prepareWithoutScan() on MediaTek #8
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Hi there; You can submit your change requests through our public review system, That review system is an installation of Google's Gerrit code review. Thanks! |
Koloses
pushed a commit
to GalaxyFork/android_frameworks_base
that referenced
this pull request
May 29, 2018
If mSurface has already been released in another thread, this would result in a null-pointer dereference in SurfaceSession contructor i.e. in nativeCreateScoped(). 7757 7757 F DEBUG : pid: 1402, tid: 1583, name: android.anim >>> system_server <<< 7757 7757 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd0 7757 7757 F DEBUG : Cause: null pointer dereference ... <trimmed> 7757 7757 F DEBUG : backtrace: 7757 7757 F DEBUG : #00 pc 000000000007fe58 /system/lib64/libgui.so (android::Surface::getIGraphicBufferProducer() const) 7757 7757 F DEBUG : LineageOS#1 pc 00000000000ff000 /system/lib64/libandroid_runtime.so (android::nativeCreateScoped(_JNIEnv*, _jclass*, long)+52) 7757 7757 F DEBUG : LineageOS#2 pc 0000000000ac8968 /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.content.res.XmlBlock.nativeCreateParseState [DEDUPED]+152) 7757 7757 F DEBUG : LineageOS#3 pc 0000000001327d24 /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.view.SurfaceSession.<init>+52) 7757 7757 F DEBUG : LineageOS#4 pc 00000000014b7320 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSizeMismatchSnapshot+128) 7757 7757 F DEBUG : LineageOS#5 pc 00000000014b784c /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSnapshot+188) 7757 7757 F DEBUG : LineageOS#6 pc 00000000014b6f2c /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.create+2684) 7757 7757 F DEBUG : LineageOS#7 pc 00000000014b0158 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotController.createStartingSurface+72) 7757 7757 F DEBUG : LineageOS#8 pc 00000000014a5ca0 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.SnapshotStartingData.createStartingSurface+96) 7757 7757 F DEBUG : LineageOS#9 pc 000000000144b030 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.AppWindowContainerController.lambda$-com_android_server_wm_AppWindowContainerController_4735+496) ... <trimmed> Change-Id: I41268c7680d3885c85fc3b682d0eba7415674062 Signed-off-by: Adesh15 <[email protected]>
i81u812
pushed a commit
to i81u812/android_frameworks_base
that referenced
this pull request
Jul 30, 2018
If mSurface has already been released in another thread, this would result in a null-pointer dereference in SurfaceSession contructor i.e. in nativeCreateScoped(). 7757 7757 F DEBUG : pid: 1402, tid: 1583, name: android.anim >>> system_server <<< 7757 7757 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd0 7757 7757 F DEBUG : Cause: null pointer dereference ... <trimmed> 7757 7757 F DEBUG : backtrace: 7757 7757 F DEBUG : #00 pc 000000000007fe58 /system/lib64/libgui.so (android::Surface::getIGraphicBufferProducer() const) 7757 7757 F DEBUG : LineageOS#1 pc 00000000000ff000 /system/lib64/libandroid_runtime.so (android::nativeCreateScoped(_JNIEnv*, _jclass*, long)+52) 7757 7757 F DEBUG : LineageOS#2 pc 0000000000ac8968 /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.content.res.XmlBlock.nativeCreateParseState [DEDUPED]+152) 7757 7757 F DEBUG : LineageOS#3 pc 0000000001327d24 /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.view.SurfaceSession.<init>+52) 7757 7757 F DEBUG : LineageOS#4 pc 00000000014b7320 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSizeMismatchSnapshot+128) 7757 7757 F DEBUG : LineageOS#5 pc 00000000014b784c /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSnapshot+188) 7757 7757 F DEBUG : LineageOS#6 pc 00000000014b6f2c /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.create+2684) 7757 7757 F DEBUG : LineageOS#7 pc 00000000014b0158 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotController.createStartingSurface+72) 7757 7757 F DEBUG : LineageOS#8 pc 00000000014a5ca0 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.SnapshotStartingData.createStartingSurface+96) 7757 7757 F DEBUG : LineageOS#9 pc 000000000144b030 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.AppWindowContainerController.lambda$-com_android_server_wm_AppWindowContainerController_4735+496) ... <trimmed> Change-Id: I41268c7680d3885c85fc3b682d0eba7415674062 Signed-off-by: Pranav Vashi <[email protected]>
ChronoMonochrome
pushed a commit
to CustomROMs/android_frameworks_base
that referenced
this pull request
Sep 13, 2018
If mSurface has already been released in another thread, this would result in a null-pointer dereference in SurfaceSession contructor i.e. in nativeCreateScoped(). 7757 7757 F DEBUG : pid: 1402, tid: 1583, name: android.anim >>> system_server <<< 7757 7757 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd0 7757 7757 F DEBUG : Cause: null pointer dereference ... <trimmed> 7757 7757 F DEBUG : backtrace: 7757 7757 F DEBUG : #00 pc 000000000007fe58 /system/lib64/libgui.so (android::Surface::getIGraphicBufferProducer() const) 7757 7757 F DEBUG : LineageOS#1 pc 00000000000ff000 /system/lib64/libandroid_runtime.so (android::nativeCreateScoped(_JNIEnv*, _jclass*, long)+52) 7757 7757 F DEBUG : LineageOS#2 pc 0000000000ac8968 /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.content.res.XmlBlock.nativeCreateParseState [DEDUPED]+152) 7757 7757 F DEBUG : LineageOS#3 pc 0000000001327d24 /system/framework/arm64/boot-framework.oat (offset 0x614000) (android.view.SurfaceSession.<init>+52) 7757 7757 F DEBUG : LineageOS#4 pc 00000000014b7320 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSizeMismatchSnapshot+128) 7757 7757 F DEBUG : LineageOS#5 pc 00000000014b784c /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.drawSnapshot+188) 7757 7757 F DEBUG : LineageOS#6 pc 00000000014b6f2c /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotSurface.create+2684) 7757 7757 F DEBUG : LineageOS#7 pc 00000000014b0158 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.TaskSnapshotController.createStartingSurface+72) 7757 7757 F DEBUG : LineageOS#8 pc 00000000014a5ca0 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.SnapshotStartingData.createStartingSurface+96) 7757 7757 F DEBUG : LineageOS#9 pc 000000000144b030 /system/framework/oat/arm64/services.odex (offset 0x5be000) (com.android.server.wm.AppWindowContainerController.lambda$-com_android_server_wm_AppWindowContainerController_4735+496) ... <trimmed> Bug: 74129970 Change-Id: I41268c7680d3885c85fc3b682d0eba7415674062
villarleg
pushed a commit
to villarleg/android_frameworks_base
that referenced
this pull request
Dec 18, 2018
11-13 20:00:00.527 10645 10645 I crash_dump64: performing dump of process 1467 (target tid = 10124) 11-13 20:00:00.538 10645 10645 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 11-13 20:00:00.539 10645 10645 F DEBUG : Build fingerprint: 'HONOR/BKL-L09/HWBKL:8.0.0/HUAWEIBKL-L09S/172(C432):user/release-keys' 11-13 20:00:00.539 10645 10645 F DEBUG : Revision: '0' 11-13 20:00:00.539 10645 10645 F DEBUG : ABI: 'arm64' 11-13 20:00:00.539 10645 10645 F DEBUG : pid: 1467, tid: 10124, name: Visualizer >>> com.android.systemui <<< 11-13 20:00:00.539 10645 10645 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 11-13 20:00:00.539 10645 10645 F DEBUG : Abort message: 'FORTIFY: pthread_mutex_lock called on a destroyed mutex (0x7c633df0f4)' 11-13 20:00:00.539 10645 10645 F DEBUG : x0 0000000000000000 x1 000000000000278c x2 0000000000000006 x3 0000000000000008 11-13 20:00:00.539 10645 10645 F DEBUG : x4 0000000000008080 x5 0000000000008080 x6 0000000000008080 x7 0000000000000038 11-13 20:00:00.539 10645 10645 F DEBUG : x8 0000000000000083 x9 40ef6d32d31c854a x10 0000000000000000 x11 fffffffc7ffffbdf 11-13 20:00:00.539 10645 10645 F DEBUG : x12 0000000000000001 x13 000000005beb1f30 x14 0005a1f49bc3a000 x15 0000112f9e154a12 11-13 20:00:00.539 10645 10645 F DEBUG : x16 0000007cffb6f2c8 x17 0000007cffaad0d0 x18 00000000fffbfffe x19 00000000000005bb 11-13 20:00:00.539 10645 10645 F DEBUG : x20 000000000000278c x21 0000007d000d96d0 x22 0000000000000001 x23 0000000000000035 11-13 20:00:00.539 10645 10645 F DEBUG : x24 0000007d000c6fc8 x25 0000007d000c7680 x26 0000007c52a14588 x27 0000000000000000 11-13 20:00:00.539 10645 10645 F DEBUG : x28 0000000000000005 x29 0000007c52a141a0 11-13 20:00:00.539 10645 10645 F DEBUG : sp 0000007c52a14160 lr 0000007cffaa1bfc pc 0000007cffaa1c24 11-13 20:00:00.564 10645 10645 F DEBUG : 11-13 20:00:00.564 10645 10645 F DEBUG : backtrace: 11-13 20:00:00.564 10645 10645 F DEBUG : #00 pc 0000000000021c24 /system/lib64/libc.so (abort+116) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#1 pc 0000000000082f04 /system/lib64/libc.so (__fortify_fatal(char const*, ...)+120) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#2 pc 0000000000082600 /system/lib64/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+52) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#3 pc 00000000000824b4 /system/lib64/libc.so (pthread_mutex_lock+228) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#4 pc 00000000000a8c54 /system/lib64/libmedia.so (android::Visualizer::periodicCapture()+56) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#5 pc 00000000000a8aac /system/lib64/libmedia.so (android::Visualizer::CaptureThread::threadLoop()+88) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#6 pc 000000000000f9d8 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+280) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#7 pc 00000000000b4980 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+140) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#8 pc 0000000000081938 /system/lib64/libc.so (__pthread_start(void*)+36) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#9 pc 0000000000023478 /system/lib64/libc.so (__start_thread+68) Change-Id: Ic7f9788df8a38084c3b150eaa22d67f869085ca2 Signed-off-by: Pranav Vashi <[email protected]>
partcyborg
pushed a commit
to partcyborg/android_frameworks_base-lineage
that referenced
this pull request
Jul 31, 2019
11-13 20:00:00.527 10645 10645 I crash_dump64: performing dump of process 1467 (target tid = 10124) 11-13 20:00:00.538 10645 10645 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 11-13 20:00:00.539 10645 10645 F DEBUG : Build fingerprint: 'HONOR/BKL-L09/HWBKL:8.0.0/HUAWEIBKL-L09S/172(C432):user/release-keys' 11-13 20:00:00.539 10645 10645 F DEBUG : Revision: '0' 11-13 20:00:00.539 10645 10645 F DEBUG : ABI: 'arm64' 11-13 20:00:00.539 10645 10645 F DEBUG : pid: 1467, tid: 10124, name: Visualizer >>> com.android.systemui <<< 11-13 20:00:00.539 10645 10645 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 11-13 20:00:00.539 10645 10645 F DEBUG : Abort message: 'FORTIFY: pthread_mutex_lock called on a destroyed mutex (0x7c633df0f4)' 11-13 20:00:00.539 10645 10645 F DEBUG : x0 0000000000000000 x1 000000000000278c x2 0000000000000006 x3 0000000000000008 11-13 20:00:00.539 10645 10645 F DEBUG : x4 0000000000008080 x5 0000000000008080 x6 0000000000008080 x7 0000000000000038 11-13 20:00:00.539 10645 10645 F DEBUG : x8 0000000000000083 x9 40ef6d32d31c854a x10 0000000000000000 x11 fffffffc7ffffbdf 11-13 20:00:00.539 10645 10645 F DEBUG : x12 0000000000000001 x13 000000005beb1f30 x14 0005a1f49bc3a000 x15 0000112f9e154a12 11-13 20:00:00.539 10645 10645 F DEBUG : x16 0000007cffb6f2c8 x17 0000007cffaad0d0 x18 00000000fffbfffe x19 00000000000005bb 11-13 20:00:00.539 10645 10645 F DEBUG : x20 000000000000278c x21 0000007d000d96d0 x22 0000000000000001 x23 0000000000000035 11-13 20:00:00.539 10645 10645 F DEBUG : x24 0000007d000c6fc8 x25 0000007d000c7680 x26 0000007c52a14588 x27 0000000000000000 11-13 20:00:00.539 10645 10645 F DEBUG : x28 0000000000000005 x29 0000007c52a141a0 11-13 20:00:00.539 10645 10645 F DEBUG : sp 0000007c52a14160 lr 0000007cffaa1bfc pc 0000007cffaa1c24 11-13 20:00:00.564 10645 10645 F DEBUG : 11-13 20:00:00.564 10645 10645 F DEBUG : backtrace: 11-13 20:00:00.564 10645 10645 F DEBUG : #00 pc 0000000000021c24 /system/lib64/libc.so (abort+116) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#1 pc 0000000000082f04 /system/lib64/libc.so (__fortify_fatal(char const*, ...)+120) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#2 pc 0000000000082600 /system/lib64/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+52) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#3 pc 00000000000824b4 /system/lib64/libc.so (pthread_mutex_lock+228) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#4 pc 00000000000a8c54 /system/lib64/libmedia.so (android::Visualizer::periodicCapture()+56) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#5 pc 00000000000a8aac /system/lib64/libmedia.so (android::Visualizer::CaptureThread::threadLoop()+88) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#6 pc 000000000000f9d8 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+280) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#7 pc 00000000000b4980 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+140) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#8 pc 0000000000081938 /system/lib64/libc.so (__pthread_start(void*)+36) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#9 pc 0000000000023478 /system/lib64/libc.so (__start_thread+68) Change-Id: Ic7f9788df8a38084c3b150eaa22d67f869085ca2
pengus77
pushed a commit
to pengus77/frameworks_base
that referenced
this pull request
Sep 30, 2019
11-13 20:00:00.527 10645 10645 I crash_dump64: performing dump of process 1467 (target tid = 10124) 11-13 20:00:00.538 10645 10645 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 11-13 20:00:00.539 10645 10645 F DEBUG : Build fingerprint: 'HONOR/BKL-L09/HWBKL:8.0.0/HUAWEIBKL-L09S/172(C432):user/release-keys' 11-13 20:00:00.539 10645 10645 F DEBUG : Revision: '0' 11-13 20:00:00.539 10645 10645 F DEBUG : ABI: 'arm64' 11-13 20:00:00.539 10645 10645 F DEBUG : pid: 1467, tid: 10124, name: Visualizer >>> com.android.systemui <<< 11-13 20:00:00.539 10645 10645 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 11-13 20:00:00.539 10645 10645 F DEBUG : Abort message: 'FORTIFY: pthread_mutex_lock called on a destroyed mutex (0x7c633df0f4)' 11-13 20:00:00.539 10645 10645 F DEBUG : x0 0000000000000000 x1 000000000000278c x2 0000000000000006 x3 0000000000000008 11-13 20:00:00.539 10645 10645 F DEBUG : x4 0000000000008080 x5 0000000000008080 x6 0000000000008080 x7 0000000000000038 11-13 20:00:00.539 10645 10645 F DEBUG : x8 0000000000000083 x9 40ef6d32d31c854a x10 0000000000000000 x11 fffffffc7ffffbdf 11-13 20:00:00.539 10645 10645 F DEBUG : x12 0000000000000001 x13 000000005beb1f30 x14 0005a1f49bc3a000 x15 0000112f9e154a12 11-13 20:00:00.539 10645 10645 F DEBUG : x16 0000007cffb6f2c8 x17 0000007cffaad0d0 x18 00000000fffbfffe x19 00000000000005bb 11-13 20:00:00.539 10645 10645 F DEBUG : x20 000000000000278c x21 0000007d000d96d0 x22 0000000000000001 x23 0000000000000035 11-13 20:00:00.539 10645 10645 F DEBUG : x24 0000007d000c6fc8 x25 0000007d000c7680 x26 0000007c52a14588 x27 0000000000000000 11-13 20:00:00.539 10645 10645 F DEBUG : x28 0000000000000005 x29 0000007c52a141a0 11-13 20:00:00.539 10645 10645 F DEBUG : sp 0000007c52a14160 lr 0000007cffaa1bfc pc 0000007cffaa1c24 11-13 20:00:00.564 10645 10645 F DEBUG : 11-13 20:00:00.564 10645 10645 F DEBUG : backtrace: 11-13 20:00:00.564 10645 10645 F DEBUG : #00 pc 0000000000021c24 /system/lib64/libc.so (abort+116) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#1 pc 0000000000082f04 /system/lib64/libc.so (__fortify_fatal(char const*, ...)+120) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#2 pc 0000000000082600 /system/lib64/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+52) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#3 pc 00000000000824b4 /system/lib64/libc.so (pthread_mutex_lock+228) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#4 pc 00000000000a8c54 /system/lib64/libmedia.so (android::Visualizer::periodicCapture()+56) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#5 pc 00000000000a8aac /system/lib64/libmedia.so (android::Visualizer::CaptureThread::threadLoop()+88) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#6 pc 000000000000f9d8 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+280) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#7 pc 00000000000b4980 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+140) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#8 pc 0000000000081938 /system/lib64/libc.so (__pthread_start(void*)+36) 11-13 20:00:00.564 10645 10645 F DEBUG : LineageOS#9 pc 0000000000023478 /system/lib64/libc.so (__start_thread+68) Change-Id: Ic7f9788df8a38084c3b150eaa22d67f869085ca2
althafvly
pushed a commit
to LOS-M8916/android_frameworks_base
that referenced
this pull request
Jun 26, 2021
Allow longpress power button to toggle torch [1/2]
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 9, 2023
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 9, 2023
There are two _different_ definitions of the NativeFamilyBuilder class, one in jni/FontFamily.cpp and the other in jni/fonts/FontFamily.cpp, violating the one-definition rule. Make them local by moving to an anonymous namespace. This is an issue in non-optimized builds where ~NativeFamilyBuilder isn't inlined, so the wrong destructor ends up being called: ``` (gdb) bt [...] LineageOS#3 0x0000007292c44a8c in std::__1::vector<minikin::FontVariation, std::__1::allocator<minikin::FontVariation> >::~vector () LineageOS#4 0x0000007292c44a54 in android::NativeFamilyBuilder::~NativeFamilyBuilder () LineageOS#8 0x0000007292c64cec in android::FontFamily_Builder_build () ``` (note that the struct used by FontFamily_Builder_build() doesn't have the vector<minikin::FontVariation> field) Test: add "-O0" to hwui cflags and verify that system_server no longer hangs on startup Signed-off-by: Tomislav Novak <[email protected]> Change-Id: Ic071a7c00a9b2f632b6f56877f54c6a58eb38965 Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 9, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 9, 2023
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 9, 2023
There are two _different_ definitions of the NativeFamilyBuilder class, one in jni/FontFamily.cpp and the other in jni/fonts/FontFamily.cpp, violating the one-definition rule. Make them local by moving to an anonymous namespace. This is an issue in non-optimized builds where ~NativeFamilyBuilder isn't inlined, so the wrong destructor ends up being called: ``` (gdb) bt [...] LineageOS#3 0x0000007292c44a8c in std::__1::vector<minikin::FontVariation, std::__1::allocator<minikin::FontVariation> >::~vector () LineageOS#4 0x0000007292c44a54 in android::NativeFamilyBuilder::~NativeFamilyBuilder () LineageOS#8 0x0000007292c64cec in android::FontFamily_Builder_build () ``` (note that the struct used by FontFamily_Builder_build() doesn't have the vector<minikin::FontVariation> field) Test: add "-O0" to hwui cflags and verify that system_server no longer hangs on startup Signed-off-by: Tomislav Novak <[email protected]> Change-Id: Ic071a7c00a9b2f632b6f56877f54c6a58eb38965 Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 9, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 15, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 17, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 17, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 21, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 21, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 21, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 23, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 26, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jun 4, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
Ghosuto
pushed a commit
to Ghostalioth/android
that referenced
this pull request
Jun 4, 2023
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
Ghosuto
pushed a commit
to Ghostalioth/android
that referenced
this pull request
Jun 4, 2023
There are two _different_ definitions of the NativeFamilyBuilder class, one in jni/FontFamily.cpp and the other in jni/fonts/FontFamily.cpp, violating the one-definition rule. Make them local by moving to an anonymous namespace. This is an issue in non-optimized builds where ~NativeFamilyBuilder isn't inlined, so the wrong destructor ends up being called: ``` (gdb) bt [...] LineageOS#3 0x0000007292c44a8c in std::__1::vector<minikin::FontVariation, std::__1::allocator<minikin::FontVariation> >::~vector () LineageOS#4 0x0000007292c44a54 in android::NativeFamilyBuilder::~NativeFamilyBuilder () LineageOS#8 0x0000007292c64cec in android::FontFamily_Builder_build () ``` (note that the struct used by FontFamily_Builder_build() doesn't have the vector<minikin::FontVariation> field) Test: add "-O0" to hwui cflags and verify that system_server no longer hangs on startup Signed-off-by: Tomislav Novak <[email protected]> Change-Id: Ic071a7c00a9b2f632b6f56877f54c6a58eb38965 Signed-off-by: Pranav Vashi <[email protected]>
Ghosuto
pushed a commit
to Ghostalioth/android
that referenced
this pull request
Jun 4, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jun 7, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jun 12, 2023
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
xenxynon
pushed a commit
to xenxynon/lineage
that referenced
this pull request
Dec 5, 2024
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Dec 10, 2024
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Dec 10, 2024
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Dec 17, 2024
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Dec 17, 2024
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
kshitij-vk
pushed a commit
to TenX-OS-VIC/frameworks_base
that referenced
this pull request
Dec 27, 2024
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Change-Id: Icba46f4521e11b146461dec67a68a92393a9bba1
Signed-off-by: Pranav Vashi <[email protected]>
Signed-off-by: Aston-Martinn <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jan 27, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jan 27, 2025
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
minaripenguin
added a commit
to unofficial-risingos-backup/android_frameworks_base
that referenced
this pull request
Feb 1, 2025
Make AOSP native freeform windows always-on-top
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Feb 18, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Feb 18, 2025
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Mar 13, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Mar 13, 2025
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 10, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
May 10, 2025
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jun 7, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jun 7, 2025
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jun 13, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
MJPollard
pushed a commit
to AltairROM/android_frameworks_base
that referenced
this pull request
Jun 13, 2025
* i thought this was fixed by dropping HB and freetype modifications but a user reported a sysui crash without logcat nor context so im using my old copy
* addr2line was pointing the NPD [1] to a new instance of SkMemoryStream (if im not mistaken)
minaripenguin@minaripenguin:~/bugreport-oriole-TQ2A.230405.003.E1-2023-04-13-09-02-17/FS/data/tombstones$ addr2line -f -e '/mnt/xxxx/xxxxx/out/target/product/oriole/system/lib/libhwui.so' 000000000024a61c
_ZN14SkMemoryStreamC2E5sk_spI6SkDataE
* to temporarily aid the crash issue, until we find and fix the font that causes the crash, silently swallow the errors since the rom shouldn't booting at all if current font in use has invalid data.
[1]
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RisingOS Version: '1.0-20230412-UNOFFICIAL-oriole'
Build fingerprint: 'google/oriole/oriole:13/TQ2A.230305.008.E1/9677224:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2023-04-13 00:41:15.026955853+0800
Process uptime: 216s
Cmdline: com.android.systemui
pid: 17576, tid: 17613, name: RenderThread >>> com.android.systemui <<<
uid: 10403
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b4000074cc5b7e60 x1 00000072ca63fa20 x2 00000072ca63fa20 x3 0000000000000001
x4 00000072ca63efa0 x5 000000747c59e4bc x6 00005a120000edab x7 0000906f00008280
x8 0000000000000000 x9 56bd015d3f6fc8f6 x10 0000000000000000 x11 000000000000001a
x12 0000000000000000 x13 b4000074ecbba980 x14 0000000000000033 x15 0000000000000019
x16 00000075f74ae6a8 x17 00000075fdb0fec0 x18 00000072ca470000 x19 b4000074cc5b7e60
x20 b4000074cc5b7e88 x21 b4000074cc5b7e60 x22 b40000737c76ae48 x23 b40000737c76ae30
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b4000073cc52f898
x28 00000072ca547000 x29 00000072ca63f7e0
lr 00000075eec487e0 sp 00000072ca63f7e0 pc 00000075eec4a61c pst 0000000020001000
backtrace:
#00 pc 000000000024a61c /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+108) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#1 pc 00000000002487dc /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#2 pc 000000000025b2a4 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#3 pc 000000000027fdcc /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+348) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#4 pc 0000000000282bdc /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+364) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#5 pc 0000000000272c34 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+580) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#6 pc 0000000000292e9c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+412) (BuildId: f37109e40765e94e2634e351e2ba0981)
LineageOS#7 pc 0000000000013220 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+416) (BuildId: 536947a6fb111c99b28090cdd95ee772)
LineageOS#8 pc 00000000000bc1cc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 7c802f36645db769f96376c94049c9cf)
LineageOS#9 pc 0000000000055020 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 7c802f36645db769f96376c94049c9cf)
Signed-off-by: minaripenguin <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Aug 3, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Aug 3, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Aug 16, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Aug 16, 2025
PixelPropsUtils: Update GMS Spoof FP from tokay_beta 16 BP22.250325.0…
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Sep 1, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Sep 1, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Sep 4, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Sep 4, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Sep 5, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Sep 5, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
toukashishigaya
pushed a commit
to youkai-b/los_fwb
that referenced
this pull request
Sep 7, 2025
Fix NULL deref
```
Cmdline: com.android.systemui
pid: 2530, tid: 2589, name: RenderThread >>> com.android.systemui <<<
uid: 10293
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000010
Cause: null pointer dereference
x0 b400007cbe7b8ff0 x1 0000007bf78fb9f0 x2 b400007c8c184898 x3 0000000000000001
x4 0000007bf78faf80 x5 00000000007f5687 x6 000000001991ade0 x7 0000000000000010
x8 0000000000000000 x9 43490de4ff9b0700 x10 b400007cbe7b8c00 x11 0000000000000002
x12 0000000000000000 x13 000000003f800000 x14 000000003f800000 x15 0000000000000000
x16 0000007d71724720 x17 0000007d57ccdb00 x18 0000007bf7568000 x19 b400007cbe7b8ff0
x20 b400007cbe7b9018 x21 b400007cbe7b8ff0 x22 b400007cbe280010 x23 b400007cbe280000
x24 7ffffffffffffff8 x25 1fffffffffffffff x26 00000000ffffffff x27 b400007c7e1b0da8
x28 0000007bf78fc000 x29 0000007bf78fb7a0
lr 0000007d67aaf330 sp 0000007bf78fb7a0 pc 0000007d67ab1590 pst 0000000020001000
backtrace:
#00 pc 0000000000253590 /system/lib64/libhwui.so (android::uirenderer::AnimatorManager::pushStaging()+112)
LineageOS#1 pc 000000000025132c /system/lib64/libhwui.so (android::uirenderer::AnimationContext::runRemainingAnimations(android::uirenderer::TreeInfo&)+44)
LineageOS#2 pc 0000000000267664 /system/lib64/libhwui.so (android::uirenderer::AnimationContextBridge::runRemainingAnimations(android::uirenderer::TreeInfo&)+36)
LineageOS#3 pc 0000000000292720 /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::prepareTree(android::uirenderer::TreeInfo&, long*, long, android::uirenderer::RenderNode*)+352)
LineageOS#4 pc 00000000002959c8 /system/lib64/libhwui.so (std::__1::__function::__func<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0, std::__1::allocator<android::uirenderer::renderthread::DrawFrameTask::postAndWait()::$_0>, void ()>::operator()() (.c1671e787f244890c877724752face20)+360)
LineageOS#5 pc 0000000000282ce4 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+1108)
LineageOS#6 pc 00000000002a808c /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+556)
LineageOS#7 pc 0000000000013a14 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+436)
LineageOS#8 pc 00000000000d07ac /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
LineageOS#9 pc 00000000000567f0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
```
Signed-off-by: Pranav Vashi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.