Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

null pointer dereference #611

Closed
yunzhou2021 opened this issue Dec 30, 2020 · 1 comment
Closed

null pointer dereference #611

yunzhou2021 opened this issue Dec 30, 2020 · 1 comment

Comments

@yunzhou2021
Copy link

The language of MMKV

Java

The version of MMKV

v1.2.5

The platform of MMKV

Android

The installation of MMKV

maven
api "com.tencent:mmkv:1.2.5"

What's the issue?

Cause: null pointer dereference

Only found online,and all the stack is the same:

********** Crash dump: **********
pid: 6856, tid: 6882, name: Binder:6856_2 >>> com.xxxxx.xxxxx <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x8
Stack frame #00 pc 000000000000dcb0 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/lib/arm64/libmmkv.so (BuildId: ce0eab6e02d8e9d9fa536d15a612a6d3b902acca): Routine std::__ndk1::basic_string<char, std::__ndk1::char_traits, std::__ndk1::allocator >::__get_pointer() const at /Users/lingol/Library/Android/sdk/android-ndk-r16b/sources/cxx-stl/llvm-libc++/include/string:1313
Stack frame #1 pc 0000000000008ad0 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/lib/arm64/libmmkv.so (BuildId: ce0eab6e02d8e9d9fa536d15a612a6d3b902acca): Routine std::__ndk1::__allocate(unsigned long) at /Users/lingol/Library/Android/sdk/android-ndk-r16b/sources/cxx-stl/llvm-libc++/include/new:226
Stack frame #2 pc 0000000000004634 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/lib/arm64/libmmkv.so (BuildId: ce0eab6e02d8e9d9fa536d15a612a6d3b902acca): Routine _JNIEnv::FindClass(char const*) at /Users/lingol/Library/Android/sdk/android-ndk-r16b/sysroot/usr/include/jni.h:505
Stack frame #3 pc 000000000008cd5c /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/oat/arm64/base.odex (art_jni_trampoline+236)
Stack frame #4 pc 00000000001375b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #5 pc 0000000000169ecc /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+276) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #6 pc 00000000003084f8 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+384) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #7 pc 0000000000303758 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+892) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #8 pc 00000000005a5894 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+372) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #9 pc 0000000000131994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #10 pc 00000000009a1624 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/oat/arm64/base.vdex (com.tencent.mmkv.MMKV.a+8)
Stack frame #11 pc 00000000005a5b30 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1040) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #12 pc 0000000000131994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #13 pc 000000000156b170 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/oat/arm64/base.vdex (org.hapjs.features.storage.data.a.c.a+48)
Stack frame #14 pc 00000000005a538c /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1100) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #15 pc 0000000000131914 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+20) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #16 pc 000000000156b20c /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/oat/arm64/base.vdex (org.hapjs.features.storage.data.a.c.a+4)
Stack frame #17 pc 00000000005a48a0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1788) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #18 pc 0000000000131a14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #19 pc 000000000156ada0 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/oat/arm64/base.vdex (org.hapjs.features.storage.data.a.b.a+4)
Stack frame #20 pc 00000000005a48a0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1788) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #21 pc 0000000000131a14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #22 pc 000000000156ac10 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/oat/arm64/base.vdex (org.hapjs.features.storage.data.StorageProvider.a+444)
Stack frame #23 pc 00000000005a91d0 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtualQuick+1292) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #24 pc 0000000000135594 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual_quick+20) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #25 pc 0000000001197962 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/oat/arm64/base.vdex (org.hapjs.AbstractContentProvider.call+6)
Stack frame #26 pc 00000000002d980c /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.14261606595316987954+240) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #27 pc 000000000059448c /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1032) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #28 pc 0000000000140468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #29 pc 000000000066c16c /system/framework/arm64/boot-framework.oat (android.content.ContentProvider.call+76) (BuildId: 70865fc4f8559611d85387540ed168c8632a3d20)
Stack frame #30 pc 00000000006d97c8 /system/framework/arm64/boot-framework.oat (android.content.ContentProvider$Transport.call+376) (BuildId: 70865fc4f8559611d85387540ed168c8632a3d20)
Stack frame #31 pc 000000000066e810 /system/framework/arm64/boot-framework.oat (android.content.ContentProviderNative.onTransact+2144) (BuildId: 70865fc4f8559611d85387540ed168c8632a3d20)
Stack frame #32 pc 000000000086247c /system/framework/arm64/boot-framework.oat (android.os.Binder.execTransactInternal+748) (BuildId: 70865fc4f8559611d85387540ed168c8632a3d20)
Stack frame #33 pc 0000000000862068 /system/framework/arm64/boot-framework.oat (android.os.Binder.execTransact+296) (BuildId: 70865fc4f8559611d85387540ed168c8632a3d20)
Stack frame #34 pc 0000000000137334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #35 pc 0000000000169eac /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+244) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #36 pc 00000000004b2f24 /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #37 pc 00000000004b4370 /apex/com.android.runtime/lib64/libart.so (art::InvokeVirtualOrInterfaceWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #38 pc 000000000038ea28 /apex/com.android.runtime/lib64/libart.so (art::JNI::CallBooleanMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+628) (BuildId: 8ed768e43c974dcae04214f65beb495e)
Stack frame #39 pc 00000000000d34a8 /system/lib64/libandroid_runtime.so (_JNIEnv::CallBooleanMethod(_jobject*, _jmethodID*, ...)+116) (BuildId: d1a235526adc30d869f647eb9bac582f)
Stack frame #40 pc 000000000014d660 /system/lib64/libandroid_runtime.so (JavaBBinder::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+156) (BuildId: d1a235526adc30d869f647eb9bac582f)
Stack frame #41 pc 000000000004c788 /system/lib64/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+136) (BuildId: 8a6282865ca182fb3eb8c4108e1d680c)
Stack frame #42 pc 0000000000059694 /system/lib64/libbinder.so (android::IPCThreadState::executeCommand(int)+992) (BuildId: 8a6282865ca182fb3eb8c4108e1d680c)
Stack frame #43 pc 0000000000059200 /system/lib64/libbinder.so (android::IPCThreadState::getAndExecuteCommand()+156) (BuildId: 8a6282865ca182fb3eb8c4108e1d680c)
Stack frame #44 pc 0000000000059980 /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+108) (BuildId: 8a6282865ca182fb3eb8c4108e1d680c)
Stack frame #45 pc 000000000007fe1c /system/lib64/libbinder.so (android::PoolThread::threadLoop()+24) (BuildId: 8a6282865ca182fb3eb8c4108e1d680c)
Stack frame #46 pc 00000000000135f4 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+328) (BuildId: f7c8a354465b908ebfc4497b6d157cac)
Stack frame #47 pc 00000000000c2754 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+140) (BuildId: d1a235526adc30d869f647eb9bac582f)
Stack frame #48 pc 00000000000d6eb0 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) (BuildId: 6aaa192fa70426ea767b3bcf55b19a30)
Stack frame #49 pc 0000000000075314 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 6aaa192fa70426ea767b3bcf55b19a30)

What's the log of MMKV when that happened?

found no mmkv log , i will provide the files that we got.

we use to found the same issue in 1.0.23 , and when we upgrade to 1.2.5, it still happen。

It about 12 crashs in one million people per day.

stack_dump.txt
[system_app_native_crash@2020-12-20-01-00-25-385.txt]

(https://github.com/Tencent/MMKV/files/5753794/system_app_native_crash%402020-12-20-01-00-25-385.txt)
[SYSTEM_TOMBSTONE@2020-12-20-01-00-42-350.txt]

(https://github.com/Tencent/MMKV/files/5753795/SYSTEM_TOMBSTONE%402020-12-20-01-00-42-350.txt)
@lingol
Copy link
Collaborator

lingol commented Jan 4, 2021

Stack frame #1 pc 0000000000008ad0 /data/app/com.xxxxx.xxxxx-XYMZkAuHrmsPe0P1LQP9tw==/lib/arm64/libmmkv.so (BuildId: ce0eab6e02d8e9d9fa536d15a612a6d3b902acca): Routine std::__ndk1::__allocate(unsigned long) at /Users/lingol/Library/Android/sdk/android-ndk-r16b/sources/cxx-stl/llvm-libc++/include/new:226

According to your stacks, it crashed inside C++ STL's new(), aka allocating new memory. So there's nothing we can do for the moment.
Shit happens.

@lingol lingol closed this as completed Jan 4, 2021
@mrousavy mrousavy mentioned this issue Mar 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lingol @yunzhou2021