Fatal signal 11 (SIGSEGV) when GC runs after calling KeyChain.getPrivateKey

I'm getting a Fatal signal 11 (SIGSEGV) in my application. It occurs after pressing a button (onClick is executed), getting the private key of an KeyChain alias and then when the garbage collector runs the next time.

Some more information:

  • I can only reproduce this on Samsung Galaxy S3 (Android 4.1.2 installed)
  • There is no ANR-Dialog, the app is just beeing closed
  • The error occurs the next time the GC starts after KeyChain.getPrivateKey has been called.

Example for reproduction:

public class MainActivity extends Activity implements KeyChainAliasCallback {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
    }

    public void onClick(View v) throws Exception {
        KeyChain.choosePrivateKeyAlias(this, this, null, null, null, -1, null);
    }

    @Override
    public void alias(String alias) {
        try {
            KeyChain.getPrivateKey(MainActivity.this, alias);
            System.gc(); //Trigger it manually or we could just wait and do some stuff...
        } catch (Exception e) {
            e.printStackTrace(); //No exeption since its a native fatal error
        }
    }
}

Stack Trace:

11-14 15:58:25.445: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x5
11-14 15:58:25.650: D/STATUSBAR-NetworkController(4598): refreshSignalCluster: data=0 bt=false
11-14 15:58:25.650: D/STATUSBAR-SignalClusterView(4598): mSeparateMobileGroup=8
11-14 15:58:25.650: D/STATUSBAR-SignalClusterView(4598): mSeparateMobileGroup=8
11-14 15:58:25.650: D/STATUSBAR-SignalClusterView(4598): mSeparateMobileGroup=8
11-14 15:58:25.780: D/dalvikvm(27601): GC_CONCURRENT freed 237K, 10% free 12315K/13639K, paused 29ms+3ms, total 78ms
11-14 15:58:25.815: A/libc(27601): Fatal signal 11 (SIGSEGV) at 0x588c62b2 (code=1), thread 27610 (FinalizerDaemon)
11-14 15:58:25.900: I/InputReader(3755): Touch event's action (MT) is 0x6 (deviceType=0) [pCnt=3, s=1.3858 3.3867 ]
11-14 15:58:25.900: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x6
11-14 15:58:25.900: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x6
11-14 15:58:25.900: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x6
11-14 15:58:25.935: I/DEBUG(501): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-14 15:58:25.935: I/DEBUG(501): Build fingerprint: 'samsung/m0xx/m0:4.1.2/JZO54K/I9300XXELL4:user/release-keys'
11-14 15:58:25.935: I/DEBUG(501): pid: 27601, tid: 27610, name: FinalizerDaemon  >>> com.example.crash <<<
11-14 15:58:25.935: I/DEBUG(501): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 588c62b2
11-14 15:58:25.935: I/InputReader(3755): Touch event's action (MT) is 0x5 (deviceType=0) [pCnt=3, s=0.3869 1.3858 3.3867 ]
11-14 15:58:25.935: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x5
11-14 15:58:25.935: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x5
11-14 15:58:25.935: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x5
11-14 15:58:25.985: I/InputReader(3755): Touch event's action (MT) is 0x6 (deviceType=0) [pCnt=3, s=1.3858 3.3867 ]
11-14 15:58:25.985: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x6
11-14 15:58:25.985: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x6
11-14 15:58:25.985: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x6
11-14 15:58:26.010: I/InputReader(3755): Touch event's action (MT) is 0x106 (deviceType=0) [pCnt=2, s=1.3858 ]
11-14 15:58:26.010: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x106
11-14 15:58:26.010: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x106
11-14 15:58:26.010: I/InputDispatcher(3755): Delivering touch to current input target: action: 0x106
11-14 15:58:26.280: I/DEBUG(501):     r0 5707b358  r1 5707b4b0  r2 5707b388  r3 00000000
11-14 15:58:26.280: I/DEBUG(501):     r4 40f94820  r5 00000000  r6 00000001  r7 588c62b3
11-14 15:58:26.280: I/DEBUG(501):     r8 5707b388  r9 40f94824  sl 5707b358  fp 5d05ec94
11-14 15:58:26.280: I/DEBUG(501):     ip 00000000  sp 5d05ec28  lr 40a67ea3  pc 588c62b2  cpsr 80000030
11-14 15:58:26.280: I/DEBUG(501):     d0  42c8000042b431a1  d1  3ff0000000bd4278
11-14 15:58:26.280: I/DEBUG(501):     d2  0000000100000001  d3  0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d4  0000000000000000  d5  0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d6  00d20ff000000000  d7  0000005a4e93dbee
11-14 15:58:26.280: I/DEBUG(501):     d8  0000000000000000  d9  0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d10 0000000000000000  d11 0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d12 0000000000000000  d13 0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d14 0000000000000000  d15 0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d16 3fe0000000000000  d17 3fe999999999999a
11-14 15:58:26.280: I/DEBUG(501):     d18 0033003200310030  d19 0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d20 4008000000000000  d21 3fbc71c71c71c71c
11-14 15:58:26.280: I/DEBUG(501):     d22 3fcc7288e957b53b  d23 3fd24998d6307188
11-14 15:58:26.280: I/DEBUG(501):     d24 3fd99a27ad32ddf5  d25 3fe555b0aaeac752
11-14 15:58:26.280: I/DEBUG(501):     d26 0000000000000000  d27 0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d28 0000000000000005  d29 0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     d30 0000000000000000  d31 0000000000000000
11-14 15:58:26.280: I/DEBUG(501):     scr 80000010
11-14 15:58:26.290: I/DEBUG(501): backtrace:
11-14 15:58:26.290: I/DEBUG(501):     #00  pc 588c62b2  <unknown>
11-14 15:58:26.290: I/DEBUG(501):     #01  pc 00038ea1  /system/lib/libcrypto.so
11-14 15:58:26.290: I/DEBUG(501):     #02  pc 00038d43  /system/lib/libcrypto.so (CRYPTO_free_ex_data+34)
11-14 15:58:26.290: I/DEBUG(501):     #03  pc 0008ac69  /system/lib/libcrypto.so (RSA_free+60)
11-14 15:58:26.290: I/DEBUG(501):     #04  pc 000742bf  /system/lib/libcrypto.so (EVP_PKEY_free+46)
11-14 15:58:26.290: I/DEBUG(501):     #05  pc 0001deb0  /system/lib/libdvm.so (dvmPlatformInvoke+112)
11-14 15:58:26.290: I/DEBUG(501):     #06  pc 0004d103  /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+394)
11-14 15:58:26.290: I/DEBUG(501):     #07  pc 000272e0  /system/lib/libdvm.so
11-14 15:58:26.290: I/DEBUG(501):     #08  pc 0002bbe8  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+180)
11-14 15:58:26.290: I/DEBUG(501):     #09  pc 0005f871  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
11-14 15:58:26.290: I/DEBUG(501):     #10  pc 0005f89b  /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
11-14 15:58:26.290: I/DEBUG(501):     #11  pc 00054453  /system/lib/libdvm.so
11-14 15:58:26.290: I/DEBUG(501):     #12  pc 00012e00  /system/lib/libc.so (__thread_entry+48)
11-14 15:58:26.290: I/DEBUG(501):     #13  pc 00012558  /system/lib/libc.so (pthread_create+172)
11-14 15:58:26.290: I/DEBUG(501): stack:
11-14 15:58:26.290: I/DEBUG(501):          5d05ebe8  40de9f64  
11-14 15:58:26.290: I/DEBUG(501):          5d05ebec  5707b358  
11-14 15:58:26.290: I/DEBUG(501):          5d05ebf0  5d05ec94  
11-14 15:58:26.290: I/DEBUG(501):          5d05ebf4  400b9f81  /system/lib/libc.so (malloc+12)
11-14 15:58:26.290: I/DEBUG(501):          5d05ebf8  400b9f75  /system/lib/libc.so (malloc)
11-14 15:58:26.290: I/DEBUG(501):          5d05ebfc  40a66927  /system/lib/libcrypto.so
11-14 15:58:26.290: I/DEBUG(501):          5d05ec00  40b00000  /system/lib/libcrypto.so
11-14 15:58:26.290: I/DEBUG(501):          5d05ec04  40a66df9  /system/lib/libcrypto.so (CRYPTO_malloc+68)
11-14 15:58:26.290: I/DEBUG(501):          5d05ec08  00000002  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec0c  40a66649  /system/lib/libcrypto.so (CRYPTO_lock+80)
11-14 15:58:26.290: I/DEBUG(501):          5d05ec10  40f94820  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec14  5707b1d8  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec18  5707b228  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec1c  40f94820  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec20  df0027ad  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec24  00000000  
11-14 15:58:26.290: I/DEBUG(501):     #00  5d05ec28  00000000  
11-14 15:58:26.290: I/DEBUG(501):          ........  ........
11-14 15:58:26.290: I/DEBUG(501):     #01  5d05ec28  00000000  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec2c  00000000  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec30  5707b388  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec34  5707b358  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec38  00000006  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec3c  40de9f6c  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec40  5d05ec80  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec44  40de9f64  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec48  40d2d820  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec4c  40a67d45  /system/lib/libcrypto.so (CRYPTO_free_ex_data+36)
11-14 15:58:26.290: I/DEBUG(501):     #02  5d05ec50  5707b358  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec54  40d2d810  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec58  00000000  
11-14 15:58:26.290: I/DEBUG(501):          5d05ec5c  40ab9c6d  /system/lib/libcrypto.so (RSA_free+64)
11-14 15:58:26.295: I/DEBUG(501): memory near r0:
11-14 15:58:26.300: I/DEBUG(501):     5707b338 00000005 0000001b 57366e40 00000024  ........@n6W$...
11-14 15:58:26.300: I/DEBUG(501):     5707b348 00000000 00000000 00000001 00000063  ............c...
11-14 15:58:26.300: I/DEBUG(501):     5707b358 00000000 00000000 588c8014 5707afc8  ...........X...W
11-14 15:58:26.300: I/DEBUG(501):     5707b368 5707b3f8 5707b498 00000000 00000000  ...W...W........
11-14 15:58:26.300: I/DEBUG(501):     5707b378 00000000 00000000 00000000 00000000  ................
11-14 15:58:26.300: I/DEBUG(501): memory near r1:
11-14 15:58:26.300: I/DEBUG(501):     5707b490 00000000 0000001b 5707b3b8 00000001  ...........W....
11-14 15:58:26.300: I/DEBUG(501):     5707b4a0 00000001 00000000 00000001 00000023  ............#...
11-14 15:58:26.300: I/DEBUG(501):     5707b4b0 30303031 5253555f 59454b50 3530445f  1000_USRPKEY_D05
11-14 15:58:26.300: I/DEBUG(501):     5707b4c0 37393333 00000000 00000000 0000001b  3397............
11-14 15:58:26.300: I/DEBUG(501):     5707b4d0 5707b4e8 00000020 00000021 00000000  ...W ...!.......
11-14 15:58:26.300: I/DEBUG(501): memory near r2:
11-14 15:58:26.300: I/DEBUG(501):     5707b368 5707b3f8 5707b498 00000000 00000000  ...W...W........
11-14 15:58:26.300: I/DEBUG(501):     5707b378 00000000 00000000 00000000 00000000  ................
11-14 15:58:26.300: I/DEBUG(501):     5707b388 5707b3c8 ffffffff 00000000 000000a6  ...W............
11-14 15:58:26.300: I/DEBUG(501):     5707b398 00000000 00000000 00000000 00000000  ................
11-14 15:58:26.300: I/DEBUG(501):     5707b3a8 00000000 00000000 00000000 00000013  ................
11-14 15:58:26.300: I/DEBUG(501): memory near r4:
11-14 15:58:26.300: I/DEBUG(501):     40f94800 5ad4ac4c 5879e008 0042a340 5b174f8c  L..Z..yX@.B..O.[
11-14 15:58:26.300: I/DEBUG(501):     40f94810 000000f8 00000000 00000000 00000013  ................
11-14 15:58:26.300: I/DEBUG(501):     40f94820 5707b228 400ec534 00000010 0000004b  (..W4..@....K...
11-14 15:58:26.300: I/DEBUG(501):     40f94830 00000002 00000026 41dd71d8 41dd7358  ....&....q.AXs.A
11-14 15:58:26.300: I/DEBUG(501):     40f94840 7379732f 2f6d6574 6d617266 726f7765  /system/framewor
11-14 15:58:26.300: I/DEBUG(501): memory near r7:
11-14 15:58:26.300: I/DEBUG(501):     588c6290 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.300: I/DEBUG(501):     588c62a0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.300: I/DEBUG(501):     588c62b0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.300: I/DEBUG(501):     588c62c0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.300: I/DEBUG(501):     588c62d0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.300: I/DEBUG(501): memory near r8:
11-14 15:58:26.300: I/DEBUG(501):     5707b368 5707b3f8 5707b498 00000000 00000000  ...W...W........
11-14 15:58:26.300: I/DEBUG(501):     5707b378 00000000 00000000 00000000 00000000  ................
11-14 15:58:26.300: I/DEBUG(501):     5707b388 5707b3c8 ffffffff 00000000 000000a6  ...W............
11-14 15:58:26.300: I/DEBUG(501):     5707b398 00000000 00000000 00000000 00000000  ................
11-14 15:58:26.300: I/DEBUG(501):     5707b3a8 00000000 00000000 00000000 00000013  ................
11-14 15:58:26.300: I/DEBUG(501): memory near r9:
11-14 15:58:26.300: I/DEBUG(501):     40f94804 5879e008 0042a340 5b174f8c 000000f8  ..yX@.B..O.[....
11-14 15:58:26.300: I/DEBUG(501):     40f94814 00000000 00000000 00000013 5707b228  ............(..W
11-14 15:58:26.300: I/DEBUG(501):     40f94824 400ec534 00000010 0000004b 00000002  4..@....K.......
11-14 15:58:26.300: I/DEBUG(501):     40f94834 00000026 41dd71d8 41dd7358 7379732f  &....q.AXs.A/sys
11-14 15:58:26.300: I/DEBUG(501):     40f94844 2f6d6574 6d617266 726f7765 77742f6b  tem/framework/tw
11-14 15:58:26.300: I/DEBUG(501): memory near sl:
11-14 15:58:26.300: I/DEBUG(501):     5707b338 00000005 0000001b 57366e40 00000024  ........@n6W$...
11-14 15:58:26.300: I/DEBUG(501):     5707b348 00000000 00000000 00000001 00000063  ............c...
11-14 15:58:26.300: I/DEBUG(501):     5707b358 00000000 00000000 588c8014 5707afc8  ...........X...W
11-14 15:58:26.300: I/DEBUG(501):     5707b368 5707b3f8 5707b498 00000000 00000000  ...W...W........
11-14 15:58:26.300: I/DEBUG(501):     5707b378 00000000 00000000 00000000 00000000  ................
11-14 15:58:26.300: I/DEBUG(501): memory near fp:
11-14 15:58:26.300: I/DEBUG(501):     5d05ec74 1de00001 5732b260 40858eb4 40de9f64  ....`.2W...@d..@
11-14 15:58:26.300: I/DEBUG(501):     5d05ec84 00000001 4112f0c8 00000008 00000000  .......A........
11-14 15:58:26.300: I/DEBUG(501):     5d05ec94 40888107 40de9f64 586073d9 40fc2b7f  ...@d..@.s`X.+.@
11-14 15:58:26.300: I/DEBUG(501):     5d05eca4 40d2d820 1de00001 00000000 00000000   ..@............
11-14 15:58:26.300: I/DEBUG(501):     5d05ecb4 400f3a6c 00000000 00000000 00000000  l:.@............
11-14 15:58:26.300: I/DEBUG(501): memory near sp:
11-14 15:58:26.300: I/DEBUG(501):     5d05ec08 00000002 40a66649 40f94820 5707b1d8  ....If.@ H.@...W
11-14 15:58:26.300: I/DEBUG(501):     5d05ec18 5707b228 40f94820 df0027ad 00000000  (..W H.@.'......
11-14 15:58:26.300: I/DEBUG(501):     5d05ec28 00000000 00000000 5707b388 5707b358  ...........WX..W
11-14 15:58:26.300: I/DEBUG(501):     5d05ec38 00000006 40de9f6c 5d05ec80 40de9f64  ....l..@...]d..@
11-14 15:58:26.300: I/DEBUG(501):     5d05ec48 40d2d820 40a67d45 5707b358 40d2d810   ..@E}.@X..W...@
11-14 15:58:26.300: I/DEBUG(501): code around pc:
11-14 15:58:26.300: I/DEBUG(501):     588c6290 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.300: I/DEBUG(501):     588c62a0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.305: I/DEBUG(501):     588c62b0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.305: I/DEBUG(501):     588c62c0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.305: I/DEBUG(501):     588c62d0 ffffffff ffffffff ffffffff ffffffff  ................
11-14 15:58:26.305: I/DEBUG(501): code around lr:
11-14 15:58:26.305: I/DEBUG(501):     40a67e80 4629b178 f7ff4640 f859ff99 683b7c04  x.)F@F....Y..|;h
11-14 15:58:26.305: I/DEBUG(501):     40a67e90 462b9300 9201687a 68ff4642 46504601  ..+Fzh..BF.h.FPF
11-14 15:58:26.305: I/DEBUG(501):     40a67ea0 350147b8 dbe742b5 4620b114 f870f7ff  .G.5.B.... F..p.
11-14 15:58:26.305: I/DEBUG(501):     40a67eb0 0000f8d8 f055b120 2100fb3c 1000f8c8  .... .U.<..!....
11-14 15:58:26.305: I/DEBUG(501):     40a67ec0 87fce8bd 0006a592 0006a54a 47ffe92d  ........J...-..G
11-14 15:58:26.305: I/DEBUG(501): memory map around fault addr 588c62b2:
11-14 15:58:26.305: I/DEBUG(501):     588be000-588c5000 /system/framework/core-junit.odex
11-14 15:58:26.305: I/DEBUG(501):     (no map for address)
11-14 15:58:26.305: I/DEBUG(501):     588d0000-588d1000 
11-14 15:58:26.480: I/DEBUG(501): !@dumpstate -k -t -z -d -o /data/log/dumpstate_app_native -m 27601
11-14 15:58:26.485: I/BootReceiver(3755): Copying /data/tombstones/tombstone_02 to DropBox (SYSTEM_TOMBSTONE)
11-14 15:58:26.510: I/dumpstate(28057): begin
11-14 15:58:26.655: D/STATUSBAR-NetworkController(4598): refreshSignalCluster: data=0 bt=false
11-14 15:58:26.655: D/STATUSBAR-SignalClusterView(4598): mSeparateMobileGroup=8
11-14 15:58:26.655: D/STATUSBAR-SignalClusterView(4598): mSeparateMobileGroup=8
11-14 15:58:26.655: D/STATUSBAR-SignalClusterView(4598): mSeparateMobileGroup=8
11-14 15:58:26.695: I/InputReader(3755): Touch event's action (MT) is 0x5 (deviceType=0) [pCnt=2, s=0.3870 1.3858 2.3871 ]
11-14 15:58:26.695: I/InputReader(3755): Touch event's action (MT) is 0x205 (deviceType=0) [pCnt=3, s=0.3870 1.3858 2.3871 ]

Answers


It seems to be a bug in the Android OS that has been fixed in 4.2: https://code.google.com/p/android/issues/detail?id=62319

My current workaround is to hold a reference to the private key in a static variable.


Need Your Help

share video in twiiter

ios iphone twitter

Is it possible to share video in Twitter using any library? I want to share my video to twitter.

Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme

c# wcf web-services axis2 ws-security

I have a WCF client connecting to a Java based Axis2 web service (outside my control). It is about to have WS-Security applied to it, and I need to fix the .NET client. However, I am struggling to