I have seen a lot of Android cash reports in 2021 in Google Play Console, the crash is thrown from libstagefright.so library, it's native code, I have no way to find from where or which activiy they are throwing.
Here is the stack trace:
backtrace:
#00 pc 00000000000b24a4 /system/lib/libstagefright.so (android::DataConverter::convert(android::spandroid::MediaCodecBuffer const&, android::spandroid::MediaCodecBuffer&)+27)
#00 pc 000000000009d14b /system/lib/libstagefright.so (android::ACodec::BaseState::onOMXFillBufferDone(unsigned int, unsigned int, unsigned int, unsigned int, long long, int)+594)
#00 pc 000000000009ca8f /system/lib/libstagefright.so (android::ACodec::BaseState::onOMXMessage(android::spandroid::AMessage const&)+274)
#00 pc 000000000000fc0b /system/lib/libstagefright_foundation.so (android::AHierarchicalStateMachine::handleMessage(android::spandroid::AMessage const&)+58)
#00 pc 000000000009c887 /system/lib/libstagefright.so (android::ACodec::BaseState::onOMXMessageList(android::spandroid::AMessage const&)+106)
#00 pc 000000000009c4e1 /system/lib/libstagefright.so (android::ACodec::BaseState::onMessageReceived(android::spandroid::AMessage const&)+460)
#00 pc 000000000000fc0b /system/lib/libstagefright_foundation.so (android::AHierarchicalStateMachine::handleMessage(android::spandroid::AMessage const&)+58)
#00 pc 000000000000fa85 /system/lib/libstagefright_foundation.so (android::AHandler::deliverMessage(android::spandroid::AMessage const&)+24)
#00 pc 0000000000011f91 /system/lib/libstagefright_foundation.so (android::AMessage::deliver()+60)
#00 pc 00000000000106eb /system/lib/libstagefright_foundation.so (android::ALooper::loop()+470)
#00 pc 000000000000d32b /system/lib/libutils.so (android::Thread::_threadLoop(void*)+270)
#00 pc 000000000006e919 /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+80)
#00 pc 0000000000047ba3 /system/lib/libc.so (__pthread_start(void*)+22)
#00 pc 000000000001b067 /system/lib/libc.so (__start_thread+32)
Related
I am getting below crash after upgrading Android SDK to 30
pid: 0, tid: 0 >>> com.asda.android <<<
backtrace:
#00 pc 0000000000051010 /apex/com.android.runtime/lib64/bionic/libc.so (abort+164)
#00 pc 00000000006d7c3c /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+668)
#00 pc 000000000001595c /apex/com.android.art/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+76)
#00 pc 0000000000014f8c /apex/com.android.art/lib64/libbase.so (android::base::LogMessage::~LogMessage()+364)
#00 pc 00000000002922fc /apex/com.android.art/lib64/libart.so (art::Thread::AssertNoPendingException() const+1536)
#00 pc 000000000031f2a0 /apex/com.android.art/lib64/libart.so (artStringBuilderAppend+116)
#00 pc 00000000002d7e18 /apex/com.android.art/lib64/libart.so (art_quick_string_builder_append+56)
#00 pc 0000000000a74df8 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot-framework.oat (android.view.ViewRootImpl.lambda$createFrameCompleteCallback$4$ViewRootImpl+184)
#00 pc 0000000000a51d3c /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot-framework.oat (android.view.ViewRootImpl$$ExternalSyntheticLambda2.onFrameComplete+108)
#00 pc 00000000002cdd64 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548)
#00 pc 000000000043a59c /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+880)
#00 pc 00000000005b20b0 /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallVoidMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+300)
#00 pc 00000000006e85b0 /system/lib64/libhwui.so (_JNIEnv::CallVoidMethod(_jobject*, _jmethodID*, ...)+120)
#00 pc 000000000073d9a0 /system/lib64/libhwui.so (android::FrameCompleteWrapper::onFrameComplete(long)+156)
#00 pc 0000000000616d2c /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::draw()+1724)
#00 pc 000000000061573c /system/lib64/libhwui.so (_ZNSt3__110__function6__funcIZN7android10uirenderer12renderthread13DrawFrameTask11postAndWaitEvE3$_0NS_9allocatorIS6_EEFvvEEclEv$c1671e787f244890c877724752face20+596)
#00 pc 000000000062b138 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+156)
#00 pc 000000000062aea4 /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+84)
#00 pc 00000000000120a8 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+260)
#00 pc 0000000000011960 /system/lib64/libutils.so (thread_data_t::trampoline(thread_data_t const*)+404)
#00 pc 00000000000b2fd0 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264)
#00 pc 0000000000052834 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
I was not getting this crash before sdk migration to android 30
I am getting a bunch of crashes in SkPathGlue, both its approximate() and isRectContour() functions. Here's a sample native dump from one of the approximate() crashes, which is the more common of the two crashes:
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> co.snicklefritz.android <<<
backtrace:
#00 pc 0000000000347148 /system/lib64/libhwui.so (android::SkPathGlue::approximate(_JNIEnv*, _jclass*, long, float)+580)
#00 pc 0000000000240fb0 /system/framework/arm64/boot-framework.oat (art_jni_trampoline+160)
#00 pc 000000000040ed9c /system/framework/arm64/boot-framework.oat (android.graphics.Path.approximate+60)
#00 pc 000000000043d1c0 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.aE.a+96)
#00 pc 0000000000a9178c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.aG.a+524)
#00 pc 0000000000ac5c5c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+444)
#00 pc 0000000000ac6f5c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+2332)
#00 pc 0000000000ac63d8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+232)
#00 pc 0000000000ab324c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.dx.java_sync_scan_ui+284)
#00 pc 0000000000134564 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548)
#00 pc 0000000000198e94 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+204)
#00 pc 0000000000532198 /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#00 pc 0000000000533398 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+440)
#00 pc 0000000000393ef4 /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallIntMethodA(_JNIEnv*, _jobject*, _jmethodID*, jvalue const*)+652)
#00 pc 00000000000425f8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000001611c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 0000000000020b24 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000001e8f4 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000841e0 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 0000000000083a74 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000368d8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000003985c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000aaad4 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000b6234 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64)
#00 pc 0000000000050e64 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
These in turn seem to map to approximate() and isRect() functions on Path. However, my app code is not using either of those directly.
These are not crashing "in the lab". The approximate() one seems exclusive to Android 11 Samsung devices, and the isRect() one may be exclusive to Android 7.x.
How can we tell where in the app (our code or third-party libraries) these crashes are coming from?
I made some research and was not able to understand what could be the reason of this crash.
Does anyone have a clue? thanks!!
Here are some logs . It only crash on the devices, SM-J410G android 8.1
pid: 0, tid: 0 >>> com.app99.driver <<<
backtrace:
#00 pc 000000000001a70e /system/lib/libc.so (abort+63)
#00 pc 00000000000065a1 /system/lib/liblog.so (__android_log_assert+156)
#00 pc 000000000002fe31 /system/lib/libhwui.so (android::uirenderer::debug::GlesErrorCheckWrapper::assertNoErrors(char const*)+192)
#00 pc 000000000005c02d /system/lib/libhwui.so (android::uirenderer::Caches::flush(android::uirenderer::Caches::FlushMode)+116)
#00 pc 000000000004f835 /system/lib/libhwui.so (android::uirenderer::renderthread::Bridge_destroyHardwareResources(android::uirenderer::renderthread::destroyHardwareResourcesArgs*)+4)
#00 pc 0000000000050233 /system/lib/libhwui.so (android::uirenderer::renderthread::MethodInvokeRenderTask::run()+10)
#00 pc 00000000000503b3 /system/lib/libhwui.so (android::uirenderer::renderthread::SignalingRenderTask::run()+10)
#00 pc 0000000000051103 /system/lib/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+178)
#00 pc 000000000000d23d /system/lib/libutils.so (android:🧵:_threadLoop(void*)+144)
#00 pc 0000000000068f89 /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+80)
#00 pc 00000000000479df /system/lib/libc.so (__pthread_start(void*)+22)
#00 pc 000000000001b2dd /system/lib/libc.so (__start_thread+32)
I am confused about some backtrace dump from android debuggerd
backtrace:
#00 pc 00019d5c /system/lib/libc.so (syscall+28)
#01 pc 0001d207 /system/lib/libc.so (__futex_wait_ex(void volatile*, bool, int, bool, timespec const*)+86)
#02 pc 00064303 /system/lib/libc.so (NonPI::MutexLockWithTimeout(pthread_mutex_internal_t*, bool, timespec const*)+154)
#03 pc 006030a1 /data/app/com.xxx.xxxxx/lib/arm/libB.so (std::__ndk1::mutex::lock()+4)
#04 pc 000e63e9 /data/app/com.xxx.xxxxx/lib/arm/libA.so (A::Test1::InTest2()+28)
#05 pc 000e63bd /data/app/com.xxx.xxxxx/lib/arm/libA.so (A::Test1::InTest1()+160)
#06 pc 000637f5 /system/lib/libc.so (__pthread_start(void*)+22)
#07 pc 0001e019 /system/lib/libc.so (__start_thread+24)
I am sure that I don't dynamicly link libB.so to libA.so. but the backtrace show A::Test1::InTest2() call libB.so (std::__ndk1::mutex::lock()+4)
What is the meaning of this backtrace.
I've searched on Google many times but did not find a way to locate the error code.
I'm seeing this native crash with the following stack trace.
Android 8.0
pid: 0, tid: 0 >>> package name <<<
Case 1
backtrace:
#00 pc 000000000004b10c /system/lib/libc.so (tgkill+12)
#01 pc 000000000001a9a3 /system/lib/libc.so (abort+54)
#02 pc 0000000000006849 /system/lib/liblog.so (__android_log_assert+152)
#03 pc 00000000000c72b7 /system/lib/libandroid_runtime.so (_ZN7android6bitmap8toBitmapEP7_JNIEnvP8_jobject+34)
#04 pc 00000000000d8003 /system/lib/libandroid_runtime.so (_ZL24BitmapShader_constructorP7_JNIEnvP8_jobjectxS2_ii+38)
#05 pc 0000000000a43c1b /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.nativeCreate [DEDUPED]+146)
#06 pc 0000000000a43d5d /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.createNativeInstance+68)
#07 pc 0000000000a436d5 /system/framework/arm/boot-framework.oat (android.graphics.Shader.getNativeInstance+100)
#08 pc 0000000000a5fcb5 /system/framework/arm/boot-framework.oat (android.graphics.Paint.getNativeInstance+68)
#09 pc 000000000110ed69 /system/framework/arm/boot-framework.oat (android.view.RecordingCanvas.drawCircle+64)
#10 pc 000000000001abf1 /dev/ashmem/dalvik-jit-code-cache (deleted)
Case 2
backtrace:
#00 pc 000000000004add4 /system/lib/libc.so (tgkill+12)
#01 pc 000000000001a6c3 /system/lib/libc.so (abort+54)
#02 pc 00000000000065f9 /system/lib/liblog.so (__android_log_assert+152)
#03 pc 00000000000c711f /system/lib/libandroid_runtime.so (_ZN7android6bitmap8toBitmapEP7_JNIEnvP8_jobject+34)
#04 pc 00000000000d7ec3 /system/lib/libandroid_runtime.so (_ZL24BitmapShader_constructorP7_JNIEnvP8_jobjectxS2_ii+38)
#05 pc 0000000000a15103 /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.nativeCreate [DEDUPED]+146)
#06 pc 0000000000a15245 /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.createNativeInstance+68)
#07 pc 0000000000a14bbd /system/framework/arm/boot-framework.oat (android.graphics.Shader.getNativeInstance+100)
#08 pc 0000000000a3115d /system/framework/arm/boot-framework.oat (android.graphics.Paint.getNativeInstance+68)
#09 pc 0000000000a173e7 /system/framework/arm/boot-framework.oat (android.graphics.Canvas.drawCircle+126)
#10 pc 0000000000023d49 /dev/ashmem/dalvik-jit-code-cache (deleted)
Case 3
backtrace:
#00 pc 000000000001a39a /system/lib/libc.so (abort+63)
#01 pc 000000000000655d /system/lib/liblog.so (__android_log_assert+156)
#02 pc 00000000000c125b /system/lib/libandroid_runtime.so (android::bitmap::toBitmap(_JNIEnv*, _jobject*)+34)
#03 pc 00000000000d19b5 /system/lib/libandroid_runtime.so (BitmapShader_constructor(_JNIEnv*, _jobject*, long long, _jobject*, int, int)+32)
#04 pc 00000000009da043 /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.nativeCreate [DEDUPED]+146)
#05 pc 00000000009da173 /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.createNativeInstance+66)
#06 pc 00000000009d9bb3 /system/framework/arm/boot-framework.oat (android.graphics.Shader.getNativeInstance+98)
#07 pc 00000000009f497f /system/framework/arm/boot-framework.oat (android.graphics.Paint.getNativeInstance+70)
#08 pc 0000000000ff3d51 /system/framework/arm/boot-framework.oat (android.view.RecordingCanvas.drawCircle+64)
#09 pc 0000000000001e4d /dev/ashmem/dalvik-jit-code-cache (deleted)
Android7.0/7.1
Case 1
backtrace:
#00 pc 000000000004a230 /system/lib/libc.so (tgkill+12)
#01 pc 00000000000479c3 /system/lib/libc.so (pthread_kill+34)
#02 pc 000000000001d9c5 /system/lib/libc.so (raise+10)
#03 pc 0000000000019511 /system/lib/libc.so (__libc_android_abort+34)
#04 pc 0000000000017150 /system/lib/libc.so (abort+4)
#05 pc 000000000000c687 /system/lib/libcutils.so (__android_log_assert+114)
#06 pc 00000000000a424b /system/lib/libandroid_runtime.so (_ZN7android6Bitmap15pinPixelsLockedEv+54)
#07 pc 00000000000a4283 /system/lib/libandroid_runtime.so (_ZN7android6Bitmap17refPixelRefLockedEv+34)
#08 pc 00000000000a43b9 /system/lib/libandroid_runtime.so (_ZN7android6Bitmap11getSkBitmapEP8SkBitmap+32)
#09 pc 00000000000ad57b /system/lib/libandroid_runtime.so
#10 pc 00000000021f0407 /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.nativeCreate+114)
#11 pc 00000000021f0349 /system/framework/arm/boot-framework.oat (android.graphics.BitmapShader.<init>+124)
#12 pc 00000000000002a1 /dev/ashmem/dalvik-jit-code-cache_8544_8544 (deleted)
Case 2
backtrace:
#00 pc 000000000004a720 /system/lib/libc.so (tgkill+12)
#01 pc 0000000000047eb3 /system/lib/libc.so (pthread_kill+34)
#02 pc 000000000001d955 /system/lib/libc.so (raise+10)
#03 pc 00000000000194a1 /system/lib/libc.so (__libc_android_abort+34)
#04 pc 00000000000170e4 /system/lib/libc.so (abort+4)
#05 pc 000000000000d6af /vendor/lib/libcutils.so (__android_log_assert+114)
#06 pc 00000000000a603f /system/lib/libandroid_runtime.so (_ZN7android6Bitmap15pinPixelsLockedEv+54)
#07 pc 00000000000a6077 /system/lib/libandroid_runtime.so (_ZN7android6Bitmap17refPixelRefLockedEv+34)
#08 pc 00000000000a61a5 /system/lib/libandroid_runtime.so (_ZN7android6Bitmap11getSkBitmapEP8SkBitmap+48)
#09 pc 00000000000b1237 /system/lib/libandroid_runtime.so
#10 pc 0000000074d013d7 /data/dalvik-cache/arm/system#framework#boot-framework.oat
Android 6.0
backtrace:
#00 pc 000000000004323c /system/lib/libc.so (tgkill+12)
#01 pc 0000000000041e45 /system/lib/libc.so (pthread_kill+32)
#02 pc 000000000001bb53 /system/lib/libc.so (raise+10)
#03 pc 0000000000018db1 /system/lib/libc.so (__libc_android_abort+34)
#04 pc 000000000001696c /system/lib/libc.so (abort+4)
#05 pc 00000000000091cb /system/lib/libcutils.so (__android_log_assert+86)
#06 pc 0000000000090fdf /system/lib/libandroid_runtime.so (_ZNK7android6Bitmap11assertValidEv+18)
#07 pc 000000000009105b /system/lib/libandroid_runtime.so (_ZN7android6Bitmap11getSkBitmapEP8SkBitmap+6)
#08 pc 000000000009a17b /system/lib/libandroid_runtime.so
#09 pc 000000007269b57f /data/dalvik-cache/arm/system#framework#boot.oat
Here's a list of devices that are effected:
1.According to Android Vitals statistics, This mainly happens in Android 8.0.A few parts occur on Android 7 & 7.1.