search

n76 / DejaVu

Yet another network location backend for the UnifiedNLP/microG project
GNU General Public License v3.0
100 stars 18 forks source link

Déjà Vu 1.0.8 crashes Android 5.0.2 device #8

Closed breversa closed 5 years ago

breversa commented 6 years ago

Hi,

When I try to activate (= simply check the box, no need to tap ok !) Déjà Vu 1.0.8 in MicroG/UnifiedNlp settings on a Sony Xperia SP (C5303) running Android 5.0.2 (CyanogenMod 12), the phone crashes then reboots 100% of the time :

I/ActivityManager(14083): Start proc org.fitchfamily.android.dejavu for service org.fitchfamily.android.dejavu/.BackendService: pid=17544 uid=10082 gids={50082, 9997} abi=armeabi-v7a
F/libc    (17544): invalid address or address of corrupt block 0x28 passed to dlfree
F/libc    (17544): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xdeadbaad in tid 17544 (.android.dejavu)
I/DEBUG   (  670): property debug.db.uid not set; NOT waiting for gdb.
I/DEBUG   (  670): HINT: adb shell setprop debug.db.uid 100000
I/DEBUG   (  670): HINT: adb forward tcp:5039 tcp:5039
I/DEBUG   (  670): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  670): Build fingerprint: 'Sony/C5303/C5303:4.3/12.1.A.1.207/Nvt_nw:user/release-keys'
I/DEBUG   (  670): Revision: '0'
I/DEBUG   (  670): ABI: 'arm'
I/DEBUG   (  670): pid: 17544, tid: 17544, name: .android.dejavu  >>> org.fitchfamily.android.dejavu <<<
I/DEBUG   (  670): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xdeadbaad
I/DEBUG   (  670): Abort message: 'invalid address or address of corrupt block 0x28 passed to dlfree'
I/DEBUG   (  670):     r0 00000000  r1 b6fb6dec  r2 deadbaad  r3 00000000
I/DEBUG   (  670):     r4 00000028  r5 b6fb80d4  r6 a4d21000  r7 00000030
I/DEBUG   (  670):     r8 be8e7c5c  r9 be8e7d1c  sl b6ca6226  fp b6ca622f
I/DEBUG   (  670):     ip 00008000  sp be8e7c08  lr b6f887af  pc b6f887b0  cpsr 600d0030
I/DEBUG   (  670): 
I/DEBUG   (  670): backtrace:
I/DEBUG   (  670):     #00 pc 000287b0  /system/lib/libc.so (dlfree+1239)
I/DEBUG   (  670):     #01 pc 0000f043  /system/lib/libc.so (free+10)
I/DEBUG   (  670):     #02 pc 00013a1d  /system/lib/libandroidfw.so (android::ResStringPool::uninit()+38)
I/DEBUG   (  670):     #03 pc 00014777  /system/lib/libandroidfw.so (android::ResXMLTree::uninit()+12)
I/DEBUG   (  670):     #04 pc 00014795  /system/lib/libandroidfw.so (android::ResXMLTree::~ResXMLTree()+4)
I/DEBUG   (  670):     #05 pc 00011487  /system/lib/libandroidfw.so (android::AssetManager::getPkgName(char const*)+258)
I/DEBUG   (  670):     #06 pc 000114e9  /system/lib/libandroidfw.so (android::AssetManager::getBasePackageName(unsigned int)+68)
I/DEBUG   (  670):     #07 pc 00081af7  /system/lib/libandroid_runtime.so
I/DEBUG   (  670):     #08 pc 00270eef  /data/dalvik-cache/arm/system@framework@boot.oat
I/DEBUG   (  670): 
I/DEBUG   (  670): Tombstone written to: /data/tombstones/tombstone_04
I/BootReceiver(14083): Copying /data/tombstones/tombstone_04 to DropBox (SYSTEM_TOMBSTONE)
E/SharedPreferencesImpl(14083): Couldn't create directory for SharedPreferences file shared_prefs/log_files.xml
F/libc    (14083): invalid address or address of corrupt block 0xa0 passed to dlfree
F/libc    (14083): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xdeadbaad in tid 14137 (ActivityManager)
I/DEBUG   (  670): property debug.db.uid not set; NOT waiting for gdb.
I/DEBUG   (  670): HINT: adb shell setprop debug.db.uid 100000
I/DEBUG   (  670): HINT: adb forward tcp:5039 tcp:5039
I/Zygote  (13882): Process 17544 exited due to signal (11)
I/DEBUG   (  670): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  670): Build fingerprint: 'Sony/C5303/C5303:4.3/12.1.A.1.207/Nvt_nw:user/release-keys'
I/DEBUG   (  670): Revision: '0'
I/DEBUG   (  670): ABI: 'arm'
I/DEBUG   (  670): pid: 14083, tid: 14137, name: ActivityManager  >>> system_server <<<
I/DEBUG   (  670): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xdeadbaad
I/DEBUG   (  670): Abort message: 'invalid address or address of corrupt block 0xa0 passed to dlfree'
I/DEBUG   (  670):     r0 00000000  r1 b6fb6dec  r2 deadbaad  r3 00000000
I/DEBUG   (  670):     r4 000000a0  r5 b6fb80d4  r6 9b1fb000  r7 000000a8
I/DEBUG   (  670):     r8 a53a549c  r9 a53a555c  sl b6ca6226  fp b6ca622f
I/DEBUG   (  670):     ip 00008000  sp a53a5448  lr b6f887af  pc b6f887b0  cpsr 600d0030
I/DEBUG   (  670): 
I/DEBUG   (  670): backtrace:
I/DEBUG   (  670):     #00 pc 000287b0  /system/lib/libc.so (dlfree+1239)
I/DEBUG   (  670):     #01 pc 0000f043  /system/lib/libc.so (free+10)
I/DEBUG   (  670):     #02 pc 00013a1d  /system/lib/libandroidfw.so (android::ResStringPool::uninit()+38)
I/DEBUG   (  670):     #03 pc 00014777  /system/lib/libandroidfw.so (android::ResXMLTree::uninit()+12)
I/DEBUG   (  670):     #04 pc 00014795  /system/lib/libandroidfw.so (android::ResXMLTree::~ResXMLTree()+4)
I/DEBUG   (  670):     #05 pc 00011487  /system/lib/libandroidfw.so (android::AssetManager::getPkgName(char const*)+258)
I/DEBUG   (  670):     #06 pc 000114e9  /system/lib/libandroidfw.so (android::AssetManager::getBasePackageName(unsigned int)+68)
I/DEBUG   (  670):     #07 pc 00081af7  /system/lib/libandroid_runtime.so
I/DEBUG   (  670):     #08 pc 00270eef  /data/dalvik-cache/arm/system@framework@boot.oat
I/DEBUG   (  670): 
I/DEBUG   (  670): Tombstone written to: /data/tombstones/tombstone_05
I/sysmon-tsens_tz_sensor3(  710): sensor_work - read value = 340
E/installd(  679): eof
E/installd(  679): failed to read size
I/installd(  679): closing connection
I/lowmemorykiller(  655): ActivityManager disconnected
I/lowmemorykiller(  655): Closing Activity Manager data connection
I/ServiceManager(  656): service 'entropy' died
I/ServiceManager(  656): service 'commontime_management' died
I/ServiceManager(  656): service 'usb' died
…

I also had to grant location permission beforehand (cf https://github.com/n76/DejaVu/issues/2), otherwise the whole system would become VERY unstable and eventually crash too.

Please note that this phone has a locked bootloader so I can't install an official, up-to-date LineageOS/CyanogenMod ROM, and had to rely on this : https://forum.xda-developers.com/xperia-sp/development/xperiasp-locked-bootloader-lbl-t2947194 so it's quite flaky overall.

n76 commented 6 years ago

As it stands, Déjá Vu does a Android standard permission check before running and tries to fail gracefully.

If someone could point me to how Cyanogen 12 & 13 permissions can be tested (apparently it differs from standard Android and Lineage 14), then I could test for this condition at run time.

n76 commented 5 years ago

Closed due: Appears to only be insufficient information about obsolete and no longer supported versions of a custom ROM.

ale5000-git commented 5 years ago

@n76 This is my supposition:

I think it is intended behaviour, CyanogenMod / LineageOS include Privacy Guard.

Since many apps (not yours) abuse permissions and they do not allow to run if even an optional permission is not granted then Privacy Guard make the app believe it have the permission while still negate it (but in a hidden way). In recent LineageOS it works as intended, probably in old versions it wasn't mature enough and can make some apps crash.