djinni::jniFindClass crash issue

[tongyuze]

Hi there,

We got some report that djinni::jniFindClass will crash sometimes while it is called by native thread. However, the thing is that we couldn't repro this issue and find any clue on our side.

Do you have any idea about how this method could fail? Thanks!

[li-feng-sc]

Hi @tongyuze, do you have more details about the crash?

We don't see any problem with djinni::jniFindClass in Snapchat.

[tongyuze]

@LiFengSC
We got another similar crash recently. The stacktrace is like this:

djinni::jniGetThreadEnv() [0xd2f1708] in jni.h:1062
djinni::jniFindClass(char const*) [0xd2f1788] in djinni_support.cpp:300
djinni_generated::NativeOneAuthTransaction::NativeOneAuthTransaction() [0xcf77bb8] in NativeOneAuthTransaction.hpp:27
djinni::JniClass::get() [0xcf77e10] in djinni_support.hpp:231

And the cause of the crash is:
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
Cause: null pointer dereference

Any idea about this?

[li-feng-sc]

This looks djinni::jniInit() was not called for some reason.
djinni::jniInit() is usually called by your JNI_OnLoad function. There is an implementation of JNI_OnLoad in djinni_main.cpp if you link that file. You can try log that and see if this is called before jniFindClass()

[tongyuze]

@LiFengSC
But for "g_cachedJVM", it is checked by "assert". I'm assuming this will not cause "null pointer dereference" error. Is that correct?

[li-feng-sc]

assert is a macro, so it is compiled out in release builds. in debug builds the assert line should trigger.

[tongyuze]

@LiFengSC
So in production, if g_chachedJVM is not initialized, a "null pointer dereference" error will come out, is that correct?

Also want to check, there will be no exception thrown because of this error, so we can't use try-catch block in java file to catch and deal with this error, is that correct? The only way to solve this is to make sure djinni::jniInit() is called before.

[tongyuze]

And also we got another issue which should be non-related to my previous post:
For this one, we got "ClassNotFoundException", but the final error pops out is: "local reference table overflow (max=512)". Do you have any idea about this?

Thread
art/runtime/indirect_reference_table.cc:129] JNI ERROR (app bug): local reference table overflow (max=512)

backtrace:
#00 pc 0x000000000006ba20 /system/lib64/libc.so (tgkill+8)
#1 pc 0x0000000000068ea4 /system/lib64/libc.so (pthread_kill+64)
#2 pc 0x0000000000024350 /system/lib64/libc.so (raise+24)
#3 pc 0x000000000001cd6c /system/lib64/libc.so (abort+52)
#4 pc 0x000000000042e5fc /system/lib64/libart.so (art::Runtime::Abort()+352)
#5 pc 0x00000000000e4f2c /system/lib64/libart.so (art::LogMessage::~LogMessage()+1204)
#6 pc 0x000000000024bb9c /system/lib64/libart.so (art::IndirectReferenceTable::Add(unsigned int, art::mirror::Object*)+472)
#7 pc 0x0000000000446d3c /system/lib64/libart.so (_jobject* art::Thread::CreateInternalStackTrace(art::ScopedObjectAccessAlreadyRunnable const&) const+252)
#8 pc 0x0000000000394c60 /system/lib64/libart.so (art::Throwable_nativeFillInStackTrace(_JNIEnv*, _jclass*)+56)
#9 pc 0x00000000005c057c /system/framework/arm64/boot.oat (java.lang.Throwable.nativeFillInStackTrace+120)
#10 pc 0x00000000005c19fc /system/framework/arm64/boot.oat (java.lang.Throwable.fillInStackTrace+88)
#11 pc 0x00000000005c008c /system/framework/arm64/boot.oat (java.lang.Throwable.+168)
#12 pc 0x00000000005c2788 /system/framework/arm64/boot.oat (java.lang.Exception.+52)
#13 pc 0x000000000061fcf8 /system/framework/arm64/boot.oat (java.lang.ReflectiveOperationException.+52)
#14 pc 0x000000000061fedc /system/framework/arm64/boot.oat (java.lang.ClassNotFoundException.+56)
#15 pc 0x00000000000d1db4 /system/lib64/libart.so (art_quick_invoke_stub+580)
#16 pc 0x00000000000dea88 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+208)
#17 pc 0x0000000000427f18 /system/lib64/libart.so (art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*)+108)
#18 pc 0x0000000000427b70 /system/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+380)
#19 pc 0x00000000003389c0 /system/lib64/libart.so (art::JNI::CallNonvirtualVoidMethodV(_JNIEnv*, _jobject*, _jclass*, _jmethodID*, std::__va_list)+624)
#20 pc 0x000000000032a028 /system/lib64/libart.so (art::JNI::NewObjectV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+724)
#21 pc 0x00000000003596f8 /system/lib64/libart.so (_JNIEnv::NewObject(_jclass*, _jmethodID*, ...)+124)
#22 pc 0x0000000000389764 /system/lib64/libart.so (art::Class_classForName(_JNIEnv*, _jclass*, _jstring*, unsigned char, _jobject*)+500)
#23 pc 0x000000000061964c /system/framework/arm64/boot.oat (java.lang.Class.classForName+184)
#24 pc 0x0000000000610ea0 /system/framework/arm64/boot.oat (java.lang.BootClassLoader.findClass+60)
#25 pc 0x00000000006112bc /system/framework/arm64/boot.oat (java.lang.BootClassLoader.loadClass+88)
#26 pc 0x0000000000610b84 /system/framework/arm64/boot.oat (java.lang.ClassLoader.loadClass+160)
#27 pc 0x0000000000610a98 /system/framework/arm64/boot.oat (java.lang.ClassLoader.loadClass+52)
#28 pc 0x00000000000d1db4 /system/lib64/libart.so (art_quick_invoke_stub+580)
#29 pc 0x00000000000dea88 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+208)
#30 pc 0x0000000000427f18 /system/lib64/libart.so (art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*)+108)
#31 pc 0x00000000004294c4 /system/lib64/libart.so (art::InvokeVirtualOrInterfaceWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+388)
#32 pc 0x000000000032b8cc /system/lib64/libart.so (art::JNI::CallObjectMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+624)
#33 pc 0x0000000000125b48 /system/lib64/libart.so (_JNIEnv::CallObjectMethod(_jobject*, _jmethodID*, ...)+124)
#34 pc 0x00000000001247f8 /system/lib64/libart.so (art::ClassLinker::FindClass(art::Thread*, char const*, art::Handleart::mirror::ClassLoader)+1388)
#35 pc 0x0000000000325714 /system/lib64/libart.so (art::JNI::FindClass(_JNIEnv*, char const*)+2780)