Node 0.11 segfault problems

[joshmarinacci]

I'm trying to track down an issue I'm having using libpng inside of a node native addon. Whenever I read a file the next call to OpenGL crashes. I've isolated it to memory allocation. If I allocate a chunk of memory in my addon (say: 10k bytes) then later on node will segfault. If I don't allocate it then node proceeds into the gl loop just fine. Any ideas what could be causing this? Is there anything in node that might be messing with memory it's not supposed to, and my malloc triggers the issue?

[paddybyers]

That's the kind of thing that happens if something is overrunning one of its buffers by a few bytes and it corrupts the headers that malloc depends on. I can't think of anything that's been changed in the Android port that would cause that. Being 0.11, and (relatively) unstable, it's possible there's a bug in the generic code, but you'd expect that kind of thing to show up fairly readily on other platforms.

Do you have the tombstone from the logcat?

[joshmarinacci]

no. how to i get the tombstone?

[joshmarinacci]

Okay. Here's the adb logcat log:

D/libEGL ( 380): loaded /vendor/lib/egl/libEGL_POWERVR_SGX540_120.so D/libEGL ( 380): loaded /vendor/lib/egl/libGLESv1_CM_POWERVR_SGX540_120.so D/libEGL ( 380): loaded /vendor/lib/egl/libGLESv2_POWERVR_SGX540_120.so F/libc ( 380): Fatal signal 11 (SIGSEGV) at 0x0000000c (code=1), thread 380 (node) I/DEBUG ( 126): * * * * * * * * * * * * * * * * I/DEBUG ( 126): Build fingerprint: 'Android/full_maguro/maguro:4.1.2/JZO54K/6:userdebug/test-keys' I/DEBUG ( 126): pid: 380, tid: 380, name: node >>> ./node <<< I/DEBUG ( 126): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0000000c I/DEBUG ( 126): r0 00000001 r1 00000000 r2 00000002 r3 00000001 I/DEBUG ( 126): r4 00000000 r5 01add780 r6 00000002 r7 40071514 I/DEBUG ( 126): r8 3682b6f9 r9 368080a1 sl 01a3d034 fp bea70864 I/DEBUG ( 126): ip 40b79e00 sp bea70730 lr 4003bdc3 pc 4003be02 cpsr 00000030 I/DEBUG ( 126): d0 7246676e5064616f d1 000000000000006d I/DEBUG ( 126): d2 0240b03f00000046 d3 04bb320000000269 I/DEBUG ( 126): d4 ffff0221020c903f d5 023c403f04bbdaff I/DEBUG ( 126): d6 0000002126000000 d7 4040800000000000 I/DEBUG ( 126): d8 0000000000000000 d9 0000000000000000 I/DEBUG ( 126): d10 0000000000000000 d11 0000000000000000 I/DEBUG ( 126): d12 0000000000000000 d13 0000000000000000 I/DEBUG ( 126): d14 0000000000000000 d15 0000000000000000 I/DEBUG ( 126): d16 0000000000000001 d17 0000000000000000 I/DEBUG ( 126): d18 41ca09b561800000 d19 0000000000000000 I/DEBUG ( 126): d20 0000000000000000 d21 0000000000000000 I/DEBUG ( 126): d22 0000000000000000 d23 0000000000000000 I/DEBUG ( 126): d24 0000000000000000 d25 0000000000000000 I/DEBUG ( 126): d26 0000000000000000 d27 0000000000000000 I/DEBUG ( 126): d28 0000000000000000 d29 0000000000000000 I/DEBUG ( 126): d30 0000000000000000 d31 0000000000000000 I/DEBUG ( 126): scr 20000010 I/DEBUG ( 126): I/DEBUG ( 126): backtrace: I/DEBUG ( 126): #00 pc 00013e02 /system/lib/libc.so (dlmalloc+117) I/DEBUG ( 126): #01 pc 00016d2f /system/lib/libc.so (malloc+10) I/DEBUG ( 126): #02 pc 007a266b /data/phonetest/libv8.so (operator new(unsigned int)+18) I/DEBUG ( 126): I/DEBUG ( 126): stack: I/DEBUG ( 126): bea706f0 bea708ac [stack] I/DEBUG ( 126): bea706f4 00000006 I/DEBUG ( 126): bea706f8 bea7070c [stack] I/DEBUG ( 126): bea706fc 40492104 /data/phonetest/libv8.so (v8::internal::Thread::GetExistingThreadLocal(v8::internal::Thread::LocalStorageKey)+24) I/DEBUG ( 126): bea70700 bea7071c [stack] I/DEBUG ( 126): bea70704 00000006 I/DEBUG ( 126): bea70708 bea70724 [stack] I/DEBUG ( 126): bea7070c 14003f09 I/DEBUG ( 126): bea70710 bea7072c [stack] I/DEBUG ( 126): bea70714 00000000 I/DEBUG ( 126): bea70718 c0000000 I/DEBUG ( 126): bea7071c 0000000c I/DEBUG ( 126): bea70720 00000000 I/DEBUG ( 126): bea70724 00000000 I/DEBUG ( 126): bea70728 df0027ad I/DEBUG ( 126): bea7072c 00000000 I/DEBUG ( 126): #00 bea70730 40ba944c /data/phonetest/aminonative.node I/DEBUG ( 126): bea70734 3682b6f9 I/DEBUG ( 126): bea70738 368080a1 I/DEBUG ( 126): bea7073c 01a3d034 [heap] I/DEBUG ( 126): bea70740 bea70864 [stack] I/DEBUG ( 126): bea70744 40b7e554 I/DEBUG ( 126): bea70748 0000000c I/DEBUG ( 126): bea7074c 00000000 I/DEBUG ( 126): bea70750 3778f938 I/DEBUG ( 126): bea70754 3682b6f9 I/DEBUG ( 126): bea70758 368080a1 I/DEBUG ( 126): bea7075c 01a3d034 [heap] I/DEBUG ( 126): bea70760 bea70864 [stack] I/DEBUG ( 126): bea70764 4003ed31 /system/lib/libc.so (malloc+12) I/DEBUG ( 126): #01 bea70768 00000002 I/DEBUG ( 126): bea7076c 4099e66f /data/phonetest/libv8.so (operator new(unsigned int)+22) I/DEBUG ( 126): #02 bea70770 00000002 I/DEBUG ( 126): bea70774 bea708b4 [stack] I/DEBUG ( 126): bea70778 00010ed2 /data/phonetest/node I/DEBUG ( 126): bea7077c 40b985a1 /data/phonetest/aminonative.node (LoadPngFromFile(v8::Arguments const&)+28) I/DEBUG ( 126): bea70780 bea70854 [stack] I/DEBUG ( 126): bea70784 40b98585 /data/phonetest/aminonative.node (LoadPngFromFile(v8::Arguments const&)) I/DEBUG ( 126): bea70788 01a3d028 [heap] I/DEBUG ( 126): bea7078c 01a637cc [heap] I/DEBUG ( 126): bea70790 01a637cc [heap] I/DEBUG ( 126): bea70794 bea70700 [stack] I/DEBUG ( 126): bea70798 bea707ac [stack] I/DEBUG ( 126): bea7079c bea708b4 [stack] I/DEBUG ( 126): bea707a0 bea70854 [stack] I/DEBUG ( 126): bea707a4 bea708b8 [stack] I/DEBUG ( 126): bea707a8 3778f938 I/DEBUG ( 126): bea707ac 4050fabc /data/phonetest/libv8.so I/DEBUG ( 126): I/DEBUG ( 126): memory near r5: I/DEBUG ( 126): 01add760 00000000 00000000 00000000 00000000 ................ I/DEBUG ( 126): 01add770 00000000 00000000 00000000 00000000 ................ I/DEBUG ( 126): 01add780 00000000 00000000 00000000 00000000 ................ I/DEBUG ( 126): 01add790 00000000 00000000 00000000 00000000 ................ I/DEBUG ( 126): 01add7a0 00000000 00000000 00000000 00000000 ................ I/DEBUG ( 126): I/DEBUG ( 126): memory near r7: I/DEBUG ( 126): 400714f4 01ae5638 01afffe0 00200000 58585858 8V........ .XXXX I/DEBUG ( 126): 40071504 00000000 00000000 40071504 40071504 ...........@...@ I/DEBUG ( 126): 40071514 4007150c 4007150c 01add780 01add780 ...@...@........ I/DEBUG ( 126): 40071524 01ad5b68 01ad5b68 01ad58a8 01ad58a8 h[..h[...X...X.. I/DEBUG ( 126): 40071534 01ab5588 01ab5588 01adbd78 01adbd78 .U...U..x...x... I/DEBUG ( 126): I/DEBUG ( 126): memory near r8: I/DEBUG ( 126): 3682b6d8 36808091 4f01f94d 4f009445 4f00c17d ...6M..OE..O}..O I/DEBUG ( 126): 3682b6e8 4f018349 36808091 4f023ae1 36808091 I..O...6.:.O...6 I/DEBUG ( 126): 3682b6f8 59d08239 0000008a 3682b815 00000000 9..Y.......6.... I/DEBUG ( 126): 3682b708 36837315 36837315 368373bd 36837315 .s.6.s.6.s.6.s.6 I/DEBUG ( 126): 3682b718 3683683d 368368bd 36836909 59d09a99 =h.6.h.6.i.6...Y I/DEBUG ( 126): I/DEBUG ( 126): memory near r9: I/DEBUG ( 126): 36808080 59d080d1 4f0080b5 00000000 00000006 ...Y...O........ I/DEBUG ( 126): 36808090 59d080d1 4f008081 4f0080a9 0000000a ...Y...O...O.... I/DEBUG ( 126): 368080a0 59d080d1 4f0080c5 fffffffe 00000004 ...Y...O........ I/DEBUG ( 126): 368080b0 59d080d1 4f0080d5 00000002 00000002 ...Y...O........ I/DEBUG ( 126): 368080c0 59d080d1 4f0080e5 00000000 00000000 ...Y...O........ I/DEBUG ( 126): I/DEBUG ( 126): memory near sl: I/DEBUG ( 126): 01a3d014 00000013 01a43ce0 00000000 00000000 .....<.......... I/DEBUG ( 126): 01a3d024 0000634b 00000001 00000000 01a3d028 Kc..........(... I/DEBUG ( 126): 01a3d034 59d08081 59d08171 59d08199 59d081c1 ...Yq..Y...Y...Y I/DEBUG ( 126): 01a3d044 26d05c38 36808091 368080a1 36808081 8.&...6...6...6 I/DEBUG ( 126): 01a3d054 368080b1 368080c1 59d081e9 59d08211 ...6...6...Y...Y I/DEBUG ( 126): I/DEBUG ( 126): memory near fp: I/DEBUG ( 126): bea70844 00000000 5d452d19 5d434a99 36808091 .....-E].JC]...6 I/DEBUG ( 126): bea70854 01a3d028 00000003 40508b64 bea7087c (.......d.P@|... I/DEBUG ( 126): bea70864 40508c28 bea7087c 01a3d028 00000003 (.P@|...(....... I/DEBUG ( 126): bea70874 bea708b8 bea70894 40508be4 3910a35c ..........P@..9 I/DEBUG ( 126): bea70884 01a3d028 00000003 bea708b8 bea708a8 (............... I/DEBUG ( 126): I/DEBUG ( 126): memory near ip: I/DEBUG ( 126): 40b79de0 4099ed09 00000000 00000000 00000000 ...@............ I/DEBUG ( 126): 40b79df0 40046e75 40046f8d 4003616c 4003eedc un.@.o.@la.@...@ I/DEBUG ( 126): 40b79e00 4003ed25 4003ed39 40036278 400a59a0 %..@9..@xb.@.Y.@ I/DEBUG ( 126): 40b79e10 400ad6c0 400a9150 400adb00 400a52c8 ...@P..@...@.R.@ I/DEBUG ( 126): 40b79e20 4009ee80 400abdd4 4005263d 400a8d38 ...@...@=&.@8..@ I/DEBUG ( 126): I/DEBUG ( 126): memory near sp: I/DEBUG ( 126): bea70710 bea7072c 00000000 c0000000 0000000c ,............... I/DEBUG ( 126): bea70720 00000000 00000000 df0027ad 00000000 .........'...... I/DEBUG ( 126): bea70730 40ba944c 3682b6f9 368080a1 01a3d034 L..@...6...64... I/DEBUG ( 126): bea70740 bea70864 40b7e554 0000000c 00000000 d...T..@........ I/DEBUG ( 126): bea70750 3778f938 3682b6f9 368080a1 01a3d034 8.x7...6...64... I/DEBUG ( 126): I/DEBUG ( 126): code around pc: I/DEBUG ( 126): 4003bde0 447f08e2 fa36683e 079df302 f003d042 ...D>h6.....B... I/DEBUG ( 126): 4003bdf0 37240001 0401f080 eb0718a6 68bd07c6 ..$7...........h I/DEBUG ( 126): 4003be00 68e368ac d00842ab 0b94f8df f8df462a .h.h.B......*F.. I/DEBUG ( 126): 4003be10 44781b94 f7ff4479 42a7fc83 f8dfd10c ..xDyD.....B.... I/DEBUG ( 126): 4003be20 2001cb88 fa1044fc f8dcf206 ea233000 ... .D.......0#. I/DEBUG ( 126): I/DEBUG ( 126): code around lr: I/DEBUG ( 126): 4003bda0 b930fd21 2becf8df f8d2447a 078b11b4 !.0....+zD...... I/DEBUG ( 126): 4003bdb0 f8dfd50a 447d5be4 70dcf505 f7fe2500 .....[}D...p.%.. I/DEBUG ( 126): 4003bdc0 2800e958 8249f041 f2002cf4 2c0a823f X..(A.I..,..?.., I/DEBUG ( 126): 4003bdd0 340bd903 0407f024 2410e000 7bbcf8df ...4$......$...{ I/DEBUG ( 126): 4003bde0 447f08e2 fa36683e 079df302 f003d042 ...D>h6.....B... D/KlaatuPhone( 323): <<< Unsolicited message=UNSOL_SIGNAL_STRENGTH [1009] D/KlaatuPhone( 323): Signal strength changed 4 D/KlaatuPhone( 323): <<< Unsolicited message=UNSOL_SIGNAL_STRENGTH [1009] D/KlaatuPhone( 323): Signal strength changed 4 V/KlaatuWifi( 322): ....Start processing message CMD_RSSI_POLL (17) in state Driver_Loaded V/KlaatuWifi( 322): .....Command: SIGNAL_POLL D/KlaatuPhone( 323): <<< Unsolicited message=UNSOL_SIGNAL_STRENGTH [1009] D/KlaatuPhone( 323): Signal strength changed 4 ^C

[joshmarinacci]

And here is the tombstone.

---

Build fingerprint: 'Android/full_maguro/maguro:4.1.2/JZO54K/6:userdebug/test-keys' pid: 435, tid: 435, name: node >>> ./node <<< signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0000000c r0 00000001 r1 00000000 r2 00000002 r3 00000001 r4 00000000 r5 011f5780 r6 00000002 r7 40218514 r8 44c2b6f9 r9 44c080a1 sl 01155034 fp be976864 ip 40bd5e00 sp be976730 lr 401e2dc3 pc 401e2e02 cpsr 00000030 d0 7246676e5064616f d1 000000000000006d d2 0240b03f00000046 d3 04bb320000000269 d4 ffff0221020c903f d5 023c403f04bbdaff d6 0000002126000000 d7 4040800000000000 d8 0000000000000000 d9 0000000000000000 d10 0000000000000000 d11 0000000000000000 d12 0000000000000000 d13 0000000000000000 d14 0000000000000000 d15 0000000000000000 d16 0000000000000001 d17 0000000000000000 d18 41bae02544000000 d19 0000000000000000 d20 0000000000000000 d21 0000000000000000 d22 0000000000000000 d23 0000000000000000 d24 0000000000000000 d25 0000000000000000 d26 0000000000000000 d27 0000000000000000 d28 0000000000000000 d29 0000000000000000 d30 0000000000000000 d31 0000000000000000 scr 20000010

backtrace:

00 pc 00013e02 /system/lib/libc.so (dlmalloc+117)

#01  pc 00016d2f  /system/lib/libc.so (malloc+10)
#02  pc 007a266b  /data/phonetest/libv8.so (operator new(unsigned int)+18)

stack: be9766f0 be9768ac [stack] be9766f4 00000006 be9766f8 be97670c [stack] be9766fc 404ee104 /data/phonetest/libv8.so (v8::internal::Thread::GetExistingThreadLocal(v8::internal::Thread::LocalStorageKey)+24) be976700 be97671c [stack] be976704 00000006 be976708 be976724 [stack] be97670c a105502d be976710 be97672c [stack] be976714 00000000 be976718 c0000000 be97671c 0000000c be976720 00000000 be976724 00000000 be976728 df0027ad be97672c 00000000

00 be976730 4008844c /data/phonetest/aminonative.node

     be976734  44c2b6f9
     be976738  44c080a1
     be97673c  01155034  [heap]
     be976740  be976864  [stack]
     be976744  40bda554
     be976748  0000000c
     be97674c  00000000
     be976750  2df8f920
     be976754  44c2b6f9
     be976758  44c080a1
     be97675c  01155034  [heap]
     be976760  be976864  [stack]
     be976764  401e5d31  /system/lib/libc.so (malloc+12)
#01  be976768  00000002
     be97676c  409fa66f  /data/phonetest/libv8.so (operator new(unsigned int)+22)
#02  be976770  00000002
     be976774  be9768b4  [stack]
     be976778  00010ed2  /data/phonetest/node
     be97677c  400775a1  /data/phonetest/aminonative.node (LoadPngFromFile(v8::Arguments const&)+28)
     be976780  be976854  [stack]
     be976784  40077585  /data/phonetest/aminonative.node (LoadPngFromFile(v8::Arguments const&))
     be976788  01155028  [heap]
     be97678c  0117b7cc  [heap]
     be976790  0117b7cc  [heap]
     be976794  be976700  [stack]
     be976798  be9767ac  [stack]
     be97679c  be9768b4  [stack]
     be9767a0  be976854  [stack]
     be9767a4  be9768b8  [stack]
     be9767a8  2df8f920
     be9767ac  4056babc  /data/phonetest/libv8.so

memory near r5: 011f5760 00000000 00000000 00000000 00000000 ................ 011f5770 00000000 00000000 00000000 00000000 ................ 011f5780 00000000 00000000 00000000 00000000 ................ 011f5790 00000000 00000000 00000000 00000000 ................ 011f57a0 00000000 00000000 00000000 00000000 ................

memory near r7: 402184f4 011fd638 01217fe0 00200000 58585858 8.....!... .XXXX 40218504 00000000 00000000 40218504 40218504 ..........!@..!@ 40218514 4021850c 4021850c 011f5780 011f5780 ..!@..!@.W...W.. 40218524 011edb68 011edb68 011ed8a8 011ed8a8 h...h........... 40218534 011cd588 011cd588 011f3d78 011f3d78 ........x=..x=..

memory near r8: 44c2b6d8 44c08091 3ca1f94d 3ca09445 3ca0c17d ...DM..<E..<}..< 44c2b6e8 3ca18349 44c08091 3ca23ae1 44c08091 I..<...D.:.<...D 44c2b6f8 3a808239 0000008a 44c2b815 00000000 9..:.......D.... 44c2b708 44c37315 44c37315 44c373bd 44c37315 .s.D.s.D.s.D.s.D 44c2b718 44c3683d 44c368bd 44c36909 3a809a99 =h.D.h.D.i.D...:

memory near r9: 44c08080 3a8080d1 3ca080b5 00000000 00000006 ...:...<........ 44c08090 3a8080d1 3ca08081 3ca080a9 0000000a ...:...<...<.... 44c080a0 3a8080d1 3ca080c5 fffffffe 00000004 ...:...<........ 44c080b0 3a8080d1 3ca080d5 00000002 00000002 ...:...<........ 44c080c0 3a8080d1 3ca080e5 00000000 00000000 ...:...<........

memory near sl: 01155014 00000013 0115bce0 00000000 00000000 ................ 01155024 0000634b 00000001 00000000 01155028 Kc..........(P.. 01155034 3a808081 3a808171 3a808199 3a8081c1 ...:q..:...:...: 01155044 558a5c3c 44c08091 44c080a1 44c08081 <.U...D...D...D 01155054 44c080b1 44c080c1 3a8081e9 3a808211 ...D...D...:...:

memory near fp: be976844 00000000 41c52d19 41c34a99 44c08091 .....-.A.J.A...D be976854 01155028 00000003 40564b64 be97687c (P......dKV@|h.. be976864 40564c28 be97687c 01155028 00000003 (LV@|h..(P...... be976874 be9768b8 be976894 40564be4 4c40a35c .h...h...KV@.@L be976884 01155028 00000003 be9768b8 be9768a8 (P.......h...h..

memory near ip: 40bd5de0 409fad09 00000000 00000000 00000000 ...@............ 40bd5df0 401ede75 401edf8d 401dd16c 401e5edc u..@...@l..@.^.@ 40bd5e00 401e5d25 401e5d39 401dd278 400299a0 %].@9].@x..@...@ 40bd5e10 400316c0 4002d150 40031b00 400292c8 ...@P..@...@...@ 40bd5e20 40022e80 4002fdd4 401f963d 4002cd38 ...@...@=..@8..@

memory near sp: be976710 be97672c 00000000 c0000000 0000000c ,g.............. be976720 00000000 00000000 df0027ad 00000000 .........'...... be976730 4008844c 44c2b6f9 44c080a1 01155034 L..@...D...D4P.. be976740 be976864 40bda554 0000000c 00000000 dh..T..@........ be976750 2df8f920 44c2b6f9 44c080a1 01155034 ..-...D...D4P..

code around pc: 401e2de0 447f08e2 fa36683e 079df302 f003d042 ...D>h6.....B... 401e2df0 37240001 0401f080 eb0718a6 68bd07c6 ..$7...........h 401e2e00 68e368ac d00842ab 0b94f8df f8df462a .h.h.B......*F.. 401e2e10 44781b94 f7ff4479 42a7fc83 f8dfd10c ..xDyD.....B.... 401e2e20 2001cb88 fa1044fc f8dcf206 ea233000 ... .D.......0#.

code around lr: 401e2da0 b930fd21 2becf8df f8d2447a 078b11b4 !.0....+zD...... 401e2db0 f8dfd50a 447d5be4 70dcf505 f7fe2500 .....[}D...p.%.. 401e2dc0 2800e958 8249f041 f2002cf4 2c0a823f X..(A.I..,..?.., 401e2dd0 340bd903 0407f024 2410e000 7bbcf8df ...4$......$...{ 401e2de0 447f08e2 fa36683e 079df302 f003d042 ...D>h6.....B... --------- tail end of log /dev/log/main 05-23 18:58:20.093 435 435 D libEGL : loaded /vendor/lib/egl/libEGL_POWERVR_SGX540_120.so 05-23 18:58:20.101 435 435 D libEGL : loaded /vendor/lib/egl/libGLESv1_CM_POWERVR_SGX540_120.so 05-23 18:58:20.101 435 435 D libEGL : loaded /vendor/lib/egl/libGLESv2_POWERVR_SGX540_120.so 05-23 18:58:20.296 435 435 F libc : Fatal signal 11 (SIGSEGV) at 0x0000000c (code=1), thread 435 (node)

---

pid: 435, tid: 436, name: SignalSender r0 0117b78c r1 00000080 r2 fffffffe r3 00000000 r4 0117b78c r5 00000000 r6 fffffffe r7 000000f0 r8 409f76c0 r9 00010000 sl 0117b578 fp 40c05e94 ip 40bd5fcc sp 40c05e68 lr 401f8131 pc 401dcc70 cpsr 60000010 d0 00002000000001ac d1 0000000000000000 d2 0000000000000000 d3 0000000000000000 d4 deadbeefdeadbeef d5 deadbeefdeadbeef d6 e340006be30b0f0c d7 e3a00000e52d0004 d8 0000000000000000 d9 0000000000000000 d10 0000000000000000 d11 0000000000000000 d12 0000000000000000 d13 0000000000000000 d14 0000000000000000 d15 0000000000000000 d16 41b2be23d13851ec d17 3f50624dd2f1a9fc d18 41bae02544000000 d19 0000000000000000 d20 0000000000000000 d21 0000000000000000 d22 0000000000000000 d23 0000000000000000 d24 0000000000000000 d25 0000000000000000 d26 0000000000000000 d27 0000000000000000 d28 0000000000000000 d29 0000000000000000 d30 0000000000000000 d31 0000000000000000 scr 00000010

backtrace:

00 pc 0000dc70 /system/lib/libc.so (__futex_syscall3+8)

#01  pc 0002912d  /system/lib/libc.so (sem_wait+48)
#02  pc 0079ff90  /data/phonetest/libv8.so (v8::internal::LinuxSemaphore::Wait()+36)
#03  pc 0059fcd0  /data/phonetest/libv8.so (v8::internal::RuntimeProfiler::WaitForSomeIsolateToEnterJS()+156)
#04  pc 007a0a10  /data/phonetest/libv8.so (v8::internal::SignalSender::Run()+120)
#05  pc 0079f77c  /data/phonetest/libv8.so
#06  pc 00012bb0  /system/lib/libc.so (__thread_entry+48)
#07  pc 00012308  /system/lib/libc.so (pthread_create+172)

stack: 40c05e28 40c05e44 40c05e2c 4055d760 /data/phonetest/libv8.so (v8::internal::AcquireLoad(int const volatile)+32) 40c05e30 407f80cc /data/phonetest/libv8.so (v8::internal::LazyInstanceImpl<v8::internal::Semaphore, v8::internal::DynamicallyAllocatedInstanceTrait, v8::internal::CreateSemaphoreTrait<0>, v8::internal::ThreadSafeInitOnceTrait, v8::internal::LeakyInstanceTraitv8::internal::Semaphore >::InitInstance(v8::internal::Semaphore)) 40c05e34 40bda3e4 40c05e38 0115bcc4 [heap] 40c05e3c 00000002 40c05e40 40c05e5c 40c05e44 4066db7c /data/phonetest/libv8.so (void v8::internal::CallOnce(int, v8::internal::OneArgFunction<void*>::type, void)+32) 40c05e48 00000001 40c05e4c 40bda3e8 40c05e50 407f80cc /data/phonetest/libv8.so (v8::internal::LazyInstanceImpl<v8::internal::Semaphore, v8::internal::DynamicallyAllocatedInstanceTrait, v8::internal::CreateSemaphoreTrait<0>, v8::internal::ThreadSafeInitOnceTrait, v8::internal::LeakyInstanceTraitv8::internal::Semaphore >::InitInstance(v8::internal::Semaphore)) 40c05e54 40bda3e4 40c05e58 40c05e74 40c05e5c 4066b4ac /data/phonetest/libv8.so (void v8::internal::ThreadSafeInitOnceTrait::Init<void ()(void), void>(int, void ()(void), void_)+40) 40c05e60 0117b78c [heap] 40c05e64 00000000

00 40c05e68 0117b78c [heap]

     40c05e6c  00000078
#01  40c05e70  40bd5de4  /data/phonetest/libv8.so
     40c05e74  409f76c0  /data/phonetest/libv8.so
     40c05e78  0117b578  [heap]
     40c05e7c  409f7f94  /data/phonetest/libv8.so (v8::internal::LinuxSemaphore::Wait()+40)
#02  40c05e80  40c05e94
     40c05e84  0117b788  [heap]
     40c05e88  40bd5de4  /data/phonetest/libv8.so
     40c05e8c  40bda3e4
     40c05e90  40c05ea4
     40c05e94  407f7cd4  /data/phonetest/libv8.so (v8::internal::RuntimeProfiler::WaitForSomeIsolateToEnterJS()+160)
#03  40c05e98  00000000
     40c05e9c  00000000
     40c05ea0  40c05ec4
     40c05ea4  409f8a14  /data/phonetest/libv8.so (v8::internal::SignalSender::Run()+124)
#04  40c05ea8  00000000
     40c05eac  0117b578  [heap]
     40c05eb0  00000000
     40c05eb4  00000001
     40c05eb8  40c05f00
     40c05ebc  0117b738  [heap]
     40c05ec0  40c05eec
     40c05ec4  409f7780  /data/phonetest/libv8.so
#05  40c05ec8  00000000
     40c05ecc  00000000
     40c05ed0  00000000
     40c05ed4  0117b578  [heap]
     40c05ed8  0117b578  [heap]
     40c05edc  0117b578  [heap]
     40c05ee0  409f76c0  /data/phonetest/libv8.so
     40c05ee4  40c05f00
     40c05ee8  00000001
     40c05eec  401e1bb4  /system/lib/libc.so (__thread_entry+52)
#06  40c05ef0  0117b748  [heap]
     40c05ef4  40c05f00
     40c05ef8  be976a78  [stack]
     40c05efc  401e130c  /system/lib/libc.so (pthread_create+176)
#07  40c05f00  40c05f00
     40c05f04  0117b748  [heap]
     40c05f08  00000000
     40c05f0c  00000000
     40c05f10  00000000
     40c05f14  00000000
     40c05f18  00000000
     40c05f1c  00000000
     40c05f20  00000000
     40c05f24  00000000
     40c05f28  00000000
     40c05f2c  00000000
     40c05f30  00000000
     40c05f34  00000000
     40c05f38  00000000
     40c05f3c  00000000

---

pid: 435, tid: 437, name: v8:SweeperThrea r0 0117c92c r1 00000080 r2 fffffffe r3 00000000 r4 0117c92c r5 00000000 r6 fffffffe r7 000000f0 r8 409f76c0 r9 00010000 sl 0117c7b8 fp 40c3eeac ip 40bd5fcc sp 40c3ee80 lr 401f8131 pc 401dcc70 cpsr 60000010 d0 706d6172546572b0 d1 757453656e696cb7 d2 e1a01101e8bd4817 d3 e12fff1ee08dd001 d4 1ddd5b2a1ddd4b28 d5 1ddd7b2e1ddd6b2c d6 1ddd9b321ddd8b30 d7 1dddbb361dddab34 d8 0000000000000000 d9 0000000000000000 d10 0000000000000000 d11 0000000000000000 d12 0000000000000000 d13 0000000000000000 d14 0000000000000000 d15 0000000000000000 d16 41b2be23d13851ec d17 3f50624dd2f1a9fc d18 41bae02544000000 d19 0000000000000000 d20 0000000000000000 d21 0000000000000000 d22 0000000000000000 d23 0000000000000000 d24 0000000000000000 d25 0000000000000000 d26 0000000000000000 d27 0000000000000000 d28 0000000000000000 d29 0000000000000000 d30 0000000000000000 d31 0000000000000000 scr 00000010

backtrace:

00 pc 0000dc70 /system/lib/libc.so (__futex_syscall3+8)

#01  pc 0002912d  /system/lib/libc.so (sem_wait+48)
#02  pc 0079ff90  /data/phonetest/libv8.so (v8::internal::LinuxSemaphore::Wait()+36)
#03  pc 00688b74  /data/phonetest/libv8.so (v8::internal::SweeperThread::Run()+68)
#04  pc 0079f77c  /data/phonetest/libv8.so
#05  pc 00012bb0  /system/lib/libc.so (__thread_entry+48)
#06  pc 00012308  /system/lib/libc.so (pthread_create+172)

stack: 40c3ee40 00000000 40c3ee44 00000000 40c3ee48 00000000 40c3ee4c 00000000 40c3ee50 00000004 40c3ee54 00000007 40c3ee58 409f76c0 /data/phonetest/libv8.so 40c3ee5c 0117c7b8 [heap] 40c3ee60 00000007 40c3ee64 401e206c /system/lib/libc.so (pthread_setspecific+152) 40c3ee68 00000000 40c3ee6c 00000000 40c3ee70 00000000 40c3ee74 40bd5de4 /data/phonetest/libv8.so 40c3ee78 0117c92c [heap] 40c3ee7c 00000000

00 40c3ee80 0117c92c [heap]

     40c3ee84  00000078
#01  40c3ee88  0117c918  [heap]
     40c3ee8c  409f76c0  /data/phonetest/libv8.so
     40c3ee90  0117c7b8  [heap]
     40c3ee94  409f7f94  /data/phonetest/libv8.so (v8::internal::LinuxSemaphore::Wait()+40)
#02  40c3ee98  00000000
     40c3ee9c  0117c928  [heap]
     40c3eea0  00000000
     40c3eea4  0117c918  [heap]
     40c3eea8  40c3eec4
     40c3eeac  408e0b78  /data/phonetest/libv8.so (v8::internal::SweeperThread::Run()+72)
#03  40c3eeb0  00000000
     40c3eeb4  0117c7b8  [heap]
     40c3eeb8  40c3ef00
     40c3eebc  0117c918  [heap]
     40c3eec0  40c3eeec
     40c3eec4  409f7780  /data/phonetest/libv8.so
#04  40c3eec8  00000000
     40c3eecc  00000000
     40c3eed0  00000000
     40c3eed4  0117c7b8  [heap]
     40c3eed8  0117c7b8  [heap]
     40c3eedc  0117c7b8  [heap]
     40c3eee0  409f76c0  /data/phonetest/libv8.so
     40c3eee4  40c3ef00
     40c3eee8  00000001
     40c3eeec  401e1bb4  /system/lib/libc.so (__thread_entry+52)
#05  40c3eef0  0117ca58  [heap]
     40c3eef4  40c3ef00
     40c3eef8  be976ad8  [stack]
     40c3eefc  401e130c  /system/lib/libc.so (pthread_create+176)
#06  40c3ef00  40c3ef00
     40c3ef04  0117ca58  [heap]
     40c3ef08  00000000
     40c3ef0c  00000000
     40c3ef10  00000000
     40c3ef14  01155028  [heap]
     40c3ef18  00000000
     40c3ef1c  00000000
     40c3ef20  00000000
     40c3ef24  00000000
     40c3ef28  00000000
     40c3ef2c  00000000
     40c3ef30  00000000
     40c3ef34  00000000
     40c3ef38  00000000
     40c3ef3c  00000000

---

pid: 435, tid: 438, name: v8:SweeperThrea r0 0117cc0c r1 00000080 r2 fffffffe r3 00000000 r4 0117cc0c r5 00000000 r6 fffffffe r7 000000f0 r8 409f76c0 r9 00010000 sl 0117ca98 fp 40ca2eac ip 40bd5fcc sp 40ca2e80 lr 401f8131 pc 401dcc70 cpsr 60000010 d0 706d6172546572b0 d1 757453656e696cb7 d2 e1a01101e8bd4817 d3 e12fff1ee08dd001 d4 1ddd5b2a1ddd4b28 d5 1ddd7b2e1ddd6b2c d6 1ddd9b321ddd8b30 d7 1dddbb361dddab34 d8 0000000000000000 d9 0000000000000000 d10 0000000000000000 d11 0000000000000000 d12 0000000000000000 d13 0000000000000000 d14 0000000000000000 d15 0000000000000000 d16 41b2be23d13851ec d17 3f50624dd2f1a9fc d18 41bae02544000000 d19 0000000000000000 d20 0000000000000000 d21 0000000000000000 d22 0000000000000000 d23 0000000000000000 d24 0000000000000000 d25 0000000000000000 d26 0000000000000000 d27 0000000000000000 d28 0000000000000000 d29 0000000000000000 d30 0000000000000000 d31 0000000000000000 scr 00000010

backtrace:

00 pc 0000dc70 /system/lib/libc.so (__futex_syscall3+8)

#01  pc 0002912d  /system/lib/libc.so (sem_wait+48)
#02  pc 0079ff90  /data/phonetest/libv8.so (v8::internal::LinuxSemaphore::Wait()+36)
#03  pc 00688b74  /data/phonetest/libv8.so (v8::internal::SweeperThread::Run()+68)
#04  pc 0079f77c  /data/phonetest/libv8.so
#05  pc 00012bb0  /system/lib/libc.so (__thread_entry+48)
#06  pc 00012308  /system/lib/libc.so (pthread_create+172)

stack: 40ca2e40 00000000 40ca2e44 00000000 40ca2e48 00000000 40ca2e4c 00000000 40ca2e50 00000004 40ca2e54 00000007 40ca2e58 409f76c0 /data/phonetest/libv8.so 40ca2e5c 0117ca98 [heap] 40ca2e60 00000007 40ca2e64 401e206c /system/lib/libc.so (pthread_setspecific+152) 40ca2e68 00000000 40ca2e6c 00000000 40ca2e70 00000000 40ca2e74 40bd5de4 /data/phonetest/libv8.so 40ca2e78 0117cc0c [heap] 40ca2e7c 00000000

00 40ca2e80 0117cc0c [heap]

     40ca2e84  00000078
#01  40ca2e88  0117cbf8  [heap]
     40ca2e8c  409f76c0  /data/phonetest/libv8.so
     40ca2e90  0117ca98  [heap]
     40ca2e94  409f7f94  /data/phonetest/libv8.so (v8::internal::LinuxSemaphore::Wait()+40)
#02  40ca2e98  00000000
     40ca2e9c  0117cc08  [heap]
     40ca2ea0  00000000
     40ca2ea4  0117cbf8  [heap]
     40ca2ea8  40ca2ec4
     40ca2eac  408e0b78  /data/phonetest/libv8.so (v8::internal::SweeperThread::Run()+72)
#03  40ca2eb0  00000000
     40ca2eb4  0117ca98  [heap]
     40ca2eb8  40ca2f00
     40ca2ebc  0117cbf8  [heap]
     40ca2ec0  40ca2eec
     40ca2ec4  409f7780  /data/phonetest/libv8.so
#04  40ca2ec8  00000000
     40ca2ecc  00000000
     40ca2ed0  00000000
     40ca2ed4  0117ca98  [heap]
     40ca2ed8  0117ca98  [heap]
     40ca2edc  0117ca98  [heap]
     40ca2ee0  409f76c0  /data/phonetest/libv8.so
     40ca2ee4  40ca2f00
     40ca2ee8  00000001
     40ca2eec  401e1bb4  /system/lib/libc.so (__thread_entry+52)
#05  40ca2ef0  0117cd38  [heap]
     40ca2ef4  40ca2f00
     40ca2ef8  be976ad8  [stack]
     40ca2efc  401e130c  /system/lib/libc.so (pthread_create+176)
#06  40ca2f00  40ca2f00
     40ca2f04  0117cd38  [heap]
     40ca2f08  00000000
     40ca2f0c  00000000
     40ca2f10  00000000
     40ca2f14  01155028  [heap]
     40ca2f18  00000000
     40ca2f1c  00000000
     40ca2f20  00000000
     40ca2f24  00000000
     40ca2f28  00000000
     40ca2f2c  00000000
     40ca2f30  00000000
     40ca2f34  00000000
     40ca2f38  00000000
     40ca2f3c  00000000

---

pid: 435, tid: 441, name: node r0 fffffffc r1 43f9feb0 r2 00000001 r3 00000000 r4 0001831a r5 43f9fec8 r6 40c259bc r7 000000a2 r8 400e5ed5 r9 00100000 sl 011af518 fp 00000001 ip 40c25e7c sp 43f9fea8 lr 401e909d pc 401dc2f0 cpsr 60000010 d0 0f00040400010000 d1 0100000304050000 d2 0000006e6f697463 d3 0000010000030316 d4 0000ffff10100001 d5 00726f6c6f635f76 d6 0100000305050000 d7 0f00040000010000 d8 0000000000000000 d9 0000000000000000 d10 0000000000000000 d11 0000000000000000 d12 0000000000000000 d13 0000000000000000 d14 0000000000000000 d15 0000000000000000 d16 0000000000000001 d17 0000000000000000 d18 41bae02544000000 d19 0000000000000000 d20 0000000000000000 d21 0000000000000000 d22 0000000000000000 d23 0000000000000000 d24 0000000000000000 d25 0000000000000000 d26 0000000000000000 d27 0000000000000000 d28 0000000000000000 d29 0000000000000000 d30 0000000000000000 d31 0000000000000000 scr 20000010

backtrace:

00 pc 0000d2f0 /system/lib/libc.so (nanosleep+12)

#01  pc 0001a099  /system/lib/libc.so (sleep+20)
#02  pc 00009dd3  /system/lib/libEGL.so
#03  pc 00010f47  /system/lib/libutils.so (android::Thread::_threadLoop(void*)+114)
#04  pc 00012bb0  /system/lib/libc.so (__thread_entry+48)
#05  pc 00012308  /system/lib/libc.so (pthread_create+172)

stack: 43f9fe68 00000000 43f9fe6c 00000000 43f9fe70 00000000 43f9fe74 00000000 43f9fe78 00000000 43f9fe7c 00000000 43f9fe80 00000000 43f9fe84 00000000 43f9fe88 00000000 43f9fe8c 00000000 43f9fe90 00000000 43f9fe94 00000000 43f9fe98 00000000 43f9fe9c 00000000 43f9fea0 400e1de1 /system/lib/libutils.so (android::BlobCache::getFdCount() const) 43f9fea4 011af524 [heap]

00 43f9fea8 0001831a /data/phonetest/node

     43f9feac  40c259bc  /system/lib/libEGL.so
#01  43f9feb0  00000003
     43f9feb4  316cc7b6
     43f9feb8  00000001
     43f9febc  40c0fdd7  /system/lib/libEGL.so
#02  43f9fec0  011af518  [heap]
     43f9fec4  400e5f49  /system/lib/libutils.so (android::Thread::_threadLoop(void_)+116)
#03  43f9fec8  011af518  [heap]
     43f9fecc  00000000
     43f9fed0  011af518  [heap]
     43f9fed4  011af5f0  [heap]
     43f9fed8  011af518  [heap]
     43f9fedc  43f9ff00
     43f9fee0  400e5ed5  /system/lib/libutils.so (android::Thread::_threadLoop(void_))
     43f9fee4  011af518  [heap]
     43f9fee8  00000078
     43f9feec  401e1bb4  /system/lib/libc.so (__thread_entry+52)
#04  43f9fef0  011af608  [heap]
     43f9fef4  43f9ff00
     43f9fef8  be9762c8  [stack]
     43f9fefc  401e130c  /system/lib/libc.so (pthread_create+176)
#05  43f9ff00  43f9ff00
     43f9ff04  011af608  [heap]
     43f9ff08  00000000
     43f9ff0c  00000000
     43f9ff10  00000000
     43f9ff14  00000000
     43f9ff18  00000000
     43f9ff1c  00000000
     43f9ff20  00000000
     43f9ff24  00000000
     43f9ff28  00000000
     43f9ff2c  00000000
     43f9ff30  00000000
     43f9ff34  00000000
     43f9ff38  00000000
     43f9ff3c  00000000

--------- log /dev/log/main 05-23 18:58:20.093 435 435 D libEGL : loaded /vendor/lib/egl/libEGL_POWERVR_SGX540_120.so 05-23 18:58:20.101 435 435 D libEGL : loaded /vendor/lib/egl/libGLESv1_CM_POWERVR_SGX540_120.so 05-23 18:58:20.101 435 435 D libEGL : loaded /vendor/lib/egl/libGLESv2_POWERVR_SGX540_120.so 05-23 18:58:20.296 435 435 F libc : Fatal signal 11 (SIGSEGV) at 0x0000000c (code=1), thread 435 (node)

[paddybyers]

Thanks. Nothing really obvious there. Can I reproduce this?

[joshmarinacci]

It should be 100% reproducible. I've created a branch of my project with the smallest code that can reproduce it.

https://github.com/joshmarinacci/aminolang/tree/segfault2

Make a /data/phonetest directory on your android device, check out the source, then run 'node build androidtest'. It will copy all of the needed files to your device. Then adb shell, cd data/phonetest, run ./runit.sh to run the app. The only interesting code is in src/node/klaatu.cpp.

Essentially this code opens a GL surface, compiles a shader, allocates some memory, then swaps the buffer. Removing the shader compile or changing the amount of memory allocced will avoid the segfault or move it to a different time. It's rather non-deterministic, though it's 100% reproducible. Very strange.

[joshmarinacci]

Note, I've included a precompiled native module, aminonative.node. If you want to recompile the native code you'll need to have an AOSP full OS build to do it.

[joshmarinacci]

Continuing to work on this. I've reduced it to some C++ code without node hooks. I have a function called TestNative which opens a screen, loads an image, loads a shader, and draws some rects. If I call this function from node it crashes. If I call it as a regular C commandline program it's fine. Definitely something wonky with node.

[paddybyers]

Can you write a standalone c program that loads your .node shared library using dlopen and calls your code that way? I'm wondering if there is some linkage/storage problem that shows up because your code is in a shared library - ie there's some global variable for example that needs to be in shared library statics.