Android crash due to FD sanitizer

[DavidCap]

Describe the bug
Crash happen
Version：1.5.5

To Reproduce

Example application to reproduce the issue

Expected behavior

Debug log
SIGABRT
0x285e00006d4f
#00 pc 000000000008dfb0 /apex/com.android.runtime/lib64/bionic/libc.so (_ZL11fdsan_errorPKcz+556) [arm64-v8a::a85ef5fb74e0282813cd1edb10854577]
#1 pc 000000000008dc98 /apex/com.android.runtime/lib64/bionic/libc.so (android_fdsan_close_with_tag+716) [arm64-v8a::a85ef5fb74e0282813cd1edb10854577]
#2 pc 000000000002399c /apex/com.android.art/lib64/libjavacore.so [arm64-v8a::6f15b08a88680707caeb381d9e0bbc2d]
#3 pc 00000000000131f0 /apex/com.android.art/javalib/arm64/boot-core-libart.oat [arm64-v8a::93652ebf96d750c1b4621d5403cee3e0]
java:
libcore.io.ForwardingOs.close(ForwardingOs.java:179)
libcore.io.BlockGuardOs.close(BlockGuardOs.java:113)
libcore.io.ForwardingOs.close(ForwardingOs.java:179)
libcore.io.IoBridge.closeAndSignalBlockedThreads(IoBridge.java:313)
java.net.PlainSocketImpl.socketClose0(PlainSocketImpl.java:249)
java.net.AbstractPlainSocketImpl.socketClose(AbstractPlainSocketImpl.java:764)
java.net.AbstractPlainSocketImpl.close(AbstractPlainSocketImpl.java:582)
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:409)
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:230)
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:212)
java.net.Socket.connect(Socket.java:621)
org.java_websocket.client.WebSocketClient.run(WebSocketClient.java:475)
java.lang.Thread.run(Thread.java:930)

Environment(please complete the following information):

• Version used: 1.5.5
• Java version: 18
• Operating System and version:Android HUAWEI
• Endpoint Name and version:
• Link to your project:

Additional context

[PhilipRoman]

How often does the crash happen?
What android version are you using?
I'm surprised at this stack trace, I thought fdsan was purely for C/C++ code and java should not be able to trigger it. In addition, close is called from JDK itself, which makes it even more confusing.

[DavidCap]

almost 8%
android version：Harmony OS 4.0.0

by the way，i have another crash。
android version
Android 13,level 33

ROM
XiaoMi/MIUI

Crash Log：
#00 pc 0000000000091d50 /apex/com.android.runtime/lib64/bionic/libc.so (_ZL11fdsan_errorPKcz+564) [arm64-v8a::2bb0d7188c0db2e8beecb24658ba9d71]
2
#1 pc 0000000000091d28 /apex/com.android.runtime/lib64/bionic/libc.so (_ZL11fdsan_errorPKcz+524) [arm64-v8a::2bb0d7188c0db2e8beecb24658ba9d71]
3 java:
4 java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:230)
5 java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:212)
6 java.net.Socket.connect(Socket.java:646)
7 org.java_websocket.client.WebSocketClient.run(WebSocketClient.java:473)
8 java.lang.Thread.run(Thread.java:1012)

i don;t konw why, and how to fix it.
express heartfelt thanks;

[marci4]

I cannot help, I dont have a HUAWEI/XiaoMi.

Since no one else has a problem, I think it is related to the ROM and we cannot help you here.

[alfredogarry]

Hi there, glad someone is having the same issues. This error is happening in every version (currently having 1.5.3 and 1.4.0 in two different apps). Copy and pasting

fdsan: attempted to close file descriptor 97, expected to be owned by SocketImpl 0xc908ae3, actually unowned

---

pid: 0, tid: 19036 >>> es.las40.guinyote <<<

backtrace:
#00 pc 0x0000000000091338 /apex/com.android.runtime/lib64/bionic/libc.so (fdsan_error(char const*, ...)+552)
#1 pc 0x0000000000091020 /apex/com.android.runtime/lib64/bionic/libc.so (android_fdsan_close_with_tag+688)
#2 pc 0x00000000000264f8 /apex/com.android.art/lib64/libjavacore.so (Linux_close(_JNIEnv*, _jobject*, _jobject*)+104)
#3 pc 0x0000000000394460 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+128)
#4 pc 0x00000000006ff618 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (libcore.io.BlockGuardOs.close+1032)
#5 pc 0x00000000006f9528 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (libcore.io.ForwardingOs.close+72)
#6 pc 0x000000000063cb78 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.PlainSocketImpl.socketClose0+552)
#7 pc 0x00000000005c4838 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.AbstractPlainSocketImpl.socketClose+40)
#8 pc 0x00000000005c33b4 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.AbstractPlainSocketImpl.close+404)
#9 pc 0x00000000005c926c /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.Socket.close+140)
#10 pc 0x00000000005ba6b0 /apex/com.android.art/lib64/libart.so (nterp_helper+4016)
#11 pc 0x00000000004a7caa /data/app/~~z8SmZG2qaXm1onzTfJyZSg==/es.las40.guinyote-y3lP77tiVUw35zzdanu-WQ==/oat/arm64/base.vdex (org.java_websocket.client.WebSocketClient.reset+98)
#12 pc 0x00000000005ba654 /apex/com.android.art/lib64/libart.so (nterp_helper+3924)
#13 pc 0x00000000004a7c28 /data/app/~~z8SmZG2qaXm1onzTfJyZSg==/es.las40.guinyote-y3lP77tiVUw35zzdanu-WQ==/oat/arm64/base.vdex (org.java_websocket.client.WebSocketClient.reconnect)
#14 pc 0x00000000005ba654 /apex/com.android.art/lib64/libart.so (nterp_helper+3924)
#15 pc 0x0000000000477f90 /data/app/~~z8SmZG2qaXm1onzTfJyZSg==/es.las40.guinyote-y3lP77tiVUw35zzdanu-WQ==/oat/arm64/base.vdex (es.las40.guinyote.activities.PlayActivity$14$1.run+16)
#16 pc 0x000000000050eb98 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.lang.Thread.run+72)
#17 pc 0x000000000033eda4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612)
#18 pc 0x0000000000239d54 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+144)
#19 pc 0x000000000053a1b0 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1600)
#20 pc 0x00000000000fba4c /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
#21 pc 0x000000000008e5f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)

Another one

---

pid: 0, tid: 4182 >>> es.las40.guinyote <<<

backtrace:
#00 pc 0x000000000008edcc /apex/com.android.runtime/lib64/bionic/libc.so (fdsan_error(char const*, ...)+556)
#1 pc 0x000000000008eab4 /apex/com.android.runtime/lib64/bionic/libc.so (android_fdsan_close_with_tag+696)
#2 pc 0x00000000000264f8 /apex/com.android.art/lib64/libjavacore.so (Linux_close(_JNIEnv*, _jobject*, _jobject*)+104)
#3 pc 0x000000000032f460 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+128)
#4 pc 0x0000000000608dc8 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (libcore.io.BlockGuardOs.close+1032)
#5 pc 0x0000000000602d98 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (libcore.io.ForwardingOs.close+72)
#6 pc 0x0000000000546728 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.PlainSocketImpl.socketClose0+552)
#7 pc 0x00000000004ce368 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.AbstractPlainSocketImpl.socketClose+40)
#8 pc 0x00000000004ccee4 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.AbstractPlainSocketImpl.close+404)
#9 pc 0x00000000004cd25c /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.AbstractPlainSocketImpl.connect+668)
#10 pc 0x00000000004d3038 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.net.Socket.connect+440)
#11 pc 0x00000000001479f0 /data/app/~~8I4y4Y5pwjtEvvqNAuIAkA==/es.las40.guinyote-9TEQhKouDXYY22mrl2__yw==/oat/arm64/base.odex (org.java_websocket.client.WebSocketClient.run+672)
#12 pc 0x0000000000418178 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.lang.Thread.run+72)
#13 pc 0x000000000033eda4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612)
#14 pc 0x0000000000239d54 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+144)
#15 pc 0x000000000053a1b0 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1600)
#16 pc 0x00000000000ef578 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208)
#17 pc 0x000000000008c23c /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)

And another one

Copy and pasting what maybe is causing the trouble but im not sure

I manually check if websocket connection is lost after a few heartbeats and if missed_heartbeats > 2 try to reconnect

Runnable mStatusCheckerl = new Runnable() {
@OverRide
public void run() {
//Log.d("DEBUG", "still checking websocket");
try {
missed_heartbeats += 1;
Log.d("heartbeat", String.valueOf(missed_heartbeats));
if (missed_heartbeats > 2) {
Log.d("DEBUG","heartbeat");
missed_heartbeats = 0;
if (mWebSocketClient != null) {
new Thread(new Runnable() {
public void run() {
// a potentially time consuming task
try {
mWebSocketClient.reconnect();
} catch (Exception e){
Log.d("DEBUG","ERROR RECONNECTING");
e.printStackTrace();
}
}
}).start();
}

            }
        } finally {
            // 100% guarantee that this always happens, even if
            // your update method throws an exception
            mHandlerl.postDelayed(mStatusCheckerl, mIntervall);
        }
    }
};

It's very difficult to debug this fdsan error but i have like 1% errors due to this. It's affecting to users with Android version 12,13 and 14.

[PhilipRoman]

One possible explanation is that some other native library is corrupting your file descriptor, which is being detected by other unrelated parts of the code. I've tried everything but I am unable to reproduce on Android emulator using this library alone. This makes sense since the JDK platform is expected to handle the FD tags transparently.

If you have any native libraries in your app, please list them here.

This would also explain why we have only 2 reports of this so far.

If you can send me an example app which reproduces the issue, I could debug this further (if you want to send it privately, mail it to frfilips@gmail.com). Otherwise I cannot debug this.

Alternatively, you can try to reproduce the crash while running with strace -yy -f -e trace=%desc and post the output here.