search

GrapheneOS / os-issue-tracker

Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.
https://grapheneos.org/
336 stars 18 forks source link

Pixel 8 bluetooth app crash #3504

Open pedrosantosmartins opened 2 months ago

pedrosantosmartins commented 2 months ago 
type: crash
osVersion: google/shiba/shiba:14/AP1A.240405.002.B1/2024050300:user/release-keys
uid: 1002 (u:r:bluetooth:s0)
cmdline: com.android.bluetooth
processUptime: 0s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr f00dd2c5f732808
threadName: bt_a2dp_source_
MTE: enabled

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+12, pc d70fc)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (std::__1::recursive_mutex::lock()+20, pc bad5a4)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (A2dpCodecConfig::copyOutOtaCodecConfig(unsigned char*)+44, pc 5bfaac)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (a2dp_aac_encoder_init(tA2DP_ENCODER_INIT_PEER_PARAMS const*, A2dpCodecConfig*, unsigned int (*)(unsigned char*, unsigned int), bool (*)(BT_HDR*, unsigned long, unsigned int))+172, pc 5c782c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (btif_a2dp_source_setup_codec_delayed(RawAddress const&)+488, pc 531158)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+204, pc ada04c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::RunTask(base::PendingTask*)+360, pc ad9538)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::DoWork()+460, pc ad985c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+112, pc adc120)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::RunLoop::Run()+72, pc ae9278)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::Run(std::__1::promise<void>)+344, pc 7cd008)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::RunThread(bluetooth::common::MessageLoopThread*, std::__1::promise<void>)+56, pc 7cca78)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(bluetooth::common::MessageLoopThread*, std::__1::promise<void>), bluetooth::common::MessageLoopThread*, std::__1::promise<void> > >(void*)+92, pc 7cd65c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc d5e6c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68, pc 69a64)
muhomorr commented 2 months ago

How to reproduce this crash?

pedrosantosmartins commented 2 months ago

I had just paired the phone with the car radio (Sony DSX-A416BT) and was switching the radio on/off multiple times.