android.hardware.bluetooth-service.bcmbtlinux crash

[PatrykMis]

Right after 3rd restart of latest alpha, bluetooth disabled, airplane mode enabled.

type: crash
osVersion: google/shiba/shiba:14/AP2A.240705.005/2024070201:user/release-keys
uid: 1002 (u:r:hal_bluetooth_btlinux:s0)
cmdline: /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux
processUptime: 0s

abortMessage: hardened_malloc: fatal allocator error: double free (quarantine)

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: binder:838_2
MTE: enabled

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+168, pc 66ac8)
    /apex/com.android.runtime/lib64/bionic/libc.so (fatal_error+48, pc 4fe0c)
    /apex/com.android.runtime/lib64/bionic/libc.so (deallocate_small+1692, pc 4d2ac)
    /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::HciFlowControl::~HciFlowControl()+36, pc 1c4e4)
    /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::shim::Deinitialize()+104, pc 3fdc8)
    /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::aidl::bcmbtlinux::BluetoothHci::signal_handler(int)+116, pc 51594)
    [vdso] (pc 854)
    /apex/com.android.runtime/lib64/bionic/libc.so (__strlen_aarch64_mte+4, pc 60204)
    /system/lib64/liblog.so (__android_log_is_loggable+44, pc 910c)
    /vendor/lib64/libbase.so (android::base::ShouldLog(android::base::LogSeverity, char const*)+68, pc 17024)
    /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::activitywatcher::ControllerActivityWatcher::binderDied()+48, pc 629f0)
    /system/lib64/libbinder_ndk.so (AIBinder_DeathRecipient::TransferDeathRecipient::binderDied(android::wp<android::IBinder> const&)+72, pc 113e8)
    /system/lib64/libbinder.so (android::BpBinder::reportOneDeath(android::BpBinder::Obituary const&)+148, pc 5cab4)
    /system/lib64/libbinder.so (android::BpBinder::sendObituary()+156, pc 5c9ac)
    /system/lib64/libbinder.so (android::IPCThreadState::executeCommand(int)+5448, pc 54aa8)
    /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+684, pc 52a0c)
    /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (main+2628, pc 65664)
    /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+120, pc 5f0a8)

[czarnyckm]

The same on pixel 7 pro after 3 first reboots with 2024070201 stable release channel.

The last 2 reboots without Bluetooth service crash.

[muhomorr]

Do you observe any Bluetooth issues?

[czarnyckm]

Work flawless without any issue. I used it yesterday with a headset for about 90 minutes.

[PatrykMis]

Sometimes I use the phone with bluetooth speaker, no other issues so far.

[BeinStalkd]

Also with bluetooth disabled, airplane mode enabled, I've gotten this error twice now since last update. BT ear buds worked fine after the first occurrence. Had one issue connecting BT ear buds that were well within range after the second occurrence. Second attempt to connect them without reboot was successful.

android.hardware.bluetooth-service.bcmbtlinux crash

---------- 1st Time ---------

type: crash osVersion: google/bluejay/bluejay:14/AP2A.240605.024/2024062700:user/release-keys uid: 1002 (u:r:hal_bluetooth_btlinux:s0) cmdline: /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux processUptime: 0s

abortMessage: hardened_malloc: fatal allocator error: double free (quarantine)

signal: 6 (SIGABRT), code -1 (SI_QUEUE) threadName: binder:828_1

backtrace: /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 64a24) /apex/com.android.runtime/lib64/bionic/libc.so (fatal_error+44, pc 4e504) /apex/com.android.runtime/lib64/bionic/libc.so (deallocate_small+1572, pc 4bbc4) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::HciFlowControl::~HciFlowControl()+36, pc 1c4e4) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::shim::Deinitialize()+104, pc 3fdc8) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::aidl::bcmbtlinux::BluetoothHci::signal_handler(int)+116, pc 51594) [vdso] (pc 88c) /apex/com.android.runtime/lib64/bionic/libc.so (ioctl+4, pc cde84) /apex/com.android.runtime/lib64/bionic/libc.so (ioctl+156, pc 7133c) /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+296, pc 50848) /system/lib64/libbinder.so (android::PoolThread::threadLoop()+24, pc 50708) /system/lib64/libutils.so (android::Thread::_threadLoop(void)+244, pc 115d4) /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void)+204, pc 7679c) /apex/com.android.runtime/lib64/bionic/libc.so (start_thread+64, pc 67d50)

------------------2nd Time------------------

type: crash osVersion: google/bluejay/bluejay:14/AP2A.240705.004/2024070201:user/release-keys uid: 1002 (u:r:hal_bluetooth_btlinux:s0) cmdline: /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux processUptime: 0s

abortMessage: hardened_malloc: fatal allocator error: double free (quarantine)

signal: 6 (SIGABRT), code -1 (SI_QUEUE) threadName: binder:811_2

backtrace: /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 64a24) /apex/com.android.runtime/lib64/bionic/libc.so (fatal_error+44, pc 4e504) /apex/com.android.runtime/lib64/bionic/libc.so (deallocate_small+1572, pc 4bbc4) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::HciFlowControl::~HciFlowControl()+36, pc 1c4e4) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::shim::Deinitialize()+104, pc 3fdc8) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::aidl::bcmbtlinux::BluetoothHci::signal_handler(int)+116, pc 51594) [vdso] (pc 88c) /apex/com.android.runtime/lib64/bionic/libc.so (ioctl+4, pc cde84) /apex/com.android.runtime/lib64/bionic/libc.so (ioctl+156, pc 7133c) /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+296, pc 50848) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (main+2628, pc 65664) /apex/com.android.runtime/lib64/bionic/libc.so (libc_init+116, pc 5d304)

[canwail]

Probably a duplicate of #3675

[BeinStalkd]

3rd time after reboot with airplane mode on and Bluetooth off.

type: crash osVersion: google/bluejay/bluejay:14/AP2A.240705.004/2024071600:user/release-keys uid: 1002 (u:r:hal_bluetooth_btlinux:s0) cmdline: /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux processUptime: 0s

abortMessage: hardened_malloc: fatal allocator error: double free (quarantine)

signal: 6 (SIGABRT), code -1 (SI_QUEUE) threadName: binder:830_2

backtrace: /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 64a24) /apex/com.android.runtime/lib64/bionic/libc.so (fatal_error+44, pc 4e504) /apex/com.android.runtime/lib64/bionic/libc.so (deallocate_small+1572, pc 4bbc4) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::H4Protocol::~H4Protocol()+84, pc 3fc34) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::shim::DeinitializeCallback()+60, pc 3fbbc) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::HciFlowControl::~HciFlowControl()+20, pc 1c4d4) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::hci::shim::Deinitialize()+104, pc 3fdc8) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (android::hardware::bluetooth::aidl::bcmbtlinux::BluetoothHci::signal_handler(int)+116, pc 51594) [vdso] (pc 88c) /apex/com.android.runtime/lib64/bionic/libc.so (ioctl+4, pc cde84) /apex/com.android.runtime/lib64/bionic/libc.so (ioctl+156, pc 7133c) /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+296, pc 50848) /vendor/bin/hw/android.hardware.bluetooth-service.bcmbtlinux (main+2628, pc 65664) /apex/com.android.runtime/lib64/bionic/libc.so (libc_init+116, pc 5d304)