Crash during ArSession_update with ndk

[LuLuc]

SPECIFIC ISSUE ENCOUNTERED

The app runs in a separate thread like the "Native Activity" sample from ndk-samples. During the update, it crashes everytime during ArSession_update.

It worked fine with the previous version ARCore SDK 1.20.0 and arcore services : 1.22.*

Another strange thing is that it crashes with ArSession_resume if this function is not called after vm->attachCurrentThread.

StackTrace:

A/DEBUG:       #01 pc 00000000018c71a8  /data/app/~~UrUX4PMUiRCog3-D9N3UQA==/com.google.ar.core-e3WA7VXofffL2O7fwREVnA==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #02 pc 00000000018c6850  /data/app/~~UrUX4PMUiRCog3-D9N3UQA==/com.google.ar.core-e3WA7VXofffL2O7fwREVnA==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #03 pc 00000000018c5d80  /data/app/~~UrUX4PMUiRCog3-D9N3UQA==/com.google.ar.core-e3WA7VXofffL2O7fwREVnA==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #04 pc 0000000001919f64  /data/app/~~UrUX4PMUiRCog3-D9N3UQA==/com.google.ar.core-e3WA7VXofffL2O7fwREVnA==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #05 pc 0000000001904fd0  /data/app/~~UrUX4PMUiRCog3-D9N3UQA==/com.google.ar.core-e3WA7VXofffL2O7fwREVnA==/base.apk!libarcore_c.so (offset 0x6d9000) (ArSession_update+152) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)

VERSIONS USED

• Android Studio: 4.1.2
• ARCore SDK for Android: 1.20
• Device manufacturer, model, and O/S: Google Pixel4, Android 11
• Google Play Services for AR (ARCore): 1.23.210260603
• Output of adb shell getprop ro.build.fingerprint: google/flame/flame:11/RQ1A.210205.004/7038034:user/release-keys

STEPS TO REPRODUCE THE ISSUE

WORKAROUNDS (IF ANY)

ADDITIONAL COMMENTS

The sample "hello_ar_c" works but it uses the jni interface and ARCore is started from the main thread.

[devbridie]

Verified.

[devbridie]

Can you please attach the lines above the stack traces? In particular, I'm missing #0 and the stanza; should look something like the following:

A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
A/DEBUG: Cause: null pointer dereference
A/DEBUG: x0 0000000000000000 x1 0000000000000001 x2 0000007d00200000 x3 ffffffffa13b4480
A/DEBUG: x4 00262db766000000 x5 0000007d72cbb512 x6 0000007e68b12000 x7 00000000021e0676
A/DEBUG: x8 0000007d46210c00 x9 00000000000000a0 x10 0000000000000000 x11 fe21891376d535c6
A/DEBUG: x12 0000000000000018 x13 000000005ec5ff4c x14 00392cca21477b8e x15 0000149ce56a88e5
A/DEBUG: x16 0000007d30a9d158 x17 0000007e63c72db4 x18 0000007cf2e88000 x19 0000007d075629b8
A/DEBUG: x20 0000007d463cc9c8 x21 0000007d46210d40 x22 0000000000000002 x23 0000007d02e79d10
A/DEBUG: x24 0000007d02e79ca0 x25 0000007d2f7de444 x26 0000007d07562a60 x27 0000007d07562a80
A/DEBUG: x28 0000007d07562b30 x29 0000000000000000
A/DEBUG: sp 0000007d07562950 lr 0000007d3075080c pc 0000007d30750820
A/DEBUG: backtrace:
A/DEBUG: #00 pc 000000000188f820 /data/app/com.google.ar.core-M8OGHXJfkmkQL_rYO3qBEg==/lib/arm64/libarcore_c.so (BuildId: 175ffad17680ec826eb04dd236251ce2)
...

[LuLuc]

Here are all the lines from the stack trace.

A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x76158c8ab0
A/DEBUG:     x0  0000007742077010  x1  0000000000002c46  x2  0000007601ea482d  x3  0000007603dc76d9
A/DEBUG:     x4  000000761762d2a2  x5  000000761762d274  x6  000000000000005a  x7  000000000000005a
A/DEBUG:     x8  00000076158c8ab0  x9  0000000000000001  x10 0000000000000001  x11 0000000000000000
A/DEBUG:     x12 0000000000000000  x13 2e676e696b636172  x14 0000007603c89440  x15 00000000287358e4
A/DEBUG:     x16 0000007603b8be48  x17 00000079154be520  x18 0000007610b7c000  x19 0000000000002c46
A/DEBUG:     x20 0000007603dc76a8  x21 0000007603dc76d9  x22 0000007603dc76a0  x23 0000007603dc7600
A/DEBUG:     x24 0000007603ae3030  x25 000000761762d530  x26 0000000000000000  x27 000000761762d400
A/DEBUG:     x28 0000007617630000  x29 0000007602188120
A/DEBUG:     lr  00000076034fe1ac  sp  000000761762d2d0  pc  00000076158c8ab0  pst 0000000080000000

A/DEBUG: backtrace:
A/DEBUG:       #00 pc 0000000000007ab0  /data/app/~~zOvszruDGOb8bBFsaAvt8g==/ch.cpvr.wai-st8GSoyyJYATVEhMF4kUGA==/base.apk (offset 0x24aaf000)
A/DEBUG:       #01 pc 00000000018c71a8  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #02 pc 00000000018c6850  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #03 pc 00000000018c5d80  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #04 pc 0000000001919f64  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #05 pc 0000000001904fd0  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (ArSession_update+152) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)

The problem occurs already during ArSession_resume when not called after attachCurrentThread: Here is the stack traces for that particular case:

A/DEBUG: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
A/DEBUG: Abort message: 'Scudo ERROR: invalid chunk state when deallocating address 0x00774206e950
    '
A/DEBUG:     x0  0000000000000000  x1  00000000000035a6  x2  0000000000000006  x3  000000761662e5b0
A/DEBUG:     x4  0000808080808080  x5  0000808080808080  x6  0000808080808080  x7  0000000000000018
A/DEBUG:     x8  00000000000000f0  x9  ea385307a0efa143  x10 0000000000000000  x11 ffffffc0fffffbdf
A/DEBUG:     x12 0000000000000001  x13 000000bc867e8fec  x14 001064877c04983d  x15 00000000012cf5cc
A/DEBUG:     x16 00000079154c6c80  x17 00000079154a8870  x18 000000760fe0e000  x19 000000000000358a
A/DEBUG:     x20 00000000000035a6  x21 00000000ffffffff  x22 000000774206e950  x23 0000007673187600
A/DEBUG:     x24 000000761662eeb0  x25 0000007752054f90  x26 0000007671546000  x27 000000761662e8c0
A/DEBUG:     x28 00000076715100a1  x29 000000761662e630
A/DEBUG:     lr  000000791545c2a0  sp  000000761662e590  pc  000000791545c2cc  pst 0000000000000000
A/DEBUG: backtrace:
A/DEBUG:       #00 pc 000000000004e2cc  /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: 95f68a34fdf7b31f42d3f811d5d88f58)
A/DEBUG:       #01 pc 0000000000042910  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::die()+8) (BuildId: 95f68a34fdf7b31f42d3f811d5d88f58)
A/DEBUG:       #02 pc 0000000000042f88  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::ScopedErrorReport::~ScopedErrorReport()+32) (BuildId: 95f68a34fdf7b31f42d3f811d5d88f58)
A/DEBUG:       #03 pc 00000000000431bc  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportInvalidChunkState(scudo::AllocatorAction, void*)+76) (BuildId: 95f68a34fdf7b31f42d3f811d5d88f58)
A/DEBUG:       #04 pc 00000000000445d8  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+340) (BuildId: 95f68a34fdf7b31f42d3f811d5d88f58)
A/DEBUG:       #05 pc 00000000018c78b0  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #06 pc 00000000018c6ca8  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #07 pc 00000000018c5f14  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #08 pc 000000000191322c  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #09 pc 0000000001911f74  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)
A/DEBUG:       #10 pc 0000000001904cd4  /data/app/~~ylKten5KJLRjrTc5PgmW9w==/com.google.ar.core-_pzCM-FdaGSUPjWp6P6OIw==/base.apk!libarcore_c.so (offset 0x6d9000) (ArSession_resume+124) (BuildId: 27ae7334f1364bfb857a5468d39a1b65)`

[devbridie]

I thought I was able to reproduce, but that turned out to be my own error.

Can you create a small reproducible case? I've tried using pthread_create, but no dice. Thanks.

[LuLuc]

I recreate a small project using the native_activity sample. It crashes in a similar way during ArSession_update.

https://github.com/LuLuc/NativeARCore.git

[jwhpryor]

Thank you very much for the sample. Strangely, running it myself I am not able to reproduce the issue. Could I possibly ask what device you're running this sample on?

Best,

[LuLuc]

I tested on a Pixel4 and a Pixel3 and on both it crashes at ArSession_update or ArSession_resume (if _activity->vm->DetachCurrentThread() is called before ArSession_resume).

I just updated my sample app to check for the camera permission, otherwise ARCore will not be initialized and used then no crash.

[ghm1]

Hello,
I also get a crash on ArSession_update. I can reproduce it with this sample app from LuLuc. But for the sample, it starts crashing after the second time I start the sample app because in the first run arcore is not correctly initialised, because the camera permission is not yet given.
There is no backtrace. The only corresponding output I get is the following:

2021-03-03 12:10:46.422 23876-23926/com.example.nativeAR I/native: session.cc:3140 Update Frame Delay to 3 frames.
2021-03-03 12:10:46.422 23876-23926/com.example.nativeAR A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 23926 (Thread-4), pid 23876 (xample.nativeAR)

Thanks

[ghm1]

Okay, if I delay the update call about 10 iterations I get the following crash dump:

2021-03-03 13:15:56.436 31337-31337/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2021-03-03 13:15:56.436 1020-1020/? I/tombstoned: received crash request for pid 31238
2021-03-03 13:15:56.437 31337-31337/? I/crash_dump64: performing dump of process 31197 (target tid = 31238)
2021-03-03 13:15:56.443 31337-31337/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-03-03 13:15:56.443 31337-31337/? A/DEBUG: Build fingerprint: 'google/blueline/blueline:11/RQ1A.210205.004/7038034:user/release-keys'
2021-03-03 13:15:56.443 31337-31337/? A/DEBUG: Revision: 'MP1.0'
2021-03-03 13:15:56.443 31337-31337/? A/DEBUG: ABI: 'arm64'
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG: Timestamp: 2021-03-03 13:15:56+0100
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG: pid: 31197, tid: 31238, name: Thread-4  >>> com.example.nativeAR <<<
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG: uid: 10375
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG: Cause: null pointer dereference
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x0  0000000000009117  x1  0000000000000000  x2  000000000000001b  x3  ab9b0b81b1a00178
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x4  0000000000000000  x5  42614c535e0c1c16  x6  161c0c5e534c6142  x7  6c6077642d6c6e62
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x8  00000070998953e0  x9  0000007096c4cd00  x10 00000070998953e0  x11 0000000000000000
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x12 0000000000000000  x13 0000000000000029  x14 000008ea510d81f8  x15 0016ff5367aef828
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x16 0000000000000000  x17 00000073978f23c8  x18 0000007098838000  x19 00000070998953e0
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x20 0000007174c53480  x21 0000007224c2dc10  x22 0000007224c2dc10  x23 0000007099896000
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x24 0000007097b23030  x25 0000007099895590  x26 000000709615e18e  x27 00000070998957b0
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     x28 0000007099896000  x29 00000070961f8b80
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:     lr  0000007096c4cd34  sp  0000007099895320  pc  0000000000000000  pst 0000000060000000
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG: backtrace:
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:       #00 pc 0000000000000000  <unknown>
2021-03-03 13:15:56.444 31337-31337/? A/DEBUG:       #01 pc 0000000000f74d30  /data/app/~~xk_Ib8wOLoD-_TTNSpnKew==/com.google.ar.core-lz7wQYrwTbFoYPA02RZCYw==/lib/arm64/libarcore_c.so (BuildId: 12a6b246e1c6647d4ddad44ae3097b3e)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #02 pc 0000000000f7bf7c  /data/app/~~xk_Ib8wOLoD-_TTNSpnKew==/com.google.ar.core-lz7wQYrwTbFoYPA02RZCYw==/lib/arm64/libarcore_c.so (BuildId: 12a6b246e1c6647d4ddad44ae3097b3e)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #03 pc 0000000000f7ee6c  /data/app/~~xk_Ib8wOLoD-_TTNSpnKew==/com.google.ar.core-lz7wQYrwTbFoYPA02RZCYw==/lib/arm64/libarcore_c.so (BuildId: 12a6b246e1c6647d4ddad44ae3097b3e)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #04 pc 00000000018d9f3c  /data/app/~~xk_Ib8wOLoD-_TTNSpnKew==/com.google.ar.core-lz7wQYrwTbFoYPA02RZCYw==/lib/arm64/libarcore_c.so (BuildId: 12a6b246e1c6647d4ddad44ae3097b3e)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #05 pc 00000000018daf20  /data/app/~~xk_Ib8wOLoD-_TTNSpnKew==/com.google.ar.core-lz7wQYrwTbFoYPA02RZCYw==/lib/arm64/libarcore_c.so (BuildId: 12a6b246e1c6647d4ddad44ae3097b3e)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #06 pc 00000000018c6890  /data/app/~~xk_Ib8wOLoD-_TTNSpnKew==/com.google.ar.core-lz7wQYrwTbFoYPA02RZCYw==/lib/arm64/libarcore_c.so (ArSession_update+152) (BuildId: 12a6b246e1c6647d4ddad44ae3097b3e)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #07 pc 000000000002cc1c  /data/app/~~dtBakZ-nFdskFEOINhRYEQ==/com.example.nativeAR-ccCcNtI4QlENvFQ4FcVYzg==/lib/arm64/libnative-activity.so (ARCore::update()+164) (BuildId: a3753f2d926e9498a2df2325387f6b99d8f3443c)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #08 pc 000000000002a5ec  /data/app/~~dtBakZ-nFdskFEOINhRYEQ==/com.example.nativeAR-ccCcNtI4QlENvFQ4FcVYzg==/lib/arm64/libnative-activity.so (android_main+632) (BuildId: a3753f2d926e9498a2df2325387f6b99d8f3443c)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #09 pc 000000000002e22c  /data/app/~~dtBakZ-nFdskFEOINhRYEQ==/com.example.nativeAR-ccCcNtI4QlENvFQ4FcVYzg==/lib/arm64/libnative-activity.so (BuildId: a3753f2d926e9498a2df2325387f6b99d8f3443c)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #10 pc 00000000000afd4c  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64) (BuildId: 95f68a34fdf7b31f42d3f811d5d88f58)
2021-03-03 13:15:56.445 31337-31337/? A/DEBUG:       #11 pc 0000000000050288  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 95f68a34fdf7b31f42d3f811d5d88f58)
2021-03-03 13:15:56.450 1058-1669/? I/android.hardware.camera.provider@2.4-service_64: [GOOG_STATS] PDAF wrapper is successfully initialized

Thanks

[LuLuc]

In the sample ARCore example, the native interface from ARCore is used with from Java with JNI interface which works. Is ARCore meant to be used in a native application?

[Phil1216]

Has anyone made any progress on this? I'm having a very similar issue using the emulator (pixel 2)