Xamarin Forms app on Android crashes after update to CB Lite 2.6 ( fatal signal 11 SIGSEGV )

RainerG · October 14, 2019, 10:21pm

My mobile app starts 2 replications when the app starts up (a pull and a push replication). Since updating to 2.6.0 the app crashes with SIGSEGV SEGV_MAPERR. It happens about 1 out of every 2 app launches. Here’s the last part of the log (I can share the whole file in a non-public forum)

  10-14 08:23:02.560: I/GnssLocationProvider(1902): WakeLock acquired by sendMessage(REPORT_SV_STATUS, 0, com.android.server.location.GnssLocationProvider$SvStatusInfo@e5d7890)
  10-14 08:23:02.560: I/GnssLocationProvider(1902): WakeLock released by handleMessage(REPORT_SV_STATUS, 0, com.android.server.location.GnssLocationProvider$SvStatusInfo@e5d7890)
  10-14 08:23:02.560: I/GnssLocationProvider(1902): [ 10-14 08:23:02.596 13024:13100 I/         ]
  10-14 08:23:02.560: I/GnssLocationProvider(1902): [Information] waiting for replication at app startup to complete, countdown: 120, pullIsRunning: True, pushIsRunning: True
  10-14 08:23:02.560: I/GnssLocationProvider(1902): [ 10-14 08:23:02.630 13024:13203 I/         ]
  10-14 08:23:02.560: I/GnssLocationProvider(1902): [Information] Replication Push Busy 41130/41130 
  10-14 08:23:02.560: I/GnssLocationProvider(1902): [ 10-14 08:23:02.736 13024:13209 I/         ]
  10-14 08:23:02.560: I/GnssLocationProvider(1902): [Information] Replication Pull Busy 0/0 
  10-14 08:23:02.909: D/Mono(13024): DllImport searching in: 'LiteCore' ('libLiteCore.so').
  10-14 08:23:02.909: D/Mono(13024): Searching for 'c4repl_free'.
  10-14 08:23:02.909: D/Mono(13024): Probing 'c4repl_free'.
  10-14 08:23:02.909: D/Mono(13024): Found as 'c4repl_free'.
  10-14 08:23:02.909: D/Mono(13024): [ 10-14 08:23:02.915 13024:13214 I/         ]
  10-14 08:23:02.909: D/Mono(13024): [Information] Replication Push Stopped 41130/41130 
  10-14 08:23:02.909: D/Mono(13024): [ 10-14 08:23:02.934 13024:13216 V/         ]
  10-14 08:23:02.909: D/Mono(13024): [Verbose] MDB_Changed on thread 68 enter. DocIds: 9douf10hEMhHBVXCSqmYOA
  10-14 08:23:02.909: D/Mono(13024): [ 10-14 08:23:02.941 13024:13216 V/         ]
  10-14 08:23:02.909: D/Mono(13024): [Verbose] MDB_Changed on thread 68 leave
  10-14 08:23:02.909: D/Mono(13024): [ 10-14 08:23:02.940 13024:13088 D/         ]
  10-14 08:23:02.909: D/Mono(13024): [Debug] ReadEntityFromDBIntoCache loading DocId: 9douf10hEMhHBVXCSqmYOA Type: SyncDateTime
  10-14 08:23:02.965: E/mono-rt(13024): /proc/self/maps:
  10-14 08:23:02.966: E/mono-rt(13024): 12c00000-42c00000 rw-p 00000000 00:05 11313                              /dev/ashmem/dalvik-main space (region space) (deleted)
  10-14 08:23:02.966: E/mono-rt(13024): 5b731000-5b736000 r-xp 00000000 fc:00 530                                /system/bin/app_process32
  10-14 08:23:02.966: E/mono-rt(13024): 5b736000-5b737000 r--p 00004000 fc:00 530                                /system/bin/app_process32
  10-14 08:23:02.966: E/mono-rt(13024): 5b737000-5b738000 rw-p 00000000 00:00 0 
  10-14 08:23:02.966: E/mono-rt(13024): 7098e000-70bb3000 rw-p 00000000 fc:01 229381                             /data/dalvik-cache/x86/system@framework@boot.art
  10-14 08:23:02.966: E/mono-rt(13024): 70bb3000-70bc9000 r--p 00225000 fc:01 229381                             /data/dalvik-cache/x86/system@framework@boot.art
  10-14 08:23:02.966: E/mono-rt(13024): 70bc9000-70cc0000 rw-p 00000000 fc:01 229384                             /data/dalvik-cache/x86/system@framework@boot-core-libart.art
  10-14 08:23:02.966: E/mono-rt(13024): 70cc0000-70cd2000 r--p 000f7000 fc:01 229384                             /data/dalvik-cache/x86/system@framework@boot-core-libart.art
  10-14 08:23:02.966: E/mono-rt(13024): 70cd2000-70d03000 rw-p 00000000 fc:01 229387                             /data/dalvik-cache/x86/system@framework@boot-conscrypt.art
  10-14 08:23:02.966: E/mono-rt(13024): 70d03000-70d06000 r--p 00031000 fc:01 229387                             /data/dalvik-cache/x86/system@framework@boot-conscrypt.art
  10-14 08:23:02.966: E/mono-rt(13024): 70d06000-70d33000 rw-p 00000000 fc:01 229390                             /data/dalvik-cache/x86/system@framework@boot-okhttp.art
  10-14 08:23:02.966: E/mono-rt(13024): 70d33000-70d36000 r--p 0002d000 fc:01 229390                             /data/dalvik-cache/x86/system@framework@boot-okhttp.art
  10-14 08:23:02.966: E/mono-rt(13024): 70d36000-70d8c000 rw-p 00000000 fc:01 229393                             /data/dalvik-cache/x86/system@framework@boot-bouncycastle.art
  10-14 08:23:02.966: E/mono-rt(13024): 70d8c000-70d93000 r--p 00056000 fc:01 229393                             /data/dalvik-cache/x86/system@framework@boot-bouncycastle.art
  10-14 08:23:02.966: E/mono-rt(13024): 70d93000-70de8000 rw-p 00000000 fc:01 229396                             /data/dalvik-cache/x86/system@framework@boot-apache-xml.art
  10-14 08:23:02.966: E/mono-rt(13024): 70de8000-70def000 r--p 00055000 fc:01 229396                             /data/dalvik-cache/x86/system@framework@boot-apache-xml.art
  10-14 08:23:02.966: E/mono-rt(13024): 70def000-70e2a000 rw-p 00000000 fc:01 229399                             /data/dalvik-cache/x86/system@framework@boot-ext.art
  10-14 08:23:02.966: E/mono-rt(13024): 70e2a000-70e35000 r--p 0003b000 fc:01 229399                             /data/dalvik-cache/x86/system@framework@boot-ext.art
  10-14 08:23:02.966: E/mono-rt(13024): 70e35000-71636000 rw-p 00000000 fc:01 229402                             /data/dalvik-cache/x86/system@framework@boot-framework.art
  10-14 08:23:02.966: E/mono-rt(13024): 71636000-71696000 r--p 00801000 fc:01 229402                             /data/dalvik-cache/x86/system@framework@boot-framework.art
  10-14 08:23:02.966: E/mono-rt(13024): 71696000-71778000 rw-p 00000000 fc:01 229405                             /data/dalvik-cache/x86/system@framework@boot-telephony-common.art
  10-14 08:23:02.966: E/mono-rt(13024): 71778000-7178a000 r--p 000e2000 fc:01 229405                             /data/dalvik-cache/x86/system@framework@boot-telephony-common.art
  10-14 08:23:02.966: E/mono-rt(13024): 7178a000-71795000 rw-p 00000000 fc:01 229408                             /data/dalvik-cache/x86/system@framework@boot-voip-common.art
  10-14 08:23:02.967: E/mono-rt(13024): 71795000-71797000 r--p 0000b000 fc:01 229408                             /data/dalvik-cache/x86/system@framework@boot-voip-common.art
  10-14 08:23:02.967: E/mono-rt(13024): 71797000-717ac000 rw-p 00000000 fc:01 229411                             /data/dalvik-cache/x86/system@framework@boot-ims-common.art
  10-14 08:23:02.967: A/libc(13024): Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xe8 in tid 13162 (Thread-23), pid 13024 (msei.hostapp.pr)
  10-14 08:23:03.012: I/crash_dump32(13221): obtaining output fd from tombstoned, type: kDebuggerdTombstone
  10-14 08:23:03.013: I//system/bin/tombstoned(1718): received crash request for pid 13162
  10-14 08:23:03.013: I/crash_dump32(13221): performing dump of process 13024 (target tid = 13162)
  10-14 08:23:03.020: A/DEBUG(13221): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
  10-14 08:23:03.020: A/DEBUG(13221): Build fingerprint: 'google/sdk_gphone_x86/generic_x86:9/PSR1.180720.075/5124027:user/release-keys'
  10-14 08:23:03.020: A/DEBUG(13221): Revision: '0'
  10-14 08:23:03.020: A/DEBUG(13221): ABI: 'x86'
  10-14 08:23:03.020: A/DEBUG(13221): pid: 13024, tid: 13162, name: Thread-23  >>> com.msei.hostapp.pr <<<
  10-14 08:23:03.020: A/DEBUG(13221): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xe8
  10-14 08:23:03.020: A/DEBUG(13221): Cause: null pointer dereference
  10-14 08:23:03.020: A/DEBUG(13221):     eax 00000000  ebx c0a1ed10  ecx 00000000  edx 00000001
  10-14 08:23:03.020: A/DEBUG(13221):     edi b7855480  esi b56d2a80
  10-14 08:23:03.020: A/DEBUG(13221):     ebp b507b658  esp b507b5f0  eip c07ed944
  10-14 08:23:03.024: A/DEBUG(13221): backtrace:
  10-14 08:23:03.024: A/DEBUG(13221):     #00 pc 0021f944  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so
  10-14 08:23:03.024: A/DEBUG(13221):     #01 pc 00228914  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (std::__ndk1::function<void (litecore::blip::MessageProgress const&)>::operator()(litecore::blip::MessageProgress const&) const+42)
  10-14 08:23:03.024: A/DEBUG(13221):     #02 pc 0022832d  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so
  10-14 08:23:03.024: A/DEBUG(13221):     #03 pc 00229120  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (std::__ndk1::function<void (litecore::blip::MessageProgress)>::operator()(litecore::blip::MessageProgress) const+42)
  10-14 08:23:03.024: A/DEBUG(13221):     #04 pc 002290ca  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (_ZNSt6__ndk128__invoke_void_return_wrapperIvE6__callIJRNS_6__bindIRNS_8functionIFvN8litecore4blip15MessageProgressEEEEJRS7_EEEEEEvDpOT_+82)
  10-14 08:23:03.024: A/DEBUG(13221):     #05 pc 00228f8e  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (_ZNSt6__ndk110__function6__funcINS_6__bindIRNS_8functionIFvN8litecore4blip15MessageProgressEEEEJRS6_EEENS_9allocatorISB_EEFvvEEclEv+30)
  10-14 08:23:03.024: A/DEBUG(13221):     #06 pc 0027e1e6  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (std::__ndk1::function<void ()>::operator()() const+34)
  10-14 08:23:03.024: A/DEBUG(13221):     #07 pc 00282439  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (litecore::actor::ThreadedMailbox::safelyCall(std::__ndk1::function<void ()> const&) const+33)
  10-14 08:23:03.024: A/DEBUG(13221):     #08 pc 002826aa  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so
  10-14 08:23:03.024: A/DEBUG(13221):     #09 pc 0027e1e6  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (std::__ndk1::function<void ()>::operator()() const+34)
  10-14 08:23:03.024: A/DEBUG(13221):     #10 pc 00281fcf  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (litecore::actor::ThreadedMailbox::performNextMessage()+75)
  10-14 08:23:03.024: A/DEBUG(13221):     #11 pc 00281f06  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so (litecore::actor::Scheduler::task(unsigned int)+120)
  10-14 08:23:03.024: A/DEBUG(13221):     #12 pc 0028250c  /data/app/com.msei.hostapp.pr-aH9ajMOd4kBmuC-CoxLh3A==/lib/x86/libLiteCore.so
  10-14 08:23:03.024: A/DEBUG(13221):     #13 pc 0008f065  /system/lib/libc.so (__pthread_start(void*)+53)
  10-14 08:23:03.024: A/DEBUG(13221):     #14 pc 0002485b  /system/lib/libc.so (__start_thread+75)
  10-14 08:23:03.560: I/GnssLocationProvider(1902): WakeLock acquired by sendMessage(REPORT_SV_STATUS, 0, com.android.server.location.GnssLocationProvider$SvStatusInfo@7e86589)
  10-14 08:23:03.561: I/GnssLocationProvider(1902): WakeLock released by handleMessage(REPORT_SV_STATUS, 0, com.android.server.location.GnssLocationProvider$SvStatusInfo@7e86589)
  10-14 08:23:03.907: E//system/bin/tombstoned(1718): Tombstone written to: /data/tombstones/tombstone_08
  10-14 08:23:03.910: W/ActivityManager(1902):   Force finishing activity com.msei.hostapp.pr/md512cbdbf26fd29858db1dcf98290c7520.MainActivity
  10-14 08:23:03.926: W/BroadcastQueue(1902): Background execution not allowed: receiving Intent { act=android.intent.action.DROPBOX_ENTRY_ADDED flg=0x10 (has extras) } to com.google.android.gms/.stats.service.DropBoxEntryAddedReceiver
  10-14 08:23:03.927: W/BroadcastQueue(1902): Background execution not allowed: receiving Intent { act=android.intent.action.DROPBOX_ENTRY_ADDED flg=0x10 (has extras) } to com.google.android.gms/.chimera.GmsIntentOperationService$PersistentTrustedReceiver
  10-14 08:23:03.927: E/lowmemorykiller(1602): Error writing /proc/13024/oom_score_adj; errno=22
  10-14 08:23:03.969: W/InputDispatcher(1902): channel '8174e2b com.msei.hostapp.pr/md512cbdbf26fd29858db1dcf98290c7520.MainActivity (server)' ~ Consumer closed input channel or an error occurred.  events=0x9
  10-14 08:23:03.969: E/InputDispatcher(1902): channel '8174e2b com.msei.hostapp.pr/md512cbdbf26fd29858db1dcf98290c7520.MainActivity (server)' ~ Channel is unrecoverably broken and will be disposed!
  10-14 08:23:03.969: I/Zygote(1857): Process 13024 exited due to signal (11)
  10-14 08:23:03.971: D/ConnectivityService(1902): ConnectivityService NetworkRequestInfo binderDied(NetworkRequest [ LISTEN id=68, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN&VALIDATED&FOREGROUND Unwanted:  Uid: 10097] ], android.os.BinderProxy@34825c0)
  10-14 08:23:03.972: I/ActivityManager(1902): Process com.msei.hostapp.pr (pid 13024) has died: vis  +99TOP 
  10-14 08:23:03.972: W/libprocessgroup(1902): kill(-13024, 9) failed: No such process
  10-14 08:23:03.972: I/libprocessgroup(1902): Successfully killed process cgroup uid 10097 pid 13024 in 0ms
  10-14 08:23:03.975: I/WindowManager(1902): WIN DEATH: Window{8174e2b u0 com.msei.hostapp.pr/md512cbdbf26fd29858db1dcf98290c7520.MainActivity}
  10-14 08:23:03.975: W/InputDispatcher(1902): Attempted to unregister already unregistered input channel '8174e2b com.msei.hostapp.pr/md512cbdbf26fd29858db1dcf98290c7520.MainActivity (server)'
  10-14 08:23:03.982: W/SurfaceFlinger(1856): Attempting to set client state on removed layer: com.msei.hostapp.pr/md512cbdbf26fd29858db1dcf98290c7520.MainActivity#0
  10-14 08:23:03.982: W/SurfaceFlinger(1856): Attempting to destroy on removed layer: com.msei.hostapp.pr/md512cbdbf26fd29858db1dcf98290c7520.MainActivity#0
  10-14 08:23:03.990: D/gralloc_ranchu(1835): gralloc_unregister_buffer: exiting HostConnection (is buffer-handling thread)
  10-14 08:23:03.990: D/gralloc_ranchu(1835): [ 10-14 08:23:03.991  1835:10551 D/         ]
  10-14 08:23:03.990: D/gralloc_ranchu(1835): HostConnection::get() New Host Connection established 0xeeec0200, tid 10551

borrrden · October 14, 2019, 11:13pm

This looks suspiciously similar to this issue. Is the replication you are running with pull-only?

RainerG · October 14, 2019, 11:15pm

yes. I have a pull-only and a push-only replication running at the same time.

borrrden · October 14, 2019, 11:22pm

You might see messages in the logs about checkpoint mismatches. If so, then I’m convinced it is the same issue. There is no public release for .NET containing a fix yet so the options are as follows:

Change the replication to a push/pull if possible (perhaps with a filter that rejects everything for push)
This is not ideal, but if you call resetCheckpoint on the puller then it should avoid this issue.
Build LiteCore yourself and make your own nuget package (the change needed for this is probably the simplest fix in the history of our fixes -> https://github.com/couchbase/couchbase-lite-core/commit/87233280ab8dae5445f60e2bd51c145eca14e5ad )
Wait for a public release with the fix if you are ok with CE
File a support ticket with paid Couchbase Support if you need EE, and mention the CBL ticket I referenced in the last post to help speed things up.

RainerG · October 15, 2019, 3:56pm

Yes, I do see 409 Document update Conflict in the logs:
[INF] SyncMsg: c:[5bee45a8] #9: Type:setCheckpoint --> 409 Document update conflict

I have reverted back to 2.5.3 and will wait for 2.6.2.
Thank you for the quick responses.