I am getting a bunch of crashes in SkPathGlue, both its approximate() and isRectContour() functions. Here's a sample native dump from one of the approximate() crashes, which is the more common of the two crashes:
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> co.snicklefritz.android <<<
backtrace:
#00 pc 0000000000347148 /system/lib64/libhwui.so (android::SkPathGlue::approximate(_JNIEnv*, _jclass*, long, float)+580)
#00 pc 0000000000240fb0 /system/framework/arm64/boot-framework.oat (art_jni_trampoline+160)
#00 pc 000000000040ed9c /system/framework/arm64/boot-framework.oat (android.graphics.Path.approximate+60)
#00 pc 000000000043d1c0 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.aE.a+96)
#00 pc 0000000000a9178c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.aG.a+524)
#00 pc 0000000000ac5c5c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+444)
#00 pc 0000000000ac6f5c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+2332)
#00 pc 0000000000ac63d8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+232)
#00 pc 0000000000ab324c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.dx.java_sync_scan_ui+284)
#00 pc 0000000000134564 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548)
#00 pc 0000000000198e94 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+204)
#00 pc 0000000000532198 /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#00 pc 0000000000533398 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+440)
#00 pc 0000000000393ef4 /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallIntMethodA(_JNIEnv*, _jobject*, _jmethodID*, jvalue const*)+652)
#00 pc 00000000000425f8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000001611c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 0000000000020b24 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000001e8f4 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000841e0 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 0000000000083a74 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000368d8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000003985c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000aaad4 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000b6234 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64)
#00 pc 0000000000050e64 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
These in turn seem to map to approximate() and isRect() functions on Path. However, my app code is not using either of those directly.
These are not crashing "in the lab". The approximate() one seems exclusive to Android 11 Samsung devices, and the isRect() one may be exclusive to Android 7.x.
How can we tell where in the app (our code or third-party libraries) these crashes are coming from?
Related
My current production Android application has reports of the following Crash within the Google Play console
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> com.my.application <<<
backtrace:
#00 pc 0000000000089fc4 /apex/com.android.runtime/lib64/bionic/libc.so (abort+168)
#00 pc 000000000055b744 /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+2260)
#00 pc 0000000000013990 /system/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+76)
#00 pc 0000000000012fb4 /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+320)
#00 pc 0000000000276010 /apex/com.android.art/lib64/libart.so (void art::gc::accounting::SpaceBitmap<8ul>::VisitMarkedRange<art::gc::collector::ConcurrentCopying::ImmuneSpaceScanObjVisitor const&>(unsigned long, unsigned long, art::gc::collector::ConcurrentCopying::ImmuneSpaceScanObjVisitor const&) const+168)
#00 pc 0000000000255e24 /apex/com.android.art/lib64/libart.so (art::gc::collector::ConcurrentCopying::CopyingPhase()+1584)
#00 pc 0000000000253968 /apex/com.android.art/lib64/libart.so (art::gc::collector::ConcurrentCopying::RunPhases()+1048)
#00 pc 00000000002773ac /apex/com.android.art/lib64/libart.so (art::gc::collector::GarbageCollector::Run(art::gc::GcCause, bool)+312)
#00 pc 0000000000294044 /apex/com.android.art/lib64/libart.so (art::gc::Heap::CollectGarbageInternal(art::gc::collector::GcType, art::gc::GcCause, bool)+4060)
#00 pc 00000000002916ec /apex/com.android.art/lib64/libart.so (art::gc::Heap::DoPendingCollectorTransition()+116)
#00 pc 00000000002abf18 /apex/com.android.art/lib64/libart.so (art::gc::Heap::CollectorTransitionTask::Run(art::Thread*)+36)
#00 pc 00000000002e4bc4 /apex/com.android.art/lib64/libart.so (art::gc::TaskProcessor::RunAllTasks(art::Thread*)+64)
#00 pc 000000000001273c /apex/com.android.art/javalib/arm64/boot-core-libart.oat (art_jni_trampoline+124)
#00 pc 0000000000059384 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (java.lang.Daemons$HeapTaskDaemon.runInternal+196)
#00 pc 0000000000024e80 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (java.lang.Daemons$Daemon.run+160)
#00 pc 000000000015d6f8 /apex/com.android.art/javalib/arm64/boot.oat (java.lang.Thread.run+72)
#00 pc 0000000000134564 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548)
#00 pc 00000000001a9a6c /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
#00 pc 0000000000553330 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+460)
#00 pc 00000000005a1ec8 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1288)
#00 pc 00000000000eb9ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64)
#00 pc 000000000008c2bc /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
the stack trace provided does not mention any of my application packages
how can i identify the root cause of this issue?
currently this crash has only occurred once and it is not mentioned in my analytics reports from New Relic
I am getting below crash after upgrading Android SDK to 30
pid: 0, tid: 0 >>> com.asda.android <<<
backtrace:
#00 pc 0000000000051010 /apex/com.android.runtime/lib64/bionic/libc.so (abort+164)
#00 pc 00000000006d7c3c /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+668)
#00 pc 000000000001595c /apex/com.android.art/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+76)
#00 pc 0000000000014f8c /apex/com.android.art/lib64/libbase.so (android::base::LogMessage::~LogMessage()+364)
#00 pc 00000000002922fc /apex/com.android.art/lib64/libart.so (art::Thread::AssertNoPendingException() const+1536)
#00 pc 000000000031f2a0 /apex/com.android.art/lib64/libart.so (artStringBuilderAppend+116)
#00 pc 00000000002d7e18 /apex/com.android.art/lib64/libart.so (art_quick_string_builder_append+56)
#00 pc 0000000000a74df8 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot-framework.oat (android.view.ViewRootImpl.lambda$createFrameCompleteCallback$4$ViewRootImpl+184)
#00 pc 0000000000a51d3c /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot-framework.oat (android.view.ViewRootImpl$$ExternalSyntheticLambda2.onFrameComplete+108)
#00 pc 00000000002cdd64 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548)
#00 pc 000000000043a59c /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+880)
#00 pc 00000000005b20b0 /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallVoidMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+300)
#00 pc 00000000006e85b0 /system/lib64/libhwui.so (_JNIEnv::CallVoidMethod(_jobject*, _jmethodID*, ...)+120)
#00 pc 000000000073d9a0 /system/lib64/libhwui.so (android::FrameCompleteWrapper::onFrameComplete(long)+156)
#00 pc 0000000000616d2c /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::draw()+1724)
#00 pc 000000000061573c /system/lib64/libhwui.so (_ZNSt3__110__function6__funcIZN7android10uirenderer12renderthread13DrawFrameTask11postAndWaitEvE3$_0NS_9allocatorIS6_EEFvvEEclEv$c1671e787f244890c877724752face20+596)
#00 pc 000000000062b138 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+156)
#00 pc 000000000062aea4 /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+84)
#00 pc 00000000000120a8 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+260)
#00 pc 0000000000011960 /system/lib64/libutils.so (thread_data_t::trampoline(thread_data_t const*)+404)
#00 pc 00000000000b2fd0 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264)
#00 pc 0000000000052834 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
I was not getting this crash before sdk migration to android 30
I have seen a lot of Android cash reports in 2021 in Google Play Console, the crash is thrown from libstagefright.so library, it's native code, I have no way to find from where or which activiy they are throwing.
Here is the stack trace:
backtrace:
#00 pc 00000000000b24a4 /system/lib/libstagefright.so (android::DataConverter::convert(android::spandroid::MediaCodecBuffer const&, android::spandroid::MediaCodecBuffer&)+27)
#00 pc 000000000009d14b /system/lib/libstagefright.so (android::ACodec::BaseState::onOMXFillBufferDone(unsigned int, unsigned int, unsigned int, unsigned int, long long, int)+594)
#00 pc 000000000009ca8f /system/lib/libstagefright.so (android::ACodec::BaseState::onOMXMessage(android::spandroid::AMessage const&)+274)
#00 pc 000000000000fc0b /system/lib/libstagefright_foundation.so (android::AHierarchicalStateMachine::handleMessage(android::spandroid::AMessage const&)+58)
#00 pc 000000000009c887 /system/lib/libstagefright.so (android::ACodec::BaseState::onOMXMessageList(android::spandroid::AMessage const&)+106)
#00 pc 000000000009c4e1 /system/lib/libstagefright.so (android::ACodec::BaseState::onMessageReceived(android::spandroid::AMessage const&)+460)
#00 pc 000000000000fc0b /system/lib/libstagefright_foundation.so (android::AHierarchicalStateMachine::handleMessage(android::spandroid::AMessage const&)+58)
#00 pc 000000000000fa85 /system/lib/libstagefright_foundation.so (android::AHandler::deliverMessage(android::spandroid::AMessage const&)+24)
#00 pc 0000000000011f91 /system/lib/libstagefright_foundation.so (android::AMessage::deliver()+60)
#00 pc 00000000000106eb /system/lib/libstagefright_foundation.so (android::ALooper::loop()+470)
#00 pc 000000000000d32b /system/lib/libutils.so (android::Thread::_threadLoop(void*)+270)
#00 pc 000000000006e919 /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+80)
#00 pc 0000000000047ba3 /system/lib/libc.so (__pthread_start(void*)+22)
#00 pc 000000000001b067 /system/lib/libc.so (__start_thread+32)
I am getting a huge number of below crashes in the Playstore console with limited stacktrace only.
backtrace:
#00 pc 0000000000021f6c /system/lib64/libc.so (abort+116)
#01 pc 00000000000080d8 /system/lib64/liblog.so (__android_log_assert+304)
#02 pc 000000000000f0f8 /system/lib64/libutils.so (android::sp_report_race()+28)
#03 pc 0000000000115324 /system/lib64/libandroid_runtime.so (android::RootRenderNode::detachAnimators()+316)
#04 pc 0000000000113434 /system/lib64/libandroid_runtime.so (android::AnimationContextBridge::destroy()+24)
#05 pc 000000000049e99c /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::destroy()+128)
#06 pc 00000000004a2780 /system/lib64/libhwui.so (std::__1::packaged_task<void ()>::operator()()+88)
#07 pc 000000000045971c /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+168)
#08 pc 000000000011fb30 /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+240)
#09 pc 000000000000f9d4 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+280)
#10 pc 00000000000836c8 /system/lib64/libc.so (__pthread_start(void*)+196)
#11 pc 0000000000023bac /system/lib64/libc.so (__start_thread+68)
Could someone already reproduce the issue or at least explain when the issue occurs and how to fix it?
Same issue
Device: Samsung Galaxy A8(2018)
Operating System: Android 9 (SDK 28)
Rooted: No
ABI: arm64-v8a
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> com.rdiscovery <<<
backtrace:
#00 pc 0000000000021ef4 /system/lib64/libc.so (abort+116)
#00 pc 00000000000080d8 /system/lib64/liblog.so (__android_log_assert+304)
#00 pc 0000000000108c40 /system/lib64/libandroid_runtime.so (android::android_view_RenderNode_hasIdentityMatrix(long)+116)
#00 pc 0000000000429e20 /system/framework/arm64/boot-framework.oat (offset 0x41f000) (android.graphics.Matrix.nIsAffine [DEDUPED]+64)
#00 pc 0000000000bfabc0 /system/framework/arm64/boot-framework.oat (offset 0x41f000) (android.view.RenderNode.hasIdentityMatrix+48)
#00 pc 0000000000cee608 /system/framework/arm64/boot-framework.oat (offset 0x41f000) (android.view.View.transformFromViewToWindowSpace+440)
#00 pc 0000000000cd68cc /system/framework/arm64/boot-framework.oat (offset 0x41f000) (android.view.View.getLocationInWindow+76)
#00 pc 0000000000cd6990 /system/framework/arm64/boot-framework.oat (offset 0x41f000) (android.view.View.getLocationOnScreen+48)
#00 pc 000000000003b5e4 /dev/ashmem/dalvik-jit-code-cache_6979_6979 (deleted)
I have no idea about how the issue is reproduced since it is from the native library and it is for only live users. But I am suspecting it is from SurfaceView as it's back stack suggests.
Device Details:
Oppo realme 3Pro (RMX1851), Android 9
ERROR
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) android::SurfaceComposerClient::Transaction::getLayerState(android::sp const&)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> com.test.surfaceview <<<
backtrace:
#00 pc 00000000000979c4 /system/lib64/libgui.so (android::SurfaceComposerClient::Transaction::getLayerState(android::sp<android::SurfaceControl> const&)+416)
#01 pc 0000000000098030 /system/lib64/libgui.so (android::SurfaceComposerClient::Transaction::deferTransactionUntil(android::sp<android::SurfaceControl> const&, android::sp<android::Surface> const&, unsigned long)+48)
#02 pc 000000000010b1e8 /system/lib64/libandroid_runtime.so (android::nativeDeferTransactionUntilSurface(_JNIEnv*, _jclass*, long, long, long, long)+100)
#03 pc 0000000000416300 /system/framework/arm64/boot-framework.oat (android.view.SurfaceControl.nativeDeferTransactionUntilSurface+176)
#04 pc 0000000000ba05c8 /system/framework/arm64/boot-framework.oat (android.view.SurfaceControl$Transaction.deferTransactionUntilSurface+136)
#05 pc 0000000000d42a54 /system/framework/arm64/boot-framework.oat (android.view.SurfaceView.applySurfaceTransforms+132)
#06 pc 0000000000d46ba0 /system/framework/arm64/boot-framework.oat (android.view.SurfaceView.updateSurfacePosition_renderWorker+752)
#07 pc 000000000055ab88 /system/lib64/libart.so (art_quick_invoke_stub+584)
#08 pc 00000000000d02c8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
#09 pc 000000000045f1f8 /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#10 pc 000000000046058c /system/lib64/libart.so (art::InvokeVirtualOrInterfaceWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+440)
#11 pc 0000000000340fec /system/lib64/libart.so (art::JNI::CallVoidMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+656)
#12 pc 00000000000c78e4 /system/lib64/libandroid_runtime.so (_JNIEnv::CallVoidMethod(_jobject*, _jmethodID*, ...)+116)
#13 pc 0000000000105abc /system/lib64/libandroid_runtime.so (_ZZN7androidL46android_view_RenderNode_requestPositionUpdatesEP7_JNIEnvP8_jobjectlS3_EN26SurfaceViewPositionUpdater21doUpdatePositionAsyncEliiii+204)
#14 pc 00000000002cef8c /system/lib64/libhwui.so
I tried to reproduce in a lot of scenarios but I had no luck.
Let me know if any other info is required.
It would be great if there is an explanation of how this issue can be fixed or fixed.