Crash with Null pointer deference

BreakFirstTeam · December 29, 2022, 3:02pm

Hello,

I am encountering a frequent crash when testing my app on a Galaxy S10 (Android 11). It did not seem to happen on other devices, or it is at least much less frequent. Scripting backend is mono and Unity version is 2020.3.33f1.

The build is not a devlopment build. However, when configuring Logcat Stacktrace Utility symbol files with release symbols, I get some results that don’t seem quite helpful :

12-29 13:52:08.484 10295 10976  5527 E mono-rt : No native Android stacktrace (see debuggerd output).
12-29 13:52:08.484 10295 10976  5527 E mono-rt :
12-29 13:52:08.484 10295 10976  5527 E mono-rt : =================================================================
12-29 13:52:08.484 10295 10976  5527 E mono-rt : Got a SIGSEGV while executing native code. This usually indicates
12-29 13:52:08.484 10295 10976  5527 E mono-rt : a fatal error in the mono runtime or one of the native libraries
12-29 13:52:08.484 10295 10976  5527 E mono-rt : used by your application.
12-29 13:52:08.484 10295 10976  5527 E mono-rt : =================================================================
12-29 13:52:08.484 10295 10976  5527 E mono-rt :
12-29 13:52:08.491 10295 10976  5527 E CRASH   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-29 13:52:08.491 10295 10976  5527 E CRASH   : Version '2020.3.33f1 (915a7af8b0d5)', Build type 'Release', Scripting Backend 'mono', CPU 'armeabi-v7a'
12-29 13:52:08.491 10295 10976  5527 E CRASH   : Build fingerprint: 'samsung/beyond1ltexx/beyond1:11/RP1A.200720.012/G973FXXSDFUI5:user/release-keys'
12-29 13:52:08.491 10295 10976  5527 E CRASH   : Revision: '26'
12-29 13:52:08.491 10295 10976  5527 E CRASH   : ABI: 'arm'
12-29 13:52:08.491 10295 10976  5527 E CRASH   : Timestamp: 2022-12-29 13:52:08+0100
12-29 13:52:08.491 10295 10976  5527 E CRASH   : pid: 10976, tid: 5527, name: UnityMain  >>> com.DefaultCompany.com.unity.template.mobile2D <<<
12-29 13:52:08.491 10295 10976  5527 E CRASH   : uid: 10295
12-29 13:52:08.491 10295 10976  5527 E CRASH   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd
12-29 13:52:08.491 10295 10976  5527 E CRASH   : Cause: null pointer dereference
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     r0  ecec3f30  r1  b6dc22a8  r2  00000000  r3  00000012
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     r4  b6dc15bc  r5  b6dc22a8  r6  b6dc15c4  r7  00001d14
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     r8  00001d10  r9  00001278  r10 b6dba428  r11 00000000
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     ip  00000001  sp  b9a3c848  lr  00000002  pc  baa6d868
12-29 13:52:08.491 10295 10976  5527 E CRASH   : backtrace:
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #00 pc 00961868 (remove_free_block at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #01 pc 00961b55 (block_merge_next at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #02 pc 00961b29 (tlsf_free at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #03 pc 002a9f47 (DynamicHeapAllocator::smile:eallocate(void*) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #04 pc 002a8bbd (DualThreadAllocator<DynamicHeapAllocator>::TryDeallocate(void*) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #05 pc 002a6189 (MemoryManager::smile:eallocate(void*, MemLabelId, char const*, int) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #06 pc 002a5f3b (free_alloc_internal(void*, MemLabelId, char const*, int) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #07 pc 00de105d (FMOD::MemPool::free(void*, char const*, int) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)

I am not familiar with Symbol Paths so I’m unsure this would be meaningful, but here are the results with development symbols

12-29 13:52:08.491 10295 10976  5527 E CRASH   : Cause: null pointer dereference
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     r0  ecec3f30  r1  b6dc22a8  r2  00000000  r3  00000012
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     r4  b6dc15bc  r5  b6dc22a8  r6  b6dc15c4  r7  00001d14
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     r8  00001d10  r9  00001278  r10 b6dba428  r11 00000000
12-29 13:52:08.491 10295 10976  5527 E CRASH   :     ip  00000001  sp  b9a3c848  lr  00000002  pc  baa6d868
12-29 13:52:08.491 10295 10976  5527 E CRASH   : backtrace:
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #00 pc 00961868 (vk::MakeRenderPassDescription(RenderPassSetup const&, bool, bool) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #01 pc 00961b55 (vk::RenderPasses::GetRenderPass(vk::RenderPassDescription const&) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #02 pc 00961b29 (vk::RenderPasses::GetRenderPass(vk::RenderPassDescription const&) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #03 pc 002a9f47 (void ConfigSettingsRead::TransferSTLStyleArray<dynamic_array<math::int2_storage, 0u> >(dynamic_array<math::int2_storage, 0u>&, TransferMetaFlags) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #04 pc 002a8bbd (void Transfer_ManagedObject<ConfigSettingsRead, true>(SerializationCommandArguments const&, RuntimeSerializationCommandInfo&) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #05 pc 002a6189 (UnityEngine::Analytics::SuiteAnalyticsConfigkUnitTestCategory::TestCanSetUpNameSpecificLimitEventHelper::RunImpl() at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #06 pc 002a5f3b (UnityEngine::Analytics::SuiteAnalyticsConfigkUnitTestCategory::TestCanSetUpNameSpecificLimitEventHelper::RunImpl() at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.491 10295 10976  5527 E CRASH   :       #07 pc 00de105d (TextCore::FontEngine::smile:isplayFontFeatures(TextCore::OTF_Features&) at ??:?)  /data/app/~~bEaLSDIvWN8GOpsZ6h0wCw==/com.DefaultCompany.com.unity.template.mobile2D-p9xi_Q8lNcohmyCdUfSeyg==/lib/arm/libunity.so (BuildId: 043b5184120cca3ef828ba14f42e05dd69d9930b)
12-29 13:52:08.732  1000  1079  1206 D InputReader: Btn_touch(7): value=1 when=101743.018631
12-29 13:52:08.733  1000  1079  1206 I InputReader: Touch event's action is 0x0 (id=5, t=0) [pCnt=1, s=0.20966 ] when=101743.018631
12-29 13:52:08.733  1000  1079  1205 I InputDispatcher: Delivering touch to (10976): action: 0x0, f=0x0, d=0, 'b9ed6cc', t=1 
12-29 13:52:08.734 10295 10976 10976 I ViewRootImpl@35eeaf7[UnityPlayerActivity]: ViewPostIme pointer 0

Any help will be appreciated to understand where this crash is coming from !

BreakFirstTeam · January 3, 2023, 9:19am

Assuming I am using the right symbols, the backtrace seems to indicate a memory corruption problem.
However I have no idea how to investigate it further at this time.

Looking forward to your reply !

Unity_ChenXi · November 15, 2023, 7:13am

how reproduce?

Topic		Replies	Views
SIGSEGV Null Pointer Dereference Crash on Android Devices Unity Engine Bug	4	1170	June 17, 2024
Unity 2020 and Galaxy S4 device Unity Engine	2	1499	August 5, 2020
Android crash Unity Services Voice-and-Text-Chat , Bug	13	3987	February 1, 2023
Understanding native crashes and symbols with StackTrace Utility Unity Engine Android , Platforms , Question	4	4613	September 22, 2020
Android app crashes at start up in 2019.3 ad 2020 Unity Engine Android , Platforms	19	8850	October 31, 2020

Crash with Null pointer deference

Related topics