My Android app "Photo Compare" (https://github.com/sniederb/photocompare) uses a "Subsampling Scale Image View" (from Dave Morrissey) to display images, and allows zooming and panning. This almost always works well, but on Android 11 with HEIC images, the activity crashes as soon as I zoom in.
The aborting thread is
runtime.cc:655] Aborting thread:
runtime.cc:655] "HeifDecode" prio=6 tid=32 Native
runtime.cc:655] | group="" sCount=0 dsCount=0 flags=0 obj=0x12c40020 self=0xe9022210
runtime.cc:655] | sysTid=18958 nice=-2 cgrp=top-app sched=0/0 handle=0xc6e561e0
runtime.cc:655] | state=R schedstat=( 98486663 91130505 137 ) utm=2 stm=7 core=2 HZ=100
runtime.cc:655] | stack=0xc6d5b000-0xc6d5d000 stackSize=1008KB
runtime.cc:655] | held mutexes= "abort lock"
runtime.cc:655] native: #00 pc 00542d9e /apex/com.android.art/lib/libart.so (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+110)
runtime.cc:655] native: #01 pc 006a0897 /apex/com.android.art/lib/libart.so (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, bool, BacktraceMap*, bool) const+1015)
runtime.cc:655] native: #02 pc 0069a171 /apex/com.android.art/lib/libart.so (art::Thread::Dump(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, bool, BacktraceMap*, bool) const+65)
runtime.cc:655] native: #03 pc 006522c5 /apex/com.android.art/lib/libart.so (art::AbortState::DumpThread(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, art::Thread*) const+53)
runtime.cc:655] native: #04 pc 00639abb /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+2587)
runtime.cc:655] native: #05 pc 00025a23 /apex/com.android.art/lib/libartbase.so (std::__1::__function::__func<void (*)(char const*), std::__1::allocator<void (*)(char const*)>, void (char const*)>::operator()(char const*&&)+35)
runtime.cc:655] native: #06 pc 0001588f /system/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+79)
runtime.cc:655] native: #07 pc 00006dbd /system/lib/liblog.so (__android_log_assert+285)
runtime.cc:655] native: #08 pc 000102a2 /system/lib/libutils.so (android::RefBase::decStrong(void const*) const+146)
runtime.cc:655] native: #09 pc 00004de4 /system/lib/libheif.so (android::HeifDecoderImpl::decodeAsync()+436)
runtime.cc:655] native: #10 pc 00004c23 /system/lib/libheif.so (android::HeifDecoderImpl::DecodeThread::threadLoop()+35)
runtime.cc:655] native: #11 pc 00015116 /system/lib/libutils.so (android::Thread::_threadLoop(void*)+374)
runtime.cc:655] native: #12 pc 00098fee /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+174)
runtime.cc:655] native: #13 pc 000147d9 /system/lib/libutils.so (thread_data_t::trampoline(thread_data_t const*)+457)
runtime.cc:655] native: #14 pc 000e6974 /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+100)
runtime.cc:655] native: #15 pc 00078567 /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+71)
runtime.cc:655] (no managed stack frames)
and the crash report states
2021-01-09 14:12:53.736 19089-19089/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-01-09 14:12:53.736 19089-19089/? A/DEBUG: Build fingerprint: 'google/sdk_gphone_x86_arm/generic_x86_arm:11/RSR1.201013.001/6903271:userdebug/dev-keys'
2021-01-09 14:12:53.736 19089-19089/? A/DEBUG: Revision: '0'
2021-01-09 14:12:53.737 19089-19089/? A/DEBUG: ABI: 'x86'
2021-01-09 14:12:53.737 19089-19089/? A/DEBUG: Timestamp: 2021-01-09 14:12:53+0100
2021-01-09 14:12:53.737 19089-19089/? A/DEBUG: pid: 18085, tid: 18958, name: HeifDecode >>> ch.want.imagecompare <<<
2021-01-09 14:12:53.737 19089-19089/? A/DEBUG: uid: 10153
2021-01-09 14:12:53.737 19089-19089/? A/DEBUG: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
2021-01-09 14:12:53.738 19089-19089/? A/DEBUG: Abort message: 'decStrong() called on 0xc7e43d10 too many times'
2021-01-09 14:12:53.738 19089-19089/? A/DEBUG: eax 00000000 ebx 000046a5 ecx 00004a0e edx 00000006
2021-01-09 14:12:53.738 19089-19089/? A/DEBUG: edi f4a5681e esi c6e559c0
2021-01-09 14:12:53.738 19089-19089/? A/DEBUG: ebp f7517b90 esp c6e55968 eip f7517b99
2021-01-09 14:12:53.744 19089-19089/? A/DEBUG: backtrace:
2021-01-09 14:12:53.745 19089-19089/? A/DEBUG: #00 pc 00000b99 [vdso] (__kernel_vsyscall+9)
2021-01-09 14:12:53.745 19089-19089/? A/DEBUG: #01 pc 0005ad68 /apex/com.android.runtime/lib/bionic/libc.so (syscall+40) (BuildId: 6e3a0180fa6637b68c0d181c343e6806)
2021-01-09 14:12:53.745 19089-19089/? A/DEBUG: #02 pc 00076511 /apex/com.android.runtime/lib/bionic/libc.so (abort+209) (BuildId: 6e3a0180fa6637b68c0d181c343e6806)
2021-01-09 14:12:53.745 19089-19089/? A/DEBUG: #03 pc 00639a4d /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+2477) (BuildId: 8191579dfafff37a5cbca70f9a73020f)
2021-01-09 14:12:53.745 19089-19089/? A/DEBUG: #04 pc 00025a23 /apex/com.android.art/lib/libartbase.so (std::__1::__function::__func<void (*)(char const*), std::__1::allocator<void (*)(char const*)>, void (char const*)>::operator()(char const*&&)+35) (BuildId: 41e9e0cbb5db4bb6875333d66af6569f)
2021-01-09 14:12:53.746 19089-19089/? A/DEBUG: #05 pc 0001588f /system/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+79) (BuildId: 3abc3ce4c3b633a64b14c50cb931a64b)
2021-01-09 14:12:53.746 19089-19089/? A/DEBUG: #06 pc 00006dbd /system/lib/liblog.so (__android_log_assert+285) (BuildId: bbac430fc6349b937996bb914e70c060)
2021-01-09 14:12:53.746 19089-19089/? A/DEBUG: #07 pc 000102a2 /system/lib/libutils.so (android::RefBase::decStrong(void const*) const+146) (BuildId: ab4be013cda31e8c45d48aa23a89d0f8)
2021-01-09 14:12:53.746 19089-19089/? A/DEBUG: #08 pc 00004de4 /system/lib/libheif.so (android::HeifDecoderImpl::decodeAsync()+436) (BuildId: 49a068f457bf8577f622fb97089c3c5d)
2021-01-09 14:12:53.746 19089-19089/? A/DEBUG: #09 pc 00004c23 /system/lib/libheif.so (android::HeifDecoderImpl::DecodeThread::threadLoop()+35) (BuildId: 49a068f457bf8577f622fb97089c3c5d)
2021-01-09 14:12:53.746 19089-19089/? A/DEBUG: #10 pc 00015116 /system/lib/libutils.so (android::Thread::_threadLoop(void*)+374) (BuildId: ab4be013cda31e8c45d48aa23a89d0f8)
2021-01-09 14:12:53.747 19089-19089/? A/DEBUG: #11 pc 00098fee /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+174) (BuildId: 588f2cd5873ff4273bb25b25edb82606)
2021-01-09 14:12:53.747 19089-19089/? A/DEBUG: #12 pc 000147d9 /system/lib/libutils.so (thread_data_t::trampoline(thread_data_t const*)+457) (BuildId: ab4be013cda31e8c45d48aa23a89d0f8)
2021-01-09 14:12:53.747 19089-19089/? A/DEBUG: #13 pc 000e6974 /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+100) (BuildId: 6e3a0180fa6637b68c0d181c343e6806)
My understanding so far is that the HeifDecoderImpl is asked to decode image regions asynchronously (this is what "Subsampling Scale Image View" does, afaik), and in doing so attempts to free a resource too often, resulting in RefBase trying to decrease the strong reference count too often.
As an app programmer, I'm stumped and unsure if there's anything I can do here. Both HeifDecoderImpl and RefBase appear to be core Android code. Do I need to review the "Subsampling Scale Image View" library? Any pointer is appreciated.
It appears the error occurs due to the default Bitmap.Config of Bitmap.Config.RGB_565 used by SubsamplingScaleImageView (acutally in SkiaImageDecoder.java, part of that package). By switching to
SubsamplingScaleImageView.setPreferredBitmapConfig(Bitmap.Config.ARGB_8888);
the error disappears.
Related
I am getting a bunch of crashes in SkPathGlue, both its approximate() and isRectContour() functions. Here's a sample native dump from one of the approximate() crashes, which is the more common of the two crashes:
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> co.snicklefritz.android <<<
backtrace:
#00 pc 0000000000347148 /system/lib64/libhwui.so (android::SkPathGlue::approximate(_JNIEnv*, _jclass*, long, float)+580)
#00 pc 0000000000240fb0 /system/framework/arm64/boot-framework.oat (art_jni_trampoline+160)
#00 pc 000000000040ed9c /system/framework/arm64/boot-framework.oat (android.graphics.Path.approximate+60)
#00 pc 000000000043d1c0 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.aE.a+96)
#00 pc 0000000000a9178c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.aG.a+524)
#00 pc 0000000000ac5c5c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+444)
#00 pc 0000000000ac6f5c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+2332)
#00 pc 0000000000ac63d8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.O.a+232)
#00 pc 0000000000ab324c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/oat/arm64/base.odex (fsimpl.dx.java_sync_scan_ui+284)
#00 pc 0000000000134564 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548)
#00 pc 0000000000198e94 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+204)
#00 pc 0000000000532198 /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#00 pc 0000000000533398 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+440)
#00 pc 0000000000393ef4 /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallIntMethodA(_JNIEnv*, _jobject*, _jmethodID*, jvalue const*)+652)
#00 pc 00000000000425f8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000001611c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 0000000000020b24 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000001e8f4 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000841e0 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 0000000000083a74 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000368d8 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 000000000003985c /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000aaad4 /data/app/~~ddTWSA2JWd81lFOpINkMdg==/co.snicklefritz.android-bvDqwzGOE-MRWgoGj5rMrA==/base.apk!libfs-native.so (offset 0x2490000)
#00 pc 00000000000b6234 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64)
#00 pc 0000000000050e64 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
These in turn seem to map to approximate() and isRect() functions on Path. However, my app code is not using either of those directly.
These are not crashing "in the lab". The approximate() one seems exclusive to Android 11 Samsung devices, and the isRect() one may be exclusive to Android 7.x.
How can we tell where in the app (our code or third-party libraries) these crashes are coming from?
we are facing this issue wherin trying to reuse the surfaceView for playing the video
Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x10 in
tid 5971 (hwuiTask1), pid 4526 (com.example.tv)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint:
'Project/hsw4026atl/hsw4026atl:9/PTT1.210208.001/2.3.0-
21042717:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 4526, tid: 5971, name: hwuiTask1 >>> com.example.tv <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x10
Cause: null pointer dereference
r0 00000000 r1 7b6fa440 r2 7b17f32c r3 00000000
r4 8877d100 r5 7b17f360 r6 7b17f338 r7 00000000
r8 8877d104 r9 7b17f420 r10 13a56118 r11 13f1a020
ip a4935e24 sp 7b17f328 lr a491ac6b pc a491ac6e"-*
backtrace:
#00 pc 0005dc6e /system/lib/libgui.so -(android::SurfaceComposerClient::Transaction::getLayerState(android::sp<android::SurfaceControl> const&)+286)
#01 pc 0005dfeb /system/lib/libgui.so (android::SurfaceComposerClient::Transaction::deferTransactionUntil(android::sp<android::SurfaceControl> const&, android::sp<android::Surface> const&, unsigned long long)+22)
#02 pc 000a537f /system/lib/libandroid_runtime.so (android::nativeDeferTransactionUntilSurface(_JNIEnv*, _jclass*, long long, long long, long long, long long)+62)
#03 pc 003acc89 /system/framework/arm/boot-framework.oat (offset 0x38a000) (android.view.SurfaceControl.nativeDeferTransactionUntilSurface+152)
#04 pc 009b8a23 /system/framework/arm/boot-framework.oat (offset 0x38a000) (android.view.SurfaceControl$Transaction.deferTransactionUntilSurface+114)
#05 pc 00b143a7 /system/framework/arm/boot-framework.oat (offset 0x38a000) (android.view.SurfaceView.applySurfaceTransforms+110)
#06 pc 00b166d9 /system/framework/arm/boot-framework.oat (offset 0x38a000) (android.view.SurfaceView.updateSurfacePosition_renderWorker+240)
#07 pc 0041cb75 /system/lib/libart.so (art_quick_invoke_stub_internal+68)
#08 pc 003f5b09 /system/lib/libart.so (art_quick_invoke_stub+224)
#09 pc 000a100d /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+136)
#10 pc 00354ea1 /system/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
#11 pc 00355e51 /system/lib/libart.so (art::InvokeVirtualOrInterfaceWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+316)
#12 pc 00279c5b /system/lib/libart.so (art::JNI::CallVoidMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+482)
#13 pc 000794cb /system/lib/libandroid_runtime.so (_JNIEnv::CallVoidMethod(_jobject*, _jmethodID*, ...)+38)
#14 pc 000a11df /system/lib/libandroid_runtime.so (_ZZN7androidL46android_view_RenderNode_requestPositionUpdatesEP7_JNIEnvP8_jobjectxS3_EN26SurfaceViewPositionUpdater21doUpdatePositionAsyncExiiii+122)
#15 pc 000a135d /system/lib/libandroid_runtime.so (_ZNSt3__110__function6__funcINS_6__bindINS_8__mem_fnIMZN7androidL46android_view_RenderNode_requestPositionUpdatesEP7_JNIEnvP8_jobjectxS8_E26SurfaceViewPositionUpdaterFvxiiiiEEEJPS9_xiiiiEEENS_9allocatorISE_EEFvvEEclEv+52)
#16 pc 0037c61d /system/lib/libhwui.so (android::uirenderer::renderthread::CacheManager::SkiaTaskProcessor::onProcess(android::sp<android::uirenderer::Task<bool>> const&)+14)
#17 pc 0037ae17 /system/lib/libhwui.so (android::uirenderer::TaskProcessor<bool>::process(android::sp<android::uirenderer::TaskBase> const&)+38)
#18 pc 0034814b /system/lib/libhwui.so (android::uirenderer::TaskManager::WorkerThread::threadLoop()+110)
#19 pc 0000c189 /system/lib/libutils.so (android::Thread::_threadLoop(void*)+292)
#20 pc 0006f1c3 /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+82)
#21 pc 00064303 /system/lib/libc.so (__pthread_start(void*)+22)
#22 pc 0001df8d /system/lib/libc.so (__start_thread+32)
BootReceiver: Copying /data/tombstones/tombstone_00 to DropBox (SYSTEM_TOMBSTONE)
ActivityManager: Force finishing activity com.example.tv/.MainActivity
When I installed APK game local (build by cocos2d-x) (copy over USB) with resources over size 2GB, check log adb has error, google play store has popup keep stopping and i cannot run my apk :
A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 16853 (BlockingExecuto), pid 12159 (android.vending)
E/crash_dump32: unknown process state: t
A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
A/DEBUG: Build fingerprint: 'samsung/beyond2ltexx/beyond2:10/QP1A.190711.020/G975FXXU9DTJA:user/release-keys'
A/DEBUG: Revision: '26'
A/DEBUG: ABI: 'arm'
A/DEBUG: Timestamp:
2020-12-08 11:56:49+0700
A/DEBUG: pid: 12159, tid: 16853, name: BlockingExecuto >>> com.android.vending <<<
A/DEBUG: uid: 10109
A/DEBUG: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
A/DEBUG: Abort message: 'ubsan: implicit-conversion'
A/DEBUG: r0 00000000 r1 000041d5 r2 00000006 r3 c479f180
A/DEBUG: r4 c479f194 r5 c479f178 r6 00002f7f r7 0000016b
A/DEBUG: r8 c479f190 r9 c479f180 r10 c479f1b0 r11 c479f1a0
A/DEBUG: ip 000041d5 sp c479f150 lr f58893b7 pc f58893ca
A/DEBUG: backtrace:
A/DEBUG: #00 pc 000603ca /apex/com.android.runtime/lib/bionic/libc.so (abort+166) (BuildId: 51d80220c9e0c42255369657a8641799)
A/DEBUG: #01 pc 000118d4 /system/lib/libutils.so (abort_with_message(char const*)+24) (BuildId: da88f99cb4c80fe4fe393ef8e8fd5c71)
A/DEBUG: #02 pc 000119cc /system/lib/libutils.so (__ubsan_handle_implicit_conversion_minimal_abort+24) (BuildId: da88f99cb4c80fe4fe393ef8e8fd5c71)
A/DEBUG: #03 pc 0000a1f9 /system/lib/libutils.so (android::FileMap::create(char const*, int, long long, unsigned int, bool)+336) (BuildId: da88f99cb4c80fe4fe393ef8e8fd5c71)
A/DEBUG: #04 pc 00021cd5 /system/lib/libandroidfw.so (android::ApkAssets::Open(std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator> const&, android::Asset::AccessMode) const+236) (BuildId: c2985fc4fb507640b2e6e08af143b74f)
A/DEBUG: #05 pc 0002124f /system/lib/libandroidfw.so (android::ApkAssets::LoadImpl(android::base::unique_fd_implandroid::base::DefaultCloser, std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator> const&, std::__1::unique_ptr<android::Asset, std::__1::default_deleteandroid::Asset>, std::__1::unique_ptr<android::LoadedIdmap const, std::__1::default_delete<android::LoadedIdmap const>>, bool, bool)+390) (BuildId: c2985fc4fb507640b2e6e08af143b74f)
A/DEBUG: #06 pc 00021069 /system/lib/libandroidfw.so (android::ApkAssets::Load(std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator> const&, bool)+40) (BuildId: c2985fc4fb507640b2e6e08af143b74f)
A/DEBUG: #07 pc 0014914b /system/lib/libandroid_runtime.so (android::NativeLoad(_JNIEnv*, _jclass*, _jstring*, unsigned char, unsigned char, unsigned char)+442) (BuildId: 80997d838eed4d8a33e6074aaefa721e)
A/DEBUG: #08 pc 002e8ae9 /system/framework/arm/boot-framework.oat (art_jni_trampoline+136) (BuildId: 08d023656c5c190cd87e02dca8cd73789c24a32e)
A/DEBUG: #09 pc 00442c2b /system/framework/arm/boot-framework.oat (android.content.pm.PackageParser.parseApkLiteInner+250) (BuildId: 08d023656c5c190cd87e02dca8cd73789c24a32e)
A/DEBUG: #10 pc 0044ad41 /system/framework/arm/boot-framework.oat (android.content.pm.PackageParser.parseMonolithicPackageLite+96) (BuildId: 08d023656c5c190cd87e02dca8cd73789c24a32e)
A/DEBUG: #11 pc 00450d17 /system/framework/arm/boot-framework.oat (android.content.pm.PackageParser.parseMonolithicPackage+70) (BuildId: 08d023656c5c190cd87e02dca8cd73789c24a32e)
A/DEBUG: #12 pc 00439495 /system/framework/arm/boot-framework.oat (android.content.pm.PackageManager.getPackageArchiveInfo+196) (BuildId: 08d023656c5c190cd87e02dca8cd73789c24a32e)
A/DEBUG: #13 pc 00eeaa41 /data/app/com.android.vending-9uL9ZPy1nPnI_iSyOwpVqw==/oat/arm/base.odex (com.google.android.finsky.verifier.impl.VerifyInstallTask.j+328)
A/DEBUG: #14 pc 000d7bc5 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #15 pc 0042e22b /apex/com.android.runtime/lib/libart.so (art_quick_invoke_static_stub+246) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #16 pc 000dffcb /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+194) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #17 pc 00210141 /apex/com.android.runtime/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+280) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #18 pc 0020ba83 /apex/com.android.runtime/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+774) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #19 pc 00425947 /apex/com.android.runtime/lib/libart.so (MterpInvokeStatic+310) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #20 pc 000d2994 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_static+20) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #21 pc 0112a122 /data/app/com.android.vending-9uL9ZPy1nPnI_iSyOwpVqw==/oat/arm/base.vdex (com.google.android.finsky.verifier.impl.VerifyAppsInstallTask.Z+62)
A/DEBUG: #22 pc 004254a9 /apex/com.android.runtime/lib/libart.so (MterpInvokeDirect+980) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #23 pc 000d2914 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_direct+20) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #24 pc 0112ae72 /data/app/com.android.vending-9uL9ZPy1nPnI_iSyOwpVqw==/oat/arm/base.vdex (com.google.android.finsky.verifier.impl.VerifyAppsInstallTask.mH+1588)
A/DEBUG: #25 pc 00428b03 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtualQuick+1118) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #26 pc 000d6594 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual_quick+20) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #27 pc 0112ba8a /data/app/com.android.vending-9uL9ZPy1nPnI_iSyOwpVqw==/oat/arm/base.vdex (com.google.android.finsky.verifier.impl.VerifyInstallTask.mH+82)
A/DEBUG: #28 pc 001eb9bd /apex/com.android.runtime/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.14245495856725529891+192) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #29 pc 001f01a1 /apex/com.android.runtime/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+124) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #30 pc 00417c89 /apex/com.android.runtime/lib/libart.so (artQuickToInterpreterBridge+808) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #31 pc 000dc5a1 /apex/com.android.runtime/lib/libart.so (art_quick_to_interpreter_bridge+32) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #32 pc 0061b5a3 /data/app/com.android.vending-9uL9ZPy1nPnI_iSyOwpVqw==/oat/arm/base.odex (amgs.run+58)
A/DEBUG: #33 pc 002a8fcf /system/framework/arm/boot.oat (java.util.concurrent.ThreadPoolExecutor.runWorker+1014) (BuildId: 583c1081e85d9d8b674ee07cd01998bc18f28442)
A/DEBUG: #34 pc 002a6c4f /system/framework/arm/boot.oat (java.util.concurrent.ThreadPoolExecutor$Worker.run+54) (BuildId: 583c1081e85d9d8b674ee07cd01998bc18f28442)
A/DEBUG: #35 pc 005dad1f /data/app/com.android.vending-9uL9ZPy1nPnI_iSyOwpVqw==/oat/arm/base.odex (akoy.run+78)
A/DEBUG: #36 pc 00183749 /system/framework/arm/boot.oat (java.lang.Thread.run+64) (BuildId: 583c1081e85d9d8b674ee07cd01998bc18f28442)
A/DEBUG: #37 pc 000d7bc5 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #38 pc 0042e117 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub+250) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #39 pc 000dffb7 /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+174) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #40 pc 0036fc27 /apex/com.android.runtime/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+54) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #41 pc 00370919 /apex/com.android.runtime/lib/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*)+304) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #42 pc 003a18a7 /apex/com.android.runtime/lib/libart.so (art::Thread::CreateCallback(void*)+978) (BuildId: 4f8c69e84af2316a61452c2d70d699f2)
A/DEBUG: #43 pc 000a75b3 /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+20) (BuildId: 51d80220c9e0c42255369657a8641799)
A/DEBUG: #44 pc 00061b33 /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: 51d80220c9e0c42255369657a8641799)
E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_01
If I decrease resources less than 2GB, i can run app normally. Anyone can help me, plz ?
As your log suggests, the issue lies in the function android::FileMap::create()
where off64_t type is used to call mmap(), when mmap64() should have been called instead.
It has been fixed by Google since then (commit) but unfortunately it will not be deployed until Android R, as stated in this thread in the google issue tracker.
Meanwhile the best is to stay below the 2Go limit so off64_t values doesn't trigger UBSan: implicit conversion that make your app crash.
This issue arises from the android run time.
Any idea what this is ?
I am using native code here which plays an audio file in the background. When I just start to play around with the ui of the app this issue pops up.
The app works fine in android 7 but breaks on android 10 specially on samsung devices.
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/sdk_gphone_x86/generic_x86:10/QSR1.191030.002/5978551:userdebug/dev-keys'
Revision: '0'
ABI: 'x86'
Timestamp: 2020-02-19 00:21:31+0530
pid: 10918, tid: 10933, name: ReferenceQueueD >>> com.myapp.beta <<<
uid: 10133
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xbe04dbc0
eax be04dbbc ebx f1f2f9ac ecx 70bc7ba8 edx 00000000
edi 12f0fb10 esi df165880
ebp cc0d15e8 esp cc0d15d0 eip f1976406
backtrace:
#00 pc 001f1406 /system/lib/libhwui.so (SkPaint::~SkPaint()+150) (BuildId: 10d1e316b7aa14d35052a448bd944fde)
#01 pc 002dbd74 /system/lib/libhwui.so (android::Paint::~Paint()+52) (BuildId: 10d1e316b7aa14d35052a448bd944fde)
#02 pc 00162bd5 /system/lib/libandroid_runtime.so (android::PaintGlue::deletePaint(android::Paint*)+37) (BuildId: 6ceb9761bceb97a18c92f8a4b7072247)
#03 pc 0003601e /apex/com.android.runtime/lib/libjavacore.so (NativeAllocationRegistry_applyFreeFunction(_JNIEnv*, _jclass*, long long, long long)+30) (BuildId: 688305bcfab3d72450178332b5c29bc2)
#04 pc 0004e652 /system/framework/x86/boot-core-libart.oat (art_jni_trampoline+178) (BuildId: 6e90a1c34e5945941f1d1cb9bac9218325a4cd49)
#05 pc 0203d82a /memfd:/jit-cache (deleted) (libcore.util.NativeAllocationRegistry$CleanerThunk.run+122)
#06 pc 0209a2cc /memfd:/jit-cache (deleted) (sun.misc.Cleaner.clean+92)
#07 pc 020a77bf /memfd:/jit-cache (deleted) (java.lang.ref.ReferenceQueue.enqueueLocked+239)
#08 pc 020aabae /memfd:/jit-cache (deleted) (java.lang.ref.ReferenceQueue.enqueuePending+174)
#09 pc 0013e9a2 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_static_stub+418) (BuildId: a0a062684495092d1756e30ba2dff37d)
#10 pc 00149a7a /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+298) (BuildId: a0a062684495092d1756e30ba2dff37d)
#11 pc 00332502 /apex/com.android.runtime/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+386) (BuildId: a0a062684495092d1756e30ba2dff37d)
#12 pc 0032c19c /apex/com.android.runtime/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+988) (BuildId: a0a062684495092d1756e30ba2dff37d)
#13 pc 00684d03 /apex/com.android.runtime/lib/libart.so (MterpInvokeStatic+643) (BuildId: a0a062684495092d1756e30ba2dff37d)
#14 pc 001389a1 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_static+33) (BuildId: a0a062684495092d1756e30ba2dff37d)
#15 pc 001b4104 /apex/com.android.runtime/javalib/core-libart.jar (java.lang.Daemons$ReferenceQueueDaemon.runInternal+52)
#16 pc 00681adc /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1612) (BuildId: a0a062684495092d1756e30ba2dff37d)
#17 pc 00138821 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+33) (BuildId: a0a062684495092d1756e30ba2dff37d)
#18 pc 001b382e /apex/com.android.runtime/javalib/core-libart.jar (java.lang.Daemons$Daemon.run+50)
#19 pc 006837bc /apex/com.android.runtime/lib/libart.so (MterpInvokeInterface+1980) (BuildId: a0a062684495092d1756e30ba2dff37d)
#20 pc 00138a21 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_interface+33) (BuildId: a0a062684495092d1756e30ba2dff37d)
#21 pc 000ea918 /apex/com.android.runtime/javalib/core-oj.jar (java.lang.Thread.run+8)
#22 pc 002f8e0a /apex/com.android.runtime/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.6689468213397061768+298) (BuildId: a0a062684495092d1756e30ba2dff37d)
#23 pc 002ffcc5 /apex/com.android.runtime/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+181) (BuildId: a0a062684495092d1756e30ba2dff37d)
#24 pc 0066fbd9 /apex/com.android.runtime/lib/libart.so (artQuickToInterpreterBridge+1209) (BuildId: a0a062684495092d1756e30ba2dff37d)
#25 pc 0014503d /apex/com.android.runtime/lib/libart.so (art_quick_to_interpreter_bridge+77) (BuildId: a0a062684495092d1756e30ba2dff37d)
#26 pc 0013e7d2 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub+338) (BuildId: a0a062684495092d1756e30ba2dff37d)
#27 pc 00149a69 /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+281) (BuildId: a0a062684495092d1756e30ba2dff37d)
#28 pc 0055a513 /apex/com.android.runtime/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+99) (BuildId: a0a062684495092d1756e30ba2dff37d)
#29 pc 0055b91a /apex/com.android.runtime/lib/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*)+474) (BuildId: a0a062684495092d1756e30ba2dff37d)
#30 pc 005aaa51 /apex/com.android.runtime/lib/libart.so (art::Thread::CreateCallback(void*)+1585) (BuildId: a0a062684495092d1756e30ba2dff37d)
#31 pc 0011a8e5 /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+53) (BuildId: 76290498408016ad14f4b98c3ab6c65c)
#32 pc 000af6a7 /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+71) (BuildId: 76290498408016ad14f4b98c3ab6c65c)
I have no idea about how the issue is reproduced since it is from the native library and it is for only live users. But I am suspecting it is from SurfaceView as it's back stack suggests.
Device Details:
Oppo realme 3Pro (RMX1851), Android 9
ERROR
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) android::SurfaceComposerClient::Transaction::getLayerState(android::sp const&)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> com.test.surfaceview <<<
backtrace:
#00 pc 00000000000979c4 /system/lib64/libgui.so (android::SurfaceComposerClient::Transaction::getLayerState(android::sp<android::SurfaceControl> const&)+416)
#01 pc 0000000000098030 /system/lib64/libgui.so (android::SurfaceComposerClient::Transaction::deferTransactionUntil(android::sp<android::SurfaceControl> const&, android::sp<android::Surface> const&, unsigned long)+48)
#02 pc 000000000010b1e8 /system/lib64/libandroid_runtime.so (android::nativeDeferTransactionUntilSurface(_JNIEnv*, _jclass*, long, long, long, long)+100)
#03 pc 0000000000416300 /system/framework/arm64/boot-framework.oat (android.view.SurfaceControl.nativeDeferTransactionUntilSurface+176)
#04 pc 0000000000ba05c8 /system/framework/arm64/boot-framework.oat (android.view.SurfaceControl$Transaction.deferTransactionUntilSurface+136)
#05 pc 0000000000d42a54 /system/framework/arm64/boot-framework.oat (android.view.SurfaceView.applySurfaceTransforms+132)
#06 pc 0000000000d46ba0 /system/framework/arm64/boot-framework.oat (android.view.SurfaceView.updateSurfacePosition_renderWorker+752)
#07 pc 000000000055ab88 /system/lib64/libart.so (art_quick_invoke_stub+584)
#08 pc 00000000000d02c8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
#09 pc 000000000045f1f8 /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#10 pc 000000000046058c /system/lib64/libart.so (art::InvokeVirtualOrInterfaceWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+440)
#11 pc 0000000000340fec /system/lib64/libart.so (art::JNI::CallVoidMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+656)
#12 pc 00000000000c78e4 /system/lib64/libandroid_runtime.so (_JNIEnv::CallVoidMethod(_jobject*, _jmethodID*, ...)+116)
#13 pc 0000000000105abc /system/lib64/libandroid_runtime.so (_ZZN7androidL46android_view_RenderNode_requestPositionUpdatesEP7_JNIEnvP8_jobjectlS3_EN26SurfaceViewPositionUpdater21doUpdatePositionAsyncEliiii+204)
#14 pc 00000000002cef8c /system/lib64/libhwui.so
I tried to reproduce in a lot of scenarios but I had no luck.
Let me know if any other info is required.
It would be great if there is an explanation of how this issue can be fixed or fixed.