Android application crashes randomly after using JNI

Question

I have an application which uses a C library through JNI bindings. The same C library is used on iOS without any issues, and it was used for around 2 years already.

I've tried implementing the same library on Android, and in general, everything works as expected, but the app crashes randomly after calling the JNI code.

What I mean is that I call the library, I receive data, I do some things with the data [like update buttons on screen] and then wait for further user input. After around 200-300ms after the call, my app crashes. By random, I mean that 1 out of 3 times it crashes. Sometimes after the first call, sometimes after 4th etc. All the time I use the same set of data, so this issue is not data specific.

Unfortunately, the errors I get are random as well. This leads me to believe, that it must be something with memory management, but damn... I have no idea how to debug it at all.

Here are few examples of the errors I get.

                                                                 ----

----- beginning of crash
06-03 13:35:37.823 6035-6035/com.mycompany.myapp A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x30384636 in tid 6035 (mycompany.myapp)

                                                             [ 06-03 13:35:37.829   182:  182 W/         ]
                                                             debuggerd: handling request: pid=6035 uid=10147 gid=10147 tid=6035
06-03 13:35:37.919 6307-6307/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-03 13:35:37.919 6307-6307/? A/DEBUG: Build fingerprint: 'nvidia/wx_un_do/shieldtablet:7.0/NRD90M/1928188_850.6612:user/release-keys'
06-03 13:35:37.919 6307-6307/? A/DEBUG: Revision: '0'
06-03 13:35:37.919 6307-6307/? A/DEBUG: ABI: 'arm'
06-03 13:35:37.920 6307-6307/? A/DEBUG: pid: 6035, tid: 6035, name: mycompany.myapp  >>> com.mycompany.myapp <<<
06-03 13:35:37.920 6307-6307/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x30384636
06-03 13:35:37.920 6307-6307/? A/DEBUG:     r0 30384636  r1 00000058  r2 a49016e8  r3 00000058
06-03 13:35:37.920 6307-6307/? A/DEBUG:     r4 a480628c  r5 3038392e  r6 00000000  r7 a4806278
06-03 13:35:37.920 6307-6307/? A/DEBUG:     r8 a53532e8  r9 00000001  sl a53532dc  fp 00000001
06-03 13:35:37.920 6307-6307/? A/DEBUG:     ip a5349860  sp bea94a68  lr a532f97d  pc a5308b26  cpsr 200f0030
06-03 13:35:37.991 6307-6307/? A/DEBUG: backtrace:
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #00 pc 00047b26  /system/lib/libc.so (pthread_mutex_lock+1)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #01 pc 0006e979  /system/lib/libc.so (je_tcache_bin_flush_small+144)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #02 pc 0006e88d  /system/lib/libc.so (je_tcache_event_hard+60)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #03 pc 00064d09  /system/lib/libc.so (je_calloc+776)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #04 pc 0000f94d  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (roxml_malloc+64)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #05 pc 0000eeab  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (roxml_get_name+502)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #06 pc 0000ef8f  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (roxml_get_nodes+42)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #07 pc 0000c079  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (get_attr_content+12)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #08 pc 0000c785  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (get_prodcore_item+92)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #09 pc 0000c82f  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (get_prodcore_items+98)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #10 pc 0000c8d3  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (get_prod_prodcore+54)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #11 pc 0000a1ab  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (parse_prod_file_from_buf+70)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #12 pc 0000acf7  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (mylib_get_basic_info+238)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #13 pc 0000b611  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (mylib_open+388)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #14 pc 0000779d  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (Java_com_mycompany_mylib_mylibJNI_openmylibprod+60)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #15 pc 000ad919  /system/lib/libart.so (art_quick_generic_jni_trampoline+40)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #16 pc 000a8f41  /system/lib/libart.so (art_quick_invoke_stub_internal+64)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #17 pc 0040535d  /system/lib/libart.so (art_quick_invoke_stub+232)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #18 pc 000b0209  /system/lib/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+136)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #19 pc 001ec4eb  /system/lib/libart.so (_ZN3art11interpreter34ArtInterpreterToCompiledCodeBridgeEPNS_6ThreadEPNS_9ArtMethodEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+198)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #20 pc 001e6a8b  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+478)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #21 pc 0020d1d3  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE2ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+422)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #22 pc 00203259  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+12904)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #23 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #24 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #25 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #26 pc 0020d1d3  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE2ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+422)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #27 pc 00203259  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+12904)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #28 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #29 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.992 6307-6307/? A/DEBUG:     #30 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #31 pc 0020e809  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE1ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+264)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #32 pc 002053c1  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+21456)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #33 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #34 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #35 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #36 pc 0020e809  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE1ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+264)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #37 pc 002053c1  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+21456)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #38 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #39 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #40 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #41 pc 0020f641  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE0ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+232)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #42 pc 00203ffd  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+16396)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #43 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #44 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #45 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #46 pc 0020f033  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE4ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+830)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #47 pc 00205c45  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+23636)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #48 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #49 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #50 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #51 pc 0020d1d3  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE2ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+422)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #52 pc 00203259  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+12904)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #53 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #54 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #55 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #56 pc 0020f033  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE4ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+830)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #57 pc 00205c45  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+23636)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #58 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #59 pc 001cf357  /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #60 pc 001e6a6f  /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #61 pc 0020d1d3  /system/lib/libart.so (_ZN3art11interpreterL8DoInvokeILNS_10InvokeTypeE2ELb0ELb0EEEbPNS_6ThmyappNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+422)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #62 pc 00203259  /system/lib/libart.so (_ZN3art11interpreter17ExecuteSwitchImplILb0ELb0EEENS_6JValueEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameES2_b+12904)
06-03 13:35:37.993 6307-6307/? A/DEBUG:     #63 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)

another one:

06-03 14:06:34.775 8746-8746/com.mycompany.myapp A/libc: Fatal signal 11 (SIGSEGV), code 2, fault addr 0x3438379e in tid 8746 (mycompany.myapp)

                                                             [ 06-03 14:06:34.776   182:  182 W/         ]
                                                             debuggerd: handling request: pid=8746 uid=10147 gid=10147 tid=8746
06-03 14:06:34.842 9224-9224/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-03 14:06:34.843 9224-9224/? A/DEBUG: Build fingerprint: 'nvidia/wx_un_do/shieldtablet:7.0/NRD90M/1928188_850.6612:user/release-keys'
06-03 14:06:34.843 9224-9224/? A/DEBUG: Revision: '0'
06-03 14:06:34.843 9224-9224/? A/DEBUG: ABI: 'arm'
06-03 14:06:34.843 9224-9224/? A/DEBUG: pid: 8746, tid: 8746, name: mycompany.myapp  >>> com.mycompany.myapp <<<
06-03 14:06:34.843 9224-9224/? A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x3438379e
06-03 14:06:34.843 9224-9224/? A/DEBUG:     r0 3438379e  r1 00000058  r2 a4900e50  r3 00000058
06-03 14:06:34.843 9224-9224/? A/DEBUG:     r4 a4806034  r5 3438332e  r6 00000000  r7 a4806020
06-03 14:06:34.843 9224-9224/? A/DEBUG:     r8 a53532e8  r9 00000004  sl a53532dc  fp 00000004
06-03 14:06:34.843 9224-9224/? A/DEBUG:     ip a5349860  sp bea948c8  lr a532f97d  pc a5308b26  cpsr 20070030
06-03 14:06:34.945 9224-9224/? A/DEBUG: backtrace:
06-03 14:06:34.945 9224-9224/? A/DEBUG:     #00 pc 00047b26  /system/lib/libc.so (pthread_mutex_lock+1)
06-03 14:06:34.945 9224-9224/? A/DEBUG:     #01 pc 0006e979  /system/lib/libc.so (je_tcache_bin_flush_small+144)
06-03 14:06:34.945 9224-9224/? A/DEBUG:     #02 pc 00066f09  /system/lib/libc.so (ifree+432)
06-03 14:06:34.945 9224-9224/? A/DEBUG:     #03 pc 000671eb  /system/lib/libc.so (je_free+74)
06-03 14:06:34.945 9224-9224/? A/DEBUG:     #04 pc 00010c2f  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (roxml_del_from_pool+72)

and yet another:

06-03 21:23:53.136 19575-19829/com.mycompany.myapp A/libc: Fatal signal 11 (SIGSEGV), code 2, fault addr 0x3438480a in tid 19829 (RenderThread)

                                                               [ 06-03 21:23:53.137   182:  182 W/         ]
                                                               debuggerd: handling request: pid=19575 uid=10147 gid=10147 tid=19829
06-03 21:23:53.446 19995-19995/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-03 21:23:53.446 19995-19995/? A/DEBUG: Build fingerprint: 'nvidia/wx_un_do/shieldtablet:7.0/NRD90M/1928188_850.6612:user/release-keys'
06-03 21:23:53.447 19995-19995/? A/DEBUG: Revision: '0'
06-03 21:23:53.447 19995-19995/? A/DEBUG: ABI: 'arm'
06-03 21:23:53.448 19995-19995/? A/DEBUG: pid: 19575, tid: 19829, name: RenderThread  >>> com.mycompany.myapp <<<
06-03 21:23:53.448 19995-19995/? A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x3438480a
06-03 21:23:53.448 19995-19995/? A/DEBUG:     r0 3438392e  r1 8b8fda20  r2 00000001  r3 00000000
06-03 21:23:53.449 19995-19995/? A/DEBUG:     r4 a483aa00  r5 8b8fd3ec  r6 98356000  r7 00000002
06-03 21:23:53.449 19995-19995/? A/DEBUG:     r8 00000001  r9 00000000  sl a4863a84  fp a4863a80
06-03 21:23:53.449 19995-19995/? A/DEBUG:     ip a71ecf18  sp 8b8fd330  lr 98305edf  pc 98305eec  cpsr 00000030
06-03 21:23:53.481 19995-19995/? A/DEBUG: backtrace:
06-03 21:23:53.481 19995-19995/? A/DEBUG:     #00 pc 0000deec  /system/vendor/lib/egl/libEGL_tegra.so
06-03 21:23:53.481 19995-19995/? A/DEBUG:     #01 pc 00013805  /system/vendor/lib/egl/libEGL_tegra.so (eglGetError+4)
06-03 21:23:53.481 19995-19995/? A/DEBUG:     #02 pc 0000c071  /system/lib/libEGL.so (eglGetError+20)
06-03 21:23:53.481 19995-19995/? A/DEBUG:     #03 pc 0000b93f  /system/lib/libEGL.so (eglQuerySurface+22)
06-03 21:23:53.481 19995-19995/? A/DEBUG:     #04 pc 00025963  /system/lib/libhwui.so
06-03 21:23:53.482 19995-19995/? A/DEBUG:     #05 pc 0002311f  /system/lib/libhwui.so
06-03 21:23:53.482 19995-19995/? A/DEBUG:     #06 pc 00024d6b  /system/lib/libhwui.so
06-03 21:23:53.482 19995-19995/? A/DEBUG:     #07 pc 00028181  /system/lib/libhwui.so (_ZN7android10uirenderer12renderthread12RenderThread10threadLoopEv+80)
06-03 21:23:53.482 19995-19995/? A/DEBUG:     #08 pc 0000f155  /system/lib/libutils.so (_ZN7android6Thread11_threadLoopEPv+144)
06-03 21:23:53.482 19995-19995/? A/DEBUG:     #09 pc 00065e75  /system/lib/libandroid_runtime.so (_ZN7android14AndroidRuntime15javaThreadShellEPv+80)
06-03 21:23:53.482 19995-19995/? A/DEBUG:     #10 pc 00047543  /system/lib/libc.so (_ZL15__pthread_startPv+22)
06-03 21:23:53.482 19995-19995/? A/DEBUG:     #11 pc 0001a115  /system/lib/libc.so (__start_thread+6)

I have to admit, I hate this kind of errors. I have no clue where to look for solutions.

Now a bit about the library:

it takes a zip file, unpacks an xml file out of it and parses data from the xml into a struct which then is used to generate an object with all of that data.

That's basically it. In the JNI class I hold the value of JNIEnv because there is a scenario where I have to call java class from C, but not in this case. The calls I make are limited to the description I gave above.

Also, this happens very often on first call so I doubt it has anything to do with that.

Is there anything else I could provide to make it possible to determine the cause of the crashes?

I am a bit fed up with the issue, if it was up to me I would just rewrite the lib in java, but the whole idea of getting the C lib was to have a single code running on all platforms.

I will be grateful for any help.

EDIT I was able to remove a lot of the code from calls to identify the simplest possible way for my app to crash. Now I only have one function which when called will [randomly] crashe the app, and when not called, will never do this.

Here's the JNI code i call, quite simple. Maybe my bug is much simpler then I though.

jlong Java_com_mycompany_product_ProdJNI_openProdBook(JNIEnv* env, jobject this, jstring jprname) {

    // set the jvm variable so other C threads can access java virtual machine
    (*env)->GetJavaVM(env, &jvm);

    const char *prodname = (*env)->GetStringUTFChars(env, jprname, NULL);
    unsigned long ret = product_open(prodname);
    (*env)->ReleaseStringUTFChars(env, jprname, prodname);
    return ret;
}

Not sure if related: https://stackoverflow.com/questions/13755355/android-ndk-mutex-locking — Morrison Chang, Jun 03 '17 at 20:22
Sounds very much like my issue. I've tried with `PTHREAD_RECURSIVE_MUTEX_INITIALIZER` with `PTHREAD_MUTEX_INITIALIZER` and with `PTHREAD_ERRORCHECK_MUTEX_INITIALIZER` and all of them give me the same results :/ I also use roxml library which also uses pthreads but I am not sure what kind of initializer does it use. — Krystian, Jun 03 '17 at 20:40
The second crash could be a double-free. The first can also happen when new and free are not synchronized well, maybe across different threads. — Alex Cohn, Jun 04 '17 at 08:39

score 1 · Accepted Answer · answered Jun 03 '17 at 20:50

This is not an answer, but it is too long for a comment. There are two things that I would note. First, your comment that "After around 200-300ms after the call, my app crashes [randomly]", the stack trace in two of the failures include your native library libmylibjni.so:

06-03 13:35:37.991 6307-6307/? A/DEBUG:     #00 pc 00047b26  /system/lib/libc.so (pthread_mutex_lock+1)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #01 pc 0006e979  /system/lib/libc.so (je_tcache_bin_flush_small+144)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #02 pc 0006e88d  /system/lib/libc.so (je_tcache_event_hard+60)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #03 pc 00064d09  /system/lib/libc.so (je_calloc+776)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #04 pc 0000f94d  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (roxml_malloc+64)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #05 pc 0000eeab  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (roxml_get_name+502)
06-03 13:35:37.991 6307-6307/? A/DEBUG:     #06 pc 0000ef8f  /data/app/com.mycompany.myapp-2/lib/arm/libmylibjni.so (roxml_get_nodes+42)

Presumably this is running from a native thread started by libart.so as you see all the way at the bottom of the stack:

06-03 13:35:37.993 6307-6307/? A/DEBUG:     #63 pc 001ca845  /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+368)

While you have not provided us with any of your code, I'm going to hazard a theory and say that you are exchanging memory buffers between C++ and Java, and one of them is corrupting that memory, or failing to abide by mutex control over shared data (which can lead to corruption). Hence the crash during heap operations or otherwise-unrelated code.

A second theory is that libart.so has a bug and that is causing your troubles.

If you have some code to share, we might be able to help more.

I don't want to think this is because libart.so, this would mean I have to cancel the whole project. I would rather explore the most obvious possibility - bug in my code. Thanks a lot for the "answer" this gives me something. I will post the jni part of my code. — Krystian, Jun 04 '17 at 08:17
After spending one more day dwelling on the issue I gave up and just rewrote the functionality in Java. It took far less time than i have already wasted on the issue, and since the functionality is "mature" I don't expect too much double work by changing things in the C code and Java code. Perfect is the enemy of good. — Krystian, Aug 04 '17 at 23:02

score 0 · Answer 2 · answered Jun 04 '17 at 09:00

Question is, why do you call GetJavaVM at all? It make sense in case you call Java from C. Take a look here:

http://jnicookbook.owsiak.org/recipe-no-027/

I'd make you JNI code following way:

jlong Java_com_mycompany_product_ProdJNI_openProdBook(JNIEnv* env, jobject this, jstring jprname) {

    const char *prodname = (*env)->GetStringUTFChars(env, jprname, NULL);
    unsigned long ret = product_open(prodname);
    (*env)->ReleaseStringUTFChars(env, jprname, prodname);
    return ret;
}

It should work without any issues.

You can test it here:

http://jnicookbook.owsiak.org/recipe-No-009/

where supper simple code passes Java string between Java and C.

Have fun with JNI!

Yeah, the name of the function is quite confusing, that's why I have added the comment. That call is used to store a reference, not get it back. And without it, i have the exact same behavior. — Krystian, Jun 04 '17 at 09:03

Android application crashes randomly after using JNI

2 Answers2