Fixed
Status Update
No update yet.
Comments
jp...@google.com
jo...@google.com
All these crashes happening on m1 mac, and only with os version "13.2.1 22D68" and "13.1.0 22C65"
jo...@google.com
I got a similar crash when I enabled asan, and clicking rotate button a few times on the tool-window:
==88892==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000105a59dc8 at pc 0x00010e038db0 bp 0x00016fbbdf10 sp 0x00016fbbd6c8 [9/1419]
WRITE of size 230 at 0x000105a59dc8 thread T0
#0 0x10e038dac in __asan_memcpy+0x240 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3cdac)
#1 0x102c39164 in android::crashreport::AnnotationStreambuf<8192u>::xsputn(char const*, long) AnnotationStreambuf.h:44
#2 0x102c1e324 in std::__1::ostreambuf_iterator<char, std::__1::char_traits<char> > std::__1::__pad_and_output<char, std::__1::char_traits<char> >(std::__1::ostreambuf_iterator<char, std::__1::char_traits<char> >, char const*, char const*,
char const*, std::__1::ios_base&, char) locale:1428
#3 0x102c1de78 in std::__1::basic_ostream<char, std::__1::char_traits<char> >& std::__1::__put_character_sequence<char, std::__1::char_traits<char> >(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, char const*, unsigned long)
ostream:718
#4 0x10138c9cc in QtLogger::write(char const*, ...) QtLogger.cpp:42
#5 0x101363f40 in myMessageOutput(QtMsgType, QMessageLogContext const&, QString const&) winsys-qt.cpp
#6 0x10bb14c48 in qt_message_print(QtMsgType, QMessageLogContext const&, QString const&)+0x118 (libQt6CoreAndroidEmu.6.2.1.dylib:arm64+0x10c48)
#7 0x10bb14b10 in qt_message_output(QtMsgType, QMessageLogContext const&, QString const&)+0x10 (libQt6CoreAndroidEmu.6.2.1.dylib:arm64+0x10b10)
#8 0x10bb1b19c in QDebug::~QDebug()+0x7c (libQt6CoreAndroidEmu.6.2.1.dylib:arm64+0x1719c)
#9 0x10cd6e7d0 in QGuiApplicationPrivate::processTouchEvent(QWindowSystemInterfacePrivate::TouchEvent*)+0x85c (libQt6GuiAndroidEmu.6.2.1.dylib:arm64+0x8a7d0)
#10 0x10cdb5c8c in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)+0x1b8 (libQt6GuiAndroidEmu.6.2.1.dylib:arm64+0xd1c8c)
#11 0x114fdca4c in QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*)+0x2c (libqcocoaAndroidEmu.dylib:arm64+0x14a4c)
#12 0x184815a04 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__+0x18 (CoreFoundation:arm64e+0x81a04)
#13 0x184815998 in __CFRunLoopDoSource0+0xac (CoreFoundation:arm64e+0x81998)
#14 0x184815708 in __CFRunLoopDoSources0+0xf0 (CoreFoundation:arm64e+0x81708)
#15 0x18481430c in __CFRunLoopRun+0x340 (CoreFoundation:arm64e+0x8030c)
#16 0x184813874 in CFRunLoopRunSpecific+0x260 (CoreFoundation:arm64e+0x7f874)
#17 0x18def3f9c in RunCurrentEventLoopInMode+0x120 (HIToolbox:arm64e+0x31f9c)
#18 0x18def3c2c in ReceiveNextEventCommon+0xe8 (HIToolbox:arm64e+0x31c2c)
#19 0x18def3b28 in _BlockUntilNextEventMatchingListInModeWithFilter+0x44 (HIToolbox:arm64e+0x31b28)
#20 0x187a99848 in _DPSNextEvent+0x274 (AppKit:arm64e+0x39848)
#21 0x187a989d8 in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]+0x2d4 (AppKit:arm64e+0x389d8)
#22 0x187a8ce08 in -[NSApplication run]+0x1cc (AppKit:arm64e+0x2ce08)
#23 0x114fdb92c in QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)+0x6ac (libqcocoaAndroidEmu.dylib:arm64+0x1392c)
#24 0x10bb9c7f0 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)+0x1f0 (libQt6CoreAndroidEmu.6.2.1.dylib:arm64+0x987f0)
#25 0x10bb93b44 in QCoreApplication::exec()+0x7c (libQt6CoreAndroidEmu.6.2.1.dylib:arm64+0x8fb44)
#26 0x10135f3e0 in skin_winsys_enter_main_loop winsys-qt.cpp:229
#27 0x10067ba7c in main main.cpp:3285
#28 0x18440be4c (<unknown module>)
0x000105a59dc8 is located 0 bytes to the right of global variable 'sLogger' defined in '/Volumes/android/emu-master-dev/external/qemu/android/android-emu/android/skin/qt/QtLogger.cpp:24:31' (0x105a57cc0) of size 8456
SUMMARY: AddressSanitizer: global-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3cdac) in __asan_memcpy+0x240
Shadow bytes around the buggy address:
0x007020b6b360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x007020b6b370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x007020b6b380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x007020b6b390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x007020b6b3a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x007020b6b3b0: 00 00 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 f9
0x007020b6b3c0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x007020b6b3d0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x007020b6b3e0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x007020b6b3f0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x007020b6b400: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==88892==ABORTING
[88897:711167:20230328,100221.302431:ERROR process_memory.cc:92] unterminated string
[88897:711167:20230328,100221.302466:WARNING mach_o_image_annotations_reader.cc:116] could not read crash message in /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/14.0.0/lib/darwin/libclang_rt.asa
n_osx_dynamic.dylib
[88897:711168:20230328,100221.316078:ERROR directory_reader_posix.cc:42] opendir /tmp/android-joshuaduong/emu-crash.db/attachments/bb8dcb3f-d645-43b1-b9d2-7a2345cdc0d6: No such file or directory (2)
[88897:711167:20230328,100221.316842:WARNING crash_report_exception_handler.cc:235] UniversalExceptionRaise: (os/kern) failure (5)
Abort trap: 6
jo...@google.com
It seems to have something to do with the qt logging. I can repro the crash by doing:
- Using the trackpad, move cursor into the emulator window, then release finger from trackpad
- put finger on trackpad, move cursor outside emulator window, then release finger
- repeat steps 1 and 2 around 10 times. It will crash
ap...@google.com
Project: platform/external/qemu
Branch: emu-master-dev
commit 526594bc437cd7cb703d5ebc7f9f9a438d156731
Author: Joshua Duong <joshuaduong@google.com>
Date: Tue Mar 28 13:30:14 2023
Fix Qt logging crash.
Qt may log unicode characters to our custom logger. Make sure we handle it correctly.
Bug: 275397905
Test: On M1 mac, boot emulator and:
1) Using the trackpad, move cursor into the emulator window, then release finger from trackpad
2) put finger on trackpad, move cursor outside emulator window, then release finger
3) repeat steps 1 and 2 around 10 times. It will crash
Change-Id: Ib937f9dac501f1ea87fd36902944230fa7fc4984
M android/android-emu/android/skin/qt/QtLogger.cpp
https://android-review.googlesource.com/2510202
https://goto.google.com/wimcl/platform%2Fexternal%2Fqemu~emu-master-dev~Ib937f9dac501f1ea87fd36902944230fa7fc4984
Branch: emu-master-dev
commit 526594bc437cd7cb703d5ebc7f9f9a438d156731
Author: Joshua Duong <joshuaduong@google.com>
Date: Tue Mar 28 13:30:14 2023
Fix Qt logging crash.
Qt may log unicode characters to our custom logger. Make sure we handle it correctly.
Bug: 275397905
Test: On M1 mac, boot emulator and:
1) Using the trackpad, move cursor into the emulator window, then release finger from trackpad
2) put finger on trackpad, move cursor outside emulator window, then release finger
3) repeat steps 1 and 2 around 10 times. It will crash
Change-Id: Ib937f9dac501f1ea87fd36902944230fa7fc4984
M android/android-emu/android/skin/qt/QtLogger.cpp
jo...@google.com
an...@google.com
The following changes were cherrypicked through Coastguard:
Release build:
Requester: devki
Release Track:
Branch: aosp-emu-32-release
Changes:
aosp/2513895 (platform/external/qemu)
an...@google.com
The following changes were cherrypicked through Coastguard:
Release build:
Requester: devki
Release Track:
Branch: aosp-emu-33-release
Changes:
aosp/2510202 (platform/external/qemu)
de...@google.com
Thank you for your patience while our engineering team worked to resolve this issue. A fix for this issue is now available in:
- Android Emulator 33.1.4
We encourage you to try the latest update.
If you notice further issues or have questions, please file a new bug report.
Thank you for taking the time to submit feedback — we really appreciate it!
se...@gmail.com
Android 14
Description
We do not (yet) have a way to reproduce the problem, but we can see on go/crash an high level of report with `EXC_BAD_ACCESS` issue with
`std::__1::basic_ostream<char, std::__1::char_traits<char>>::sentry::~sentry()`
The stack doesn't see much, except that this is on M1 ( qemu-arch-aarch64, using Qt6)
```
Stack Quality26%Show frame trust levels
0x00000001aba1d40c (libc++.1.dylib + 0x0001f40c) std::__1::basic_ostream<char, std::__1::char_traits<char>>::sentry::~sentry()
0x000000010103d768 (qemu-system-aarch64 + 0x001b1768)
0x000000010103d768 (qemu-system-aarch64 + 0x001b1768)
0x0000000101447224 (qemu-system-aarch64 + 0x005bb224)
0x000000010143c138 (qemu-system-aarch64 + 0x005b0138)
0x00000001069ccc48 (libQt6CoreAndroidEmu.6.2.1.dylib + 0x00010c48)
0x00000001069ccb10 (libQt6CoreAndroidEmu.6.2.1.dylib + 0x00010b10)
0x00000001069d319c (libQt6CoreAndroidEmu.6.2.1.dylib + 0x0001719c)
0x0000000107c2ea90 (libQt6GuiAndroidEmu.6.2.1.dylib + 0x0008aa90)
0x0000000107c75c8c (libQt6GuiAndroidEmu.6.2.1.dylib + 0x000d1c8c)
0x00000001066c8a4c (libqcocoaAndroidEmu.dylib + 0x00014a4c)
0x00000001abb9da04 (CoreFoundation + 0x00081a04) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001abb9d998 (CoreFoundation + 0x00081998) __CFRunLoopDoSource0
0x00000001abb9d708 (CoreFoundation + 0x00081708) __CFRunLoopDoSources0
0x00000001abb9c30c (CoreFoundation + 0x0008030c) __CFRunLoopRun
0x00000001abb9b874 (CoreFoundation + 0x0007f874) CFRunLoopRunSpecific
0x00000001b527bf9c (HIToolbox + 0x00031f9c) RunCurrentEventLoopInMode
0x00000001b527bc2c (HIToolbox + 0x00031c2c) ReceiveNextEventCommon
0x00000001b527bb28 (HIToolbox + 0x00031b28) _BlockUntilNextEventMatchingListInModeWithFilter
0x00000001aee21848 (AppKit + 0x00039848) _DPSNextEvent
0x00000001aee209d8 (AppKit + 0x000389d8) -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
0x00000001aee14e08 (AppKit + 0x0002ce08) -[NSApplication run]
0x00000001066c792c (libqcocoaAndroidEmu.dylib + 0x0001392c)
0x0000000106a547f0 (libQt6CoreAndroidEmu.6.2.1.dylib + 0x000987f0)
0x0000000106a4bb44 (libQt6CoreAndroidEmu.6.2.1.dylib + 0x0008fb44)
0x000000010143a3f8 (qemu-system-aarch64 + 0x005ae3f8)
0x000000010103caf0 (qemu-system-aarch64 + 0x001b0af0)
0x00000001ab793e4c (dyld + 0x00005e4c) start
```
This is seen with stable 32.1.12 , after 1 week we have 2035 sample reports from 745 unique users