Fatal signal 4 (SIGILL), code 1 (ILL_ILLOPC)

[chenjianping99]

from 4.8.5 update to 6.1.0, sometime will crash，logcat will print this log： A/libc: Fatal signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xc5d7060e in tid 18620 (pool-5-thread-1)

[5kccp]

me too, did someone found a solution?

[whoozle]

the same here, maybe wrong cpu was used to build it or maybe bug in upstream v8

my old nexus 5:

cat /proc/cpuinfo                                         
Processor       : ARMv7 Processor rev 0 (v7l)

build_android.py:

c.arch_arm: "armeabi-v7a"

upd:

seems relevant: https://bugs.chromium.org/p/v8/issues/detail?id=3112 https://stackoverflow.com/questions/24160617/v8-standalone-app-dies-with-sigill-only-on-release-signed-apks

[ahmadov]

Could you please provide more information about the crash? Particularly, I'm looking for a device, OS (version) and CPU (platform) information.

[ancientloregames]

Hi! I have other fatal exception: A/libc: Fatal signal 5 (SIGTRAP), code -6 (SI_TKILL) with no other trace in logcat. Crashes on a regular basis.

[ancientloregames]

Here is a more detailed log for the other device: 2020-04-25 11:11:05.307 28045-28314/com.test123.app A/libc: Fatal signal 5 (SIGTRAP), code -6 (SI_TKILL) in tid 28314 (pool-5-thread-2), pid 28045 (est123.app) 2020-04-25 11:11:05.507 29062-29062/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 2020-04-25 11:11:05.507 29062-29062/? A/DEBUG: Build fingerprint: 'google/blueline/blueline:10/QQ2A.200405.005/6254899:user/release-keys' 2020-04-25 11:11:05.507 29062-29062/? A/DEBUG: Revision: 'MP1.0' 2020-04-25 11:11:05.507 29062-29062/? A/DEBUG: ABI: 'arm64' 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: Timestamp: 2020-04-25 11:11:05+0200 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: pid: 28045, tid: 28314, name: pool-5-thread-2 >>> com.test123.app <<< 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: uid: 11063 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: signal 5 (SIGTRAP), code -6 (SI_TKILL), fault addr -------- 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x0 0000000000000000 x1 0000000000000000 x2 0000000000000000 x3 000000000000000d 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x4 00000071cfa46e78 x5 00000070c464f101 x6 000000000000000a x7 000000000000000a 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x8 0000000000000001 x9 0000000000000001 x10 0000000000004001 x11 0000000000000000 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x12 0000000000000140 x13 0000000001aab970 x14 0000000000000010 x15 00000072dc08140a 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x16 00000071cfc410d0 x17 00000071cf6378b0 x18 0000000000000097 x19 00000071cf9ebdc1 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x20 0000000000000000 x21 00000071cfa142da x22 00000072dc081578 x23 ffffff80ffffffd8 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x24 000000717a882a50 x25 000000717a882780 x26 000000717a882750 x27 0000000000000005 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: x28 0000000000000001 x29 000000717a8826c0 2020-04-25 11:11:05.508 29062-29062/? A/DEBUG: sp 000000717a8826c0 lr 00000071cf634544 pc 00000071cf6378c8 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: backtrace: 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #00 pc 0000000000a0c8c8 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::base::OS::Abort()+24) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #01 pc 0000000000a09540 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (V8_Fatal(char const*, int, char const*, ...)+372) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #02 pc 00000000005cfc28 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (_ZN2v88internal13GlobalHandles28InvokeFirstPassWeakCallbacksINS1_4NodeEEEmPNSt6__ndk16vectorINS4_4pairIPT_NS1_22PendingPhantomCallbackEEENS4_9allocatorISA_EEEE+276) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #03 pc 00000000005cfaf0 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks()+20) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #04 pc 00000000005ef364 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags)+2344) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #05 pc 00000000005ed924 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags)+1316) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #06 pc 00000000005ec908 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::Heap::HandleGCRequest()+172) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #07 pc 00000000005b96e8 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::StackGuard::HandleInterrupts()+184) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #08 pc 000000000069d9dc /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_<true>(v8::internal::Handle<v8::internal::Object>, bool, v8::internal::Object)+84) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #09 pc 00000000006a0250 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_<true>(v8::internal::Handle<v8::internal::Object>, bool, v8::internal::Object)+10440) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #10 pc 000000000069d110 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_<false>(v8::internal::Handle<v8::internal::Object>, bool, v8::internal::Object)+5572) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #11 pc 000000000069f87c /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_<true>(v8::internal::Handle<v8::internal::Object>, bool, v8::internal::Object)+7924) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #12 pc 000000000069d110 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_<false>(v8::internal::Handle<v8::internal::Object>, bool, v8::internal::Object)+5572) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #13 pc 0000000000697ae8 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so (v8::internal::JsonStringify(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>)+160) 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #14 pc 0000000000a5cac4 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so 2020-04-25 11:11:05.514 29062-29062/? A/DEBUG: #15 pc 000000000097c390 /data/app/com.test123.app-H4Cf0qY04b7n8VtPnkRolA==/lib/arm64/libj2v8.so

[whoozle]

stopped crashing for me on j2v8 version 6.1.0 tested on Nexus 5 (6.0.1) and Nexus 4 4.1 emulator

[whoozle]

Just got another one, which seems to be GC related (parsing and shuffling huge jsons)

05-07 13:18:03.983 11950-11982/com.pureqml.qmlcore.runtime.android A/libc: Fatal signal 4 (SIGILL), code 1, fault addr 0xa029460e in tid 11982 (pool-1-thread-1)
05-07 13:18:04.089 200-200/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-07 13:18:04.090 200-200/? A/DEBUG: Build fingerprint: 'google/hammerhead/hammerhead:6.0.1/M4B30Z/3437181:user/release-keys'
05-07 13:18:04.090 200-200/? A/DEBUG: Revision: '11'
05-07 13:18:04.090 200-200/? A/DEBUG: ABI: 'arm'
05-07 13:18:04.090 200-200/? A/DEBUG: pid: 11950, tid: 11982, name: pool-1-thread-1  >>> com.pureqml.qmlcore.runtime.android <<<
05-07 13:18:04.090 200-200/? A/DEBUG: signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xa029460e
05-07 13:18:04.119 200-200/? A/DEBUG:     r0 00000001  r1 00000000  r2 00004001  r3 000000c8
05-07 13:18:04.119 200-200/? A/DEBUG:     r4 a055c4cf  r5 aefdea54  r6 a055c233  r7 b6ccc4cc
05-07 13:18:04.119 200-200/? A/DEBUG:     r8 aefde82c  r9 00000000  sl aefdea60  fp 00000000
05-07 13:18:04.119 200-200/? A/DEBUG:     ip a063a530  sp aefde820  lr a02916fd  pc a029460e  cpsr 40010030
05-07 13:18:04.126 200-200/? A/DEBUG: backtrace:
05-07 13:18:04.127 200-200/? A/DEBUG:     #00 pc 007dd60e  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v84base2OS5AbortEv+13)
05-07 13:18:04.127 200-200/? A/DEBUG:     #01 pc 007da6f9  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_Z8V8_FatalPKciS0_z+140)
05-07 13:18:04.127 200-200/? A/DEBUG:     #02 pc 0047d007  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v88internal13GlobalHandles28InvokeFirstPassWeakCallbacksINS1_4NodeEEEjPNSt6__ndk16vectorINS4_4pairIPT_NS1_22PendingPhantomCallbackEEENS4_9allocatorISA_EEEE+170)
05-07 13:18:04.127 200-200/? A/DEBUG:     #03 pc 0047cf49  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v88internal13GlobalHandles28InvokeFirstPassWeakCallbacksEv+8)
05-07 13:18:04.127 200-200/? A/DEBUG:     #04 pc 0049389b  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v88internal4Heap24PerformGarbageCollectionENS0_16GarbageCollectorENS_15GCCallbackFlagsE+1714)
05-07 13:18:04.127 200-200/? A/DEBUG:     #05 pc 004925b9  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v88internal4Heap14CollectGarbageENS0_15AllocationSpaceENS0_23GarbageCollectionReasonENS_15GCCallbackFlagsE+848)
05-07 13:18:04.127 200-200/? A/DEBUG:     #06 pc 00491a3d  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v88internal4Heap15HandleGCRequestEv+112)
05-07 13:18:04.127 200-200/? A/DEBUG:     #07 pc 0046db1f  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v88internal10StackGuard16HandleInterruptsEv+114)
05-07 13:18:04.128 200-200/? A/DEBUG:     #08 pc 0095e289  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so (_ZN2v88internal18Runtime_StackGuardEiPjPNS0_7IsolateE+44)
05-07 13:18:04.128 200-200/? A/DEBUG:     #09 pc 007464cc  /data/app/com.pureqml.qmlcore.runtime.android-2/lib/arm/libj2v8.so

[whoozle]

it looks like it's here, global-handles.cc:

                     "Handle not reset in first callback. See comments on "
                     "|v8::WeakCallbackInfo|.");

[ahmadov]

The possible fix is already in PR: https://github.com/eclipsesource/J2V8/pull/500

[whoozle]

Yes, it looks exactly like it. I move big jsons around, and at some point GC interrupts and crashes in the place I mentioned above. It looks like weak callback has to call Reset() but it didn't.

Any chance to have it landed anytime soon? We're looking forward to upgrade j2v8 to 6.x because of lesser minSdkLevel, but this is definitely blocker. I can test it for you if you want.

[ahmadov]

You can test by using the artifacts from https://github.com/eclipsesource/J2V8/actions/runs/99226794 And we will do an official release as soon as possible.

[whoozle]

@ahmadov thank you! :)

[ancientloregames]

Hi! I just checked out the 6.1.0. It is more stable, but calling V8.lowMemoryNotification() leads to the immediate fatal error:

Fatal signal 5 (SIGTRAP), code -6 (SI_TKILL) in tid 20767 (est.app), pid 20767 (est.app)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'asus/...'
Revision: '0'
ABI: 'arm64'
pid: 20767, tid: 20767, name: est.app  >>> com.test.app <<<
signal 5 (SIGTRAP), code -6 (SI_TKILL), fault addr --------
    x0  0000000000000000  x1  0000000000000000  x2  0000000000000000  x3  0000000000000014
    x4  0000000000000167  x5  0000006fa65c23e1  x6  000000000000000a  x7  000000000000000a
    x8  0000000000000001  x9  0000000000000001  x10 0000000000004001  x11 0000000000000000
    x12 0000007fd161ce48  x13 0000000000000000  x14 0000007fd161ce60  x15 0000000000000001
    x16 0000006ff602b0d0  x17 0000006ff5a218b0  x18 0000000000000010  x19 0000006ff5dd5dc1
    x20 0000000000000000  x21 0000006ff5dfe2da  x22 00000070982da3c0  x23 ffffff80ffffffd8
    x24 0000007fd161db40  x25 0000007fd161d870  x26 0000007fd161d840  x27 0000000000000005
    x28 0000000000000001  x29 0000007fd161d7b0
    sp  0000007fd161d7b0  lr  0000006ff5a1e544  pc  0000006ff5a218c8
backtrace:
    #00 pc 0000000000a0c8c8  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (v8::base::OS::Abort()+24)
    #01 pc 0000000000a09540  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (V8_Fatal(char const*, int, char const*, ...)+372)
    #02 pc 00000000005cfc28  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (_ZN2v88internal13GlobalHandles28InvokeFirstPassWeakCallbacksINS1_4NodeEEEmPNSt6__ndk16vectorINS4_4pairIPT_NS1_22PendingPhantomCallbackEEENS4_9allocatorISA_EEEE+276)
    #03 pc 00000000005cfaf0  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks()+20)
    #04 pc 00000000005ef364  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags)+2344)
    #05 pc 00000000005ed924  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags)+1316)
    #06 pc 00000000005eddbc  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (v8::internal::Heap::CollectAllAvailableGarbage(v8::internal::GarbageCollectionReason)+168)
    #07 pc 00000000004a2194  /data/app/com.test.app-9zTktSlhng7CO8_HgJrTww==/lib/arm64/libj2v8.so (v8::Isolate::LowMemoryNotification()+288)

Since this method supposed to trigger gc, I think it's relevant.