Segmentation fault while signing out (#1366) · Issues · briar / briar

Segmentation fault while signing out

Android version: 8.1.0
Phone model: Nexus 5X
Briar version: 1.0.13 debug build (21f95ed9)

The device showed "Briar Debug has stopped" while signing out of the app.

Log:

08-16 16:41:38.445 24298-28941/? I/BriarControllerImpl: Shutting down service
08-16 16:41:38.529 24298-24298/? I/BriarService: Destroyed
08-16 16:41:38.540 24298-28944/? I/LifecycleManagerImpl: Stopping services
08-16 16:41:38.542 24298-24591/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.542 24298-25132/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.543 24298-25136/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.543 24298-25134/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.543 24298-25148/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.554 24298-28944/? I/PluginManagerImpl: Stopping simplex plugins
    Stopping duplex plugins
08-16 16:41:38.556 24298-28944/? I/PluginManagerImpl: Waiting for all the plugins to stop
08-16 16:41:38.556 24298-25132/? I/PluginManagerImpl: Trying to stop plugin org.briarproject.bramble.bluetooth
08-16 16:41:38.556 24298-25136/? I/PluginManagerImpl: Trying to stop plugin org.briarproject.bramble.tor
08-16 16:41:38.557 24298-25134/? I/PluginManagerImpl: Trying to stop plugin org.briarproject.bramble.lan
08-16 16:41:38.558 24298-25132/? I/NavDrawerControllerImpl: TransportDisabledEvent: org.briarproject.bramble.bluetooth
08-16 16:41:38.559 24298-25136/? I/NavDrawerControllerImpl: TransportDisabledEvent: org.briarproject.bramble.tor
08-16 16:41:38.559 24298-25134/? I/NavDrawerControllerImpl: TransportDisabledEvent: org.briarproject.bramble.lan
08-16 16:41:38.560 24298-24392/? I/TorPlugin: java.net.SocketException: Socket closed
08-16 16:41:38.560 24298-24391/? I/TcpPlugin: java.net.SocketException: Socket closed
    
    --------- beginning of crash
08-16 16:41:38.564 24298-25136/? A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x18 in tid 25136 (pool-3-thread-2), pid 24298 (r.android.debug)
08-16 16:41:38.632 28948-28948/? W/crash_dump64: type=1400 audit(0.0:112): avc: denied { search } for name="org.briarproject.briar.android.debug" dev="dm-2" ino=262990 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
08-16 16:41:38.700 28948-28948/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
08-16 16:41:38.702 28948-28948/? W/crash_dump64: type=1400 audit(0.0:113): avc: denied { search } for name="org.briarproject.briar.android.debug" dev="dm-2" ino=262990 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
08-16 16:41:38.703 590-590/? I//system/bin/tombstoned: received crash request for pid 24298
08-16 16:41:38.705 28948-28948/? I/crash_dump64: performing dump of process 24298 (target tid = 25136)
08-16 16:41:38.705 28948-28948/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
    Build fingerprint: 'google/bullhead/bullhead:8.1.0/OPM6.171019.030.E1/4805388:user/release-keys'
    Revision: 'rev_1.0'
    ABI: 'arm64'
    pid: 24298, tid: 25136, name: pool-3-thread-2  >>> org.briarproject.briar.android.debug <<<
    signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x18
    Cause: null pointer dereference
        x0   00000076a216c300  x1   0000000000000000  x2   4e0dc4b73a8d37a4  x3   0000000000000061
        x4   00000000ffffffff  x5   c6a4a7935bd1e995  x6   c6a4a7935bd1e995  x7   f8e1bfbf4251583c
        x8   c5e8c0e242c67c71  x9   c5e8c0e242c67c71  x10  0000000000000008  x11  00000000ffffffff
        x12  00000076a461c000  x13  ffffffffa48aa59c  x14  00029088e2000000  x15  003b9aca00000000
        x16  000000773ee1bca8  x17  000000773edb84b8  x18  0000000000000008  x19  0000000000000015
        x20  00000076a215aa40  x21  00000076b0844fa0  x22  0000000000000018  x23  0000000000000000
        x24  00000076a216c300  x25  000000769fe88c40  x26  000000769fe81000  x27  00000000000808de
        x28  00000076a472b1d0  x29  00000076a1be8ab0  x30  000000769fc1b600
        sp   00000076a1be8a00  pc   000000769fc1b60c  pstate 0000000060000000
08-16 16:41:38.716 28948-28948/? A/DEBUG: backtrace:
        #00 pc 000000000005160c  /data/data/org.briarproject.briar.android.debug/libperfa_arm64.so
        #01 pc 00000000000163fc  /system/lib64/libopenjdkjvmti.so (openjdkjvmti::JvmtiAllocationListener::ObjectAllocated(art::Thread*, art::ObjPtr<art::mirror::Object>*, unsigned long)+320)
        #02 pc 000000000014df4c  /system/lib64/libart.so (_ZN3art2gc4Heap24AllocObjectWithAllocatorILb1ELb0ENS_11VoidFunctorEEEPNS_6mirror6ObjectEPNS_6ThreadENS_6ObjPtrINS4_5ClassEEEmNS0_13AllocatorTypeERKT1_+1172)
        #03 pc 0000000000536aa4  /system/lib64/libart.so (MterpNewInstance+832)
        #04 pc 000000000053a310  /system/lib64/libart.so (ExecuteMterpImpl+4496)
        #05 pc 0000000000275c00  /system/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+444)
        #06 pc 000000000027b7cc  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+216)
        #07 pc 0000000000295a70  /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+668)
        #08 pc 0000000000533d68  /system/lib64/libart.so (MterpInvokeDirect+356)
        #09 pc 000000000053ca14  /system/lib64/libart.so (ExecuteMterpImpl+14484)
        #10 pc 0000000000275c00  /system/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+444)
        #11 pc 0000000000525450  /system/lib64/libart.so (artQuickToInterpreterBridge+1052)
        #12 pc 0000000000553d0c  /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
        #13 pc 00000000001e2b08  /dev/ashmem/dalvik-jit-code-cache (deleted)
08-16 16:41:41.108 766-782/? W/zygote64: kill(-24298, 9) failed: No such process
08-16 16:41:41.110 766-5198/? I/ActivityManager: Process org.briarproject.briar.android.debug (pid 24298) has died: cch  CEM 
08-16 16:41:41.129 766-789/? W/ActivityManager: setHasOverlayUi called on unknown pid: 24298
08-16 16:41:41.129 561-561/? I/Zygote: Process 24298 exited due to signal (11)
08-16 16:41:41.152 766-782/? W/zygote64: kill(-24298, 9) failed: No such process
08-16 16:41:41.152 766-782/? I/zygote64: Successfully killed process cgroup uid 10101 pid 24298 in 44ms

Looks like a crash within ART. Not our bug, but possibly related to @ski's problems with the same phone model?

* Android version: 8.1.0
* Phone model: Nexus 5X
* Briar version: 1.0.13 debug build (21f95ed)

The device showed "Briar Debug has stopped" while signing out of the app.

Log:
```
08-16 16:41:38.445 24298-28941/? I/BriarControllerImpl: Shutting down service
08-16 16:41:38.529 24298-24298/? I/BriarService: Destroyed
08-16 16:41:38.540 24298-28944/? I/LifecycleManagerImpl: Stopping services
08-16 16:41:38.542 24298-24591/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.542 24298-25132/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.543 24298-25136/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.543 24298-25134/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.543 24298-25148/? I/DuplexOutgoingSession: Closed
08-16 16:41:38.554 24298-28944/? I/PluginManagerImpl: Stopping simplex plugins
    Stopping duplex plugins
08-16 16:41:38.556 24298-28944/? I/PluginManagerImpl: Waiting for all the plugins to stop
08-16 16:41:38.556 24298-25132/? I/PluginManagerImpl: Trying to stop plugin org.briarproject.bramble.bluetooth
08-16 16:41:38.556 24298-25136/? I/PluginManagerImpl: Trying to stop plugin org.briarproject.bramble.tor
08-16 16:41:38.557 24298-25134/? I/PluginManagerImpl: Trying to stop plugin org.briarproject.bramble.lan
08-16 16:41:38.558 24298-25132/? I/NavDrawerControllerImpl: TransportDisabledEvent: org.briarproject.bramble.bluetooth
08-16 16:41:38.559 24298-25136/? I/NavDrawerControllerImpl: TransportDisabledEvent: org.briarproject.bramble.tor
08-16 16:41:38.559 24298-25134/? I/NavDrawerControllerImpl: TransportDisabledEvent: org.briarproject.bramble.lan
08-16 16:41:38.560 24298-24392/? I/TorPlugin: java.net.SocketException: Socket closed
08-16 16:41:38.560 24298-24391/? I/TcpPlugin: java.net.SocketException: Socket closed
    
    --------- beginning of crash
08-16 16:41:38.564 24298-25136/? A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x18 in tid 25136 (pool-3-thread-2), pid 24298 (r.android.debug)
08-16 16:41:38.632 28948-28948/? W/crash_dump64: type=1400 audit(0.0:112): avc: denied { search } for name="org.briarproject.briar.android.debug" dev="dm-2" ino=262990 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
08-16 16:41:38.700 28948-28948/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
08-16 16:41:38.702 28948-28948/? W/crash_dump64: type=1400 audit(0.0:113): avc: denied { search } for name="org.briarproject.briar.android.debug" dev="dm-2" ino=262990 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
08-16 16:41:38.703 590-590/? I//system/bin/tombstoned: received crash request for pid 24298
08-16 16:41:38.705 28948-28948/? I/crash_dump64: performing dump of process 24298 (target tid = 25136)
08-16 16:41:38.705 28948-28948/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
    Build fingerprint: 'google/bullhead/bullhead:8.1.0/OPM6.171019.030.E1/4805388:user/release-keys'
    Revision: 'rev_1.0'
    ABI: 'arm64'
    pid: 24298, tid: 25136, name: pool-3-thread-2  >>> org.briarproject.briar.android.debug <<<
    signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x18
    Cause: null pointer dereference
        x0   00000076a216c300  x1   0000000000000000  x2   4e0dc4b73a8d37a4  x3   0000000000000061
        x4   00000000ffffffff  x5   c6a4a7935bd1e995  x6   c6a4a7935bd1e995  x7   f8e1bfbf4251583c
        x8   c5e8c0e242c67c71  x9   c5e8c0e242c67c71  x10  0000000000000008  x11  00000000ffffffff
        x12  00000076a461c000  x13  ffffffffa48aa59c  x14  00029088e2000000  x15  003b9aca00000000
        x16  000000773ee1bca8  x17  000000773edb84b8  x18  0000000000000008  x19  0000000000000015
        x20  00000076a215aa40  x21  00000076b0844fa0  x22  0000000000000018  x23  0000000000000000
        x24  00000076a216c300  x25  000000769fe88c40  x26  000000769fe81000  x27  00000000000808de
        x28  00000076a472b1d0  x29  00000076a1be8ab0  x30  000000769fc1b600
        sp   00000076a1be8a00  pc   000000769fc1b60c  pstate 0000000060000000
08-16 16:41:38.716 28948-28948/? A/DEBUG: backtrace:
        #00 pc 000000000005160c  /data/data/org.briarproject.briar.android.debug/libperfa_arm64.so
        #01 pc 00000000000163fc  /system/lib64/libopenjdkjvmti.so (openjdkjvmti::JvmtiAllocationListener::ObjectAllocated(art::Thread*, art::ObjPtr<art::mirror::Object>*, unsigned long)+320)
        #02 pc 000000000014df4c  /system/lib64/libart.so (_ZN3art2gc4Heap24AllocObjectWithAllocatorILb1ELb0ENS_11VoidFunctorEEEPNS_6mirror6ObjectEPNS_6ThreadENS_6ObjPtrINS4_5ClassEEEmNS0_13AllocatorTypeERKT1_+1172)
        #03 pc 0000000000536aa4  /system/lib64/libart.so (MterpNewInstance+832)
        #04 pc 000000000053a310  /system/lib64/libart.so (ExecuteMterpImpl+4496)
        #05 pc 0000000000275c00  /system/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+444)
        #06 pc 000000000027b7cc  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*)+216)
        #07 pc 0000000000295a70  /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+668)
        #08 pc 0000000000533d68  /system/lib64/libart.so (MterpInvokeDirect+356)
        #09 pc 000000000053ca14  /system/lib64/libart.so (ExecuteMterpImpl+14484)
        #10 pc 0000000000275c00  /system/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool)+444)
        #11 pc 0000000000525450  /system/lib64/libart.so (artQuickToInterpreterBridge+1052)
        #12 pc 0000000000553d0c  /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
        #13 pc 00000000001e2b08  /dev/ashmem/dalvik-jit-code-cache (deleted)
08-16 16:41:41.108 766-782/? W/zygote64: kill(-24298, 9) failed: No such process
08-16 16:41:41.110 766-5198/? I/ActivityManager: Process org.briarproject.briar.android.debug (pid 24298) has died: cch  CEM 
08-16 16:41:41.129 766-789/? W/ActivityManager: setHasOverlayUi called on unknown pid: 24298
08-16 16:41:41.129 561-561/? I/Zygote: Process 24298 exited due to signal (11)
08-16 16:41:41.152 766-782/? W/zygote64: kill(-24298, 9) failed: No such process
08-16 16:41:41.152 766-782/? I/zygote64: Successfully killed process cgroup uid 10101 pid 24298 in 44ms
```

Looks like a crash within ART. Not our bug, but possibly related to @ski's [problems with the same phone model](https://code.briarproject.org/briar/briar/issues/992#note_29767)?

To upload designs, you'll need to enable LFS. More information