Description
Description
i am facing two different crashes when using a library that reports back to the app events through mEventEmitterCallback. the Library we are using is react-native-ble-manager.
The crash only happens on a signed apk and on some specific devices one of them is the A13(SM-A135F - SM-A137F). If i run the app with yarn android the app behaves normally and returns the scanned result. on the signed apk it crashes
first crash:
The app launches and i do not use it, it crashes after 50-60 seconds. after my investigation i deduced it is caused because of GC, so i temporarily fixed it by editing the library code, whenever the call a function in the SpecFile that uses mEventEmitterCallback, to check if it is not null, the crash disappeared. so i was able to fully investigate the second crash. will provide the tombstone file that led me to this conclusion
second crash:
The app subscribes to an event that returns a scanned device through ble. when i click the button to start scan, the app will crash when trying to report back a scanned device through mEventEmitterCallback.
now the firebase report was of no use:
Crashed: Thread: SIGSEGV 0x00000000c0deadc4
#00 pc 0x326534 libart.so (BuildId: d963fb24d06855807a6574ea74a2cf53)
#01 pc 0xba09eda6
#02 pc 0xba09e544
#03 pc 0xba09ed86
#04 pc 0x322dfe libart.so (BuildId: d963fb24d06855807a6574ea74a2cf53)
#05 pc 0xba09e544
so i investigated further with adb logcat and i was able to find where the crash was happening. Minified version of logcat:
2025-02-18 10:20:02.048 22972 22972 I RNBleManager DiscoverPeripheral: null
2025-02-18 10:20:02.057 2130 2397 D BtGatt.GattService onScanResult to scannerId: 3- eventType=0x1a, addressType=1, address=XX:XX:XX:XX:42:47, primaryPhy=1, secondaryPhy=0, advertisingSid=0xff, txPower=127, rssi=-78, periodicAdvInt=0x0
2025-02-18 10:20:02.127 2130 2397 D BtGatt.GattService onScanResult to scannerId: 3- eventType=0x10, addressType=1, address=XX:XX:XX:XX:3E:98, primaryPhy=1, secondaryPhy=0, advertisingSid=0xff, txPower=127, rssi=-58, periodicAdvInt=0x0
2025-02-18 10:20:02.264 22972 22972 F libc Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xc0deadc4 in tid 22972 (com.bletest), pid 22972 (com.bletest)
2025-02-18 10:20:02.340 23057 23057 I crash_dump32 obtaining output fd from tombstoned, type: kDebuggerdTombstoneProto
2025-02-18 10:20:02.341 621 621 I tombstoned received crash request for pid 22972
2025-02-18 10:20:02.342 23057 23057 I crash_dump32 performing dump of process 22972 (target tid = 22972)
2025-02-18 10:20:02.800 2130 2478 D BtGatt.GattService Binder is dead - unregistering scanner (3)!
2025-02-18 10:20:02.800 2130 2478 D LeAppInfo removeLeacReportedServerApp, appName: com.bletest
2025-02-18 10:20:02.801 802 802 I Zygote Process 22972 exited due to signal 11 (Segmentation fault)
since it is stating that the crash report is being dumped to tombstone, i ran adb.exe bugreport to pull the tombstone file and it contained
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'samsung/a13vensser/a13ve:14/UP1A.231005.007/A137FXXU6EXG3:user/release-keys'
Revision: '1'
ABI: 'arm'
Processor: '1'
Timestamp: 2025-02-18 10:20:02.370105320+0000
Process uptime: 11s
Cmdline: com.bletest
pid: 22972, tid: 22972, name: com.bletest >>> com.bletest <<<
uid: 10263
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xc0deadc4
r0 c0dead90 r1 e42ae809 r2 0000000d r3 000000a5
r4 fff61294 r5 fff61284 r6 fff61274 r7 0000206e
r8 00000000 r9 e91baa00 r10 e1630e00 r11 ba09eda8
ip 00000000 sp fff61260 lr e163454c pc e1634534
30 total frames
backtrace:
#00 pc 00326534 /apex/com.android.art/lib/libart.so (nterp_op_invoke_virtual+52) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#01 pc 00876da8 /data/app/~~v5p35KBpWZ0nsdHyyvV0yQ==/com.bletest-7FoSQHRwBdIS8-dMoCMLFg==/oat/arm/base.vdex (it.innove.NativeBleManagerSpec.emitOnDiscoverPeripheral+16)
#02 pc 0032c500 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#03 pc 00876546 /data/app/~~v5p35KBpWZ0nsdHyyvV0yQ==/com.bletest-7FoSQHRwBdIS8-dMoCMLFg==/oat/arm/base.vdex (it.innove.DefaultScanManager.onDiscoveredPeripheral+318)
#04 pc 0032c500 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#05 pc 008763c4 /data/app/~~v5p35KBpWZ0nsdHyyvV0yQ==/com.bletest-7FoSQHRwBdIS8-dMoCMLFg==/oat/arm/base.vdex (it.innove.DefaultScanManager.-$$Nest$monDiscoveredPeripheral+0)
#06 pc 0032ba48 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#07 pc 00876234 /data/app/~~v5p35KBpWZ0nsdHyyvV0yQ==/com.bletest-7FoSQHRwBdIS8-dMoCMLFg==/oat/arm/base.vdex (it.innove.DefaultScanManager$2$1.run+12)
#08 pc 005a2c87 /system/framework/arm/boot-framework.oat (android.os.Handler.dispatchMessage+70) (BuildId: 72d9f3b9c14393f5511d5220f35de6d6627160bb)
#09 pc 005a5847 /system/framework/arm/boot-framework.oat (android.os.Looper.loopOnce+854) (BuildId: 72d9f3b9c14393f5511d5220f35de6d6627160bb)
#10 pc 005a547f /system/framework/arm/boot-framework.oat (android.os.Looper.loop+478) (BuildId: 72d9f3b9c14393f5511d5220f35de6d6627160bb)
#11 pc 00383c9f /system/framework/arm/boot-framework.oat (android.app.ActivityThread.main+1542) (BuildId: 72d9f3b9c14393f5511d5220f35de6d6627160bb)
#12 pc 00143dd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#13 pc 001bc1e1 /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<true>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.17112358095869631794)+112) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#14 pc 001bbd3f /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+134) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#15 pc 0029e8f1 /apex/com.android.art/lib/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)4>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+1100) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#16 pc 004c433f /apex/com.android.art/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+22) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#17 pc 0009c179 /system/framework/arm/boot.oat (art_jni_trampoline+56) (BuildId: 6baf4648bfc29351da5cc24a455a4e1c5e4a4b5d)
#18 pc 0088faed /system/framework/arm/boot-framework.oat (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+116) (BuildId: 72d9f3b9c14393f5511d5220f35de6d6627160bb)
#19 pc 00898603 /system/framework/arm/boot-framework.oat (com.android.internal.os.ZygoteInit.main+3034) (BuildId: 72d9f3b9c14393f5511d5220f35de6d6627160bb)
#20 pc 00143dd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#21 pc 001bc1e1 /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<true>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.17112358095869631794)+112) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#22 pc 001bbd3f /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+134) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#23 pc 001ef055 /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+268) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#24 pc 00106599 /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+24) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#25 pc 004706af /apex/com.android.art/lib/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+454) (BuildId: d963fb24d06855807a6574ea74a2cf53)
#26 pc 000899d9 /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+20) (BuildId: e953cf0acaa62fa69ffe71cea5372e21)
#27 pc 0009295d /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+512) (BuildId: e953cf0acaa62fa69ffe71cea5372e21)
#28 pc 00002547 /system/bin/app_process32 (main+982) (BuildId: 518f3945cf61e7eeaf79c722821f237c)
#29 pc 0005bde5 /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+60) (BuildId: ac29b057fca6aa7ac9a9161d7c6d401f)
so the crash was happening in method emitOnDiscoverPeripheral and this method is generated in the Spec file and contains
protected final void emitOnDiscoverPeripheral(ReadableMap value) {
mEventEmitterCallback.invoke("onDiscoverPeripheral", value);
}
i was not able to go any further than this in my investigation. i will appreciate any help since i am forced to maintain to different projects so users are able to use our production app, one for android using old RN version with old architecture. and one for IOS using latest RN version new architecture.
adb bugreport dumpstate
crash 1 will be under FS/data/tombstones/tombstone_00
crash 2 will be under FS/data/tombstones/tombstone_01
i opened an issue also on the library git, and apparently other users are facing the same problem issue
i also tested with RN: 0.78.0-rc.5 same behavior reproducible RN 0.78
Steps to reproduce
1- generate a release apk by cd android && gradlew assembleRelease
2- go to Samsung Remote Test Lab sign in and get your free credits
3- search for device SM-A135F or SM-A137F and choose one from the list. it does not matter which android version or region, the crash happens on all devices in the list
4- upload the release apk to the device and install it
5- launch the app, wait for 40-50 seconds without doing anything and the app will crash on its own
6- click Scan bluetooth and the app will crash whenever it tries to report a scanned device nearby
React Native Version
0.77.1 / 0.78.0-rc.5
Affected Platforms
Runtime - Android
Areas
TurboModule - The New Native Module System
Output of npx @react-native-community/cli info
System:
OS: Windows 11 10.0.26100
CPU: (16) x64 Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz
Memory: 5.47 GB / 15.79 GB
Binaries:
Node:
version: 22.12.0
path: C:\Program Files\nodejs\node.EXE
Yarn:
version: 1.22.22
path: C:\Program Files\nodejs\yarn.CMD
npm:
version: 10.9.0
path: C:\Program Files\nodejs\npm.CMD
Watchman: Not Found
SDKs:
Android SDK: Not Found
Windows SDK: Not Found
IDEs:
Android Studio: Not Found
Visual Studio:
- 16.11.33423.256 (Visual Studio Enterprise 2019)
Languages:
Java: 17.0.12
Ruby: Not Found
npmPackages:
"@react-native-community/cli":
installed: 15.0.1
wanted: 15.0.1
react:
installed: 18.3.1
wanted: 18.3.1
react-native:
installed: 0.77.1
wanted: 0.77.1
react-native-windows: Not Found
npmGlobalPackages:
"*react-native*": Not Found
Android:
hermesEnabled: true
newArchEnabled: true
iOS:
hermesEnabled: Not found
newArchEnabled: Not found
Stacktrace or Logs
Crashed: Thread: SIGSEGV 0x00000000c0deadc4
#00 pc 0x326534 libart.so (BuildId: d963fb24d06855807a6574ea74a2cf53)
#01 pc 0xba09eda6
#02 pc 0xba09e544
#03 pc 0xba09ed86
#04 pc 0x322dfe libart.so (BuildId: d963fb24d06855807a6574ea74a2cf53)
#05 pc 0xba09e544
Reproducer
https://github.com/barakataboujreich/BleTestRn0.77
Screenshots and Videos
No response
Activity