fix issues caught by -fsanitize=bounds in bluetooth.default #436

jgeerds · Sep 17, 2016

My Bluetooth is constantly crashing since I updated to the latest version (2016-09-16 14:31:32) on my Nexus 5X. The previous versin from 2016-09-14 worked fine for me.

Here is the shortened output of logcat. I think it covers the important parts (it is basically a loop of this error)

[...]
09-17 12:45:06.423  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:07.908  9774  9807 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xed65b084 in tid 9807 (bluetooth wake)
09-17 12:45:07.978  9816  9816 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:07.978  9816  9816 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:07.978  9816  9816 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:07.978  9816  9816 F DEBUG   : ABI: 'arm'
09-17 12:45:07.978  9816  9816 F DEBUG   : pid: 9774, tid: 9807, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:07.978  9816  9816 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xed65b084
09-17 12:45:07.978  9816  9816 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:07.978  9816  9816 F DEBUG   :     r4 00000000  r5 ed84a998  r6 f1305400  r7 ed84a998
09-17 12:45:07.978  9816  9816 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp f11a48ac
09-17 12:45:07.978  9816  9816 F DEBUG   :     ip 00000008  sp e31882e8  lr ed661269  pc ed65b084  cpsr a0070030
09-17 12:45:07.981  9816  9816 F DEBUG   : 
09-17 12:45:07.981  9816  9816 F DEBUG   : backtrace:
09-17 12:45:07.981  9816  9816 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:07.982  9816  9816 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:07.982  9816  9816 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:07.982  9816  9816 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:07.982  9816  9816 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:07.982  9816  9816 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:07.982  9816  9816 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:07.982  9816  9816 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:09.094  4331  9817 I chatty  : uid=1000 system_server expire 2 lines
09-17 12:45:09.099  4331  4628 I chatty  : uid=1000(system) Binder:4331_2 expire 1 line
09-17 12:45:09.110  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:09.114  4331  5276 I chatty  : uid=1000(system) Binder:4331_3 expire 11 lines
09-17 12:45:10.971  9820  9851 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xed73b084 in tid 9851 (bluetooth wake)
09-17 12:45:11.042  9860  9860 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:11.042  9860  9860 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:11.042  9860  9860 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:11.042  9860  9860 F DEBUG   : ABI: 'arm'
09-17 12:45:11.042  9860  9860 F DEBUG   : pid: 9820, tid: 9851, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:11.042  9860  9860 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xed73b084
09-17 12:45:11.042  9860  9860 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:11.043  9860  9860 F DEBUG   :     r4 00000000  r5 ed92a998  r6 ed619800  r7 ed92a998
09-17 12:45:11.043  9860  9860 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp f16dd60c
09-17 12:45:11.043  9860  9860 F DEBUG   :     ip 00000008  sp e3262dd8  lr ed741269  pc ed73b084  cpsr a0070030
09-17 12:45:11.045  9860  9860 F DEBUG   : 
09-17 12:45:11.045  9860  9860 F DEBUG   : backtrace:
09-17 12:45:11.045  9860  9860 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:11.045  9860  9860 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:11.045  9860  9860 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:11.045  9860  9860 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:11.045  9860  9860 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:11.045  9860  9860 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:11.045  9860  9860 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:11.045  9860  9860 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:12.307  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:13.710  9863  9896 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xed705084 in tid 9896 (bluetooth wake)
09-17 12:45:13.781  9904  9904 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:13.782  9904  9904 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:13.782  9904  9904 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:13.782  9904  9904 F DEBUG   : ABI: 'arm'
09-17 12:45:13.782  9904  9904 F DEBUG   : pid: 9863, tid: 9896, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:13.782  9904  9904 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xed705084
09-17 12:45:13.782  9904  9904 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:13.782  9904  9904 F DEBUG   :     r4 00000000  r5 ed8f4998  r6 f11a2e00  r7 ed8f4998
09-17 12:45:13.782  9904  9904 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp ed918e2c
09-17 12:45:13.782  9904  9904 F DEBUG   :     ip 00000008  sp e312bb18  lr ed70b269  pc ed705084  cpsr a0070030
09-17 12:45:13.784  9904  9904 F DEBUG   : 
09-17 12:45:13.784  9904  9904 F DEBUG   : backtrace:
09-17 12:45:13.784  9904  9904 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:13.784  9904  9904 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:13.784  9904  9904 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:13.784  9904  9904 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:13.784  9904  9904 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:13.784  9904  9904 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:13.785  9904  9904 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:13.785  9904  9904 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:14.898  4331  9907 I chatty  : uid=1000 system_server expire 2 lines
09-17 12:45:14.918  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:14.923  4331  6571 I chatty  : uid=1000(system) Binder:4331_7 expire 11 lines
09-17 12:45:15.102  4331  4678 I chatty  : uid=1000(system) android.io expire 34 lines
09-17 12:45:15.343  4331  4331 I chatty  : uid=1000 system_server expire 32 lines
09-17 12:45:16.780  9910  9941 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xed677084 in tid 9941 (bluetooth wake)
09-17 12:45:16.850  9950  9950 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:16.851  9950  9950 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:16.851  9950  9950 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:16.851  9950  9950 F DEBUG   : ABI: 'arm'
09-17 12:45:16.851  9950  9950 F DEBUG   : pid: 9910, tid: 9941, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:16.851  9950  9950 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xed677084
09-17 12:45:16.851  9950  9950 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:16.851  9950  9950 F DEBUG   :     r4 00000000  r5 ed866998  r6 e49fa800  r7 ed866998
09-17 12:45:16.851  9950  9950 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp f16dd9ac
09-17 12:45:16.851  9950  9950 F DEBUG   :     ip 00000008  sp e337be28  lr ed67d269  pc ed677084  cpsr a0070030
09-17 12:45:16.854  9950  9950 F DEBUG   : 
09-17 12:45:16.854  9950  9950 F DEBUG   : backtrace:
09-17 12:45:16.854  9950  9950 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:16.854  9950  9950 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:16.854  9950  9950 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:16.854  9950  9950 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:16.854  9950  9950 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:16.854  9950  9950 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:16.855  9950  9950 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:16.855  9950  9950 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:17.994  4331  4678 I chatty  : uid=1000(system) android.io expire 143 lines
09-17 12:45:18.007  4331  4648 I chatty  : uid=1000(system) ActivityManager expire 4 lines
09-17 12:45:18.132  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:19.637  9953  9986 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xed62b084 in tid 9986 (bluetooth wake)
09-17 12:45:19.707  9995  9995 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:19.707  9995  9995 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:19.707  9995  9995 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:19.707  9995  9995 F DEBUG   : ABI: 'arm'
09-17 12:45:19.707  9995  9995 F DEBUG   : pid: 9953, tid: 9986, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:19.707  9995  9995 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xed62b084
09-17 12:45:19.707  9995  9995 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:19.707  9995  9995 F DEBUG   :     r4 00000000  r5 ed81a998  r6 ed8fa200  r7 ed81a998
09-17 12:45:19.707  9995  9995 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp f11b34ac
09-17 12:45:19.707  9995  9995 F DEBUG   :     ip 00000008  sp e30e6788  lr ed631269  pc ed62b084  cpsr a0070030
09-17 12:45:19.710  9995  9995 F DEBUG   : 
09-17 12:45:19.710  9995  9995 F DEBUG   : backtrace:
09-17 12:45:19.710  9995  9995 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:19.710  9995  9995 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:19.710  9995  9995 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:19.710  9995  9995 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:19.710  9995  9995 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:19.710  9995  9995 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:19.710  9995  9995 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:19.710  9995  9995 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:20.801  4331  9997 I chatty  : uid=1000 system_server expire 2 lines
09-17 12:45:20.820  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:20.827  4331  7858 I chatty  : uid=1000(system) Binder:4331_8 expire 11 lines
09-17 12:45:22.653 10000 10030 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xe5438084 in tid 10030 (bluetooth wake)
09-17 12:45:22.723 10038 10038 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:22.723 10038 10038 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:22.723 10038 10038 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:22.723 10038 10038 F DEBUG   : ABI: 'arm'
09-17 12:45:22.723 10038 10038 F DEBUG   : pid: 10000, tid: 10030, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:22.723 10038 10038 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xe5438084
09-17 12:45:22.723 10038 10038 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:22.723 10038 10038 F DEBUG   :     r4 00000000  r5 e5627998  r6 f1575e00  r7 e5627998
09-17 12:45:22.723 10038 10038 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp e4a8f6cc
09-17 12:45:22.723 10038 10038 F DEBUG   :     ip 00000008  sp e33f3fc8  lr e543e269  pc e5438084  cpsr a0070030
09-17 12:45:22.727 10038 10038 F DEBUG   : 
09-17 12:45:22.727 10038 10038 F DEBUG   : backtrace:
09-17 12:45:22.727 10038 10038 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:22.727 10038 10038 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:22.727 10038 10038 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:22.727 10038 10038 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:22.728 10038 10038 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:22.728 10038 10038 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:22.728 10038 10038 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:22.728 10038 10038 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:24.050  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:24.621  4331  4681 I chatty  : uid=1000(system) PowerManagerSer expire 3 lines
09-17 12:45:24.931  4331  4679 I chatty  : uid=1000(system) android.display expire 1 line
09-17 12:45:25.100  4331  4677 I chatty  : uid=1000(system) android.fg expire 1 line
09-17 12:45:25.103  4331  9951 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.103  4331  8109 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.104  4331  7854 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.104  4331  8259 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.105  4331  9132 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.105  4331  9582 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.105  4331  9685 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.105  4331  9861 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.106  4331 10039 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.106  4331  6923 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.106  4331  9408 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.107  4331  9316 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.108  4331  9772 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.108  4331  7276 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.108  4331  7506 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.109  4331  9226 I chatty  : uid=1000 system_server expire 1 line
09-17 12:45:25.112  4331  4650 I chatty  : uid=1000(system) android.ui expire 32 lines
09-17 12:45:25.342 10041 10090 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xe5438084 in tid 10090 (bluetooth wake)
09-17 12:45:25.418 10139 10139 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:25.418 10139 10139 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:25.418 10139 10139 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:25.418 10139 10139 F DEBUG   : ABI: 'arm'
09-17 12:45:25.418 10139 10139 F DEBUG   : pid: 10041, tid: 10090, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:25.418 10139 10139 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xe5438084
09-17 12:45:25.418 10139 10139 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:25.418 10139 10139 F DEBUG   :     r4 00000000  r5 e5627998  r6 ed5e8000  r7 e5627998
09-17 12:45:25.418 10139 10139 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp ed919dac
09-17 12:45:25.418 10139 10139 F DEBUG   :     ip 00000008  sp e3004988  lr e543e269  pc e5438084  cpsr a0070030
09-17 12:45:25.421 10139 10139 F DEBUG   : 
09-17 12:45:25.421 10139 10139 F DEBUG   : backtrace:
09-17 12:45:25.421 10139 10139 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:25.421 10139 10139 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:25.421 10139 10139 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:25.421 10139 10139 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:25.421 10139 10139 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:25.421 10139 10139 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:25.421 10139 10139 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:25.421 10139 10139 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:26.468  4331 10140 I chatty  : uid=1000 system_server expire 2 lines
09-17 12:45:26.481  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
09-17 12:45:26.486  4331  6571 I chatty  : uid=1000(system) Binder:4331_7 expire 1 line
09-17 12:45:26.926  4331  4331 I chatty  : uid=1000 system_server expire 8 lines
09-17 12:45:28.342 10143 10173 F libc    : Fatal signal 4 (SIGILL), code 1, fault addr 0xed751084 in tid 10173 (bluetooth wake)
09-17 12:45:28.416 10182 10182 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-17 12:45:28.416 10182 10182 F DEBUG   : Build fingerprint: 'Android/aosp_bullhead/bullhead:7.0/NRD90U/2016.09.16.14.31.32:user/release-keys'
09-17 12:45:28.416 10182 10182 F DEBUG   : Revision: 'rev_1.0'
09-17 12:45:28.416 10182 10182 F DEBUG   : ABI: 'arm'
09-17 12:45:28.417 10182 10182 F DEBUG   : pid: 10143, tid: 10173, name: bluetooth wake  >>> com.android.bluetooth <<<
09-17 12:45:28.417 10182 10182 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xed751084
09-17 12:45:28.417 10182 10182 F DEBUG   :     r0 ffffffff  r1 00000001  r2 00000000  r3 00000003
09-17 12:45:28.417 10182 10182 F DEBUG   :     r4 00000000  r5 ed940998  r6 e4d8f400  r7 ed940998
09-17 12:45:28.417 10182 10182 F DEBUG   :     r8 00000003  r9 00000000  sl 00000001  fp e4d9192c
09-17 12:45:28.417 10182 10182 F DEBUG   :     ip 00000008  sp e33951e8  lr ed757269  pc ed751084  cpsr a0070030
09-17 12:45:28.419 10182 10182 F DEBUG   : 
09-17 12:45:28.419 10182 10182 F DEBUG   : backtrace:
09-17 12:45:28.419 10182 10182 F DEBUG   :     #00 pc 0002e084  /system/lib/hw/bluetooth.default.so
09-17 12:45:28.419 10182 10182 F DEBUG   :     #01 pc 00034265  /system/lib/hw/bluetooth.default.so
09-17 12:45:28.419 10182 10182 F DEBUG   :     #02 pc 00034c7d  /system/lib/hw/bluetooth.default.so
09-17 12:45:28.419 10182 10182 F DEBUG   :     #03 pc 00041165  /system/lib/hw/bluetooth.default.so
09-17 12:45:28.420 10182 10182 F DEBUG   :     #04 pc 000ec77b  /system/lib/hw/bluetooth.default.so
09-17 12:45:28.420 10182 10182 F DEBUG   :     #05 pc 000ed573  /system/lib/hw/bluetooth.default.so
09-17 12:45:28.420 10182 10182 F DEBUG   :     #06 pc 0004b08b  /system/lib/libc.so (_ZL15__pthread_startPv+22)
09-17 12:45:28.420 10182 10182 F DEBUG   :     #07 pc 00019a91  /system/lib/libc.so (__start_thread+6)
09-17 12:45:29.525  4331  5279 I chatty  : uid=1000(system) Binder:4331_4 expire 20 lines
09-17 12:45:29.530  4331  4678 I chatty  : uid=1000(system) android.io expire 88 lines
09-17 12:45:29.542  4331  4648 I chatty  : uid=1000(system) ActivityManager expire 5 lines
09-17 12:45:29.671  6110  6110 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.startService:1385 android.content.ContextWrapper.startService:613 android.content.ContextWrapper.startService:613 com.android.settings.bluetooth.DockEventReceiver.beginStartingService:134 com.android.settings.bluetooth.DockEventReceiver.onReceive:115 
[...]

This would be an upstream bug caught by -fsanitize=bounds. This will have to be yet another library given an exception from this.

thestinger · Sep 17, 2016

This would be an upstream bug caught by -fsanitize=bounds. This will have to be yet another library given an exception from this.

So the proper solution would be to wait until it's fixed in upstream or is there another way? Do you have a quick workaround for it? (like disabling the bluetooth service)

jgeerds · Sep 17, 2016

So the proper solution would be to wait until it's fixed in upstream or is there another way? Do you have a quick workaround for it? (like disabling the bluetooth service)

It has already been worked around by disabling -fsanitize=bounds for it. The issue has to remain open until the memory corruption bug(s) in the bluetooth library are fixed. You can probably avoid the crashes by disabling bluetooth but this specific issue will already be worked around in the next release.

thestinger · Sep 17, 2016

It has already been worked around by disabling -fsanitize=bounds for it. The issue has to remain open until the memory corruption bug(s) in the bluetooth library are fixed. You can probably avoid the crashes by disabling bluetooth but this specific issue will already be worked around in the next release.

For some reason it is not possible to disable Bluetooth from the Android GUI. The phone immediately tries to activate bluetooth again.

So there will be a new release in the next few hours/days? Is there a place where I can monitor new releases (like your build pipeline)?

jgeerds · Sep 17, 2016

For some reason it is not possible to disable Bluetooth from the Android GUI. The phone immediately tries to activate bluetooth again.

So there will be a new release in the next few hours/days? Is there a place where I can monitor new releases (like your build pipeline)?

So there will be a new release in the next few hours/days?

Not in a few hours. It takes ~2-3 hours to build + sign + upload for each device and more time for testing. Perhaps today though.

Is there a place where I can monitor new releases (like your build pipeline)?

No. All you can do is see that it's there once it's published.

thestinger · Sep 17, 2016

So there will be a new release in the next few hours/days?

Not in a few hours. It takes ~2-3 hours to build + sign + upload for each device and more time for testing. Perhaps today though.

Is there a place where I can monitor new releases (like your build pipeline)?

No. All you can do is see that it's there once it's published.

btw. I just donated $25 to you/copperhead. Thanks for you fast support! 😄 Have a nice weekend

jgeerds · Sep 17, 2016

btw. I just donated $25 to you/copperhead. Thanks for you fast support! 😄 Have a nice weekend

Thanks!

thestinger · Sep 17, 2016

Thanks!

nexus 6p too is in a crash loop

subproc · Sep 17, 2016

nexus 6p too is in a crash loop

I know it's not a device-specific issue. It's fixed already.

thestinger · Sep 17, 2016

I know it's not a device-specific issue. It's fixed already.

Hello Stinger, having the same issue here; just updated this morning to NRD90U.2016.9.16.14.31.32. I was able to shut off BT to stop getting the errors.

You mentioned it is fixed already...am I not running the latest build?

Is there a way to reinstall the latest build to rule out possibility of a bad install?

Thanks for your help

KnucklesPierce · Sep 17, 2016

Hello Stinger, having the same issue here; just updated this morning to NRD90U.2016.9.16.14.31.32. I was able to shut off BT to stop getting the errors.

You mentioned it is fixed already...am I not running the latest build?

Is there a way to reinstall the latest build to rule out possibility of a bad install?

Thanks for your help

It isn't released yet.

thestinger · Sep 17, 2016

It isn't released yet.

Ah, gotcha.

Am I able to revert back to a previous build?

KnucklesPierce · Sep 17, 2016

Ah, gotcha.

Am I able to revert back to a previous build?

Am I able to revert back to a previous build?

No.

thestinger · Sep 17, 2016

Am I able to revert back to a previous build?

No.

Damn.

Thanks for your time and quick replies, Dan.

KnucklesPierce · Sep 17, 2016

Damn.

Thanks for your time and quick replies, Dan.

The new builds would already be published if we had a proper build server, and problems like this could be avoided in the first place with enough devices to make running the full CTS for every release reasonable by spreading it out. There is going to be a LOT more of this for -fsanitize=bounds once it's enabled for C++ again rather than just C. This is one of the painful parts of migrating to Android Nougat.

thestinger · Sep 17, 2016

The new builds would already be published if we had a proper build server, and problems like this could be avoided in the first place with enough devices to make running the full CTS for every release reasonable by spreading it out. There is going to be a LOT more of this for -fsanitize=bounds once it's enabled for C++ again rather than just C. This is one of the painful parts of migrating to Android Nougat.

I gathered so much from reading some of the posts James has been sending out lately. I'm not a programmer by any stretch of the imagination (last program I made was in VB5), so I'm not completely sure what I read some of the time, but the underlying tones of frustration come through nonetheless. I actually made a mental note to not upgrade due to those posts...that went out the window at 5am.

On a semi-related topic, what would be a proper build server?

KnucklesPierce · Sep 17, 2016

I gathered so much from reading some of the posts James has been sending out lately. I'm not a programmer by any stretch of the imagination (last program I made was in VB5), so I'm not completely sure what I read some of the time, but the underlying tones of frustration come through nonetheless. I actually made a mental note to not upgrade due to those posts...that went out the window at 5am.

On a semi-related topic, what would be a proper build server?

The message that was meant to be communicated was not that you shouldn't upgrade. You need to stay updated to get the security updates. There was an initial issue with the Updater app but it was known how to work around that before any announcement about it was made. The migration is already done and it's back to how things are regularly.

thestinger · Sep 17, 2016

The message that was meant to be communicated was not that you shouldn't upgrade. You need to stay updated to get the security updates. There was an initial issue with the Updater app but it was known how to work around that before any announcement about it was made. The migration is already done and it's back to how things are regularly.

On a semi-related topic, what would be a proper build server?

A dual socket server with 16 core Xeon E5 CPUs at a minimum. Ideally much better than that. Builds take a ridiculous amount of time and it's a huge bottleneck on the development process. Doing more than basic QA to move the project out of beta requires having someone else working on the project full-time and a lot of phones for running the CTS in a reasonable time period. The project will be eternally in beta until there are several more people working on it full-time.

thestinger · Sep 17, 2016

On a semi-related topic, what would be a proper build server?

A dual socket server with 16 core Xeon E5 CPUs at a minimum. Ideally much better than that. Builds take a ridiculous amount of time and it's a huge bottleneck on the development process. Doing more than basic QA to move the project out of beta requires having someone else working on the project full-time and a lot of phones for running the CTS in a reasonable time period. The project will be eternally in beta until there are several more people working on it full-time.

CopperheadOS implements new mitigations and they end up discovering upstream Android bugs. It's working as intended. There will be more of these issues found when -fsanitize=bounds it's enabled for C++ again rather than only C. For these I only need an one report of how to trigger the issue with a log and then it can be worked around by disabling the feature for that broken code until it's fixed.

Only issues breaking the booting / update process or network access are going to be discovered by the current QA done for each release. Anything else has to be reported. A subset of the CTS is occasionally run as part of the development process, but not for every release, and rarely the entire thing.

thestinger · Sep 17, 2016

CopperheadOS implements new mitigations and they end up discovering upstream Android bugs. It's working as intended. There will be more of these issues found when -fsanitize=bounds it's enabled for C++ again rather than only C. For these I only need an one report of how to trigger the issue with a log and then it can be worked around by disabling the feature for that broken code until it's fixed.

Only issues breaking the booting / update process or network access are going to be discovered by the current QA done for each release. Anything else has to be reported. A subset of the CTS is occasionally run as part of the development process, but not for every release, and rarely the entire thing.

The new build is released.

thestinger · Sep 18, 2016

The new build is released.

Closing in favour of #439 which tracks fixing the upstream memory corruption bug(s).

thestinger · Sep 18, 2016

Closing in favour of #439 which tracks fixing the upstream memory corruption bug(s).

I can confirm that the new build works on my Nexus 5X. Thank you very much!

jgeerds · Sep 18, 2016

I can confirm that the new build works on my Nexus 5X. Thank you very much!

jgeerds referenced this issue Sep 17, 2016
Closed
exec spawning loses capabilities, breaking bluetooth and wakelocks #398

thestinger added Type: bug upstream labels Sep 17, 2016

thestinger added the Status: workaround in place label Sep 17, 2016

thestinger changed the title from Bluetooth constantly crashing since latest update to fix issues caught by -fsanitize=bounds in bluetooth.default Sep 17, 2016

thestinger added the Component: ubsan label Sep 17, 2016

thestinger closed this Sep 18, 2016

copperhead/bugtracker

Join GitHub today

fix issues caught by -fsanitize=bounds in bluetooth.default #436

Comments

jgeerds commented Sep 17, 2016

jgeerds referenced this issue Sep 17, 2016

exec spawning loses capabilities, breaking bluetooth and wakelocks #398

thestinger added Type: bug upstream labels Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

thestinger added the Status: workaround in place label Sep 17, 2016

This comment has been minimized.

jgeerds Sep 17, 2016

jgeerds commented Sep 17, 2016

thestinger changed the title from Bluetooth constantly crashing since latest update to fix issues caught by -fsanitize=bounds in bluetooth.default Sep 17, 2016

thestinger added the Component: ubsan label Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

jgeerds Sep 17, 2016

jgeerds commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

jgeerds Sep 17, 2016

jgeerds commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

subproc Sep 17, 2016

subproc commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

KnucklesPierce Sep 17, 2016

KnucklesPierce commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

KnucklesPierce Sep 17, 2016

KnucklesPierce commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

KnucklesPierce Sep 17, 2016

KnucklesPierce commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

KnucklesPierce Sep 17, 2016

KnucklesPierce commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016 • edited Edited 1 time thestinger edited Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016

This comment has been minimized.

thestinger Sep 17, 2016

thestinger commented Sep 17, 2016 • edited Edited 1 time thestinger edited Sep 17, 2016

This comment has been minimized.

thestinger Sep 18, 2016

thestinger commented Sep 18, 2016

This comment has been minimized.

thestinger Sep 18, 2016

thestinger commented Sep 18, 2016

thestinger closed this Sep 18, 2016

This comment has been minimized.

jgeerds Sep 18, 2016

jgeerds commented Sep 18, 2016

thestinger commented Sep 17, 2016 •

edited

Edited 1 time

thestinger edited Sep 17, 2016

thestinger commented Sep 17, 2016 •

edited

Edited 1 time

thestinger edited Sep 17, 2016