 pc 000000000022a27c  /data/app/~~wjcc1Wg6l4ADjoWSBeHaBQ==/com.enjin.mobile.wallet-lbMLBHQAEa-31C81eXWpRw==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 13:35:52.954 16507-16507 DEBUG                   pid-16507                            A        #06 pc 0000000000006514  <anonymous:7448b66000>

update: the fault address is always the same fault addr 0x10008

[grendello]

Can you extract libmonosgen-2.0.so for the arm64 architecture from your apk and upload it here? It will allow us to symbolize the stack trace and see where exactly the error happens. Thanks!

[vyacheslav-volkov]

Hi @grendello, thanks for the quick response, I have attached the file.

libmonosgen-2.0.so.zip

[vyacheslav-volkov]

I remembered there's another place in the application that crashes with the same error but with a different address and stack trace. It was commented out in the file I sent. I’ve uncommented it and uploaded a new file. Here’s the log of that error:

2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A  signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xf2c952a5377b9a
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x0  00000075eafd6618  x1  00000075eafeea00  x2  0000000000000000  x3  0000000000000000
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x4  00000075783c9940  x5  0000000000000002  x6  0000000000000001  x7  0000000000000000
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x8  00000075eafd63f8  x9  0000000000018040  x10 000000000400318d  x11 0000000000000001
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x12 0000000000000000  x13 00000075eb003008  x14 00000073e84841da  x15 000038838c4e1750
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x16 00000073ec17eef0  x17 00000073ec081294  x18 0000007778990000  x19 00000075eafeea00
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x20 00000075eafd6618  x21 00000075eafd63f8  x22 00000075eafd63f8  x23 dcf2c952a5377b92
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x24 00000075783c96f4  x25 0000000000000000  x26 00000075eafeea00  x27 0000000000000000
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      x28 00000073e84841f2  x29 0000007ff23d2000
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A      lr  00000073ebf4f824  sp  0000007ff23d1fb0  pc  00000073ec08130c  pst 0000000040000000
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A  backtrace:
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A        #00 pc 000000000020930c  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (mono_method_can_access_field+120) (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.565 27275-27275 DEBUG                   pid-27275                            A        #01 pc 00000000000d7820  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #02 pc 00000000000ca444  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #03 pc 00000000000e3f0c  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #04 pc 00000000000bb2f8  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #05 pc 00000000000bd934  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #06 pc 00000000000c264c  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #07 pc 00000000000c1a6c  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #08 pc 0000000000152278  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #09 pc 0000000000152f70  /data/app/~~pv8wG7gwqpUyn-sk5ZB3hA==/com.enjin.mobile.wallet-E_iHGmtF1VNYtW4x2sL96A==/split_config.arm64_v8a.apk!libmonosgen-2.0.so (BuildId: b429a6405c79e0852cf3694861f0a6c5234a833a)
2024-10-28 20:58:17.566 27275-27275 DEBUG                   pid-27275                            A        #10 pc 0000000000005500  <anonymous:776edd0000>

libmonosgen-2.0.so.zip

[grendello]

The symbolicated backtrace suggests your application throws some exception and the runtime trips over it, for some reason (locations presented in the same order as frames in the backtrace):

0x2506c4
collect_type_images
/__w/1/s/src/mono/mono/metadata/metadata.c:3112

0x250a48
collect_ginst_images
/__w/1/s/src/mono/mono/metadata/metadata.c:3051
collect_method_images
/__w/1/s/src/mono/mono/metadata/metadata.c:3093
mono_metadata_get_mem_manager_for_method
/__w/1/s/src/mono/mono/metadata/metadata.c:3343

0x2029f0
mono_class_inflate_generic_method_full_checked
/__w/1/s/src/mono/mono/metadata/class.c:1224

0x14d7ec
get_method_from_stack_frame
/__w/1/s/src/mono/mono/mini/mini-exceptions.c:935

0x14de34
mono_get_frame_info
/__w/1/s/src/mono/mono/mini/mini-exceptions.c:1506

0x22a27c
ves_icall_System_Diagnostics_StackFrame_GetFrameInfo
/__w/1/s/src/mono/mono/metadata/icall.c:7392

@vyacheslav-volkov if you are able to reproduce the segfault locally, please record it using the following commands from the VS developer prompt (or mac terminal):

$ adb shell setprop debug.mono.log default,assembly,mono_log_level=debug,mono_log_mask=all
$ adb logcat -G 64M
$ adb logcat -c
# Start and crash the application here, wait 10s and then:
$ adb logcat -d > log.txt

In the resulting log.txt file, look for a managed exception stacktrace, somewhere above the segfault line.

[vyacheslav-volkov]

thanks @grendello, will check soon, could you please check the second log?

[grendello]

The second backtrace symbolicates as follows:

0x20930c
mono_method_can_access_field
/__w/1/s/src/mono/mono/metadata/class.c:6304

0xd7820
mono_method_to_ir
/__w/1/s/src/mono/mono/mini/method-to-ir.c:9909

0xca444
inline_method
/__w/1/s/src/mono/mono/mini/method-to-ir.c:4820

0xe3f0c
mono_method_to_ir
/__w/1/s/src/mono/mono/mini/method-to-ir.c:7868

0xbb2f8
mini_method_compile
/__w/1/s/src/mono/mono/mini/mini.c:3498

0xbd934
mono_jit_compile_method_inner
/__w/1/s/src/mono/mono/mini/mini.c:4132

0xc264c
mono_jit_compile_method_with_opt
/__w/1/s/src/mono/mono/mini/mini-runtime.c:2824
jit_compile_method_with_opt_cb
/__w/1/s/src/mono/mono/mini/mini-runtime.c:2879
jit_compile_method_with_opt
/__w/1/s/src/mono/mono/mini/mini-runtime.c:2895

0xc1a6c
mono_jit_compile_method
/__w/1/s/src/mono/mono/mini/mini-runtime.c:2914

0x152278
common_call_trampoline
/__w/1/s/src/mono/mono/mini/mini-trampolines.c:628

0x152f70
mono_vcall_trampoline
/__w/1/s/src/mono/mono/mini/mini-trampolines.c:850

It's a different issue. This one makes me wonder if it's a case of the linker removing too much.

[vyacheslav-volkov]

do I need to create a new issue for the second case?

@grendello I checked logs and I see a lot of different errors like this for different types:

10-28 21:10:10.493 28529 28806 I monodroid-assembly: typemap: unable to find mapping to a managed type from Java type 'java/nio/MappedByteBuffer' (hash 0x5e265317cf1553)
10-28 21:10:10.494 28529 28806 W monodroid-assembly: typemap: called from
10-28 21:10:10.494 28529 28806 W monodroid-assembly: at Java.Interop.TypeManager.GetJavaToManagedType(String )
10-28 21:10:10.494 28529 28806 W monodroid-assembly:    at Java.Interop.TypeManager.CreateInstance(IntPtr , JniHandleOwnership , Type )
10-28 21:10:10.494 28529 28806 W monodroid-assembly:    at Java.Lang.Object.GetObject(IntPtr , JniHandleOwnership , Type )
10-28 21:10:10.494 28529 28806 W monodroid-assembly:    at Java.Lang.Object._GetObject[Buffer](IntPtr , JniHandleOwnership )
10-28 21:10:10.494 28529 28806 W monodroid-assembly:    at Java.Lang.Object.GetObject[Buffer](IntPtr handle, JniHandleOwnership transfer)
10-28 21:10:10.494 28529 28806 W monodroid-assembly:    at MyApp.ExtensionsGetBuffer(IntPtr ptr, Int32 size)

But this is just warnings, I don't see any real exceptions.

[vyacheslav-volkov]

@grendello, I tried several times on the emulator and the device and information about the real exception is not written to the log. Any other suggestions on how to catch the exception?

[vyacheslav-volkov]

@grendello I've roughly located where the error occurs, it's a standard OperationCanceledException. There are several try-catch blocks in the stack trace, and everything works fine in debug mode. However, in release mode, the native code cannot retrieve the stack trace and crashes, even though the application has no unhandled exceptions. How is this possible?

[vyacheslav-volkov]

@grendello I need your help to find the reason I can't release the app as it crashes frequently (same code on iOS NativeAOT works without any problem). I have this code:

    private async Task RefreshAsync(IReadOnlyMetadataContext? metadata, CancellationToken cancellationToken)
    {
#if ANDROID
        cancellationToken = default; //todo hack for https://github.com/dotnet/android/issues/9462
#endif
        UpdateBalances(await INetworkManager.Instance.GetBalanceAsync(Address, metadata, cancellationToken).ConfigureAwait(false));
    }

if I ignore cancellationToken it will work, there is a try/catch in this code up the stack but even if I explicitly add it to the code it will fail:

    private async Task RefreshAsync(IReadOnlyMetadataContext? metadata, CancellationToken cancellationToken)
    {
        try
        {
              UpdateBalances(await INetworkManager.Instance.GetBalanceAsync(Address, metadata, cancellationToken).ConfigureAwait(false));
        }
        catch
        {
        }
    }