[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8784) SIGBUS in mdb_page_touch

balaret@gmail.com wrote:
> Full_Name: Sergey Z
> Version: LMDB_0.9.19
> OS: Android
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2620:119:5001:2242:9215:2763:ff1b:ae35)
> Hey guys,
> We are using LMDB 0.9.19 in our Android project and sometimes we are getting
> SIGBUS in mdb_page_touch(). We can't reproduce this issue on our side but we
> have plenty of crash reports from our users (about 400 daily):
> 	libLMDBAndroid.so.mdb_page_touch ( mdb .c :2412)
> 	libLMDBAndroid.so.mdb_page_search ( mdb .c :5610)
> 	libLMDBAndroid.so.mdb_freelist_save ( mdb .c :3128)
> 	libLMDBAndroid.so.mdb_txn_commit ( mdb .c :3606)
> This is probably a platform specific issue because 95% of crashes happened on
> Android 7.0.
> I would greatly appreciate if you help to shed a light on this - any ideas what
> might goes wrong or what might cause such an issue.

I've encountered this as well. I believe there's a bug in the Android FUSE 
filesystem driver. Every time I've analyzed one of these crashes in the 
debugger, the relevant addresses are perfectly valid, which leads me to 
believe there's a race condition in their page fault handler. I.e., eventually 
the handler returns a valid memory page but the application has been killed 
before the handler completes. Then, by the time the debugger gets control, all 
of memory looks valid.

If you root the device and mount the storage partition directly, bypassing the 
Android FUSE filesystem, you'll find that these crashes all disappear - even 
if using the same storage device as before. Which again points to a bug in 
their FUSE filesystem driver. But I haven't been able to pinpoint the bug in 
their FUSE driver source code yet. I suggest you focus your debugging efforts 
> Thank you,
> Sergey

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/