Adding character device crashes the application (first-time setup) or reboots the system

[Robert9157]

Describe the bug The addition of the character device either crashes the application (during first setup and superuser request), or causes a system reboot.

To Reproduce Steps to reproduce the behavior: Enable the character device

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Device details (please complete the following information):

• Device: [e.g. Google Pixel 5] Realme 8
• OS: [e.g. Android 12, LineageOS 19] Android 13, Custom ROM AfterLife 6.0
• Soft Keyboard: [e.g. Hacker's Keyboard] Gboard
• Are You Rooted? [Yes/No] Yes
• Root Method: [e.g. Magisk] Magisk

Additional context Add any other context about the problem here.

[Arian04]

I've heard reports of variations of this happening to lots of people. especially in the issues of tejado's USB Gadget Tool app. my device specifically (since updating to android 14/LineageOS 21) hard reboots if I try and remove any functions from any USB gadgets through tejado's app or even a root shell. it leads me to believe it's multiple variations of the same (or a similar) kernel bug.

edit: I'll try and think up some ways to debug this. I've been trying to come up with ways for my own device as well.

edit2: I've also considered bisecting my current kernel and the last working kernel to see if I can find the exact commit introducing the presumed kernel bug

[Arian04]

wait a minute. I just got a chance to re-read this while not on a phone. An application crash is strange. Once I get a chance I'm gonna make a little test application to see exactly what part of the messing-with-gadgets stuff causes the reboot and/or application crash.

I'm thinking that I made some assumption about gadgets that isn't necessarily true for all device manufacturers and/or ROMs

[Arian04]

OOPS, last comment (now deleted) was meant for #17

[Arian04]

try the APK from the new v2.1.0 release. If that doesn't work, fully uninstall the app, then reboot your phone, download this apk for testing purposes (I would've attached it here instead of using an external link but Github complained about it being an APK), install it, then try it.

[Robert9157]

I've managed to reproduce the following issues with 2.1.0:

1. Application doesn't ask for root during first time setup
2. The application will complain that the character device does not exist, which results in the root request crash from earlier.
3. After granting root, the application will complain at each startup with a dialog that the character device does not exist, but attempting to fix it from that dialog instead no longer results in a reboot (but it still doesn't fix it).

My ROM captured a report of the stack trace from 2., here: https://bin.kv2.dev/~66041cc75de7ed6bfdc07edc

Here is a screen recording of 1. and 2. (Uploaded to Google drive because the file is apparently too big): https://drive.google.com/file/d/1-ztlC78YDf2Y1qzidQf7oR5Dnn99hmhl/view?usp=sharing Do note that there was indeed a device connected (a Samsung phone with LineageOS 14) with a Baseus USBA/USBC -to-multi cable.

I will try a test with the debug APK now, but I wanted to share the normal version's results first so that my comment is not too long and that there is separation between the results.

[Robert9157]

I've encountered the exact same results with the debug APK.

[Arian04]

thanks for the extremely helpful reports!! glad to hear the device reboot doesn't happen anymore.

As far as the application crash, I'm pretty sure it's because I forgot to add a second waitFor in case the shell command needs to be forcibly destroyed. The Android Process docs said that and I remember planning to add it but during a big refactor it slipped my mind. Not sure you cared for the full explanation but I'm also leaving the notes for my later reference lol.

Now the character devices not being created is weirder. I'm thinking of a few possibilities, first of which is that your kernel might not have HID gadget functions enabled, but rather than dumping all my random troubleshooting ideas into here, I'm gonna spend some time to think up what information I want and maybe come up with a concise command you can run to get all that info at once. I'm also going to look through tejado's USB gadget tool app's issues again to see if any other devices exhibit this issue (since before I was looking for issues relating to reboots only) so I can get to the root cause without requiring as much back-and-forth.

but if you want to quickly check if your kernel has support, you can provide the output of this command I stole from the above-mentioned app's issues: echo KERNEL_VERSION=`(uname -r |cut -d '-' -f1 )` && (gunzip -c /proc/config.gz | grep -i configfs | sed 's/# //; s/ is not set/=NOT_SET/')

[Robert9157]

The output of the mentioned command: KERNEL_VERSION=4.14.318 CONFIG_USB_CONFIGFS=y CONFIG_USB_CONFIGFS_SERIAL=y CONFIG_USB_CONFIGFS_ACM=y CONFIG_USB_CONFIGFS_OBEX=NOT_SET CONFIG_USB_CONFIGFS_NCM=NOT_SET CONFIG_USB_CONFIGFS_ECM=NOT_SET CONFIG_USB_CONFIGFS_ECM_SUBSET=NOT_SET CONFIG_USB_CONFIGFS_RNDIS=y CONFIG_USB_CONFIGFS_EEM=NOT_SET CONFIG_USB_CONFIGFS_MASS_STORAGE=y CONFIG_USB_CONFIGFS_F_LB_SS=NOT_SET CONFIG_USB_CONFIGFS_F_FS=y CONFIG_USB_CONFIGFS_F_ACC=y CONFIG_USB_CONFIGFS_F_AUDIO_SRC=y CONFIG_USB_CONFIGFS_UEVENT=y CONFIG_USB_CONFIGFS_F_UAC1=NOT_SET CONFIG_USB_CONFIGFS_F_UAC1_LEGACY=NOT_SET CONFIG_USB_CONFIGFS_F_UAC2=NOT_SET CONFIG_USB_CONFIGFS_F_MIDI=y CONFIG_USB_CONFIGFS_F_HID=y CONFIG_USB_CONFIGFS_F_UVC=NOT_SET CONFIG_USB_CONFIGFS_F_PRINTER=NOT_SET CONFIG_IIO_CONFIGFS=NOT_SET CONFIG_CONFIGFS_FS=y

[Arian04]

haven't made as many improvements to debugging as I planned to since I've been pretty busy but can you uninstall the app (if you still have it installed), install the latest one from the Github releases page, try it, and if it's still broken, export logs from the bottom of the settings page and attach them here.

[Robert9157]

With the latest version 2.2.0, the app freezes after failing to create a character device. Debug log: debug_log_me.arianb.usb_hid_client_1713119802.txt Video (too big for GitHub): screen-20240414-203658.mp4

[Arian04]

thank you for the quick response!

ugh it seems like my log-writing code that I tested on two physical devices with different android versions somehow didn't work!! If it's not too much trouble, could you please run logcat -e me.arianb.usb_hid_client -t 1000 after launching the app with debugging enabled? thanks so much!

[Robert9157]

I changed your adb command to look at 10000 lines because some of them were getting cut off. Here's the log output: log.txt

[Arian04]

thank you! and this log was taken after enabling the "debug mode" switch in the app's settings menu? Because I just re-read my previous message and realized that I didn't mention that super clearly.

[Robert9157]

Yes.

[Arian04]

then I have much more testing to do because nothing in the logs seems useful. I'll ping again once I make progress.