BLE: Fix crash while starting advertising
Usecase:
1) BT on
2) Start LE Advertising from APP
3) BT Off
4) Repeat steps 1-3 multiple times
Expected Result:
No crash in BT, and BLE advertising can be started
Observed Result:
Crash in com.android.bluetooth with below signature
pid: 8313, tid: 8313, name: droid.bluetooth >>> com.android.bluetooth <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: '[FATAL:btm_ble_multi_adv.cc(992)] Check failed: instance.
'
x0 0000000000000000 x1 0000000000002079 x2 0000000000000006 x3 0000000000000008
x4 623a4c415441465b x5 623a4c415441465b x6 623a4c415441465b x7 6d5f656c625f6d74
x8 0000000000000083 x9 0823626ef495785d x10 00000073b7b39a48 x11 0823626ef495785d
x12 0823626ef495785d x13 0000000000000020 x14 ffffffffffffffdf x15 0000000000002079
x16 00000073b5ce62e8 x17 00000073b5c79970 x18 0000000000004000 x19 0000000000002079
x20 0000000000002079 x21 0000000000000000 x22 0000007398bde000 x23 0000007fd0809e88
x24 00000073a3b4c860 x25 00000073a635b578 x26 0000007398e980cc x27 0000007398e97fd3
x28 0000007398cb5608 x29 0000007fd0809e30 x30 00000073b5c20594
sp 0000007fd0809df0 pc 00000073b5c79978 pstate 0000000060000000
v0 2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e v1 0000007fd0809be00000676f6c62696c
v2 00000002b71fc7400000000000000000 v3 80200800000000008020000000000000
v4 80200800000000008020080280200802 v5 00000000000000000000000000000000
v6 00000000000000000000000000000000 v7 80200802802008028020080280200802
v8 00000000000000000000000000000000 v9 00000000000000000000000000000000
v10 00000000000000000000000000000000 v11 00000000000000000000000000000000
v12 00000000000000000000000000000000 v13 00000000000000000000000000000000
v14 00000000000000000000000000000000 v15 00000000000000000000000000000000
v16 40100401401004014010040140100401 v17 a0080000a00aa00aa800aaaaa800a000
v18 80200800000000008020080280200802 v19 00000000000000000000000000000000
v20 00000000000000000000000000000000 v21 00000000000000000000000000000000
v22 00000000000000000000000000000000 v23 00000000000000000000000000000000
v24 00000000000000000000000000000000 v25 00000000000000000000000000000000
v26 00000000000000000000000000000000 v27 00000000000000000000000000000000
v28 00000000000000000000000000000000 v29 00000000000000000000000000000000
v30 00000000000000000000000000000000 v31 00000000000000000000000000000000
fpsr 00000013 fpcr 00000000
backtrace:
#00 pc 0000000000077978 /system/lib64/libc.so (tgkill+8)
#01 pc 000000000001e590 /system/lib64/libc.so (abort+88)
#02 pc 00000000000836dc /system/lib64/libchrome.so (_ZN4base5debug13BreakDebuggerEv+20)
#03 pc 000000000009bed0 /system/lib64/libchrome.so (_ZN7logging10LogMessageD2Ev+840)
#04 pc 000000000015ed7c /system/lib64/hw/bluetooth.default.so (_ZN21BleAdvertisingManager3GetEv+72)
#05 pc 00000000000a7754 /system/lib64/hw/bluetooth.default.so (_ZN12_GLOBAL__N_126BleAdvertiserInterf
aceImpl19StartAdvertisingSetEN4base8CallbackIFvhahELNS1_8internal8CopyModeE1EEE19AdvertiseParametersNSt3
__16vectorIhNS8_9allocatorIhEEEESC_29PeriodicAdvertisingParametersSC_thNS2_IFvhhELS5_1EEE+332)
#06 pc 000000000002a354 /system/lib64/libbluetooth_jni.so (_ZN7androidL25startAdvertisingSetNativeEP7_
JNIEnvP8_jobjectS3_P11_jbyteArrayS5_S3_S5_iii+1276)
#07 pc 00000000005b2834 /data/dalvik-cache/arm64/system@app@Bluetooth@Bluetooth.apk@classes.dex (offset 0x2cd000)
Root Cause:
API calls in btif_ble_advertiser.cc donot check for initialization status of BleAdvertisingManager leading
to crash in scenarios when the BleAdvertisingManager is cleaned up during BT off and call reaches
btif_ble_advertiser.cc to do one ofadvertising related tasks.
Fix:
Add initialization check in code before call to API's for BleAdvertisingManager
Test: No crash observed after overnight testing with same usecase
Bug: 69692308
Change-Id: I5484734a4cf52858676981808c898ffec11e23f4
Loading
Please register or sign in to comment