Heap corruption in art.so in 5.0

320 views
Skip to first unread message

David

unread,
May 11, 2015, 8:10:48 AM5/11/15
to android...@googlegroups.com
We are poriting Android 5.0 to our SoC. Under 4 core condition we find dex2oat causes heap corruption.

The log is like:

I/dex2oat2(  411): dex2oat2
F/libc    (  411): heap corruption detected by dlfree
F/libc    (  411): Fatal signal 6 (SIGABRT), code -6 in tid 413 (Compiler driver)
I/DEBUG   (  118): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  118): Revision: '0'
I/DEBUG   (  118): ABI: 'arm'
I/DEBUG   (  118): pid: 411, tid: 413, name: Compiler driver  >>> dex2oat2 <<<
I/DEBUG   (  118): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
I/DEBUG   (  118): Abort message: 'heap corruption detected by dlfree'
I/DEBUG   (  118):     r0 00000000  r1 0000019d  r2 00000006  r3 00000000
I/DEBUG   (  118):     r4 b342fdd8  r5 00000006  r6 0000000b  r7 0000010c
I/DEBUG   (  118):     r8 b6a79198  r9 00000000  sl 00000000  fp b354da6c
I/DEBUG   (  118):     ip 0000019d  sp b342f800  lr b6a32db1  pc b6a58e9c  cpsr 60070010
I/DEBUG   (  118): 
I/DEBUG   (  118): backtrace:
I/DEBUG   (  118):     #00 pc 0003ce9c  /system/lib/libc.so (tgkill+12)
I/DEBUG   (  118):     #01 pc 00016dad  /system/lib/libc.so (pthread_kill+52)
I/DEBUG   (  118):     #02 pc 000179a7  /system/lib/libc.so (raise+10)
I/DEBUG   (  118):     #03 pc 00014169  /system/lib/libc.so (__libc_android_abort+36)
I/DEBUG   (  118):     #04 pc 000124f0  /system/lib/libc.so (abort+4)
I/DEBUG   (  118):     #05 pc 0001549f  /system/lib/libc.so (__libc_fatal+16)
I/DEBUG   (  118):     #06 pc 00029b19  /system/lib/libc.so (__bionic_heap_corruption_error+8)
I/DEBUG   (  118):     #07 pc 0002bb8d  /system/lib/libc.so (dlfree+312)
I/DEBUG   (  118):     #08 pc 0001225b  /system/lib/libc.so (free+10)
I/DEBUG   (  118):     #09 pc 00243eb3  /system/lib/libart.so (art::verifier::MethodVerifier::~MethodVerifier()+434)
I/DEBUG   (  118):     #10 pc 0024f4c7  /system/lib/libart.so (art::verifier::MethodVerifier::VerifyMethod(unsigned int, art::DexFile const*, art::Handle<art::mirror::DexCache>, art::Handle<art::mirror::ClassLo)
I/DEBUG   (  118):     #11 pc 0024fa59  /system/lib/libart.so (art::verifier::MethodVerifier::VerifyClass(art::DexFile const*, art::Handle<art::mirror::DexCache>, art::Handle<art::mirror::ClassLoader>, art::Dex)
I/DEBUG   (  118):     #12 pc 002500a5  /system/lib/libart.so (art::verifier::MethodVerifier::VerifyClass(art::mirror::Class*, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator)
I/DEBUG   (  118):     #13 pc 000d8317  /system/lib/libart.so (art::ClassLinker::VerifyClass(art::Handle<art::mirror::Class>)+622)
I/DEBUG   (  118):     #14 pc 0013c7ff  /system/lib/libart-compiler.so
I/DEBUG   (  118):     #15 pc 00136621  /system/lib/libart-compiler.so
I/DEBUG   (  118):     #16 pc 0022fe35  /system/lib/libart.so (art::ThreadPoolWorker::Run()+36)
I/DEBUG   (  118):     #17 pc 00230685  /system/lib/libart.so (art::ThreadPoolWorker::Callback(void*)+52)
I/DEBUG   (  118):     #18 pc 0001659b  /system/lib/libc.so (__pthread_start(void*)+30)
I/DEBUG   (  118):     #19 pc 000144cb  /system/lib/libc.so (__start_thread+6)
I/DEBUG   (  118): 
I/DEBUG   (  118): Tombstone written to: /data/tombstones/tombstone_08

or 

I/dex2oat2(  402): dex2oat2
F/libc    (  402): heap corruption detected by dlmalloc_real
F/libc    (  402): Fatal signal 6 (SIGABRT), code -6 in tid 402 (main)
I/DEBUG   (  118): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  118): Revision: '0'
I/DEBUG   (  118): ABI: 'arm'
I/DEBUG   (  118): pid: 402, tid: 402, name: main  >>> dex2oat2 <<<
I/DEBUG   (  118): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
I/DEBUG   (  118): Abort message: 'heap corruption detected by dlmalloc_real'
I/DEBUG   (  118):     r0 00000000  r1 00000192  r2 00000006  r3 00000000
I/DEBUG   (  118):     r4 b6fd8e38  r5 00000006  r6 0000000b  r7 0000010c
I/DEBUG   (  118):     r8 bebbdc90  r9 b6fc0a64  sl 00000005  fp 00000005
I/DEBUG   (  118):     ip 00000192  sp bebbda40  lr b6a7bdb1  pc b6aa1e9c  cpsr 600d0010
I/DEBUG   (  118): 
I/DEBUG   (  118): backtrace:
I/DEBUG   (  118):     #00 pc 0003ce9c  /system/lib/libc.so (tgkill+12)
I/DEBUG   (  118):     #01 pc 00016dad  /system/lib/libc.so (pthread_kill+52)
I/DEBUG   (  118):     #02 pc 000179a7  /system/lib/libc.so (raise+10)
I/DEBUG   (  118):     #03 pc 00014169  /system/lib/libc.so (__libc_android_abort+36)
I/DEBUG   (  118):     #04 pc 000124f0  /system/lib/libc.so (abort+4)
I/DEBUG   (  118):     #05 pc 0001549f  /system/lib/libc.so (__libc_fatal+16)
I/DEBUG   (  118):     #06 pc 00029b19  /system/lib/libc.so (__bionic_heap_corruption_error+8)
I/DEBUG   (  118):     #07 pc 0002b31f  /system/lib/libc.so (dlmalloc_real+2942)
I/DEBUG   (  118):     #08 pc 00012287  /system/lib/libc.so (malloc+10)
I/DEBUG   (  118):     #09 pc 00049ee1  /system/lib/libc++.so (operator new(unsigned int)+16)
I/DEBUG   (  118):     #10 pc 00257e77  /system/lib/libart.so (art::verifier::RegTypeCache::FromClass(char const*, art::mirror::Class*, bool)+446)
I/DEBUG   (  118):     #11 pc 00243b91  /system/lib/libart.so (art::verifier::MethodVerifier::GetDeclaringClass()+72)
I/DEBUG   (  118):     #12 pc 00248499  /system/lib/libart.so (art::verifier::MethodVerifier::SetTypesFromSignature()+664)
I/DEBUG   (  118):     #13 pc 0024eba1  /system/lib/libart.so (art::verifier::MethodVerifier::VerifyCodeFlow()+444)
I/DEBUG   (  118):     #14 pc 0024ed9d  /system/lib/libart.so (art::verifier::MethodVerifier::Verify()+120)
I/DEBUG   (  118):     #15 pc 0024f41b  /system/lib/libart.so (art::verifier::MethodVerifier::VerifyMethod(unsigned int, art::DexFile const*, art::Handle<art::mirror::DexCache>, art::Handle<art::mirror::ClassLo)
I/DEBUG   (  118):     #16 pc 0024fcb1  /system/lib/libart.so (art::verifier::MethodVerifier::VerifyClass(art::DexFile const*, art::Handle<art::mirror::DexCache>, art::Handle<art::mirror::ClassLoader>, art::Dex)
I/DEBUG   (  118):     #17 pc 002500a5  /system/lib/libart.so (art::verifier::MethodVerifier::VerifyClass(art::mirror::Class*, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator)
I/DEBUG   (  118):     #18 pc 000d8317  /system/lib/libart.so (art::ClassLinker::VerifyClass(art::Handle<art::mirror::Class>)+622)
I/DEBUG   (  118):     #19 pc 0013c7ff  /system/lib/libart-compiler.so
I/DEBUG   (  118):     #20 pc 00136621  /system/lib/libart-compiler.so
I/DEBUG   (  118):     #21 pc 0023010d  /system/lib/libart.so (art::ThreadPool::Wait(art::Thread*, bool, bool)+168)
I/DEBUG   (  118):     #22 pc 00139d3d  /system/lib/libart-compiler.so
I/DEBUG   (  118):     #23 pc 0013a40f  /system/lib/libart-compiler.so (art::CompilerDriver::Verify(_jobject*, std::__1::vector<art::DexFile const*, std::__1::allocator<art::DexFile const*> > const&, art::Threa)
I/DEBUG   (  118):     #24 pc 0014383b  /system/lib/libart-compiler.so (art::CompilerDriver::PreCompile(_jobject*, std::__1::vector<art::DexFile const*, std::__1::allocator<art::DexFile const*> > const&, art::T)
I/DEBUG   (  118):     #25 pc 001446f1  /system/lib/libart-compiler.so (art::CompilerDriver::CompileAll(_jobject*, std::__1::vector<art::DexFile const*, std::__1::allocator<art::DexFile const*> > const&, art::T)
I/DEBUG   (  118):     #26 pc 0000a675  /system/bin/dex2oat2
I/DEBUG   (  118):     #27 pc 0000c835  /system/bin/dex2oat2
I/DEBUG   (  118):     #28 pc 000123a1  /system/lib/libc.so (__libc_init+44)
I/DEBUG   (  118):     #29 pc 000046f4  /system/bin/dex2oat2
I/DEBUG   (  118): 
I/DEBUG   (  118): Tombstone written to: /data/tombstones/tombstone_07

We try to catch this bug under valgrind or  libc.debug.malloc on. But with these debug routine on, the heap corruption is gone.
Any idea of this kind of cases?

Reply all
Reply to author
Forward
0 new messages