ADBD crashes often

[heckarman]

I've Shizuku installed and often times adbd crashes forcing Shizuku to shut it's running services:

type: crash
osVersion: google/bluejay/bluejay:14/UP1A.231105.003/2023112600:user/release-keys
uid: 2000 (u:r:adbd:s0 )
cmdline: /apex/com.android.adbd/bin/adbd --root_seclabel=u:r:su:s0
processUptime: 6847s

abortMessage: failed to delete fd 24 from JDWP epoll fd: Bad file descriptor

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: jdwp control

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 62e64)
    /apex/com.android.adbd/lib64/libbase.so (android::base::DefaultAborter(char const*)+12, pc 368bc)
    /apex/com.android.adbd/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_0::__invoke(char const*)+80, pc 38730)
    /apex/com.android.adbd/lib64/libbase.so (android::base::LogMessage::~LogMessage()+352, pc 37c30)
    /apex/com.android.adbd/bin/adbd (adbconnection_listen(void (*)(int, ProcessInfo))+1620, pc c5154)
    /apex/com.android.adbd/bin/adbd (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, init_jdwp()::$_0> >(void*)+168, pc c3928)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cfa0c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64730)

[thestinger]

Is this with the unmodified official releases of GrapheneOS?

[heckarman]

Yes. I've had bootloader unlocked for experiments apart from that, nothing's changed.

After I was unable to get Magisk working, I started using Shizuku wireless adb and it often crashes with the above error.

[thestinger]

It looks like the OS is modified.

[thestinger]

Please try with a fresh install. This looks like adb is trying to use root access which isn't in production builds.

It's meant to be locked in regular use which gives strong assurance that it's not modified via verified boot.

[heckarman]

Apart from boot image nothing was modified until yesterday. Now that, apart from the fact that bootloader is unlocked, nothing is modified. Will look into it.

I hope that GrapheneOS will prioritize data backup solution and proper call recording infra ASAP so that I can trust the OS with my data.

[muhomorr]

This is not a new crash, it just wasn't visible in the UI before. Next release will disable these notifications by default.

[heckarman]

This is not a new crash, it just wasn't visible in the UI before. Next release will disable these notifications by default.

Oh wait! I had enabled Always show crash dialogue in developer settings.

Getting context now. But may I know why it occurs? I'm just curious now.

[muhomorr]

There was no UI of any kind for these crashes before the current release.

This is a bug in adb.

[David-Prock]

My boot loader is locked and i dont have that package that the other person in post mentioned. And i got this error. In fact i have been getting lots of different errors

[elvisisvan]

having a similar error:

type: crash
osVersion: google/bluejay/bluejay:14/UP1A.231105.003/2023112900:user/release-keys
uid: 2000 (u:r:adbd:s0 )
cmdline: /apex/com.android.adbd/bin/adbd --root_seclabel=u:r:su:s0
processUptime: 6852s

abortMessage: failed to delete fd 20 from JDWP epoll fd: Bad file descriptor

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: jdwp control

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 62e64)
    /apex/com.android.adbd/lib64/libbase.so (android::base::DefaultAborter(char const*)+12, pc 368bc)
    /apex/com.android.adbd/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_0::__invoke(char const*)+80, pc 38730)
    /apex/com.android.adbd/lib64/libbase.so (android::base::LogMessage::~LogMessage()+352, pc 37c30)
    /apex/com.android.adbd/bin/adbd (adbconnection_listen(void (*)(int, ProcessInfo))+1620, pc c5154)
    /apex/com.android.adbd/bin/adbd (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, init_jdwp()::$_0> >(void*)+168, pc c3928)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cf9ec)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64730)

[Geo25rey]

TL;DR

adbd crashes on multiple devices some number of hours after being used on both Pixel 6a (bluejay) ,Pixel 7a (lynx), and Pixel 8 Pro (husky) devices and both rooted and not rooted systems. It's very likely to be the same or similar issue since the error happens at adbconnection_listen(void (*)(int, ProcessInfo))+1620, pc c5154 on all devices.

Also, my stacktrace from Pixel 7a (lynx):

type: crash
osVersion: google/lynx/lynx:14/UP1A.231105.003/2023112900:user/release-keys
uid: 2000 (u:r:adbd:s0)
cmdline: /apex/com.android.adbd/bin/adbd --root_seclabel=u:r:su:s0
processUptime: 125806s

abortMessage: failed to delete fd 20 from JDWP epoll fd: Bad file descriptor

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: jdwp control

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 62e64)
    /apex/com.android.adbd/lib64/libbase.so (android::base::DefaultAborter(char const*)+12, pc 368bc)
    /apex/com.android.adbd/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_0::__invoke(char const*)+80, pc 38730)
    /apex/com.android.adbd/lib64/libbase.so (android::base::LogMessage::~LogMessage()+352, pc 37c30)
    /apex/com.android.adbd/bin/adbd (adbconnection_listen(void (*)(int, ProcessInfo))+1620, pc c5154)
    /apex/com.android.adbd/bin/adbd (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, init_jdwp()::$_0> >(void*)+168, pc c3928)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cf9ec)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64730)

[Geo25rey]

@thestinger Do you know where to find this adbconnection_listen() function? The last commit that I can find referencing it is from 2020 and it deletes the file it was in without replacing it. I assume it went to another repo, but it's hard to find from hundreds of repos.

[chenxiaolong]

It was moved to https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/adb/libs/adbconnection/adbconnection_server.cpp;l=37;drc=fb529d52f4485c1fdbe6208f20af6578493e1ca7

Looks like GrapheneOS just uses the upstream AOSP repo for that.

[Geo25rey]

Thanks @chenxiaolong

After a code inspection, it seems that epoll_wait() (from libc) returns at least 1 event with a invalid file descriptor which causes adbd to crash.

Possible Bugs:

• GrapheneOS is using an old version of libc
  • This is the Graphene version last edited on Apr 29, 2020 and this is the AOSP version last edited on Aug 23, 2023
  • Even though this is a big time gap between edits, I don't think this is the issue since Graphene is only missing 2 commits that touch this file and both are from mid-2023
• The implementation of extern "C" int __epoll_pwait(int, epoll_event, int, int, const sigset64_t, size_t); might have a bug, and I'm unable to find it's definition. @chenxiaolong Do you know?
  • Assuming this is platform specific and defined in the Android kernel, this could potentially be a Graphene problem, as well

[thestinger]

GrapheneOS is using an old version of libc

That's incorrect. GrapheneOS is based on the latest stable release of Android 14. You're linking to the AOSP main branch which is the quite unstable development branch. Why not look at the latest stable release, which is the base for GrapheneOS?

[thestinger]

The current stable release tag for AOSP is android-14.0.0_r14 which is the basis for GrapheneOS and the stock Pixel OS, not the main branch.

[Geo25rey]

You're linking to the AOSP main branch which is the quite unstable development branch.

This is irrelevant. My point in bringing this up is to answer the question, "What changed?" and it's clearly not the source code of sys_epoll.cpp nor adbconnection_server.cpp since the latest changes from 2023 have not been included in GrapheneOS, yet. That leaves us with a version of sys_epoll.cpp from early 2020, which is quite old, and adbconnection_server.cpp from mid 2022 and if we rule out this commit 33123fb about logging the last change is really 2020 as well.

Why not look at the latest stable release, which is the base for GrapheneOS?

I am not an Android or kernel developer. I do not know where any of the code is and it's very hard to search through and navigate. There are hundreds of Android forks and mirrors on GitHub that make it impossible to search and find much of anything about GrapheneOS. And Android Code Search makes you go out of the main branch before it shows you other branches, which wasn't immediately obvious to me until now.

I'm just trying to do my best fixing an issue that I'm having and many other GrapheneOS users are facing.

The current stable release tag for AOSP is android-14.0.0_r14 which is the basis for GrapheneOS and the stock Pixel OS, not the main branch.

The latest tag I could find on Android Code Search is android-14.0.0_r11. r12-r14 are not found, so I'm not sure what you mean.

@thestinger I've seen your name on a number of commit regarding ADB over the past few years. What are your insights on what and why this might be happening?

[thestinger]

The latest tag was android-14.0.0_r14 not android-14.0.0_r11. The latest tag is now android-14.0.0_r17 with today's release.

[thestinger]

I've seen your name on a number of commit regarding ADB over the past few years. What are your insights on what and why this might be happening?

I don't know what you mean.

[Geo25rey]

I've seen your name on a number of commit regarding ADB over the past few years. What are your insights on what and why this might be happening?

I don't know what you mean.

9 commits you made here and another 3 here earliest from 2016.

You seem much more knowledgeable than me on ADB's innerworkings. I figured you would have some more insight than I do after working on ADB related things for 7 years.

So, what would you suggest to debug this issue?

[Geo25rey]

The latest tag was android-14.0.0_r14 not android-14.0.0_r11. The latest tag is now android-14.0.0_r17 with today's release.

Again, the specific version doesn't really matter in this case. The last relevant changes, to my understanding, are from over 3 years ago.

[thestinger]

Those aren't changes to the ADB code.

[pakin1]

Same issue here. Pixel 7 Pro.

type: crash
osVersion: google/cheetah/cheetah:14/UQ1A.240205.002/2024020500:user/release-keys
uid: 2000 (u:r:adbd:s0)
cmdline: /apex/com.android.adbd/bin/adbd --root_seclabel=u:r:su:s0
processUptime: 18259s

abortMessage: failed to delete fd 22 from JDWP epoll fd: Bad file descriptor

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: jdwp control

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+164, pc 62ea4)
    /apex/com.android.adbd/lib64/libbase.so (android::base::DefaultAborter(char const*)+12, pc 368bc)
    /apex/com.android.adbd/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_0::__invoke(char const*)+80, pc 38730)
    /apex/com.android.adbd/lib64/libbase.so (android::base::LogMessage::~LogMessage()+352, pc 37c30)
    /apex/com.android.adbd/bin/adbd (adbconnection_listen(void (*)(int, ProcessInfo))+1620, pc c5154)
    /apex/com.android.adbd/bin/adbd (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, init_jdwp()::$_0> >(void*)+168, pc c3928)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cfa2c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64770)
```
`

No root, only Shizuku installed.
It's crashing even with Shizuku disabled.

[whatthesamuel]

Same here: latest graphene unmodified/pixel 6a