SIGSEGV in libNativeScript.so on callback from java with console.log when displaying an object.

[Yermo]

Environment
Provide version numbers for the following components (information can be retrieved by running tns info in your project folder or by inspecting the package.json of the project):

• CLI: 5.3.2
• Cross-platform modules: 5.3.1 (core modules)
• Android Runtime: 5.3.1
• iOS Runtime (if applicable):
• Plugin(s): working on developing a background geolocation plugin

Describe the bug

I am running into a crash in libNativeScript.so during garbage collection.

I do not know if this is a bug in the code I am working with or whether I've uncovered a bug in NativeScript. I am posting this here in the hopes of getting some pointers to determine in which category it falls.

I am porting over the background geolocation plugin from Cordova.

https://github.com/mauron85/cordova-plugin-background-geolocation

That plugin is based on this library, which I have forked but not modified: https://github.com/Yermo/background-geolocation-android

I'm using the Plugin Seed and have the android side of the plugin working. However, after between 1 and 13 hours or so it crashes during garbage collection. The crash is happening in libNativeScript.so with a NULL reference SEGV during what appears to be garbage collection. If it was a case of the underlying library freeing an object and then NativeScript attempting to free it during it's GC I would have expected to see "attempt to use cleared object refererence" instead of a NULL pointer de-reference.

From the tombstone file:

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Lenovo/TB-8504F/TB-8504F:8.1.0/OPM1.171019.019/8504F_S001011_181016_ROW:user/release-keys'
Revision: '0'
ABI: 'arm64'
pid: 12292, tid: 12292, name: location.ngdemo  >>> com.flyingbricksoftware.backgroundgeolocation.ngdemo <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
Cause: null pointer dereference
    x0   000000769e780058  x1   0000000000000000  x2   000000769e780068  x3   0000000000000001
    x4   4c271b83f1119a75  x5   0000000000000005  x6   0000000000107020  x7   00000000009261ce
    x8   0000000000000000  x9   0000000000009330  x10  0000000000000018  x11  0000000000000030
    x12  0000000000009340  x13  000000769441b0a1  x14  000000769441b0a1  x15  0000000000000001
    x16  000000769dcc0608  x17  000000769d222230  x18  0000000000000001  x19  0000007fc9bc3100
    x20  0000007fc9bc3190  x21  0000007fc9bc30f8  x22  000000769e6a3c00  x23  000000769e780068
    x24  000000769e780058  x25  000000769e780058  x26  0000000000000005  x27  0000000000000001
    x28  0000000000000000  x29  0000007fc9bc2f30  x30  000000769d222224
    sp   0000007fc9bc2e70  pc   000000769d222250  pstate 0000000080000000
    v0   00000000000000010000000000000001  v1   000000000000dc030000000000933dd1
    v2   00000000000000003f7573c559b0c412  v3   000000000000000040a5700000000000
    v4   00000000000000000000000000000ab8  v5   00000000000000000000000000000000
    v6   00000000cc004fb40000000000000000  v7   00000000540060900000000000000000
    v8   00000000000000000000000000000000  v9   00000000000000000000000000000000
    v10  00000000000000000000000000000000  v11  00000000000000000000000000000000
    v12  00000000000000000000000000000000  v13  00000000000000000000000000000000
    v14  00000000000000000000000000000000  v15  00000000000000000000000000000000
    v16  00000000000000000000000000000000  v17  00000000540060900000000000000000
    v18  00000000000000000000000000000000  v19  00000000540060900000000000000000
    v20  00000000000000000000000000000000  v21  00000000540060900000000000000000
    v22  00000000000000000000000000000000  v23  00000000540060900000000000000000
    v24  00000000000000000000000000000000  v25  00000000540060900000000000000000
    v26  00000000000000000000000000000000  v27  00000000540060900000000000000000
    v28  00000000000000000000000000000000  v29  00000000540060900000000000000000
    v30  00000000000000000000000000000000  v31  00000000540060900000000000000000
    fpsr 00000013  fpcr 00000000

backtrace:
    #00 pc 0000000000386250  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so (v8::Object::HasOwnProperty(v8::Local<v8::Context>, v8::Local<v8::Name>)+32)
    #01 pc 0000000000386220  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so (v8::Object::HasPrivate(v8::Local<v8::Context>, v8::Local<v8::Private>)+8)
    #02 pc 000000000022c66c  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #03 pc 0000000000201e90  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #04 pc 000000000021a4dc  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #05 pc 000000000049ab30  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #06 pc 000000000049b3b0  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #07 pc 00000000004a5548  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #08 pc 00000000004a3964  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so (v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageColl
ectionReason, v8::GCCallbackFlags)+1328)
    #09 pc 00000000004ad744  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #10 pc 00000000004ad7c4  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #11 pc 0000000000472920  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so (v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationSpace)+48)
    #12 pc 00000000009f6c00  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so
    #13 pc 0000000000b10a88  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-1Lh3czgPMLXfgVYeCePdOA==/lib/arm64/libNativeScript.so

I have attempted to use ndk-stack and addr2line to get an idea about the cause of the crash but I'm guessing the version of libNativeScript.so shipped out doesn't contain debugging symbols?

Is there some way to determine what was happening on the javascript side immediately before this crash? (Which would help me figure out if it's in my code)

Is there a guide or some information somewhere on how one can best approach tracking down an issue like this?

I should mention I am not using markingMode:none. Adding that seems to make the app much less stable. Maybe that's a clue?

To Reproduce

Expected behavior

Sample project

I do not yet have a small test case that reproduces the problem. With some pointers I'm hoping to narrow it down so I can provide a test case.

Additional context

[vtrifonov]

Hi @Yermo, you can use a version of the libNativeScript.so with debug symbols. Unfortunately it's not as easy as adding a flag (but soon will be :) #1368). Currently to use the version with symbols included you need to manually edit the platforms/android/app/build.gradle file somewhere here - https://github.com/NativeScript/android-runtime/blob/v5.3.1/test-app/app/build.gradle#L341 and make it load "nativescript-regular" runtime. After that you can build the application. Just make sure that you see in the build log this line:

         + adding nativescript runtime package dependency: nativescript-regular

[Yermo]

@vtrifonov thank you! That is exactly what I needed.

[Yermo]

I followed your instructions and verified that it did output the line as you indicated.

I am testing on a physical Lenovo Tab 4 tablet running a Qualcomm Snapdragon 425 processor which is a 64 bit ARM processor.

Unfortunately, this is not the same crash as before.

From logcat (adb logcat -s DEBUG) I get the following crash report:

05-04 04:16:50.062 17887 17887 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-04 04:16:50.063 17887 17887 F DEBUG   : Build fingerprint: 'Lenovo/TB-8504F/TB-8504F:8.1.0/OPM1.171019.019/8504F_S001011_181016_ROW:user/release-keys'
05-04 04:16:50.063 17887 17887 F DEBUG   : Revision: '0'
05-04 04:16:50.064 17887 17887 F DEBUG   : ABI: 'arm64'
05-04 04:16:50.064 17887 17887 F DEBUG   : pid: 12919, tid: 12919, name: location.ngdemo  >>> com.flyingbricksoftware.backgroundgeolocation.ngdemo <<<
05-04 04:16:50.065 17887 17887 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7699efff78
05-04 04:16:50.065 17887 17887 F DEBUG   :     x0   0000007699efff79  x1   000000769a080f58  x2   000000769a080f68  x3   000000000000010d
05-04 04:16:50.065 17887 17887 F DEBUG   :     x4   0000000000000028  x5   0000000000000090  x6   fefeff091f647174  x7   7f7f7f7f7f7f7f7f
05-04 04:16:50.065 17887 17887 F DEBUG   :     x8   000000769a080f58  x9   0000000000000003  x10  000000769db5af14  x11  0000000000000040
05-04 04:16:50.065 17887 17887 F DEBUG   :     x12  000000769a080f59  x13  0000000000000000  x14  ffffff8965f7f0a8  x15  0000000000000200
05-04 04:16:50.065 17887 17887 F DEBUG   :     x16  000000769e51ad70  x17  000000769de25330  x18  0000000000000000  x19  000000769a080f58
05-04 04:16:50.066 17887 17887 F DEBUG   :     x20  0000000000000000  x21  0000007699efff79  x22  000000000000010d  x23  000000769ce81339
05-04 04:16:50.066 17887 17887 F DEBUG   :     x24  000000000000010d  x25  000000769e304d90  x26  000000000000010d  x27  000000769d56dff0
05-04 04:16:50.066 17887 17887 F DEBUG   :     x28  0000007699efff79  x29  0000007fc9bc38f0  x30  000000769dc962c8
05-04 04:16:50.066 17887 17887 F DEBUG   :     sp   0000007fc9bc3890  pc   000000769dc964c0  pstate 0000000080000000
05-04 04:16:50.091 17887 17887 F DEBUG   : 
05-04 04:16:50.091 17887 17887 F DEBUG   : backtrace:
05-04 04:16:50.091 17887 17887 F DEBUG   :     #00 pc 00000000006444c0  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so
05-04 04:16:50.091 17887 17887 F DEBUG   :     #01 pc 00000000006442c4  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so
05-04 04:16:50.091 17887 17887 F DEBUG   :     #02 pc 00000000004226ec  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so (v8::String::Utf8Length(v8::Isolate*) const+32)
05-04 04:16:50.091 17887 17887 F DEBUG   :     #03 pc 000000000043287c  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so (v8::String::Utf8Value::Utf8Value(v8::Isolate*, v8::Local<v8::Value>)+228)
05-04 04:16:50.091 17887 17887 F DEBUG   :     #04 pc 000000000026d70c  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so (tns::ArgConverter::ConvertToString(v8::Local<v8::String> const&)+56)
05-04 04:16:50.091 17887 17887 F DEBUG   :     #05 pc 00000000002cf4c4  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so (tns::buildLogString(v8::FunctionCallbackInfo<v8::Value> const&, int)+356)
05-04 04:16:50.091 17887 17887 F DEBUG   :     #06 pc 00000000002cb85c  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so (tns::Console::logCallback(v8::FunctionCallbackInfo<v8::Value> const&)+76)
05-04 04:16:50.091 17887 17887 F DEBUG   :     #07 pc 0000000000b006d8  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-Y2fWC5Y_ewte1UN2iJ_asQ==/lib/arm64/libNativeScript.so

Using adb bugreport I get the tombstone file but using ndk-stack on that gives me a different report:

ndk-stack -sym platforms/android/app/build/intermediates/symbols -dump tombstone_04

I suspect I am doing something wrong here.

********** Crash dump: **********
Build fingerprint: 'Lenovo/TB-8504F/TB-8504F:8.1.0/OPM1.171019.019/8504F_S001011_181016_ROW:user/release-keys'
#00 0x00000000005b0d70 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#01 0x00000000005b0b74 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#02 0x000000000038af9c /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so (v8::String::Utf8Length(v8::Isolate*) const+32)
#03 0x000000000039c12c /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so (v8::String::Utf8Value::Utf8Value(v8::Isolate*, v8::Local<v8::Value>)+228)
#04 0x00000000001d7de4 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#05 0x00000000002388fc /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#06 0x0000000000234ce8 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#07 0x00000000007f1fb4 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#08 0x00000000007f1694 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#09 0x00000000007f0df4 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
#10 0x0000000000b10a88 /data/app/org.flyingbricksoftware.nsmbymcmobileapp-K-mzItxCpbe1r6m_1SMX-w==/lib/arm64/libNativeScript.so
Crash dump is completed

I am attempting to get the source line causing the problem however I'm not sure which combination of addr2line and libNativeScript.so to use:

ndk/toolchains/x86_64-4.9/prebuilt/linux-x86_64/bin/x86_64-linux-android-addr2line
ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-addr2line
ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-addr2line
ndk/toolchains/llvm/prebuilt/linux-x86_64/bin/i686-linux-android-addr2line
ndk/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android-addr2line
ndk/toolchains/llvm/prebuilt/linux-x86_64/bin/arm-linux-androideabi-addr2line
ndk/toolchains/llvm/prebuilt/linux-x86_64/bin/x86_64-linux-android-addr2line
ndk/toolchains/x86-4.9/prebuilt/linux-x86_64/bin/i686-linux-android-addr2line

./android/app/build/intermediates/transforms/stripDebugSymbol/debug/0/lib/armeabi-v7a/libNativeScript.so
./android/app/build/intermediates/transforms/stripDebugSymbol/debug/0/lib/arm64-v8a/libNativeScript.so
./android/app/build/intermediates/transforms/stripDebugSymbol/debug/0/lib/x86/libNativeScript.so
./android/app/build/intermediates/transforms/mergeJniLibs/debug/0/lib/armeabi-v7a/libNativeScript.so
./android/app/build/intermediates/transforms/mergeJniLibs/debug/0/lib/arm64-v8a/libNativeScript.so
./android/app/build/intermediates/transforms/mergeJniLibs/debug/0/lib/x86/libNativeScript.so

How do I tell which version of libNativeScript.so is actually being used?

Which addr2line do I use in this context?

Is there a way to tell what javascript line it's failing on?

[Yermo]

I have been unable to reproduce the garbage collection crash however the console.log is 100% reproducible in my code so I have changed the title of the issue.

The java library I am using is a background geolocation library. It accepts an object as a delegate and returns a JSON object (https://stleary.github.io/JSON-java/org/json/JSONObject.html) representing a location. I am passing a nativescript object as the delegate.

In that delegate I use the methods of the JSON object to construct a simply typescript object with number, boolean, and string fields,

I then return that object to my code where the first thing I do is a console.log

console.log(  "received location:", location );

It crashes on either the first or second call like this. I.e. I cannot display the location object in a console.log. It does not crash if I include a property in the string of a console.log message as in:

console.log( "received location id '" + location.id + "'" );

As a test I am returning an unchanging object:

 let location : Location = new Location();
    location.id = 1;
    location.provider = 'test';
    location.locationProvider = 0;
    location.time = 12345;
    location.latitude = 35.5;
    location.longitude = 23.3;
    location.accuracy = 50.1;
    location.speed = 50;
    location.altitude = 65.2;
    location.bearing = 12.2;
    location.isFromMockProvider = true;
    location.mockLocationsEnabled = true;                       

Returning this object also causes it to crash.

At this point I strongly suspect this is not an issue with my code but some kind of marshalling bug with console.log messages.

My next test is to remove all location object dumps and see if the crash repeats.

[vmutafov]

Hi, @Yermo :) Could you share a repo with the JS code in which you use the https://github.com/Yermo/background-geolocation-android library?

[Yermo]

@vmutafov I had hoped to create a small test case to demonstrate the problem. So far I have failed to come up with one.

I've pushed my code to github here: https://github.com/Yermo/nativescript-background-geolocation-fbs

Once this is reliable, my plan is to publish this to the NativeScript marketplace since the TransistorSoft plugin that I was using is being discontinued leaving NativeScript without a working background geolocation solution. Unfortunately, I am new to this whole toolchain so it's been quite a learning curve.

The repository is set up to use the version of libNativeScript.so with debugging symbols.

I've added some Crash Notes and Other Crash Notes

Setting this up takes a few steps. I find running simulated geolocations using the Android Emulator is ridiculously slow.

As a result, I use a live device, in my case a Lenovo Tab 4 running Android 8.1.0.

To simulate locations I use the Lockito Fake GPS app: https://play.google.com/store/apps/details?id=fr.dvilleneuve.lockito&hl=en_US

You have to enable developer options and set the lockito fake gps app as the 'mock locations app'.

I have included a shell script that simulates a long route and have included instructions in the repository README.

cd src
npm install
npm run build
cd ../ngdemo
tns run android
press Start in the ngdemo app

Then run the Lockito app. Click Start. Then in another terminal window (under Linux or Mac OSX):

cd etc
./fake_gps_michaux.sh

It'll dump a bunch of log messages. Just let it run for between 30 minutes and 13 hours.

It will crash here or here

There crash always looks like this:

05-06 08:24:46.896 17657 17657 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-06 08:24:46.896 17657 17657 F DEBUG   : Build fingerprint: 'Lenovo/TB-8504F/TB-8504F:8.1.0/OPM1.171019.019/8504F_S001011_181016_ROW:user/release-keys'
05-06 08:24:46.896 17657 17657 F DEBUG   : Revision: '0'
05-06 08:24:46.896 17657 17657 F DEBUG   : ABI: 'arm64'
05-06 08:24:46.896 17657 17657 F DEBUG   : pid: 14943, tid: 14943, name: location.ngdemo  >>> com.flyingbricksoftware.backgroundgeolocation.ngdemo <<<
05-06 08:24:46.896 17657 17657 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x768efffef0
05-06 08:24:46.897 17657 17657 F DEBUG   :     x0   000000768efffef1  x1   000000768ee81020  x2   000000768ee81030  x3   00000000000000fe
05-06 08:24:46.897 17657 17657 F DEBUG   :     x4   0000000000000038  x5   0000000000000090  x6   ff091f6471746b68  x7   7f7f7f7f7f7f7f7f
05-06 08:24:46.898 17657 17657 F DEBUG   :     x8   000000768ee81020  x9   0000000000000003  x10  000000769db19f14  x11  0000000000000040
05-06 08:24:46.898 17657 17657 F DEBUG   :     x12  000000768ee81021  x13  0000000000000000  x14  ffffff897117efe0  x15  0000000000000200
05-06 08:24:46.898 17657 17657 F DEBUG   :     x16  000000769e4d9d70  x17  000000769dde4330  x18  0000000000000000  x19  000000768ee81020
05-06 08:24:46.898 17657 17657 F DEBUG   :     x20  0000000000000000  x21  000000768efffef1  x22  00000000000000fe  x23  0000007695001339
05-06 08:24:46.898 17657 17657 F DEBUG   :     x24  00000000000000fe  x25  000000769e2c3d90  x26  00000000000000fe  x27  000000769d572ff0
05-06 08:24:46.898 17657 17657 F DEBUG   :     x28  000000768efffef1  x29  0000007fc9bc38f0  x30  000000769dc552c8
05-06 08:24:46.898 17657 17657 F DEBUG   :     sp   0000007fc9bc3890  pc   000000769dc554c0  pstate 0000000080000000
05-06 08:24:46.910 17657 17657 F DEBUG   : 
05-06 08:24:46.910 17657 17657 F DEBUG   : backtrace:
05-06 08:24:46.910 17657 17657 F DEBUG   :     #00 pc 00000000006444c0  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so
05-06 08:24:46.910 17657 17657 F DEBUG   :     #01 pc 00000000006442c4  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so
05-06 08:24:46.910 17657 17657 F DEBUG   :     #02 pc 00000000004226ec  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so (v8::String::Utf8Length(v8::Isolate*) const+32)
05-06 08:24:46.911 17657 17657 F DEBUG   :     #03 pc 000000000043287c  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so (v8::String::Utf8Value::Utf8Value(v8::Isolate*, v8::Local<v8::Value>)+228)
05-06 08:24:46.911 17657 17657 F DEBUG   :     #04 pc 000000000026d70c  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so (tns::ArgConverter::ConvertToString(v8::Local<v8::String> const&)+56)
05-06 08:24:46.911 17657 17657 F DEBUG   :     #05 pc 00000000002cf4c4  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so (tns::buildLogString(v8::FunctionCallbackInfo<v8::Value> const&, int)+356)
05-06 08:24:46.911 17657 17657 F DEBUG   :     #06 pc 00000000002cb85c  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so (tns::Console::logCallback(v8::FunctionCallbackInfo<v8::Value> const&)+76)
05-06 08:24:46.911 17657 17657 F DEBUG   :     #07 pc 0000000000b006d8  /data/app/com.flyingbricksoftware.backgroundgeolocation.ngdemo-q88cFSpHUtw3nLXCR1W5aw==/lib/arm64/libNativeScript.so  

The whole point to these log messages is I was trying to track down a crash I originally saw that was occurring in garbage collection.

I am very motivated to get this to work so if there is anything I can do to make it easier or if you would like me to run any tests, I am happy to do it.

I have determined that if I do not dump an object in any console.log() calls in the onLocation() callback that it will run for 24 hours without crashing.

[adrian-branescu]

I managed to replicate the crash triggered by the V8 Garbage Collector.

I inspected { N } android-runtime source code in my scenario and observed the following:

• every time a JS wrapper of a Java object gets collected by the V8 GC & ObjectManager::JSObjectWeakCallback() is called for it, the isolate->GetCurrentContext() returns an empty Local, namely its Context pointer is NULL.

• it seems that when GC is running GetCurrentContext() of the Isolate is NULL, but isolate->GetEnteredOrMicrotaskContext() is not. Also, collected object's CreationContext() is non-NULL & it's equal to isolate->GetEnteredOrMicrotaskContext() & equal to the Context entered when Runtime was intialized (the one from Runtime::PrepareV8Runtime()).

The stack trace looks like this:

tns::V8GetPrivateValue(v8::Isolate*, v8::Local<v8::Object> const&, v8::Local<v8::String> const&, v8::Local<v8::Value>&) V8GlobalHelpers.cpp:113
tns::MetadataNode::GetImplementationObject(v8::Isolate*, v8::Local<v8::Object> const&) MetadataNode.cpp:1104
tns::ObjectManager::HasImplObject(v8::Isolate*, v8::Local<v8::Object> const&) ObjectManager.cpp:475
tns::ObjectManager::JSObjectWeakCallback(v8::Isolate*, tns::ObjectManager::ObjectWeakCallbackState*) ObjectManager.cpp:371
tns::ObjectManager::JSObjectWeakCallbackStatic(v8::WeakCallbackInfo<tns::ObjectManager::ObjectWeakCallbackState> const&) ObjectManager.cpp:308
v8::internal::GlobalHandles::Node::PostGarbageCollectionProcessing(v8::internal::Isolate*) 0x000000008e2b11fc
v8::internal::GlobalHandles::PostGarbageCollectionProcessing(v8::internal::GarbageCollector, v8::GCCallbackFlags) 0x000000008e2b1a3a
v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) 0x000000008e2c4932
v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) 0x000000008e2c32f4
v8::internal::Heap::AllocateRawWithLightRetry(int, v8::internal::AllocationType, v8::internal::AllocationAlignment) 0x000000008e2ca83c
v8::internal::Heap::AllocateRawWithRetryOrFail(int, v8::internal::AllocationType, v8::internal::AllocationAlignment) 0x000000008e2ca882
v8::internal::Factory::NewFixedArrayWithFiller(v8::internal::RootIndex, int, v8::internal::Object, v8::internal::AllocationType) 0x000000008e293c8c
v8::internal::Factory::NumberToStringCacheSet(v8::internal::Handle<v8::internal::Object>, int, char const*, bool) 0x000000008e2a126a
v8::internal::Factory::NumberToString(v8::internal::Handle<v8::internal::Object>, bool) 0x000000008e2a13e0
v8::internal::Runtime_NumberToString(int, unsigned int*, v8::internal::Isolate*) 0x000000008e72dc9e
Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit 0x000000008e5284a4
Builtins_StringAdd_ConvertRight 0x000000008e529ef8
Builtins_AddHandler 0x000000008e5781a8
Builtins_InterpreterEntryTrampoline 0x000000008e490ab8
Builtins_InterpreterEntryTrampoline 0x000000008e490ab8
Builtins_InterpreterEntryTrampoline 0x000000008e490ab8
Builtins_InterpreterEntryTrampoline 0x000000008e490ab8
Builtins_JSEntryTrampoline 0x000000008e48dd70
Builtins_JSEntry 0x000000008e48da74
v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) 0x000000008e292850
v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) 0x000000008e29267e
v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) 0x000000008e1f4b9e
tns::CallbackHandlers::CallJSMethod(v8::Isolate*, _JNIEnv*, v8::Local<v8::Object> const&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, _jobjectArray*) CallbackHandlers.cpp:853
tns::Runtime::CallJSMethodNative(_JNIEnv*, _jobject*, int, _jstring*, int, unsigned char, _jobjectArray*) Runtime.cpp:311
::Java_com_tns_Runtime_callJSMethodNative(JNIEnv *, jobject, jint, jint, jstring, jint, jboolean, jobjectArray) com_tns_Runtime.cpp:188
callJSMethodNative 0x000000008eddba1a
art_quick_invoke_stub_internal 0x00000000a57da776
art_quick_invoke_stub 0x00000000a57df8e8
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x00000000a54842f6
art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*) 0x00000000a55d5976
bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d1b64
bool art::interpreter::DoInvoke<(art::InvokeType)1, true, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f76a2
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f403a
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d1b4c
bool art::interpreter::DoInvoke<(art::InvokeType)1, true, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f76a2
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f403a
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d1b4c
bool art::interpreter::DoInvoke<(art::InvokeType)1, true, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f76a2
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f403a
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d1b4c
bool art::interpreter::DoInvoke<(art::InvokeType)0, true, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f84f4
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f3a52
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)0, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f83d4
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f209e
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)0, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f83d4
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f209e
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)4, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f7ba4
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f3428
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)2, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f62ba
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f4ff6
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)4, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f7ba4
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f3428
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)2, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f62ba
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f4ff6
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)4, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f7ba4
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f3428
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)0, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f83d4
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f209e
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
bool art::interpreter::DoInvoke<(art::InvokeType)2, false, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55f62ba
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55f4ff6
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b79a8
art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00000000a55bc01c
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0eec
MterpInvokeStatic 0x00000000a57c5a08
ExecuteMterpImpl 0x00000000a57cce18
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b7958
art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*) 0x00000000a55bbf64
artQuickToInterpreterBridge 0x00000000a57ba2d8
art_quick_to_interpreter_bridge 0x00000000a57decf4
art_quick_invoke_stub_internal 0x00000000a57da776
art_quick_invoke_static_stub 0x00000000a57df9ee
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x00000000a548431a
art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*) 0x00000000a572b254
art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int) 0x00000000a572c772
art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobject*) 0x00000000a56dbffc
invoke 0x000000007127e9b0
art_quick_invoke_stub_internal 0x00000000a57da776
art_quick_invoke_stub 0x00000000a57df8e8
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x00000000a54842f6
art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*) 0x00000000a55d5976
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00000000a55d0f04
MterpInvokeVirtual 0x00000000a57c49ee
ExecuteMterpImpl 0x00000000a57ccc98
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00000000a55b7958
art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*) 0x00000000a55bbf64
artQuickToInterpreterBridge 0x00000000a57ba2d8
art_quick_to_interpreter_bridge 0x00000000a57decf4
main 0x000000007449b342
art_quick_invoke_stub_internal 0x00000000a57da776
art_quick_invoke_static_stub 0x00000000a57df9ee
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x00000000a548431a
art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*) 0x00000000a572b254
art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list) 0x00000000a572b044
art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list) 0x00000000a5679b4e
<unknown> 0x00000000a8835e88
android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool) 0x00000000a883790c
<unknown> 0x000000008cb7fb2c
__libc_init 0x00000000a760835e
<unknown> 0x000000008cb7f748

[darind]

@adrian-branescu, thanks for the detailed analysis of the crash. We will provide a fix in the upcoming 6.1.0 release.