os-issue-tracker icon indicating copy to clipboard operation
os-issue-tracker copied to clipboard

Published 20 hours ago verified publisher icon GrapheneOS

Pixel 8 bluetooth app crash

Open pedrosantosmartins opened this issue 1 year ago • 7 comments 

type: crash
osVersion: google/shiba/shiba:14/AP1A.240405.002.B1/2024050300:user/release-keys
uid: 1002 (u:r:bluetooth:s0)
cmdline: com.android.bluetooth
processUptime: 0s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr f00dd2c5f732808
threadName: bt_a2dp_source_
MTE: enabled

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+12, pc d70fc)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (std::__1::recursive_mutex::lock()+20, pc bad5a4)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (A2dpCodecConfig::copyOutOtaCodecConfig(unsigned char*)+44, pc 5bfaac)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (a2dp_aac_encoder_init(tA2DP_ENCODER_INIT_PEER_PARAMS const*, A2dpCodecConfig*, unsigned int (*)(unsigned char*, unsigned int), bool (*)(BT_HDR*, unsigned long, unsigned int))+172, pc 5c782c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (btif_a2dp_source_setup_codec_delayed(RawAddress const&)+488, pc 531158)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+204, pc ada04c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::RunTask(base::PendingTask*)+360, pc ad9538)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::DoWork()+460, pc ad985c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+112, pc adc120)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::RunLoop::Run()+72, pc ae9278)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::Run(std::__1::promise<void>)+344, pc 7cd008)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::RunThread(bluetooth::common::MessageLoopThread*, std::__1::promise<void>)+56, pc 7cca78)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(bluetooth::common::MessageLoopThread*, std::__1::promise<void>), bluetooth::common::MessageLoopThread*, std::__1::promise<void> > >(void*)+92, pc 7cd65c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc d5e6c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68, pc 69a64)

pedrosantosmartins avatar May 08 '24 13:05 pedrosantosmartins

How to reproduce this crash?

muhomorr avatar May 08 '24 14:05 muhomorr

I had just paired the phone with the car radio (Sony DSX-A416BT) and was switching the radio on/off multiple times.

pedrosantosmartins avatar May 08 '24 14:05 pedrosantosmartins 

type: crash
osVersion: google/shiba/shiba:14/AP1A.240405.002.B1/2024050300:user/release-keys
uid: 1002 (u:r:bluetooth:s0)
cmdline: com.android.bluetooth
processUptime: 0s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr f00dd2c5f732808
threadName: bt_a2dp_source_
MTE: enabled

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+12, pc d70fc)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (std::__1::recursive_mutex::lock()+20, pc bad5a4)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (A2dpCodecConfig::copyOutOtaCodecConfig(unsigned char*)+44, pc 5bfaac)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (a2dp_aac_encoder_init(tA2DP_ENCODER_INIT_PEER_PARAMS const*, A2dpCodecConfig*, unsigned int (*)(unsigned char*, unsigned int), bool (*)(BT_HDR*, unsigned long, unsigned int))+172, pc 5c782c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (btif_a2dp_source_setup_codec_delayed(RawAddress const&)+488, pc 531158)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+204, pc ada04c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::RunTask(base::PendingTask*)+360, pc ad9538)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::DoWork()+460, pc ad985c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+112, pc adc120)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::RunLoop::Run()+72, pc ae9278)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::Run(std::__1::promise<void>)+344, pc 7cd008)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::RunThread(bluetooth::common::MessageLoopThread*, std::__1::promise<void>)+56, pc 7cca78)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(bluetooth::common::MessageLoopThread*, std::__1::promise<void>), bluetooth::common::MessageLoopThread*, std::__1::promise<void> > >(void*)+92, pc 7cd65c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc d5e6c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68, pc 69a64)

I also encountered the same problem. After I paired phone, did you find a solution?

siowhao123 avatar Oct 07 '24 05:10 siowhao123

How did you trigger it?

thestinger avatar Oct 07 '24 10:10 thestinger

How did you trigger it?

When I pairing another phone using bluetooth...

siowhao123 avatar Oct 07 '24 14:10 siowhao123

so about this issue , how to fix it ?

siowhao123 avatar Oct 08 '24 03:10 siowhao123

We currently aren't able to trigger it so it's hard for us to resolve. It appears to only occur on 8th gen Pixels but we've been unable to replicate it there.

thestinger avatar Oct 08 '24 06:10 thestinger 

type: crash
osVersion: google/shiba/shiba:15/AP4A.250205.002/2025020500:user/release-keys
uid: 1002 (u:r:bluetooth:s0)
cmdline: com.android.bluetooth
processUptime: 0s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 200d15e26293408
threadName: bt_a2dp_source_
MTE: enabled

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+4, pc 7d214)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (std::__1::recursive_mutex::lock()+12, pc 2c592c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (A2dpCodecConfig::copyOutOtaCodecConfig(unsigned char*)+40, pc 7b7ea8)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (btif_a2dp_source_setup_codec_delayed(RawAddress const&)+524, pc 73217c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+204, pc ad685c)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::RunTask(base::PendingTask*)+360, pc ad5d48)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessageLoop::DoWork()+520, pc ad60a8)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+96, pc ad8850)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::RunLoop::Run()+72, pc ae5b38)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::Run(std::__1::promise<void>)+328, pc ac34f8)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::common::MessageLoopThread::RunThread(bluetooth::common::MessageLoopThread*, std::__1::promise<void>)+56, pc ac3078)
    /apex/com.android.btservices/lib64/libbluetooth_jni.so (void* std::__1::__thread_proxy[abi:nn190000]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (*)(bluetooth::common::MessageLoopThread*, std::__1::promise<void>), bluetooth::common::MessageLoopThread*, std::__1::promise<void>>>(void*)+92, pc ac3ddc)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+132, pc 7ba94)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68, pc 6b474)

I am getting almost the same crash also on Pixel 8, however I am able to repeat it. I am using Huawei Freelace Pro headset which can be charged plugging them in into usb-C port (including smartphone port too), convenient charging on the go. During that charging its rather not possible to listen audio, because you need to unplug one ear to get to usb-c plug. However, headset when charging is still connected to smartphone and then a try to play any audio will make bt crash.

maklimcz avatar Feb 12 '25 18:02 maklimcz