redroid-12.0.0-arm64 SystemUI持续崩溃

[pxb1988]

Describe the bug Android 12 docker启动后可以进入桌面，但SystemUI进程持续崩溃，似乎与电池相关。 Android 10、Android 11正常启动（有一个bluetooth的crash,系统可以正常）

11-08 03:33:04.211 21836 21836 F DEBUG   :       #00 pc 000000000020c428  /apex/com.android.art/lib64/libart.so (nterp_op_invoke_virtual+40) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.211 21836 21836 F DEBUG   :       #01 pc 0000000000422d88  /system/system_ext/priv-app/SystemUI/SystemUI.apk (com.android.systemui.power.PowerUI.maybeShowBatteryWarning+8)
11-08 03:33:04.211 21836 21836 F DEBUG   :       #02 pc 00000000002124c4  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.211 21836 21836 F DEBUG   :       #03 pc 0000000000422f22  /system/system_ext/priv-app/SystemUI/SystemUI.apk (com.android.systemui.power.PowerUI.maybeShowBatteryWarningV2+302)
11-08 03:33:04.211 21836 21836 F DEBUG   :       #04 pc 00000000002124c4  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #05 pc 0000000000421c84  /system/system_ext/priv-app/SystemUI/SystemUI.apk (com.android.systemui.power.PowerUI$Receiver.lambda$onReceive$1+4)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #06 pc 00000000002124c4  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #07 pc 0000000000421b44  /system/system_ext/priv-app/SystemUI/SystemUI.apk (com.android.systemui.power.PowerUI$Receiver.$r8$lambda$LgPsgH30Xtyv_Be4gFySfDoAypE+0)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #08 pc 0000000000211608  /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #09 pc 0000000000421b2c  /system/system_ext/priv-app/SystemUI/SystemUI.apk (com.android.systemui.power.PowerUI$Receiver$$ExternalSyntheticLambda1.run+12)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #10 pc 00000000002368d8  /apex/com.android.art/javalib/arm64/boot.oat (java.util.concurrent.Executors$RunnableAdapter.call+72) (BuildId: 715d0a044ea13bcf499cd6094001f85c3246944e)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #11 pc 00000000002f5c3c  /apex/com.android.art/javalib/arm64/boot.oat (java.util.concurrent.FutureTask.run+204) (BuildId: 715d0a044ea13bcf499cd6094001f85c3246944e)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #12 pc 000000000037b61c  /apex/com.android.art/javalib/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor.runWorker+988) (BuildId: 715d0a044ea13bcf499cd6094001f85c3246944e)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #13 pc 0000000000374e44  /apex/com.android.art/javalib/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor$Worker.run+68) (BuildId: 715d0a044ea13bcf499cd6094001f85c3246944e)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #14 pc 00000000001bf17c  /apex/com.android.art/javalib/arm64/boot.oat (java.lang.Thread.run+76) (BuildId: 715d0a044ea13bcf499cd6094001f85c3246944e)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #15 pc 0000000000218964  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #16 pc 0000000000284208  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+188) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #17 pc 000000000061fab0  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+460) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #18 pc 000000000066e674  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1184) (BuildId: 1ab05866decd507cc4ee168b977bbfd9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #19 pc 00000000000b1910  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264) (BuildId: ba489d4985c0cf173209da67405662f9)
11-08 03:33:04.212 21836 21836 F DEBUG   :       #20 pc 00000000000513f0  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: ba489d4985c0cf173209da67405662f9)

make sure the required kernel modules present

• grep binder /proc/filesystems YES
• grep ashmem /proc/misc YES

collect debug logs curl -fsSL https://raw.githubusercontent.com/remote-android/redroid-doc/master/debug.sh | bash -s -- [CONTAINER] omit CONTAINER if not exist any more.

tmp.ZJxW0pLe97.tar.gz

Screenshots If applicable, add screenshots to help explain your problem.

[zhouziyang]

Raspberry Pi? I'm not experienced with this board (typically work with ARM Servers). There are some discussions in #67, and seems not encounter with this kind issue.

BTW, you can disable bluetooth in /vendor/etc/permissions/redroid-removed-permissions.xml

[pxb1988]

the board is a CM311-1a TV box ships with Amlogic S905L3a soc. i have installed armbian 5.15.77 kernel on it.

i can't find any doc about the redroid-removed-permissions.xml, i have tried

<?xml version="1.0" encoding="utf-8"?>
<permissions>
<permission>android.hardware.bluetooth<permission>
</permissions>

but not working.

[zhouziyang]

try...

<permissions>
<unavailable-feature name=""android.hardware.bluetooth />
</permissions>

[pxb1988]

disable android.hardware.bluetooth is not work.

the method com.android.systemui.power.PowerUI.maybeShowBatteryWarning is a pure java method, it should not cause JVM to abort, i believe it is some kind of art bug.

after execute the following cmd, the systemui works.

rm -rf /system_ext/priv-app/SystemUI/oat
cmd package compile --reset com.android.systemui
rm -rf /data/dalvik-cache/arm64/system@system_ext@priv-app@SystemUI@SystemUI.apk@classes.dex

[zhouziyang]

<unavailable-feature name=""android.hardware.bluetooth /> is just help to resolve Bluetooth crash.

For SystemUI part, did you ever mount data partition across different redroid version?

[pxb1988]

data partition is create before container start, it is not mount/share to other instance.

and delete odex and leave vdex is enough to boot up screen.

rm /system_ext/priv-app/SystemUI/oat/arm64/SystemUI.odex

12.0.0_64only-arm64 have same issue, i can't verify the screen as scrcpy failes Failed to initialize video/avc, error 0xfffffffe

i have copied the bluetooth patch, and not correct the syntax, i will try it latter.

[pxb1988]

after apply

<?xml version="1.0" encoding="utf-8"?>
<permissions>
    <unavailable-feature name="android.hardware.bluetooth" />
</permissions>

the bluetooth crash is gone.

[pxb1988]

redroid/redroid:13.0.0-arm64 has similar issue,

11-10 03:15:46.439 13756 13756 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-10 03:15:46.439 13756 13756 F DEBUG   : Build fingerprint: 'redroid/redroid_arm64/redroid_arm64:13/TP1A.220624.021.A1/eng.frank.20220830.132934:userdebug/test-keys'
11-10 03:15:46.439 13756 13756 F DEBUG   : Revision: '0'
11-10 03:15:46.439 13756 13756 F DEBUG   : ABI: 'arm64'
11-10 03:15:46.439 13756 13756 F DEBUG   : Timestamp: 2022-11-10 03:15:41.025502004+0000
11-10 03:15:46.439 13756 13756 F DEBUG   : Process uptime: 3s
11-10 03:15:46.439 13756 13756 F DEBUG   : Cmdline: com.android.systemui
11-10 03:15:46.439 13756 13756 F DEBUG   : pid: 13632, tid: 13745, name: pool-4-thread-1  >>> com.android.systemui <<<
11-10 03:15:46.439 13756 13756 F DEBUG   : uid: 10061
11-10 03:15:46.439 13756 13756 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
11-10 03:15:46.439 13756 13756 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
11-10 03:15:46.439 13756 13756 F DEBUG   : Cause: null pointer dereference
11-10 03:15:46.439 13756 13756 F DEBUG   :     x0  000000000000000e  x1  0000000000000000  x2  000000000000000e  x3  0000000012c134b8
11-10 03:15:46.439 13756 13756 F DEBUG   :     x4  000000000000b44d  x5  0000000000000002  x6  0000000000000000  x7  0000000000000000
11-10 03:15:46.439 13756 13756 F DEBUG   :     x8  931da7702276fa2b  x9  931da7702276fa2b  x10 931da7702276fa2b  x11 000000000000007c
11-10 03:15:46.439 13756 13756 F DEBUG   :     x12 0000000000000005  x13 0000000010010001  x14 0000006f1f10f250  x15 0000006fbdb8b914
11-10 03:15:46.439 13756 13756 F DEBUG   :     x16 0000000000000000  x17 000000000000000e  x18 0000006f1e6d6000  x19 b400007132d661d0
11-10 03:15:46.439 13756 13756 F DEBUG   :     x20 0000000000000000  x21 b400007132d66290  x22 0000006f4a86dc38  x23 000000000000106e
11-10 03:15:46.439 13756 13756 F DEBUG   :     x24 0000006fbd800880  x25 0000006f1f10f330  x26 0000006f1f10f350  x27 0000006f1f10f330
11-10 03:15:46.440 13756 13756 F DEBUG   :     x28 0000006f1f10f370  x29 0000006f1f10f350
11-10 03:15:46.440 13756 13756 F DEBUG   :     lr  0000006fbd803fc8  sp  0000006f1f10f310  pc  0000006fbd803fa8  pst 0000000060000000
11-10 03:15:46.440 13756 13756 F DEBUG   : backtrace:
11-10 03:15:46.440 13756 13756 F DEBUG   :       #00 pc 0000000000203fa8  /apex/com.android.art/lib64/libart.so (nterp_op_invoke_virtual+40) (BuildId: 7f0ad769b1ab4d69d1cccabbae09dbeb)
11-10 03:15:46.440 13756 13756 F DEBUG   :       #01 pc 0000000000460c38  /system/system_ext/priv-app/SystemUI/SystemUI.apk (com.android.systemui.power.PowerUI.maybeShowHybridWarning+56)
11-10 03:15:46.440 13756 13756 F DEBUG   :       #02 pc 000000000020a254  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 7f0ad769b1ab4d69d1cccabbae09dbeb)
11-10 03:15:46.440 13756 13756 F DEBUG   :       #03 pc 0000000000460be6  /system/system_ext/priv-app/SystemUI/SystemUI.apk (com.android.systemui.power.PowerUI.maybeShowBatteryWarningV2+270)
11-10 03:15:46.440 13756 13756 F DEBUG   :       #04 pc 000000000020a254  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 7f0ad769b1ab4d69d1cccabbae09dbeb)

since redroid 9/10/11 works, 12/13 fails, the issue may caused by

1. cpu is S905L3a, i can't find any detail spec for it, only 4C@1908Mhz, but a litter older S905L is a Cortex-A53, maybe a compiler flags in 12/13 is set to generate unsupported instruction ? --fix-cortex-a53-843419 ?
2. redroid 12/13 use some kernel feature and my 5.15 is not support (or support is dropped)
3. my filesystem is btrfs, different to usual ext4 switch to ext4 not solve the issue
4. the kernel is compiled by clang 14 in ubuntu 22.04, different to usual gcc switch to gcc version 10.2.1 20210110 (Debian 10.2.1-6) not solve the issue.

[zhouziyang]

I'm not sure about this platform. Possible to rebuild redroid with different version of clang (in AOSP build toolchain).

[pxb1988]

.text:0000000000203F80 nterp_op_invoke_virtual
.text:0000000000203F80                 STUR            X22, [X25,#-0x10]
.text:0000000000203F84                 ADD             X16, X19, #0xA30
.text:0000000000203F88                 UBFX            X17, X22, #2, #8
.text:0000000000203F8C                 ADD             X16, X16, X17,LSL#4
.text:0000000000203F90                 LDP             X16, X2, [X16]
.text:0000000000203F94                 CMP             X16, X22
.text:0000000000203F98                 B.NE            loc_203FB8
.text:0000000000203F9C
.text:0000000000203F9C loc_203F9C                              ; CODE XREF: .text:0000000000203FCC↓j
.text:0000000000203F9C                 LDRH            W1, [X22,#4]
.text:0000000000203FA0                 AND             W1, W1, #0xF
.text:0000000000203FA4                 LDR             W1, [X29,W1,UXTW#2]
.text:0000000000203FA8                 LDR             W0, [X1]    <<<<<<<<<<< crash here, x1 is 0
.text:0000000000203FAC                 ADD             W0, W0, #0x88
.text:0000000000203FB0                 LDR             X0, [X0,W2,UXTW#3]
.text:0000000000203FB4                 B               NterpCommonInvokeInstance
.text:0000000000203FB8 ; ---------------------------------------------------------------------------
.text:0000000000203FB8
.text:0000000000203FB8 loc_203FB8                              ; CODE XREF: .text:0000000000203F98↑j
.text:0000000000203FB8                 MOV             X0, X19
.text:0000000000203FBC                 LDR             X1, [SP]
.text:0000000000203FC0                 MOV             X2, X22
.text:0000000000203FC4                 BL              nterp_get_method
.text:0000000000203FC8                 MOV             X2, X0
.text:0000000000203FCC                 B               loc_203F9C

art/runtime/interpreter/mterp/arm64ng/invoke.S#157

%def invoke_virtual(helper="", range=""):
   EXPORT_PC
   // Fast-path which gets the method from thread-local cache.
%  fetch_from_thread_cache("x2", miss_label="2f")
1:
   FETCH w1, 2
   .if !$range
   and w1, w1, #0xf
   .endif
   GET_VREG w1, w1
   // Note: if w1 is null, this will be handled by our SIGSEGV handler.
   ldr w0, [x1, #MIRROR_OBJECT_CLASS_OFFSET]   <<<<<<<<<<< crash here, x1 is 0
   add w0, w0, #MIRROR_CLASS_VTABLE_OFFSET_64
   ldr x0, [x0, w2, uxtw #3]
   b $helper
2:
   mov x0, xSELF
   ldr x1, [sp]
   mov x2, xPC
   bl nterp_get_method
   mov x2, x0
   b 1b

the comment says the SIGSEGV will be handed, but it is not.

11-11 06:31:23.239 35272 35272 I rs.media.module: Handling fault:
11-11 06:31:23.239 35272 35272 I rs.media.module:   si_signo: 11 (Segmentation fault)
11-11 06:31:23.239 35272 35272 I rs.media.module:   si_code: 1 (SEGV_MAPERR)
11-11 06:31:23.239 35272 35272 I rs.media.module:   si_addr: 0x8
11-11 06:31:23.240 35272 35272 I rs.media.module: Checking for generated code
11-11 06:31:23.240 35272 35272 I rs.media.module: sp: 549058013904
11-11 06:31:23.240 35272 35272 I rs.media.module: pc: 0x715fc5ec
11-11 06:31:23.240 35272 35272 I rs.media.module: potential method: 0x708e54e0
11-11 06:31:23.240 35272 35272 I rs.media.module: not a class
11-11 06:31:23.240 35272 35272 I rs.media.module: Caught unknown SIGSEGV in ART fault handler - chaining to next handler.