Soft reboot during Signal video call

[TtuxX]

Hi there! :)

I was on a Signal video call while using my phone and all of a sudden the phone soft-rebooted (GrapheneOS logo). It only happened once.

I have seen similar issues in the issue tracker but not exactly the same as this one. I hope I have not configured something in a bad way on my phone that caused this crash somehow.. Might be an upstream bug I think

Many thanks in advance for your kind help!

type: crash
osVersion: google/redfin/redfin:14/UP1A.231105.001/2024010400:user/release-keys
uid: 1000 (u:r:hal_camera_default:s0)
cmdline: /vendor/bin/hw/android.hardware.camera.provider@2.7-service-google
processUptime: 0s

signal: 11 (SIGSEGV), code 1 (SEGV_MAPERR), faultAddr 0
cause: null pointer dereference
threadName: binder:1020_7

backtrace:
    /vendor/lib64/libsensorndkbridge.so (ASensorEventQueue::disableSensor(ASensor const*)+40, pc 7fe8)
    /vendor/lib64/libsensorndkbridge.so (ASensorEventQueue_disableSensor+76, pc a43c)
    /vendor/lib64/com.google.3abase.so (g3abase::ASensorLightDataManager::~ASensorLightDataManager()+64, pc 116a0)
    /vendor/lib64/com.google.3abase.so (g3abase::ASensorLightDataManager::~ASensorLightDataManager()+16, pc 117d8)
    /vendor/lib64/com.google.3abase.so (g3abase::G3ADataManager::RemoveSubscriber(g3abase::ModuleKeyType, unsigned int)+92, pc 121f4)
    /vendor/lib64/libg3a_gabc.so (gabc::GABCCore::~GABCCore()+208, pc 250d4)
    /vendor/lib64/libg3a_gabc.so (gabc::GABCWrapper::~GABCWrapper()+100, pc 34344)
    /vendor/lib64/libg3a_gabc.so (gabc::GABCWrapper::~GABCWrapper()+16, pc 34368)
    /vendor/lib64/camera/components/com.google.stats.gabc.so (gabc::AECDestroy(CHIAECAlgorithm*, AECAlgoDestroyParamList const*)+296, pc e3a0)
    /vendor/lib64/hw/camera.lito.so (CamX::CAECEngine::Uninitialize(unsigned int)+200, pc 6640a0)
    /vendor/lib64/hw/camera.lito.so (CamX::CAECEngine::~CAECEngine()+52, pc 663eb4)
    /vendor/lib64/hw/camera.lito.so (CamX::CAECEngine::Destroy()+60, pc 6647e4)
    /vendor/lib64/hw/camera.lito.so (CamX::CAECStatsProcessor::~CAECStatsProcessor()+100, pc 68281c)
    /vendor/lib64/hw/camera.lito.so (CamX::CAECStatsProcessor::~CAECStatsProcessor()+16, pc 682a84)
    /vendor/lib64/hw/camera.lito.so (CamX::StatsProcessorManager::Destroy()+32, pc 6d2088)
    /vendor/lib64/hw/camera.lito.so (CamX::StatsProcessingNode::~StatsProcessingNode()+32, pc 6cd714)
    /vendor/lib64/hw/camera.lito.so (CamX::Node::Destroy()+2940, pc 7f1cb8)
    /vendor/lib64/hw/camera.lito.so (CamX::Pipeline::~Pipeline()+112, pc 81d754)
    /vendor/lib64/hw/camera.lito.so (CamX::Pipeline::~Pipeline()+16, pc 81d960)
    /vendor/lib64/hw/camera.lito.so (CamX::Pipeline::Destroy()+792, pc 81ea9c)
    /vendor/lib64/hw/camera.lito.so (CamX::ChiContext::DestroyPipelineDescriptor(CamX::PipelineDescriptor*)+464, pc 76dbcc)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraVendorHwl::DestroyPipelineDescriptor(void*) const+68, pc 7ca2c)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraPipelineHwl::DestroyInternal()+88, pc 6a848)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraPipelineHwl::Destroy()+44, pc 6b2e8)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraDeviceSessionHwlImpl::DestroySession(bool)+140, pc 61150)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraDeviceSessionProjectImpl::DestroySession(bool)+36, pc 458a8)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraDeviceSessionHwlImpl::DestroyPipelinesLocked()+192, pc 614f0)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraDeviceSessionProjectImpl::DestroyPipelinesLocked()+28, pc 4639c)
    /vendor/lib64/libgooglecamerahwl_impl.so (android::google_camera_hal::CameraDeviceSessionHwlImpl::DestroyPipelines()+48, pc 613f4)
    /vendor/lib64/libgooglecamerahal.so (android::google_camera_hal::BasicCaptureSession::~BasicCaptureSession()+48, pc 31830)
    /vendor/lib64/libgooglecamerahal.so (android::google_camera_hal::BasicCaptureSession::~BasicCaptureSession()+16, pc 31890)
    /vendor/lib64/libgooglecamerahal.so (android::google_camera_hal::CameraDeviceSession::~CameraDeviceSession()+116, pc 385a4)
    /vendor/lib64/libgooglecamerahal.so (android::google_camera_hal::CameraDeviceSession::~CameraDeviceSession()+16, pc 392d0)
    /vendor/bin/hw/android.hardware.camera.provider@2.7-service-google (android::hardware::camera::device::implementation::AidlCameraDeviceSession::close()+284, pc 192fc)
    /vendor/bin/hw/android.hardware.camera.provider@2.7-service-google (android::hardware::camera::device::implementation::AidlCameraDeviceSession::~AidlCameraDeviceSession()+72, pc 15fd8)
    /vendor/bin/hw/android.hardware.camera.provider@2.7-service-google (android::hardware::camera::device::implementation::AidlCameraDeviceSession::~AidlCameraDeviceSession()+16, pc 161d0)
    /vendor/lib64/android.hardware.camera.device-V2-ndk.so (ndk::ICInterface::ICInterfaceData::onDestroy(void*)+56, pc 1b218)
    /system/lib64/libbinder_ndk.so (virtual thunk to ABBinder::~ABBinder()+80, pc cc10)
    /system/lib64/libutils.so (android::RefBase::decStrong(void const*) const+108, pc 1027c)
    /system/lib64/libbinder.so (android::IPCThreadState::processPendingDerefs()+120, pc 5f0a8)
    /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+104, pc 5f208)
    /system/lib64/libbinder.so (android::PoolThread::threadLoop()+24, pc 69078)
    /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+284, pc 1430c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cfa2c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64770)

[thestinger]

This crash was likely not the cause of a reboot. It's a null pointer deference bug. It will likely get fixed upstream. We have hardened_malloc disabled for this process so it's unlikely it's GrapheneOS specific, we just report these crashes to users unlike the stock OS.