Settings's facial recognition detection caused it to crash

Help Fairphone 5
, , , , ,
1

Submission Status

  1. issuetracker.google.com/issues/new

  2. support.fairphone.com/hc/en-us/requests/new

Crash

logcat’s --buffer=crash reports a SEGV in /system_ext/lib64/libanc_faceid_jni.so:

08-27 13:02:26.093 13623 13623 F libc    : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 13623 (ndroid.settings), pid 13623 (ndroid.settings)
08-27 13:02:26.939 14500 14500 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-27 13:02:26.939 14500 14500 F DEBUG   : Build fingerprint: 'Fairphone/FP5/FP5:15/AQ3A.240912.001/VT28:user/release-keys'
08-27 13:02:26.939 14500 14500 F DEBUG   : Revision: '0'
08-27 13:02:26.939 14500 14500 F DEBUG   : ABI: 'arm64'
08-27 13:02:26.939 14500 14500 F DEBUG   : Timestamp: 2025-08-27 13:02:26.295449524+0100
08-27 13:02:26.939 14500 14500 F DEBUG   : Process uptime: 232s
08-27 13:02:26.939 14500 14500 F DEBUG   : Cmdline: com.android.settings
08-27 13:02:26.939 14500 14500 F DEBUG   : pid: 13623, tid: 13623, name: ndroid.settings  >>> com.android.settings <<<
08-27 13:02:26.939 14500 14500 F DEBUG   : uid: 1000
08-27 13:02:26.939 14500 14500 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
08-27 13:02:26.939 14500 14500 F DEBUG   : Cause: null pointer dereference
08-27 13:02:26.940 14500 14500 F DEBUG   :     x0  0000000000000000  x1  0000007fc3d3a188  x2  0000000000000000  x3  0000007fc3d3a3b4
08-27 13:02:26.940 14500 14500 F DEBUG   :     x4  000000000215d7d0  x5  0000000002160000  x6  000000000215d860  x7  0000000000000090
08-27 13:02:26.940 14500 14500 F DEBUG   :     x8  0000000000000000  x9  5bc2f493c1e5a664  x10 0000000000000016  x11 0000000000060006
08-27 13:02:26.940 14500 14500 F DEBUG   :     x12 0000007815721398  x13 af6f9fd252a2593f  x14 0000000000000001  x15 0000000034155555
08-27 13:02:26.940 14500 14500 F DEBUG   :     x16 0000000000000001  x17 000000753c20ca00  x18 0000007814dd0000  x19 b4000075c8a0cdb0
08-27 13:02:26.940 14500 14500 F DEBUG   :     x20 0000000000000000  x21 0000007fc3d3a3b4  x22 b4000075c8a0cdb0  x23 0000000000000007
08-27 13:02:26.940 14500 14500 F DEBUG   :     x24 0000000000000007  x25 000000006a25e640  x26 0000000002159830  x27 0000000002159830
08-27 13:02:26.940 14500 14500 F DEBUG   :     x28 0000007814597a80  x29 0000007fc3d3a2e0
08-27 13:02:26.940 14500 14500 F DEBUG   :     lr  000000753c20ca5c  sp  0000007fc3d3a180  pc  0000000000000000  pst 0000000060001000
08-27 13:02:26.940 14500 14500 F DEBUG   : 35 total frames
08-27 13:02:26.940 14500 14500 F DEBUG   : backtrace:
08-27 13:02:26.940 14500 14500 F DEBUG   :       #00 pc 0000000000000000  <unknown>
08-27 13:02:26.940 14500 14500 F DEBUG   :       #01 pc 000000000000ba58  /system_ext/lib64/libanc_faceid_jni.so (Java_com_anc_faceid_api_AncFaceId_nativeSetConfig+88) (BuildId: 053b771ee567a04d852e68800858631eec451bb4)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #02 pc 0000000000df03d0  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+128)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #03 pc 0000000000155440  /data/dalvik-cache/arm64/system_ext@priv-app@Settings@Settings.apk@classes.dex (com.anc.faceid.api.AncFaceIdApi.setConfig+144)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #04 pc 000000000016050c  /data/dalvik-cache/arm64/system_ext@priv-app@Settings@Settings.apk@classes.dex (com.android.settings.anc.LiteManager.setConfig+188)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #05 pc 0000000000186698  /data/dalvik-cache/arm64/system_ext@priv-app@Settings@Settings.apk@classes.dex (com.android.settings.anc.unlock.UnlockActivity.onCreate+1304)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #06 pc 00000000008ca098  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.Activity.performCreate+1352)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #07 pc 000000000061a710  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.Instrumentation.callActivityOnCreate+80)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #08 pc 0000000000701534  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread.performLaunchActivity+3556)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #09 pc 000000000070a5d4  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread.handleLaunchActivity+1844)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #10 pc 000000000068a120  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #11 pc 00000000002ff0fa  /system/framework/framework.jar (android.app.servertransaction.LaunchActivityItem.execute+170)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #12 pc 000000000068a0c4  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #13 pc 0000000000301c7e  /system/framework/framework.jar (android.app.servertransaction.TransactionExecutor.executeNonLifecycleItem+154)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #14 pc 000000000068a0c4  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #15 pc 0000000000301d0a  /system/framework/framework.jar (android.app.servertransaction.TransactionExecutor.executeTransactionItems+70)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #16 pc 0000000000650d4c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.servertransaction.TransactionExecutor.execute+156)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #17 pc 00000000006ecc0c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread$H.handleMessage+2316)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #18 pc 000000000097d028  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Handler.dispatchMessage+168)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #19 pc 0000000000980e2c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Looper.loopOnce+1036)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #20 pc 000000000098097c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Looper.loop+812)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #21 pc 000000000070055c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread.main+2332)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #22 pc 000000000032d460  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #23 pc 00000000003273d0  /apex/com.android.art/lib64/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+544) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #24 pc 00000000005c6f80  /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+32) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #25 pc 0000000000ded994  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+116)
08-27 13:02:26.940 14500 14500 F DEBUG   :       #26 pc 0000000000ca73b4  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+132)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #27 pc 0000000000cb1de4  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (com.android.internal.os.ZygoteInit.main+3348)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #28 pc 000000000032d460  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #29 pc 000000000032bfc8  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+800) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #30 pc 000000000064a488  /apex/com.android.art/lib64/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+156) (BuildId: 80d2ab18f9d259d8e546c1e6bae752b1)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #31 pc 00000000000da42c  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+108) (BuildId: 9f5b598290f136d07374d1a5b8388358)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #32 pc 00000000000f1314  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+916) (BuildId: 9f5b598290f136d07374d1a5b8388358)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #33 pc 0000000000002654  /system/bin/app_process64 (main+1428) (BuildId: cf8363ee21ac2741a6c8dbbb8c562607)
08-27 13:02:26.941 14500 14500 F DEBUG   :       #34 pc 000000000005628c  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+120) (BuildId: 64eb5106bc8ae51d575bce9d5c64cec5)

Environment

getprop returns:

  1. Application

    versionName=15
versionCode=35

  2. OS

    [ro.build.version.release]: [15]
[ro.build.display.id]: [FP5.VT28.C.042.20250623]

Can anyone corroborate this, especially on a different version?

2

issuetracker.google.com/issues/441556102

support.fairphone.com/hc/en-us/requests/1306087

3

@rokejulianlockhart thanks! We have a fix for this and will be included in one of the next releases.

3 Likes
4

@michele.g, thank you! Merely to confirm, does that also encompass LiteManager’s NullPointerException? The trace is similar, and the reproduction method is identical:

12-21 18:58:18.596   683   683 F libc    : crash_dump helper failed to exec, or was killed
12-22 11:44:29.546 21511 21771 E AndroidRuntime: FATAL EXCEPTION: LiteManager
12-22 11:44:29.546 21511 21771 E AndroidRuntime: Process: com.android.settings, PID: 21511
12-22 11:44:29.546 21511 21771 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean android.os.Handler.sendMessage(android.os.Message)' on a null object reference
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at android.os.Message.sendToTarget(Message.java:471)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at com.android.settings.anc.LiteManager.sendResultMessage(LiteManager.java:685)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at com.android.settings.anc.LiteManager.-$Nest$msendResultMessage(LiteManager.java:0)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at com.android.settings.anc.LiteManager$3.run(LiteManager.java:280)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at android.os.Handler.handleCallback(Handler.java:959)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at android.os.Handler.dispatchMessage(Handler.java:100)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at android.os.Looper.loopOnce(Looper.java:232)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at android.os.Looper.loop(Looper.java:317)
12-22 11:44:29.546 21511 21771 E AndroidRuntime:        at android.os.HandlerThread.run(HandlerThread.java:85)

I ask because, if so, that allows me to close issuetracker.google.com/issues/441556102, which, currently, is assigned to a Google engineer. I don’t want to waste their manpower. I presume that you’ll upstream your improvements.

(Ignore libc’s crash_dump invocation failure; I’m aware that it’s separate.) [1]

  1. reddit.com/r/AndroidQuestions/comments/1g6fvjn/comment/nsr0e0e ↩︎

5

@rokejulianlockhart to clarify, the fix we’ve staged specifically targets that SIGSEGV in libanc_faceid_jni.so related to the nativeSetConfig JNI call.

I can’t confirm yet if this also resolves the LiteManager issue, as it wasn’t the primary target of this investigation. If it does clear up, it’s likely due to an indirect dependency on the memory management we patched. If you’re still seeing crashes there after the update, let us know and we’ll have a look at it as a separate case.

1 Like
6

@michele.g, this persists in FP5.VT2I.C.072.20251122: [1]

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Fairphone/FP5/FP5:15/AQ3A.240912.001/VT2I:user/release-keys'
Revision: '0'
ABI: 'arm64'
Timestamp: 2026-01-07 19:45:40.524406752+0000
Process uptime: 1006s
Cmdline: com.android.settings
pid: 32588, tid: 32588, name: ndroid.settings  >>> com.android.settings <<<
uid: 1000
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
Cause: null pointer dereference
    x0  0000000000000000  x1  0000007fccb160d8  x2  0000000000000000  x3  0000007fccb16304
    x4  00000000020e07e8  x5  00000000020e4000  x6  00000001020e07e7  x7  00000000ffffffff
    x8  0000000000000000  x9  1fa85970afd4961d  x10 0000000000000011  x11 0000000000060006
    x12 0000007637e24398  x13 76565c0adbf7c867  x14 0000000000000001  x15 0000000034155555
    x16 0000000000000001  x17 000000736784ca00  x18 0000007637858000  x19 b4000075461e5ed0
    x20 0000000000000000  x21 0000007fccb16304  x22 b4000075461e5ed0  x23 0000000000000007
    x24 0000000000000007  x25 000000006a10fa10  x26 00000000020d9f98  x27 00000000020d9f98
    x28 0000007636c9aa80  x29 0000007fccb16230
    lr  000000736784ca5c  sp  0000007fccb160d0  pc  0000000000000000  pst 0000000060001000
35 total frames
backtrace:
      #00 pc 0000000000000000  <unknown>
      #01 pc 000000000000ba58  /system_ext/lib64/libanc_faceid_jni.so (Java_com_anc_faceid_api_AncFaceId_nativeSetConfig+88) (BuildId: 053b771ee567a04d852e68800858631eec451bb4)
      #02 pc 0000000000df6490  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+128)
      #03 pc 00000000000e0b50  /data/dalvik-cache/arm64/system_ext@priv-app@Settings@Settings.apk@classes.dex (com.anc.faceid.api.AncFaceIdApi.setConfig+144)
      #04 pc 00000000000e9d2c  /data/dalvik-cache/arm64/system_ext@priv-app@Settings@Settings.apk@classes.dex (com.android.settings.anc.LiteManager.setConfig+188)
      #05 pc 00000000000f9fa8  /data/dalvik-cache/arm64/system_ext@priv-app@Settings@Settings.apk@classes.dex (com.android.settings.anc.unlock.UnlockActivity.onCreate+1304)
      #06 pc 00000000008d5058  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.Activity.performCreate+1352)
      #07 pc 0000000000629570  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.Instrumentation.callActivityOnCreate+80)
      #08 pc 000000000070e644  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread.performLaunchActivity+3556)
      #09 pc 00000000007175f8  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread.handleLaunchActivity+1752)
      #10 pc 0000000000669680  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #11 pc 00000000002ff1d2  /system/framework/framework.jar (android.app.servertransaction.LaunchActivityItem.execute+170)
      #12 pc 0000000000669624  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #13 pc 0000000000301d56  /system/framework/framework.jar (android.app.servertransaction.TransactionExecutor.executeNonLifecycleItem+154)
      #14 pc 0000000000669624  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #15 pc 0000000000301de2  /system/framework/framework.jar (android.app.servertransaction.TransactionExecutor.executeTransactionItems+70)
      #16 pc 000000000065f74c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.servertransaction.TransactionExecutor.execute+156)
      #17 pc 00000000006fa2dc  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread$H.handleMessage+2316)
      #18 pc 00000000009876e8  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Handler.dispatchMessage+168)
      #19 pc 000000000098b35c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Looper.loopOnce+1036)
      #20 pc 000000000098aea8  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Looper.loop+712)
      #21 pc 000000000070d69c  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.app.ActivityThread.main+2252)
      #22 pc 00000000002ce060  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #23 pc 00000000002c400c  /apex/com.android.art/lib64/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+552) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #24 pc 00000000005a5628  /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+32) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #25 pc 0000000000df3924  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+116)
      #26 pc 0000000000cacdf4  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+132)
      #27 pc 0000000000cb7830  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (com.android.internal.os.ZygoteInit.main+3344)
      #28 pc 00000000002ce060  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #29 pc 00000000002ccbb8  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+876) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #30 pc 000000000060ad94  /apex/com.android.art/lib64/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+184) (BuildId: 759e344ef0291bdf924e23387b5bf9ea)
      #31 pc 00000000000da42c  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+108) (BuildId: 9f5b598290f136d07374d1a5b8388358)
      #32 pc 00000000000f1314  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+916) (BuildId: 9f5b598290f136d07374d1a5b8388358)
      #33 pc 0000000000002654  /system/bin/app_process64 (main+1428) (BuildId: cf8363ee21ac2741a6c8dbbb8c562607)
      #34 pc 000000000005628c  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+120) (BuildId: 64eb5106bc8ae51d575bce9d5c64cec5)

Consequently, do you know which build incorporates this? I ask because gerrit-public.fairphone.software/q/libanc_faceid_jni returns 0 results, and I don’t appear to have been accepted into your beta programme, so can’t confirm myself.

  1. issuetracker.google.com/issues/441556102#comment12 ↩︎

7

Indeed @rokejulianlockhart, the fix hasn’t been included in the public release yet. It should be available in an upcoming build, likely within the next couple of releases, though I can’t guarantee a specific timeline as it depends on several other factors.

2 Likes
8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.