crash in libc from pthread_key_delete

[jonricha]

Hi Xavier, I'm using COFFEE_TRY_JNI as described in your examples with multiple threads. During some stability testing I'm seeing a crash in libc.so when coffeecatch_cleanup calls pthread_key_delete. It doesn't happen all the time and I've seen it on multiple android versions...any ideas on this one?

[xroche]

Humm, I do not see any obvious initialization/cleanup race condition (everything is mutexed). Do you have the complete stacktrace, or better, all thread's stacks during crash ?

[jonricha]

Does this help?

F/libc (22620): Fatal signal 11 (SIGSEGV) at 0x61a2ef6c (code=1)
I/DEBUG ( 107): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 107): Build fingerprint: 'Android/tate/tate:4.0.3/IML74K/7.4.6_user_4620220:user/release-keys'
I/DEBUG ( 107): pid: 22620, tid: 22697 >>> com.bla.bla <<<
I/DEBUG ( 107): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 61a2ef6c
I/DEBUG ( 107): r0 0000006c r1 00000000 r2 00000001 r3 01acd600
I/DEBUG ( 107): r4 0000001b r5 00036080 r6 08000000 r7 00000000
I/DEBUG ( 107): r8 6117ec10 r9 5da57f5c 10 00000000 fp 6117ec24
I/DEBUG ( 107): ip 61a2ef00 sp 6117ebb8 lr 400bf09c pc 400bf304 cpsr 20000010
I/DEBUG ( 107): d0 3f7ed7cf80000000 d1 3eb63fb23eb8ae84
I/DEBUG ( 107): d2 bb1a827a40315aa3 d3 46655b59466545d1
I/DEBUG ( 107): d4 000004473ad37c30 d5 3f80000033ec0d5e
I/DEBUG ( 107): d6 3f8000003f800000 d7 bf80000000000000
I/DEBUG ( 107): d8 402ce5e360000000 d9 402d4c49c0000000
I/DEBUG ( 107): d10 3fc9999800000000 d11 3eb0c6f7a0b5ed8d
I/DEBUG ( 107): d12 0000000000000000 d13 0000000000000000
I/DEBUG ( 107): d14 0000000000000000 d15 0000000000000000
I/DEBUG ( 107): d16 4079000000000000 d17 4154e8144b65b2d9
I/DEBUG ( 107): d18 4086d00000000000 d19 42747efacc250760
I/DEBUG ( 107): d20 41bed76b1e431947 d21 3fec35d2735462b5
I/DEBUG ( 107): d22 3fd8fff38f33db2e d23 3fe4e91e5af53c31
I/DEBUG ( 107): d24 3d2ad7638d80b15e d25 3d6ae7f3e733b81f
I/DEBUG ( 107): d26 3da93974a8c07c9d d27 c0012cc65cce7d4e
I/DEBUG ( 107): d28 3feb7a1829ad6568 d29 3de6124613a86d09
I/DEBUG ( 107): d30 3e21eed8eff8d898 d31 3e5ae64567f544e4
I/DEBUG ( 107): scr 60000013
I/DEBUG ( 107):
I/DEBUG ( 107): #00 pc 00012304 /system/lib/libc.so (pthread_key_delete)
I/DEBUG ( 107): #1 pc 0018c8b8 /data/data/com.bla.bla/lib/libmylib.so (coffeecatch_cleanup)
I/DEBUG ( 107): #2 pc 0010b118 /data/data/com.bla.bla/lib/libmylib.so (_Z14dosomething_protectedP7_JNIEnvP8_jobjecthPh)
I/DEBUG ( 107): #3 pc 0010b160 /data/data/com.bla.bla/lib/libmylib.so (Java_com_bla_bla_MyClass_dosomething)
I/DEBUG ( 107): #4 pc 0001ec70 /system/lib/libdvm.so (dvmPlatformInvoke)
I/DEBUG ( 107): #5 pc 00058ff0 /system/lib/libdvm.so (Z16dvmCallJNIMethodPKjP6JValuePK6MethodP6Thread)
I/DEBUG ( 107):
I/DEBUG ( 107): code around pc:
I/DEBUG ( 107): 400bf2e4 0a00000a e1a00104 e3a01000 e5932028 ............( ..
I/DEBUG ( 107): 400bf2f4 e3520000 ba000002 e593c038 e35c0000 ..R.....8......
I/DEBUG ( 107): 400bf304 178c1000 e5933000 e3530000 1afffff6 .....0....S.....
I/DEBUG ( 107): 400bf314 e59f504c e2844002 e59f0048 e3a03000 [email protected]..
I/DEBUG ( 107): 400bf324 e08fe005 e1a05003 e08e7007 e08e4104 .....P...p...A..
I/DEBUG ( 107):
I/DEBUG ( 107): code around lr:
I/DEBUG ( 107): 400bf07c e3500000 13856002 1a000001 ea000009 ..P..`..........
I/DEBUG ( 107): 400bf08c ebfffe87 e1a01004 e1a00006 ebffed3f ............?...
I/DEBUG ( 107): 400bf09c e1a01005 e1a02006 e3a03000 e1550000 ..... ...0....U.
I/DEBUG ( 107): 400bf0ac e1a00004 1afffff5 f57ff05f e3a00000 ...............
I/DEBUG ( 107): 400bf0bc e8bd87f0 e3a00016 e8bd87f0 ebfffc56 ............V...
I/DEBUG ( 107):
I/DEBUG ( 107): memory map around addr 61a2ef6c:
I/DEBUG ( 107): 615d7000-6192f000 /dev/pvrsrvkm
I/DEBUG ( 107): (no map for address)
I/DEBUG ( 107): 61a9f000-61df7000 /dev/pvrsrvkm
I/DEBUG ( 107):
I/DEBUG ( 107): stack:
I/DEBUG ( 107): 6117eb78 00000010
I/DEBUG ( 107): 6117eb7c 400f5474
I/DEBUG ( 107): 6117eb80 018ae5e8 [heap]
I/DEBUG ( 107): 6117eb84 5da57f5c
I/DEBUG ( 107): 6117eb88 01c66d58 [heap]
I/DEBUG ( 107): 6117eb8c 01affc3c [heap]
I/DEBUG ( 107): 6117eb90 400f5358
I/DEBUG ( 107): 6117eb94 00000001
I/DEBUG ( 107): 6117eb98 0000001b
I/DEBUG ( 107): 6117eb9c 00036080
I/DEBUG ( 107): 6117eba0 08000000
I/DEBUG ( 107): 6117eba4 00000000
I/DEBUG ( 107): 6117eba8 6117ec10
I/DEBUG ( 107): 6117ebac 5da57f5c
I/DEBUG ( 107): 6117ebb0 df0027ad
I/DEBUG ( 107): 6117ebb4 00000000
I/DEBUG ( 107): #00 6117ebb8 5d1b9dc4 /data/data/com.bla.bla/lib/libmylib.so
I/DEBUG ( 107): 6117ebbc 5d245240
I/DEBUG ( 107): 6117ebc0 5d25952c
I/DEBUG ( 107): 6117ebc4 00000000
I/DEBUG ( 107): 6117ebc8 6117ec10
I/DEBUG ( 107): 6117ebcc 5bff98bc /data/data/com.bla.bla/lib/libmylib.so
I/DEBUG ( 107): #1 6117ebd0 6117ec07
I/DEBUG ( 107): 6117ebd4 56f77508 /dev/ashmem/dalvik-LinearAlloc (deleted)
I/DEBUG ( 107): 6117ebd8 0136e708 [heap]
I/DEBUG ( 107): 6117ebdc 00000007
I/DEBUG ( 107): 6117ebe0 5da57f64
I/DEBUG ( 107): 6117ebe4 5bf7811c /data/data/com.bla.bla/lib/libmylib.so

[xroche]

Unfortunately no :( I'm scratching my head to understand how pthread_key_delete may fail (ie. probably pthread_key_create not called, but how ?)