jemollc4.4.0 je_arena_malloc_hard SEGV_ACCERR

[Lon-Bon]

I am running the application on an android9.0 device, and the following crash occurs occasionally:

`Build fingerprint: 'LonBon/lb905d3/lb905d3:9/PPR1.180610.011/20220311:userdebug/test-keys' Revision: '0' ABI: 'arm' pid: 6558, tid: 6558, name: nbon.lonbon_app >>> com.lonbon.lonbon_app <<< signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x90782238 r0 70782234 r1 ffffffe1 r2 07ffffff r3 00000000 r4 00000002 r5 90782230 r6 00000001 r7 00000001 r8 00000009 r9 a6674bc0 r10 a3d008c0 r11 a3d00040 ip 0000003f sp bb914a68 lr 00000002 pc a6631bea

backtrace:

00 pc 00068bea /system/lib/libc.so (je_arena_malloc_hard+410)

#01 pc 00078617  /system/lib/libc.so (je_malloc+114)
#02 pc 0004369d  /system/lib/libc++.so (operator new(unsigned int)+16)
#03 pc 000d8b95  /system/lib/libandroid_runtime.so (android::PaintGlue::init(_JNIEnv*, _jobject*)+4)
#04 pc 003ad27f  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.app.backup.FileBackupHelperBase.ctor [DEDUPED]+94)
#05 pc 006efa15  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.graphics.Paint.<init>+60)
#06 pc 00b355cf  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.widget.TextView.<init>+814)
#07 pc 00b35209  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.widget.TextView.<init>+64)
#08 pc 00417d75  /system/lib/libart.so (art_quick_invoke_stub_internal+68)
#09 pc 003f12e7  /system/lib/libart.so (art_quick_invoke_stub+226)
#10 pc 000a1031  /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+136)
#11 pc 00350a6d  /system/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
#12 pc 00351eb5  /system/lib/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+960)
#13 pc 002f9b7b  /system/lib/libart.so (art::Constructor_newInstance0(_JNIEnv*, _jobject*, _jobjectArray*)+254)
#14 pc 00110eed  /system/framework/arm/boot-core-oj.oat (offset 0x10c000) (java.lang.String.concat [DEDUPED]+92)
#15 pc 0032d98b  /system/framework/arm/boot-core-oj.oat (offset 0x10c000) (java.lang.reflect.Constructor.newInstance+66)
#16 pc 009b3c51  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.createView+1472)
#17 pc 00acf849  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (com.android.internal.policy.PhoneLayoutInflater.onCreateView+120)
#18 pc 009b5415  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.onCreateView+44)
#19 pc 009b454b  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.createViewFromTag+642)
#20 pc 009b5685  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.rInflate+484)
#21 pc 009b56df  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.rInflate+574)
#22 pc 009b56df  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.rInflate+574)
#23 pc 009b4e37  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.inflate+806)
#24 pc 009b4a49  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.inflate+112)
#25 pc 009b49af  /system/framework/arm/boot-framework.oat (offset 0x3ac000) (android.view.LayoutInflater.inflate+46)
#26 pc 000314b7  /dev/ashmem/dalvik-jit-code-cache (deleted)`

How to troubleshoot this problem? Any ideas how to solve this? Thanks in advance

[Lapenkov]

The popular advice in this case is to:

1. Try building and running your application with ASAN.
2. Try building jemalloc in debug mode and running it in your app.

A common reason of jemalloc's segfault is its metadata corruption by the app. Steps above will help detect heap corruption with a meaningful error message.