IndirectReferenceTable Android JNI crash

Question

I'm trying to fix crashes like:

1:

  #00  pc 000000000006a548  /system/lib64/libc.so (tgkill+8)
  #01  pc 0000000000067cd8  /system/lib64/libc.so (pthread_kill+68)
  #02  pc 0000000000024b78  /system/lib64/libc.so (raise+28)
  #03  pc 000000000001f318  /system/lib64/libc.so (abort+60)
  #04  pc 000000000043471c  /system/lib64/libart.so (_ZN3art7Runtime5AbortEv+324)
  #05  pc 0000000000137224  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+3136)
  #06  pc 0000000000131cc8  /system/lib64/libart.so (_ZN3art7BarrierD2Ev+296)
  #07  pc 0000000000469364  /system/lib64/libart.so (_ZN3art10ThreadList4DumpERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEE+212)
  #08  pc 0000000000434804  /system/lib64/libart.so (_ZN3art7Runtime5AbortEv+556)
  #09  pc 0000000000137224  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+3136)
  #10  pc 000000000027165c  /system/lib64/libart.so (_ZN3art22IndirectReferenceTable3AddEjPNS_6mirror6ObjectE+372)
  #11  pc 00000000022ef904  /system/framework/arm64/boot.oat

2:

  #00  pc 000000000006a548  /system/lib64/libc.so (tgkill+8)
  #01  pc 0000000000067cd8  /system/lib64/libc.so (pthread_kill+68)
  #02  pc 0000000000024b78  /system/lib64/libc.so (raise+28)
  #03  pc 000000000001f318  /system/lib64/libc.so (abort+60)
  #04  pc 000000000043471c  /system/lib64/libart.so (_ZN3art7Runtime5AbortEv+324)
  #05  pc 0000000000137224  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+3136)
  #06  pc 0000000000131cc8  /system/lib64/libart.so (_ZN3art7BarrierD2Ev+296)
  #07  pc 0000000000469364  /system/lib64/libart.so (_ZN3art10ThreadList4DumpERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEE+212)
  #08  pc 0000000000434804  /system/lib64/libart.so (_ZN3art7Runtime5AbortEv+556)
  #09  pc 0000000000137224  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+3136)
  #10  pc 000000000027165c  /system/lib64/libart.so (_ZN3art22IndirectReferenceTable3AddEjPNS_6mirror6ObjectE+372)
  #11  pc 000000000053e224  /system/lib64/libart.so (artQuickProxyInvokeHandler+1044)
  #12  pc 0000000000127b74  /system/lib64/libart.so (art_quick_proxy_invoke_handler+84)
  #13  pc 0000000000fda44c  /data/app/package_name-1/oat/arm64/base.odex

3:

 #00  pc 000000000006a548  /system/lib64/libc.so (tgkill+8)
  #01  pc 0000000000067cd8  /system/lib64/libc.so (pthread_kill+68)
  #02  pc 0000000000024b78  /system/lib64/libc.so (raise+28)
  #03  pc 000000000001f318  /system/lib64/libc.so (abort+60)
  #04  pc 000000000043471c  /system/lib64/libart.so (_ZN3art7Runtime5AbortEv+324)
  #05  pc 0000000000137224  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+3136)
  #06  pc 0000000000131cc8  /system/lib64/libart.so (_ZN3art7BarrierD2Ev+296)
  #07  pc 0000000000469364  /system/lib64/libart.so (_ZN3art10ThreadList4DumpERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEE+212)
  #08  pc 0000000000434804  /system/lib64/libart.so (_ZN3art7Runtime5AbortEv+556)
  #09  pc 0000000000137224  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+3136)
  #10  pc 000000000027165c  /system/lib64/libart.so (_ZN3art22IndirectReferenceTable3AddEjPNS_6mirror6ObjectE+372)
  #11  pc 000000000036f1e8  /system/lib64/libart.so (_ZN3art3JNI12NewByteArrayEP7_JNIEnvi+416)

I have reviewed the source code of IndirectReferenceTable ( https://android.googlesource.com/platform/art/+/kitkat-dev/runtime/indirect_reference_table.cc) and it seems that it is crashing because of the table overflow.

As far as I can see, I'm deleting all the local references correctly.

Is it possible that the issue is not related to the local references? Any assumptions?

Answer 1

As soon as I started using pop/push local frame JNI API, the app stopped reporting crash reports.

So I suppose that it was leaking local references somehow but I have not understood how.

On my devices, the app has not crashed, so the point may not be related to all implementation of the JNI.