Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash: Memory error #352

Open
slashtab opened this issue Jun 7, 2024 · 2 comments
Open

Crash: Memory error #352

slashtab opened this issue Jun 7, 2024 · 2 comments

Comments

@slashtab
Copy link

slashtab commented Jun 7, 2024 

type: crash
osVersion: google/panther/panther:14/AP1A.240505.005/2024060500:user/release-keys
uid: 10266 (u:r:untrusted_app_32:s0:c10,c257,c512,c768)
cmdline: at.tomtasche.reader
processUptime: 392s

abortMessage: hardened_malloc: fatal allocator error: detected write after free

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: RenderThread

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 64e84)
    /apex/com.android.runtime/lib64/bionic/libc.so (fatal_error+44, pc 4d4c4)
    /apex/com.android.runtime/lib64/bionic/libc.so (allocate+1912, pc 4a4e8)
    /apex/com.android.runtime/lib64/bionic/libc.so (h_realloc+592, pc 49810)
    /apex/com.android.runtime/lib64/bionic/libc.so (realloc+84, pc 460a4)
    /system/lib64/libbinder.so (android::Parcel::flattenBinder(android::sp<android::IBinder> const&)+1260, pc 6041c)
    /system/lib64/libgui.so (android::BufferData::writeToParcel(android::Parcel*) const+488, pc 11f6f8)
    /system/lib64/libgui.so (android::layer_state_t::write(android::Parcel&) const+4220, pc d069c)
    /system/lib64/libgui.so (android::BpSurfaceComposer::setTransactionState(android::gui::FrameTimelineInfo const&, android::Vector<android::ComposerState>&, android::Vector<android::DisplayState> const&, unsigned int, android::sp<android::IBinder> const&, android::InputWindowCommands, long, bool, std::__1::vector<android::client_cache_t, std::__1::allocator<android::client_cache_t> > const&, bool, std::__1::vector<android::ListenerCallbacks, std::__1::allocator<android::ListenerCallbacks> > const&, unsigned long, std::__1::vector<unsigned long, std::__1::allocator<unsigned long> > const&)+236, pc ced0c)
    /system/lib64/libgui.so (android::SurfaceComposerClient::Transaction::apply(bool, bool)+712, pc 95268)
    /system/lib64/libgui.so (android::BLASTBufferQueue::acquireNextBufferLocked(std::__1::optional<android::SurfaceComposerClient::Transaction*>)+9212, pc d78bc)
    /system/lib64/libgui.so (android::BLASTBufferQueue::onFrameAvailable(android::BufferItem const&)+328, pc c07e8)
    /system/lib64/libgui.so (android::ConsumerBase::onFrameAvailable(android::BufferItem const&)+172, pc 1047bc)
    /system/lib64/libgui.so (android::BufferQueue::ProxyConsumerListener::onFrameAvailable(android::BufferItem const&)+92, pc edc8c)
    /system/lib64/libgui.so (android::BufferQueueProducer::queueBuffer(int, android::IGraphicBufferProducer::QueueBufferInput const&, android::IGraphicBufferProducer::QueueBufferOutput*)+1944, pc dc868)
    /system/lib64/libgui.so (android::Surface::queueBuffer(ANativeWindowBuffer*, int)+1288, pc e2538)
    /system/lib64/libgui.so (android::Surface::hook_queueBuffer(ANativeWindow*, ANativeWindowBuffer*, int)+92, pc 123eec)
    /system/lib64/libhwui.so (android::uirenderer::renderthread::VulkanSurface::presentCurrentBuffer(SkRect const&, int)+232, pc 4f3b28)
    /system/lib64/libhwui.so (android::uirenderer::skiapipeline::SkiaVulkanPipeline::swapBuffers(android::uirenderer::renderthread::Frame const&, android::uirenderer::renderthread::IRenderPipeline::DrawResult&, SkRect const&, android::uirenderer::FrameInfo*, bool*)+140, pc 4f39cc)
    /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::draw(bool)+1480, pc 34c7e8)
    /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareAndDraw(android::uirenderer::RenderNode*)+232, pc 34b9e8)
    /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::dispatchFrameCallbacks()+156, pc 4cb58c)
    /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+760, pc 4b84c8)
    /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+368, pc 14280)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cf93c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 66730)
@TomTasche
Copy link
Member

Thanks for the report!

Looks like an Android UI bug to me, since the stacktrace never mentions our code + we don't change the UI from C++. I'm assuming that causing such a crash should not be possible from within Java. Any other opinions?

PS: Can you consistently reproduce this crash? If so, we could submit it as a bug to Android.

@slashtab
Copy link
Author

slashtab commented Jun 7, 2024

I'm assuming that causing such a crash should not be possible from within Java.

Yes. Android UI is buggy that may be the culprit here.

Can you consistently reproduce this crash?

Yes! 4 out of 5 times, roughly. I reproduced it multiple times before submitting the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TomTasche @slashtab