In the Google Developer Console i see more and more crashes of my app coming from a tgkill+8 command. The stack trace looks always like this:
#00 pc 000000000006a808 /system/lib64/libc.so (tgkill+8)
#00 pc 000000000001db50 /system/lib64/libc.so (abort+88)
#00 pc 0000000000007f4c /system/lib64/liblog.so (__android_log_assert+304)
#00 pc 0000000000135ae8 /system/lib64/libandroid_runtime.so (Bitmap_copyColorSpace(_JNIEnv*, _jobject*, long, long)+180)
#00 pc 0000000000ae57d0 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.content.res.AssetManager.copyTheme [DEDUPED]+160)
#00 pc 0000000000b7641c /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.graphics.Bitmap.createBitmap+2556)
#00 pc 0000000000b77678 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.graphics.Bitmap.createScaledBitmap+376)
#00 pc 0000000000509638 /system/lib64/libart.so (art_quick_invoke_static_stub+600)
#00 pc 00000000000d80b4 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+260)
#00 pc 00000000002821e0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+352)
#00 pc 000000000027c8a8 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+672)
#00 pc 00000000004f2134 /system/lib64/libart.so (MterpInvokeStatic+468)
#00 pc 00000000004fae94 /system/lib64/libart.so (ExecuteMterpImpl+14612)
#00 pc 000000000025d624 /system/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+444)
#00 pc 0000000000263d24 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+212)
#00 pc 000000000027c888 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+640)
#00 pc 00000000004f2134 /system/lib64/libart.so (MterpInvokeStatic+468)
#00 pc 00000000004fae94 /system/lib64/libart.so (ExecuteMterpImpl+14612)
#00 pc 000000000025d624 /system/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+444)
#00 pc 0000000000263d24 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+212)
#00 pc 000000000027d018 /system/lib64/libart.so (bool art::interpreter::DoCall<false, true>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+1520)
#00 pc 0000000000297914 /system/lib64/libart.so (bool art::interpreter::DoInvoke<(art::InvokeType)0, false, true>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+612)
#00 pc 000000000028c828 /system/lib64/libart.so (art::JValue art::interpreter::ExecuteSwitchImpl<true, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+36540)
#00 pc 000000000025d700 /system/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+664)
#00 pc 00000000004e4a8c /system/lib64/libart.so (artQuickToInterpreterBridge+1468)
#00 pc 000000000051281c /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
#00 pc 0000000000643ca8 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.app.Activity.dispatchActivityResult+1512)
#00 pc 00000000006e8c34 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.app.ActivityThread.deliverResults+420)
#00 pc 00000000006f672c /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.app.ActivityThread.handleSendResult+1116)
#00 pc 00000000006e52e4 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.app.ActivityThread.-wrap20+52)
#00 pc 00000000006e0fa0 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.app.ActivityThread$H.handleMessage+8336)
#00 pc 00000000006dca6c /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.os.Handler.dispatchMessage+188)
#00 pc 000000000101be80 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.os.Looper.loop+1184)
#00 pc 00000000006fbc78 /system/framework/arm64/boot-framework.oat (offset 0x628000) (android.app.ActivityThread.main+1560)
#00 pc 0000000000509638 /system/lib64/libart.so (art_quick_invoke_static_stub+600)
#00 pc 00000000000d80b4 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+260)
#00 pc 0000000000431120 /system/lib64/libart.so (art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*)+104)
#00 pc 0000000000432c78 /system/lib64/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1460)
#00 pc 00000000003bc968 /system/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobject*)+52)
#00 pc 00000000002684a4 /system/framework/arm64/boot.oat (offset 0x1dc000) (java.lang.Class.getDeclaredMethodInternal [DEDUPED]+180)
#00 pc 0000000001777d58 /system/framework/arm64/boot-framework.oat (offset 0x628000) (com.android.internal.os.Zygote$MethodAndArgsCaller.run+136)
#00 pc 000000000177bfc0 /system/framework/arm64/boot-framework.oat (offset 0x628000) (com.android.internal.os.ZygoteInit.main+3472)
#00 pc 0000000000509638 /system/lib64/libart.so (art_quick_invoke_static_stub+600)
#00 pc 00000000000d80b4 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+260)
#00 pc 0000000000431120 /system/lib64/libart.so (art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*)+104)
#00 pc 0000000000430d7c /system/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
#00 pc 0000000000346794 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+624)
#00 pc 00000000000bbe38 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+120)
#00 pc 00000000000be09c /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+844)
#00 pc 0000000000002630 /system/bin/app_process64 (main+1592)
#00 pc 000000000001b850 /system/lib64/libc.so (__libc_init+88)
#00 pc 0000000000001f58 /system/bin/app_process64 (do_arm64_start+80)
From what i can interpret from this trace is that the crash most likely happens in onActivityResult() when android.graphics.Bitmap.createScaledBitmap is called in Java. But adding safeguards around any call of android.graphics.Bitmap.createScaledBitmap to make sure the sizes are valid (32px-192px) and the source bitmap is valid does not help.
Unfortunately the trace does not give more hints where in the java source code to look. It can also not be ruled out that the actual call of createScaledBitmap() is in one of the standard android libraries.
There are however some properties unique to this crash that make it very specific:
- It only happens on Huawei devices
- It only happens on devices with Android 8.0
- The crash seems to (nearly) only happen once for each user. There are in total 47 reports of the crash for 45 unique users.
Expecially the last property is something that is most likely specific to my app and suggests that it might be something that happens only when the application is started for the first time. The app shows a "Welcome Screen" and a tutorial the first time it is started, and the tutorial is also opened from the onActivityResult() function. However, this view does not use any bitmap related code from my site, also all used graphics are based on vector drawables or other primitives.
It is not possible for me to reproduce this bug, as it only seems to happen once per device and i do not have access to any Huawei device with Android 8.0.
I already took a look at similar question here on stackoverflow, like:
Native Crash tgkill+8 for MediaPlayer (Samsung Oreo 8.0)
Crashes on Huawei Android 7-10
Android 8 native crash at native library
native crashes for android 8.0 devices tgkill
All crashes are however either caused by a used library, are specific to another Android version/manufacturers or do not have a solution. The answer from the last question to not use "minifyEnabled" did not solve the problem, the call to tgkill+8 also happened in the version that had it disabled.
I know it is really hard to find the root cause of the problem based on the information i can provide. However there is a little hope, that maybe someone else also has stumbled upon this crash and was able to find out more about the reason.
