
11-02 16:39:39.293: A/libc(3556): @@@ ABORTING: INVALID HEAP ADDRESS IN dlfree
11-02 16:39:39.293: A/libc(3556): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)

下面给出了完整的日志,当应用程序死亡时我在 logcat 中找到的内容:

11-02 16:39:39.293: A/libc(3556): @@@ ABORTING: INVALID HEAP ADDRESS IN dlfree
11-02 16:39:39.293: A/libc(3556): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
11-02 16:39:39.793: I/DEBUG(3257): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-02 16:39:39.793: I/DEBUG(3257): Build fingerprint: 'Polaroid/nuclear_md7008/nuclear-md7008:4.0.4/IMM76D/20120929:eng/test-keys'
11-02 16:39:39.793: I/DEBUG(3257): pid: 3556, tid: 3556  >>> com.polaroid.kidsmusic <<<
11-02 16:39:39.793: I/DEBUG(3257): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
11-02 16:39:39.793: I/DEBUG(3257):  r0 deadbaad  r1 00000001  r2 40000000  r3 00000000
11-02 16:39:39.793: I/DEBUG(3257):  r4 00000000  r5 00000027  r6 400f4db0  r7 40103474
11-02 16:39:39.793: I/DEBUG(3257):  r8 021821c0  r9 40061840  10 00000008  fp beb666e4
11-02 16:39:39.793: I/DEBUG(3257):  ip ffffffff  sp beb66538  lr 400d5f71  pc 400d26d0  cpsr 60000030
11-02 16:39:39.793: I/DEBUG(3257):  d0  000001e000000000  d1  43f00000000001e0
11-02 16:39:39.793: I/DEBUG(3257):  d2  443f000000000000  d3  4a8688c00000004a
11-02 16:39:39.793: I/DEBUG(3257):  d4  3f800000020922a8  d5  0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d6  0000000000000000  d7  0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d8  0000000000000000  d9  43f0000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d10 3fec2014384e6205  d11 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d12 0000000000000000  d13 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d14 0000000000000000  d15 0000000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d16 0000000000000001  d17 3ff0000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d18 3e56d3ae604f8858  d19 bfb0b3f66e58abf6
11-02 16:39:39.793: I/DEBUG(3257):  d20 4000000000000000  d21 3f1149926a1476f9
11-02 16:39:39.793: I/DEBUG(3257):  d22 bebba89f4215f5e0  d23 3fd5ce9e44d86000
11-02 16:39:39.793: I/DEBUG(3257):  d24 3e66376972bea4d0  d25 c014000000000000
11-02 16:39:39.793: I/DEBUG(3257):  d26 3ff5bf0a00000000  d27 bfb0b3f66e58abf8
11-02 16:39:39.793: I/DEBUG(3257):  d28 bffadb73617eb466  d29 3fd5ce9e5bac0e60
11-02 16:39:39.793: I/DEBUG(3257):  d30 3c7aa87621713b5a  d31 3e56d3ae60000000
11-02 16:39:39.793: I/DEBUG(3257):  scr 80000013
11-02 16:39:39.883: I/DEBUG(3257):          #00  pc 000176d0  /system/lib/libc.so
11-02 16:39:39.883: I/DEBUG(3257):          #01  pc 0001355a  /system/lib/libc.so
11-02 16:39:39.883: I/DEBUG(3257):          #02  pc 00015898  /system/lib/libc.so (dlfree)
11-02 16:39:39.883: I/DEBUG(3257):          #03  pc 00015f10  /system/lib/libc.so (free)
11-02 16:39:39.893: I/DEBUG(3257):          #04  pc 000009ac  /system/lib/libstdc++.so (_ZdlPvRKSt9nothrow_t)
11-02 16:39:39.893: I/DEBUG(3257):          #05  pc 0000bf94  /system/lib/libhwui.so
11-02 16:39:39.893: I/DEBUG(3257):          #06  pc 000104c0  /system/lib/libhwui.so (_ZN7android10uirenderer14OpenGLRenderer7prepareEb)
11-02 16:39:39.893: I/DEBUG(3257):          #07  pc 00055ec0  /system/lib/libandroid_runtime.so
11-02 16:39:39.893: I/DEBUG(3257):          #08  pc 0001ec30  /system/lib/libdvm.so (dvmPlatformInvoke)
11-02 16:39:39.893: I/DEBUG(3257):          #09  pc 00058c70  /system/lib/libdvm.so (_Z16dvmCallJNIMethodPKjP6JValuePK6MethodP6Thread)
11-02 16:39:39.893: I/DEBUG(3257): code around pc:
11-02 16:39:39.893: I/DEBUG(3257): 400d26b0 4623b15c 2c006824 e026d1fb b12368db  \.#F$h.,..&..h#.
11-02 16:39:39.893: I/DEBUG(3257): 400d26c0 21014a17 6011447a 48124798 24002527  .J.!zD.`.G.H'%.$
11-02 16:39:39.893: I/DEBUG(3257): 400d26d0 f7f47005 2106ef48 efe4f7f5 460aa901  .p..H..!.......F
11-02 16:39:39.893: I/DEBUG(3257): 400d26e0 f04f2006 94015380 94029303 eba0f7f5  . O..S..........
11-02 16:39:39.893: I/DEBUG(3257): 400d26f0 4622a905 f7f52002 f7f4ebaa 2106ef34  .."F. ......4..!
11-02 16:39:39.893: I/DEBUG(3257): code around lr:
11-02 16:39:39.893: I/DEBUG(3257): 400d5f50 41f0e92d 46804c0c 447c2600 68a56824  -..A.L.F.&|D$h.h
11-02 16:39:39.893: I/DEBUG(3257): 400d5f60 e0076867 300cf9b5 dd022b00 47c04628  gh.....0.+..(F.G
11-02 16:39:39.893: I/DEBUG(3257): 400d5f70 35544306 37fff117 6824d5f4 d1ee2c00  .CT5...7..$h.,..
11-02 16:39:39.893: I/DEBUG(3257): 400d5f80 e8bd4630 bf0081f0 0002858a 41f0e92d  0F..........-..A
11-02 16:39:39.893: I/DEBUG(3257): 400d5f90 fb01b086 9004f602 461f4815 4615460c  .........H.F.F.F
11-02 16:39:39.893: I/DEBUG(3257): memory map around addr deadbaad:
11-02 16:39:39.893: I/DEBUG(3257): beb46000-beb67000 [stack]
11-02 16:39:39.893: I/DEBUG(3257): (no map for address)
11-02 16:39:39.893: I/DEBUG(3257): ffff0000-ffff1000 [vectors]
11-02 16:39:39.893: I/DEBUG(3257): stack:
11-02 16:39:39.893: I/DEBUG(3257):     beb664f8  00000001  
11-02 16:39:39.893: I/DEBUG(3257):     beb664fc  beb66538  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66500  400fe778  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66504  0000000c  
11-02 16:39:39.903: I/DEBUG(3257):     beb66508  400fe70c  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb6650c  40103808  
11-02 16:39:39.903: I/DEBUG(3257):     beb66510  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb66514  400d5f71  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66518  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb6651c  beb6654c  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66520  400f4db0  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66524  40103474  
11-02 16:39:39.903: I/DEBUG(3257):     beb66528  021821c0  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb6652c  400d50dd  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66530  df0027ad  
11-02 16:39:39.903: I/DEBUG(3257):     beb66534  00000000  
11-02 16:39:39.903: I/DEBUG(3257): #00 beb66538  beb66534  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb6653c  00000001  
11-02 16:39:39.903: I/DEBUG(3257):     beb66540  400f4d94  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66544  00000005  
11-02 16:39:39.903: I/DEBUG(3257):     beb66548  beb66564  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb6654c  fffffbdf  
11-02 16:39:39.903: I/DEBUG(3257):     beb66550  beb66564  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66554  beb66564  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb66558  400f82ec  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb6655c  400ce55f  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257): #01 beb66560  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb66564  20404040  
11-02 16:39:39.903: I/DEBUG(3257):     beb66568  524f4241  
11-02 16:39:39.903: I/DEBUG(3257):     beb6656c  474e4954  /data/dalvik-cache/system@framework@framework.jar@classes.dex
11-02 16:39:39.903: I/DEBUG(3257):     beb66570  4e49203a  
11-02 16:39:39.903: I/DEBUG(3257):     beb66574  494c4156  /system/lib/libbcc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66578  45482044  /dev/ashmem/dalvik-mark-stack (deleted)
11-02 16:39:39.903: I/DEBUG(3257):     beb6657c  41205041  /dev/ashmem/dalvik-heap (deleted)
11-02 16:39:39.903: I/DEBUG(3257):     beb66580  45524444  /dev/ashmem/dalvik-mark-stack (deleted)
11-02 16:39:39.903: I/DEBUG(3257):     beb66584  49205353  /system/lib/libbcc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb66588  6c64204e  
11-02 16:39:39.903: I/DEBUG(3257):     beb6658c  65657266  
11-02 16:39:39.903: I/DEBUG(3257):     beb66590  02079100  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb66594  40103498  
11-02 16:39:39.903: I/DEBUG(3257):     beb66598  00000000  
11-02 16:39:39.903: I/DEBUG(3257):     beb6659c  400cfa4d  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb665a0  021800a8  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb665a4  401034e0  
11-02 16:39:39.903: I/DEBUG(3257):     beb665a8  0202ed20  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb665ac  0202ed60  [heap]
11-02 16:39:39.903: I/DEBUG(3257):     beb665b0  beb666d0  [stack]
11-02 16:39:39.903: I/DEBUG(3257):     beb665b4  40103498  
11-02 16:39:39.903: I/DEBUG(3257):     beb665b8  47821416  /data/dalvik-cache/system@framework@framework.jar@classes.dex
11-02 16:39:39.903: I/DEBUG(3257):     beb665bc  400cfa4d  /system/lib/libc.so
11-02 16:39:39.903: I/DEBUG(3257):     beb665c0  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665c4  40135525  /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257):     beb665c8  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665cc  00000000  
11-02 16:39:39.913: I/DEBUG(3257):     beb665d0  02079f84  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665d4  40135525  /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257):     beb665d8  02079f84  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665dc  00000000  
11-02 16:39:39.913: I/DEBUG(3257):     beb665e0  beb66624  [stack]
11-02 16:39:39.913: I/DEBUG(3257):     beb665e4  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665e8  00000001  
11-02 16:39:39.913: I/DEBUG(3257):     beb665ec  401355ff  /system/lib/libutils.so
11-02 16:39:39.913: I/DEBUG(3257):     beb665f0  02079da8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665f4  0208ecb8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665f8  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb665fc  02079da8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66600  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66604  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66608  02079f98  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb6660c  409c17e5  /system/lib/libhwui.so
11-02 16:39:39.913: I/DEBUG(3257):     beb66610  beb666d0  [stack]
11-02 16:39:39.913: I/DEBUG(3257):     beb66614  0208ecb8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66618  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb6661c  0208ecb8  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66620  43f00000  /dev/ashmem/dalvik-heap (deleted)
11-02 16:39:39.913: I/DEBUG(3257):     beb66624  0202ed20  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb66628  020e1f58  [heap]
11-02 16:39:39.913: I/DEBUG(3257):     beb6662c  40103588  
11-02 16:39:39.923: I/DEBUG(3257):     beb66630  0218eff0  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66634  0218f0d8  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66638  40103588  
11-02 16:39:39.923: I/DEBUG(3257):     beb6663c  40103588  
11-02 16:39:39.923: I/DEBUG(3257):     beb66640  020e1f60  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66644  020e2048  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66648  beb666d0  [stack]
11-02 16:39:39.923: I/DEBUG(3257):     beb6664c  40103498  
11-02 16:39:39.923: I/DEBUG(3257):     beb66650  00000008  
11-02 16:39:39.923: I/DEBUG(3257):     beb66654  400cfa4d  /system/lib/libc.so
11-02 16:39:39.923: I/DEBUG(3257):     beb66658  020e1f60  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb6665c  020b9348  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66660  021821c0  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66664  16335a17  
11-02 16:39:39.923: I/DEBUG(3257):     beb66668  021821b8  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb6666c  021822a0  [heap]
11-02 16:39:39.923: I/DEBUG(3257):     beb66670  000000e8  
11-02 16:39:39.923: I/DEBUG(3257):     beb66674  400d089d  /system/lib/libc.so
11-02 16:39:42.593: I/DEBUG(3257): debuggerd committing suicide to free the zombie!
11-02 16:39:42.603: I/ActivityManager(149): Process com.polaroid.kidsmusic (pid 3556) has died.
11-02 16:39:42.603: W/ActivityManager(149): Force removing ActivityRecord{40f93768 com.polaroid.kidsmusic/.MainActivity}: app died, no saved state
11-02 16:39:42.613: W/AudioFlinger(86): session id 829 not found for pid 86
11-02 16:39:42.613: I/DEBUG(3882): debuggerd: Sep 29 2012 11:09:03
11-02 16:39:42.623: I/WindowManager(149): WIN DEATH: Window{4118d898 com.polaroid.kidsmusic/com.polaroid.kidsmusic.MainActivity paused=false}
11-02 16:39:42.623: W/WindowManager(149): Force-removing child win Window{41574080 SurfaceView paused=false} from container Window{4118d898 com.polaroid.kidsmusic/com.polaroid.kidsmusic.MainActivity paused=false}
11-02 16:39:42.643: W/WindowManager(149): Failed looking up window
11-02 16:39:42.643: W/WindowManager(149): java.lang.IllegalArgumentException: Requested window android.os.BinderProxy@41159418 does not exist
11-02 16:39:42.643: W/WindowManager(149):   at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:7168)
11-02 16:39:42.643: W/WindowManager(149):   at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:7159)
11-02 16:39:42.643: W/WindowManager(149):   at com.android.server.wm.WindowState$DeathRecipient.binderDied(WindowState.java:1545)
11-02 16:39:42.643: W/WindowManager(149):   at android.os.BinderProxy.sendDeathNotice(Binder.java:417)
11-02 16:39:42.643: W/WindowManager(149):   at dalvik.system.NativeStart.run(Native Method)
11-02 16:39:42.643: I/WindowManager(149): MediaPlayer.is not PlayingVideo
11-02 16:39:42.643: I/WindowManager(149): WIN DEATH: null
11-02 16:39:42.713: V/TabletStatusBar(209): setLightsOn(true)
11-02 16:39:42.723: W/InputManagerService(149): Got RemoteException sending setActive(false) notification to pid 3556 uid 10032

4 回答 4








于 2012-11-02T13:39:46.913 回答


我一直在初始化一个 Visualizer 类,它onPrepareListener()是媒体播放器内部的对象。

因此,每当媒体播放器调用prepare()函数时,Visualizer 对象就会一次又一次地创建,从而影响内存并导致应用程序死机。

从 onPrepareListener() 中删除 Visualizer 初始化代码并仅在解决问题后初始化对象。现在应用程序不再崩溃。

于 2012-11-08T11:00:46.043 回答


由于您不是直接弄乱指针,而是使用其他库,因此您可能没有按照他们希望的方式初始化库。或者库实现者有可能忽略了初始化他们的指针并且根本没有意识到它,因为错误可能会或可能不会总是暴露出来 - 正如您所发现的那样。


该错误来自尝试访问/删除不存在或您无权访问的内存地址。使它看起来随机的事情通常是内存已经预初始化为 0,这也是大多数系统上 NULL 的值。运行你的系统/应用程序足够长的内存变得更脏。

此外,我发现在声明未初始化变量时遇到 0 的机会因系统而异,因此某些系统可能比其他系统更容易崩溃。





class BadFoo
    BadFoo() {} // BAD! We didn't initialize the pointer
    ~BadFoo() {
        if (myPtr) {
            delete myPtr; // CRASH HERE IF INVALID ADDRESS

    int* myPtr;

class GoodFoo
    GoodFoo() : myPtr(NULL) {} // GOOD! Can't be garbage value now
    ~GoodFoo() {
        if (myPtr) {
            delete myPtr;

    int* myPtr;
于 2013-06-13T17:44:40.953 回答

就我而言,问题是TypefaceTextView. 在进程死亡时,一个好的字体变成了坏的。而且,当用户回到我的应用程序时,我没有再次初始化这个字体,我使用的是同样糟糕的字体。因此,这引发了致命错误。

2020-03-06 10:35:58.122 com.xxxxxx.xxxxxx A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2000 in tid 24474 (com.xxxxxx.xxxxxx), pid 24474 (com.xxxxxx.xxxxxx)
2020-03-06 10:35:58.141 ? E/DEBUG: failed to readlink /proc/24474/fd/47: No such file or directory
2020-03-06 10:35:58.141 ? E/DEBUG: failed to readlink /proc/24474/fd/48: No such file or directory
2020-03-06 10:35:58.176 ? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2020-03-06 10:35:58.176 ? A/DEBUG: Build fingerprint: 'google/sdk_gphone_x86/generic_x86:10/QSR1.190920.001/5891938:user/release-keys'
2020-03-06 10:35:58.176 ? A/DEBUG: Revision: '0'
2020-03-06 10:35:58.176 ? A/DEBUG: ABI: 'x86'
2020-03-06 10:35:58.176 ? A/DEBUG: Timestamp: 2020-03-06 10:35:58+0530
2020-03-06 10:35:58.176 ? A/DEBUG: pid: 24474, tid: 24474, name: com.xxxxxx.xxxxxx  >>> com.xxxxxx.xxxxxx <<<
2020-03-06 10:35:58.176 ? A/DEBUG: uid: 10140
2020-03-06 10:35:58.176 ? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2000

完整的 stach 跟踪

于 2020-03-06T05:45:40.637 回答