search

GrapheneOS / os-issue-tracker

Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.
https://grapheneos.org/
362 stars 21 forks source link

Spotify crashes when using previews #2743

Closed ghost closed 11 months ago

ghost commented 11 months ago

Spotify consistently crashes when using their Preview feature.

type: crash
osVersion: google/bluejay/bluejay:14/UP1A.231105.003/2023112900:user/release-keys
package: com.spotify.music:108008228
process: com.spotify.music
processUptime: 0 + 0 ms
installer: com.android.vending

signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x0000c0511a31b0d0

backtrace:
      #00 pc 00000000000015f8  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/lib/arm64/libnoise.so (BuildId: 7fcb1c9b951f38a2f2c1d19f724ba4f4b6a142f4)
      #01 pc 000000000000164c  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/lib/arm64/libnoise.so (BuildId: 7fcb1c9b951f38a2f2c1d19f724ba4f4b6a142f4)
      #02 pc 000000000000164c  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/lib/arm64/libnoise.so (BuildId: 7fcb1c9b951f38a2f2c1d19f724ba4f4b6a142f4)
      #03 pc 000000000000164c  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/lib/arm64/libnoise.so (BuildId: 7fcb1c9b951f38a2f2c1d19f724ba4f4b6a142f4)
      #04 pc 000000000000164c  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/lib/arm64/libnoise.so (BuildId: 7fcb1c9b951f38a2f2c1d19f724ba4f4b6a142f4)
      #05 pc 00000000000021a8  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/lib/arm64/libnoise.so (kiss_fftr+44) (BuildId: 7fcb1c9b951f38a2f2c1d19f724ba4f4b6a142f4)
      #06 pc 0000000000000e7c  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/lib/arm64/libnoise.so (Java_com_paramsen_noise_NoiseNativeBridge_real+216) (BuildId: 7fcb1c9b951f38a2f2c1d19f724ba4f4b6a142f4)
      #07 pc 0000000003801180  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (art_jni_trampoline+144)
      #08 pc 000000000489e138  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.v8d.a+1400)
      #09 pc 00000000047c0f1c  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.t400.apply+11740)
      #10 pc 000000000ab535f4  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.c5w.onNext+180)
      #11 pc 000000000a6a8298  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex ([DEDUPED] ?.onNext+72)
      #12 pc 000000000a799b0c  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.q7w.onNext+92)
      #13 pc 000000000a94c5c4  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.nu4.b+852)
      #14 pc 000000000aac5e94  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.ou4.onNext+388)
      #15 pc 00000000031998fc  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.lga0.l+460)
      #16 pc 0000000003199334  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex ([DEDUPED] p.lga0.?+36)
      #17 pc 0000000002d875b8  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.qo4.flush+136)
      #18 pc 0000000002b145c0  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.epc.a+1904)
      #19 pc 0000000002b16fc8  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.epc.j+1272)
      #20 pc 00000000036a5b60  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.jas.b0+256)
      #21 pc 00000000035161dc  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.oas.D+1404)
      #22 pc 000000000351cfe0  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.oas.n+432)
      #23 pc 0000000003223624  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.uhi.g+5188)
      #24 pc 0000000003225ef8  /data/app/~~F3-kXvCm725ufY3eE7RkcA==/com.spotify.music-pS6clcMwfH9Pw9Q5TpLTAQ==/oat/arm64/base.odex (p.uhi.handleMessage+3336)
      #25 pc 000000000056497c  /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+140) (BuildId: 5c122e011b2ed2533f2cf008e5a945a3f2e18936)
      #26 pc 0000000000567bdc  /system/framework/arm64/boot-framework.oat (android.os.Looper.loopOnce+1036) (BuildId: 5c122e011b2ed2533f2cf008e5a945a3f2e18936)
      #27 pc 0000000000567748  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+552) (BuildId: 5c122e011b2ed2533f2cf008e5a945a3f2e18936)
      #28 pc 0000000000566a4c  /system/framework/arm64/boot-framework.oat (android.os.HandlerThread.run+572) (BuildId: 5c122e011b2ed2533f2cf008e5a945a3f2e18936)
      #29 pc 00000000002109a4  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: 6871ccd701f5213630bc76d1e59ee246)
      #30 pc 0000000000253b4c  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+172) (BuildId: 6871ccd701f5213630bc76d1e59ee246)
      #31 pc 000000000069ac78  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1416) (BuildId: 6871ccd701f5213630bc76d1e59ee246)
      #32 pc 00000000000cf9ec  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: ffd6f1c31b8e101bb6b86eee2bcdaa01)
      #33 pc 0000000000064730  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: ffd6f1c31b8e101bb6b86eee2bcdaa01)

Pixel 6a (2023112900)

Toggling exploit protection compatibility mode does seem to resolve it, but I thought I'd file an issue anyway since it's a popular app and I couldn't find any prior reports.

thestinger commented 11 months ago

Looks like an app bug that they'll need to resolve. You can try enabling developer options and specifically disabling hardened_malloc to see if it happens without that specifically, which is likely what catches the memory corruption.

thestinger commented 11 months ago

Needs to be reported to them as a memory corruption bug. Can suggest testing on a Pixel 8 with memory tagging enabled via developer options which I would guess can catch this with stock OS.