SIGSEGV on Nexus 7 - Related to SkinnedMeshes?

Hey everyone,

After our latest release, we’ve been receiving some complaints from Nexus 7 users and Galaxy S users about occasional crashes. We got one of these devices for the office and were able to reproduce a crash, but it doesn’t seem to happen consistently. I thought it might be memory-related, but that doesn’t seem likely since the crash info (below) doesn’t suggest it, and the game runs fine on other devices with less available memory.

Here is the backtrace I’m receiving from Unity:

I/DEBUG ( 122): Build fingerprint: ‘google/nakasi/grouper:4.1.1/JRO03D/402395:user/release-keys’
I/DEBUG ( 122): pid: 21422, tid: 21440, name: UnityMain >>> com.xxxxx.xxxxx <<<
I/DEBUG ( 122): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 6c449000
(…)
backtrace:
#00 pc 00430354 lib/libunity.so <_MultiplyMatrixArrayWithBase4x4_NEON_loop>
#01 pc 0015d5e0 lib/libunity.so (SkinnedMeshRenderer::CalculateSkinningMatrices(Matrix4x4f const, Matrix4x4f*, unsigned int)+188)
#02 pc 0015d824 lib/libunity.so (SkinnedMeshRenderer::PrepareSkinCommon(SkinMeshInfo, unsigned long, int)+364)
#03 pc 0015e0f0 lib/libunity.so (SkinnedMeshRenderer::SkinMeshImmediate(unsigned long)+88)
#04 pc 0015e248 lib/libunity.so (SkinnedMeshRenderer::Render(int, ShaderLab::ChannelAssigns const)+252)
#05 pc 001cd914 lib/libunity.so (BatchRenderer::Add(BaseRenderer*, int, ShaderLab::ChannelAssigns const*, Matrix4x4f const, int)+112)
#06 pc 000d71f4 lib/libunity.so (ForwardVertexRenderLoop::PerformRendering(bool)+812)
#07 pc 000d7da8 lib/libunity.so (DoForwardVertexRenderLoop(ForwardVertexRenderLoop, RenderLoopContext, dynamic_array, bool, bool)+1516)
#08 pc 000d8e3c lib/libunity.so (DoRenderLoop(RenderLoop, RenderingPath, std::vector<VisibleNode, std::allocator >, bool)+1356)
#09 pc 000e12e4 lib/libunity.so (Camera:oRender(void ()(Camera, RenderLoop, std::vector<VisibleNode, std::allocator >, Shader, std::string const), bool, Shader*, std::string const)+600)
#10 pc 000e23a0 lib/libunity.so (Camera::Render(int, Shader*, std::string const)+216)
#11 pc 00101468 lib/libunity.so (RenderManager::RenderCameras()+544)
#12 pc 002403fc lib/libunity.so (PlayerLoop(bool, bool, IHookEvent*)+1820)
#13 pc 0037aaf8 lib/libunity.so (UnityPlayerLoop()+96)
#14 pc 0001de30 /system/lib/libdvm.so (dvmPlatformInvoke+112)
#15 pc 0004d083 /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+394)
#16 pc 00000214 /dev/ashmem/dalvik-jit-code-cache (deleted)

It seems pretty clear from the output that there is a segmentation fault occurring during a Matrix Multiply in the SkinnedMeshRenderer code. But beyond that, I’m rather stuck . Is this likely a but that is occurring inside of the Unity engine, or is there something that I could do in my code to stop this from happening (short of not using Skinned Meshes, of course)? Has anyone else encountered anything like this?

The problem doesn’t occur on most devices, and only seems to be happening on Nexus and Galaxy S.

This is the exact same crash that we are seeing. It is happening consistently on the Nexus 7. Did you find a solution?

Join to this thread with the same problem.
Our client report same problem on Nexus 7, the other devices looks like have not this problem

F/libc ( 2333): Fatal signal 11 (SIGSEGV) at 0x6bc92000 (code=1), thread 2506 (UnityMain)
I/DEBUG ( 122): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 122): Build fingerprint: ‘google/nakasi/grouper:4.1.1/JRO03D/402395:user/release-keys’
I/DEBUG ( 122): pid: 2333, tid: 2506, name: UnityMain >>> [code erased] <<<
I/DEBUG ( 122): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 6bc92000
I/DEBUG ( 122): r0 699bf718 r1 699bf640 r2 6bc91ffc r3 71bfad80
I/DEBUG ( 122): r4 699bf640 r5 699bf728 r6 00000c58 r7 00000000
I/DEBUG ( 122): r8 00000001 r9 6b86353c sl 00000072 fp 699bf6a4
I/DEBUG ( 122): ip 699bf138 sp 699bf0f0 lr 692277b4 pc 69464f84 cpsr 60000050
I/DEBUG ( 122): d0 6ae785a000000011 d1 000005206f1f6418
I/DEBUG ( 122): d2 6bc890000000001b d3 6bc6afe000009000
I/DEBUG ( 122): d4 0000000000000001 d5 0000000700000007
I/DEBUG ( 122): d6 bc1a7c003f03e6dc d7 3f80000035e00000
I/DEBUG ( 122): d8 bd0cc0b6bf7fd7de d9 00000000bbd97f38
I/DEBUG ( 122): d10 3ba1cc5bbbdf2fa6 d11 000000003f7ffdb0
I/DEBUG ( 122): d12 3f7fd887bd0c9d17 d13 00000000bba96051
I/DEBUG ( 122): d14 3e02ff043fce456f d15 3f80000040a1ae76
I/DEBUG ( 122): d16 3f7f943f3d6acc68 d17 0000000035b80000
I/DEBUG ( 122): d18 c0a19288be25a441 d19 3f8000003fcc2982
I/DEBUG ( 122): d20 37008000b8df4000 d21 00000000bf800002
I/DEBUG ( 122): d22 3d6acc30bf7f9440 d23 0000000038df6000
I/DEBUG ( 122): d24 bc0cf80c3d0b660e d25 000000003f7fd7a5
I/DEBUG ( 122): d26 3f7fa47c3d569a04 d27 000000003bdf3f92
I/DEBUG ( 122): d28 3d558494bf7f8006 d29 000000003d0d0cb6
I/DEBUG ( 122): d30 40a1a6953e25a048 d31 00000000bfce44c6
I/DEBUG ( 122): scr 6000009f
I/DEBUG ( 122):
I/DEBUG ( 122): backtrace:
I/DEBUG ( 122): #00 pc 00359f84
I/DEBUG ( 122): #01 pc 0011c7b0
I/DEBUG ( 122): #02 pc 0011c9e0
I/DEBUG ( 122): #03 pc 0011d278
I/DEBUG ( 122): #04 pc 0011d328
I/DEBUG ( 122): #05 pc 001809ac
I/DEBUG ( 122): #06 pc 000bb034
I/DEBUG ( 122): #07 pc 000bdf54
I/DEBUG ( 122): #08 pc 000be9c8
I/DEBUG ( 122): #09 pc 000cfac4
I/DEBUG ( 122): #10 pc 000e4148
I/DEBUG ( 122): #11 pc 000e6988
I/DEBUG ( 122): #12 pc 001dff44
I/DEBUG ( 122): #13 pc 002e41ec
I/DEBUG ( 122): #14 pc 0001de30 /system/lib/libdvm.so (dvmPlatformInvoke+112)
I/DEBUG ( 122): #15 pc 0004d083 /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+394)
I/DEBUG ( 122): #16 pc 00000214 /dev/ashmem/dalvik-jit-code-cache (deleted)
I/DEBUG ( 122):
I/DEBUG ( 122): stack:
I/DEBUG ( 122): 699bf0b0 33000000
I/DEBUG ( 122): 699bf0b4 699bf140
I/DEBUG ( 122): 699bf0b8 00000001
I/DEBUG ( 122): 699bf0bc 6978df30
I/DEBUG ( 122): 699bf0c0 00004000
I/DEBUG ( 122): 699bf0c4 c761c23c
I/DEBUG ( 122): 699bf0c8 b55a4f09
I/DEBUG ( 122): 699bf0cc 00000c94
I/DEBUG ( 122): 699bf0d0 3d0cd8d4
I/DEBUG ( 122): 699bf0d4 bf7fd8e6
I/DEBUG ( 122): 699bf0d8 bb5bb665
I/DEBUG ( 122): 699bf0dc 00000000
I/DEBUG ( 122): 699bf0e0 bbd5fe2a
I/DEBUG ( 122): 699bf0e4 bb6a942e
I/DEBUG ( 122): 699bf0e8 e3a070ad
I/DEBUG ( 122): 699bf0ec ef9000ad
I/DEBUG ( 122): #00 699bf0f0 6978df30
I/DEBUG ( 122): … …
I/DEBUG ( 122): #01 699bf0f0 6978df30
I/DEBUG ( 122): 699bf0f4 00000014
I/DEBUG ( 122): 699bf0f8 00000000
I/DEBUG ( 122): 699bf0fc 3f7fbe77
I/DEBUG ( 122): 699bf100 3f800000
I/DEBUG ( 122): 699bf104 00000000
I/DEBUG ( 122): 699bf108 3f800000
I/DEBUG ( 122): 699bf10c 3f800000
I/DEBUG ( 122): 699bf110 00000000
I/DEBUG ( 122): 699bf114 00000000
I/DEBUG ( 122): 699bf118 3d0b660e
I/DEBUG ( 122): 699bf11c bc0cf80c
I/DEBUG ( 122): 699bf120 3f7fd7a5
I/DEBUG ( 122): 699bf124 3f800000
I/DEBUG ( 122): 699bf128 3f800000
I/DEBUG ( 122): 699bf12c 00000000
I/DEBUG ( 122): … …
I/DEBUG ( 122): #02 699bf6a8 00000000
I/DEBUG ( 122): 699bf6ac 80000000
I/DEBUG ( 122): 699bf6b0 699bf7e4
I/DEBUG ( 122): 699bf6b4 699bf7d8
I/DEBUG ( 122): 699bf6b8 b8df4000
I/DEBUG ( 122): 699bf6bc 37008000
I/DEBUG ( 122): 699bf6c0 bf800002
I/DEBUG ( 122): 699bf6c4 00000000
I/DEBUG ( 122): 699bf6c8 bf7f9440
I/DEBUG ( 122): 699bf6cc 3d6acc30
I/DEBUG ( 122): 699bf6d0 38df6000
I/DEBUG ( 122): 699bf6d4 00000000
I/DEBUG ( 122): 699bf6d8 3d6acc68
I/DEBUG ( 122): 699bf6dc 3f7f943f
I/DEBUG ( 122): 699bf6e0 35b80000
I/DEBUG ( 122): 699bf6e4 00000000
I/DEBUG ( 122): … …
I/DEBUG ( 122):
I/DEBUG ( 122): memory near r0:
I/DEBUG ( 122): 699bf6f8 b8df4000 37008000 bf800002 00000000 .@…7…
I/DEBUG ( 122): 699bf708 bf7f9440 3d6acc30 38df6000 00000000 @…0.j=.`.8…
I/DEBUG ( 122): 699bf718 3d6acc68 3f7f943f 35b80000 00000000 h.j=?..?..5…
I/DEBUG ( 122): 699bf728 be25a441 c0a19288 3fcc2982 3f800000 A.%…).?..?
I/DEBUG ( 122): 699bf738 6ab98fa8 69289518 6a2e8dc0 6726b15c …j…(i…j.&g
…
I/DEBUG ( 122): memory map around fault addr 6bc92000:
I/DEBUG ( 122): 6bc6c000-6bc92000
I/DEBUG ( 122): (no map for address)
I/DEBUG ( 122): 6bc94000-6bcb1000

i suggest you try this fix, this might be your issue-solver.

----edit—
this did not fix my error, but i found it in a plugin Forum and I thought this might be the problem related to SkinnedMeshRenderers, I am still getting this error myself.

We are seeing exactly the same issue on the Nexus 7 when loading a new scene. It’s random though, so fairly hard to reproduce.

We also have a crash report that looks identical, but on the Motorola Xoom. Although we don’t have a callstack for that one yet, only reports of lots and lots of “gralloc” errors and a hung game.

I am still investigating this error, and I have a question for you, do you all use TapJoy plugin in your games?

—edit—
because TapJoy uses WebViews and 4.1 has some problems with WebViews that cause crashes (found that on Android dev Forums)

We do not use TapJoy. I believe the problem is within Unity itself and requires a fix on their end.

Damn! I thought it could be the TapJoy plugin or something similar… because of the JNI in backtrace…

Yeah, we still haven’t found a fix for this issue. I’m not sure what I can do on my end; we’re submitting a bug to Unity.

I’ve been upgrading my project and I have been having a LOT more sig11 errors when testing it, however, I’m not using Skinned meshes in my app. I really wish that I could get some sort of log instead of the memory addresses crash that SIGSEGV11 errors produce. I really think there is something on Unity’s end in 3.5.5 that is occasionally causing Android to crash (especially on my Nexus 7 4.1.1).

yes, i noticed crashes on google Nexus(Android 4.1) and on Samsung S2, SIGSEGV and every time the same backtrace is dumped. It all seem so random, it’s not related to something specific that we do in code.

Noticed in the list of bugfixes in Unity 4 that there are lots of fixes related to Android, let’s hope they fix it in the next version.

I’ve had some luck getting useful crash logs if I have the game set to development mode, but it doesn’t seem totally consistent. Also, its possible to create a dump of Unity’s symbols and then match the symbols in the crash log to the function being used. If you search around, I think I saw it in a Unity thread.