[libdartjni.so] dartjni.c - getMethodID

[atrope]

Hey @brianquinlan After we applied the fix for. #1136 and released a new version we received from Android Store that our ANR rate is beyond the reasonable level for this specific error.
Is it possible that we are trying to close a thread that does not exist anymore and then Android crashes? I Was able to receive the error but still not able to reproduce with confidence..
It started after we added the close engine.

It Affects all Android versions.

--------- beginning of crash
failed to attach to thread 31945: No such process
failed to interrupt 31945 to detach: No such process
failed to ptrace interrupt thread 31945: No such process
failed to attach to thread 31946: No such process
failed to interrupt 31946 to detach: No such process
failed to ptrace interrupt thread 31946: No such process
failed to attach to thread 31954: No such process
failed to interrupt 31954 to detach: No such process
failed to ptrace interrupt thread 31954: No such process
failed to attach to thread 31955: No such process
failed to interrupt 31955 to detach: No such process
failed to ptrace interrupt thread 31955: No such process
failed to attach to thread 31956: No such process
failed to interrupt 31956 to detach: No such process
failed to ptrace interrupt thread 31956: No such process
failed to attach to thread 31957: No such process
failed to interrupt 31957 to detach: No such process
failed to ptrace interrupt thread 31957: No such process
reportAccessDeniedToReadIdentifiers:suamusica.suamusicaapp:getSerial:-1
received crash request for pid 31761
performing dump of process 30244 (target tid = 31761)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'samsung/beyond1ltexx/beyond1:11/RP1A.200720.012/G973FXXSEFUL1:user/release-keys'
Revision: '26'
ABI: 'arm64'
Timestamp: 2024-03-06 12:55:59-0300
pid: 30244, tid: 31761, name: DartWorker  >>> suamusica.suamusicaapp <<<
uid: 11383
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
Cause: null pointer dereference
    x0  0000000000000000  x1  00000000000043d6  x2  00000072ca5e4150  x3  00000072ca5e4210
    x4  00000071f12e3520  x5  00000072da6b2010  x6  0000000000000000  x7  0000000000000000
    x8  00000072da6b200f  x9  fffffffffffffff8  x10 0000000000000000  x11 00000000da6b2017
    x12 0000000074463f1e  x13 0000000000000001  x14 0000000000000000  x15 00000072a68e9bb0
    x16 00000071f12f99d8  x17 00000075aa7a8740  x18 00000071429b0000  x19 00000072ca5e4210
    x20 00000072ca5e4150  x21 00000000000043d6  x22 00000072da6b2008  x23 00000072a68ea450
    x24 0000007000008081  x25 00000072a6809000  x26 000000740a650470  x27 0000007001d80080
    x28 0000000800000070  x29 00000072a68e9b80
    lr  00000071f12e6a4c  sp  00000072a68e9b80  pc  00000071f12e6a60  pst 0000000080000000
reportAccessDeniedToReadIdentifiers:suamusica.suamusicaapp:getSerial:-1
backtrace:
      #00 pc 000000000000aa60  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libdartjni.so (getMethodID+60) (BuildId: 7bcdf1986472cdb4a0077865b1cedb2b02179aca)
      #01 pc 0000000000bf1610  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #02 pc 0000000000e1b488  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #03 pc 0000000000e1b720  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #04 pc 0000000000e1c2d0  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #05 pc 0000000000c4f0d4  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #06 pc 0000000000e187ec  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #07 pc 0000000000e297cc  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #08 pc 00000000018364d8  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #09 pc 0000000000e299bc  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #10 pc 0000000000e2de5c  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #11 pc 000000000175ef64  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #12 pc 0000000001047480  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #13 pc 0000000000e9b7f0  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #14 pc 0000000000c243f8  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #15 pc 0000000000c2565c  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #16 pc 0000000000c23ad8  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #17 pc 0000000000c24d78  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #18 pc 0000000001839460  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #19 pc 0000000000c1e018  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #20 pc 0000000000e9b7f0  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #21 pc 0000000000c243f8  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #22 pc 0000000000c2565c  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #23 pc 0000000000c23ad8  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #24 pc 0000000000c24d78  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #25 pc 00000000011e6508  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #26 pc 0000000000c21790  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #27 pc 0000000000c21688  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #28 pc 0000000000c2164c  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #29 pc 0000000000c1e87c  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #30 pc 0000000000c1e820  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #31 pc 0000000000bf3efc  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libapp.so (BuildId: dba666b75d2d813d031cf15d64ad3c12)
      #32 pc 0000000000c3696c  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libflutter.so (BuildId: 2b54125ae9d341773a83789e2196b12aed235774)
      #33 pc 0000000000c49910  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libflutter.so (BuildId: 2b54125ae9d341773a83789e2196b12aed235774)
      #34 pc 0000000000c54e68  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libflutter.so (BuildId: 2b54125ae9d341773a83789e2196b12aed235774)
      #35 pc 0000000000c54ac0  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libflutter.so (BuildId: 2b54125ae9d341773a83789e2196b12aed235774)
      #36 pc 0000000000d384c0  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libflutter.so (BuildId: 2b54125ae9d341773a83789e2196b12aed235774)
      #37 pc 0000000000cd18b8  /data/app/~~13piSh5dF5C-P53bvfyKlQ==/suamusica.suamusicaapp-1548O9SGEA8y-pVaKmqQVA==/lib/arm64/libflutter.so (BuildId: 2b54125ae9d341773a83789e2196b12aed235774)
      #38 pc 00000000000b10e8  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64) (BuildId: 890b75bbb1eaed1155b47ab37b7aad70)
      #39 pc 0000000000050a58  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 890b75bbb1eaed1155b47ab37b7aad70)

[atrope]

I Was able to repoduce in that test app (https://github.com/SuaMusica/cronet_http_test)
It is not always, but when it happens it's in the first or second try.

I Changed the app so we don't need to Click the download button.

Also managed to pinpoint the error to the shutdown method in jni_bindings.dart when we fetch the _id_shutdown variable.

The way i can "reproduce" is to install the app in the phone and then keep the logcat running while closing and opening the app. It will eventually happen sometime after 10/20 opens.

I/flutter (11857): [Downloader] onDone: test2_2527382.jpg 2
I/flutter (11857): CLOSE
F/libc    (11857): Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 11949 (DartWorker), pid 11857 (ple.cronet_test)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'samsung/q4qxxx/q4q:14/UP1A.231005.007/F936BXXS5EXAB:user/release-keys'
Revision: '14'
ABI: 'arm64'
Processor: '7'
Timestamp: 2024-03-06 13:34:58.900456264-0300
Process uptime: 3s
Cmdline: com.example.cronet_test
pid: 11857, tid: 11949, name: DartWorker  >>> com.example.cronet_test <<<
uid: 10848
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
Cause: null pointer dereference
    x0  b400007272224a18  x1  000000705ca47600  x2  0000000000000008  x3  0000000000000010
    x4  000000705ca47608  x5  b400007272224a20  x6  0000000000000000  x7  0000000000000000
    x8  0000000000000000  x9  fffffffffffffff8  x10 000000002e5e8081  x11 0000000000000002
    x12 0000000000000000  x13 ffffff91f9ffca6f  x14 0000000000000000  x15 0000006fbfffa940
    x16 000000705ca55228  x17 000000740eca8280  x18 0000006fbdf04000  x19 000000704245a820
    x20 0000000000000006  x21 b4000071b21c44e0  x22 0000006e00008081  x23 0000000000000000
    x24 0000006e00008081  x25 0000006fbff19000  x26 b4000071b21c44e0  x27 0000006e0569fae0
    x28 000000080000006e  x29 0000006fbfffa930
    lr  000000705ca4a680  sp  0000006fbfffa900  pc  000000705ca4a684  pst 0000000080001000
2 total frames
backtrace:
      #00 pc 000000000000a684  /data/app/~~ybpYcAoGzGDg6PGobeM9gg==/com.example.cronet_test-eYEVCr-Izq6OVce52gmfxg==/lib/arm64/libdartjni.so (getMethodID+40) (BuildId: 360ce44136186a19bc4625350cae4c4f927a9cd7)
      #01 pc 0000000000007bc4  [anon:dart-code]

[atrope]

Hey, I Tried to debug a little bit more and got to this method here that i guess goes to the C part of things

I was not able to understand how i can debug the C part to check if the address is faulty.

What i can tell you is that it gets to this function with the right address
getMethodID cls: Pointer: address=0x3a26, name: Pointer: address=0xb4000071a21b6550, signature: Pointer: address=0xb4000071a21b85b0
And after that it crashes with the above error.
I Really got to the point that i don't know how to proceed. @brianquinlan If you could share some inputs maybe i can continue to try fixing this issue.
Thanks

[brianquinlan]

@HosseinYousefi Since this crash seems to be coming from package:jni.

[atrope]

@HosseinYousefi hi,
Do you have any inputs on where I can try to fix this?
It is affecting our Google play metrics.
Thank you!

[HosseinYousefi]

@HosseinYousefi hi, Do you have any inputs on where I can try to fix this? It is affecting our Google play metrics. Thank you!

I wasn't able to reproduce this on my device yet. I'll try it again and will let you know.

[atrope]

Gotcha.
The way i can reproduce is:

1 - Install the test app in debug mode
2 - With the phone connected and active logcat just open and close the app.
If it downloads more than 2 files(it becomes green) you can force close and open again(You dont need to reinstall the app only close and open, logcat should show all info).
It will happen after maximum 20 tries it always does.

[HosseinYousefi]

Gotcha. The way i can reproduce is:

1 - Install the test app in debug mode 2 - With the phone connected and active logcat just open and close the app. If it downloads more than 2 files(it becomes green) you can force close and open again(You dont need to reinstall the app only close and open, logcat should show all info). It will happen after maximum 20 tries it always does.

I managed to reproduce it, thanks. I will look into this.

[atrope]

Hi @HosseinYousefi Do you have any tip if we can help you fixing this or just wait until you work on the fix?

[HosseinYousefi]

Hi @HosseinYousefi Do you have any tip if we can help you fixing this or just wait until you work on the fix?

I'm working on another issue at the moment so I can't prioritize this in the next few days. You can try enabling CheckJNI and debug the root cause yourselves.

[brianquinlan]

@HosseinYousefi Also let me know if it looks like package:jni is not the cause and I can start trying to debug package:cronet_http.

This seems like the only relevant change since the last release:
6873731

The call to .release() is suspicious but it looks like package:jni guards access to released objects.

[atrope]

I will also try to enable that option and debug more.

@brianquinlan I will Also will try to test without the release and check if it will also happen or not and if it does not, will check that the other bug also does not happens.

[atrope]

Following thorough testing for two hours, I discovered that eliminating release from the close method somewhat mitigated (the issue surfaced after opening the app 40 times) but did not completely avert the crash linked to this problem.

Moreover, I tried downloading 2000 items, and issue #1136 did not manifest.

Putting release back into the method led to the crash happening again on the tenth try of launching the test app.

Activating CheckJNI did not modify the result or offer additional clarity. The crash persisted, with the same parameters.

[atrope]

Quick update: By setting closeEngine to false, this issue is avoided (naturally, as neither shutdown nor release is executed), yet issue #1136 emerges as a result.

If anyone has further suggestions, please share them so we can attempt to replicate or resolve the problem.

Thank you!

[brianquinlan]

@HosseinYousefi Will you have a chance to look at this in the short term? If not, let me know and I'll take a look.

[HosseinYousefi]

@HosseinYousefi Will you have a chance to look at this in the short term? If not, let me know and I'll take a look.

I'm just done with my previous task. Will take a look tomorrow!

Feel free to take a look at it yourself as well today.

[brianquinlan]

@HosseinYousefi Thanks! If there is anything that might need to be done on the cronet_http side, let me know.

[HosseinYousefi]

@atrope Please try again to see if your problem persists after upgrading to jni: ^0.7.3.

Upgrade your dependency like so:

cronet_http:
  git:
    url: https://github.com/dart-lang/http/
    ref: upgrade-jni
    path: pkgs/cronet_http/

[atrope]

Hi @HosseinYousefi, I just ran a test with 150 open/close cycles, and it appears to be fixed. 🙏🏻

[brianquinlan]

This is fixed in package:cronet_http 1.2.0