Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGSEGV crash with Intune SDK on Android 14 with certain version of Android System WebView #213

Open
nickplucker opened this issue Feb 28, 2024 · 5 comments
Open

SIGSEGV crash with Intune SDK on Android 14 with certain version of Android System WebView #213

nickplucker opened this issue Feb 28, 2024 · 5 comments
Assignees
@mukeshk-ms

Comments

@nickplucker
Copy link

nickplucker commented Feb 28, 2024
edited
Loading

Intune Android App SDK crash

Questions to Ask Before Submission

  1. Does your app compile and launch successfully without the Intune App SDK?
    Yes
  2. Have you checked the [Microsoft Intune App SDK for Android] repository for similar issues?
    Yes
  3. Are you using the latest version of the SDK?
    Yes

Summary

We have been getting constant crash reports of a version of our React Native app built with the Intune SDK since October.
I have another variant that doesn't use the Intune SDK and users have had no issues.

It's reproducible by installing specific versions of Android System WebView (for example, v119.0.6045.193 causes the crash). Clearing cache and updating/disabling WebView works for a while, but then a new Android update is rolled out with a broken version of WebView again.

#192 is very similar, however we don't use ProviderInstaller.installIfNeeded() directly in our code.
Additionally, I am aware of this: https://issuetracker.google.com/issues/316396709

Although it's a Google issue, I'm more curious why it's happening with apps that use the Intune SDK and if there's a workaround.

Details

  • Intune Android App SDK Version:
    10.0.0

Logs

02-28 15:57:01.960 30136 30136 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
02-28 15:57:01.960 30136 30136 F DEBUG   : Build fingerprint: 'google/cheetah/cheetah:14/UQ1A.240205.002.A1/11224264:user/release-keys'
02-28 15:57:01.960 30136 30136 F DEBUG   : Revision: 'MP1.0'
02-28 15:57:01.960 30136 30136 F DEBUG   : ABI: 'arm64'
02-28 15:57:01.960 30136 30136 F DEBUG   : Timestamp: 2024-02-28 15:57:01.614725898-0600
02-28 15:57:01.960 30136 30136 F DEBUG   : Process uptime: 2s
02-28 15:57:01.960 30136 30136 F DEBUG   : Cmdline: <REDACTED>
02-28 15:57:01.960 30136 30136 F DEBUG   : pid: 29987, tid: 30132, name: <REDACTED>  >>> <REDACTED> <<<
02-28 15:57:01.960 30136 30136 F DEBUG   : uid: 10320
02-28 15:57:01.960 30136 30136 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
02-28 15:57:01.960 30136 30136 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x000000000000000c
02-28 15:57:01.960 30136 30136 F DEBUG   : Cause: null pointer dereference
02-28 15:57:01.960 30136 30136 F DEBUG   :     x0  0000000000000000  x1  0000007d0a26c5d0  x2  0000000000000000  x3  0000000000000010
02-28 15:57:01.960 30136 30136 F DEBUG   :     x4  0000000000000000  x5  0000000003912028  x6  000000000041cca0  x7  0000000000000000
02-28 15:57:01.960 30136 30136 F DEBUG   :     x8  0000000000000000  x9  0000000000000000  x10 000000008287c84f  x11 0000000000000001
02-28 15:57:01.960 30136 30136 F DEBUG   :     x12 0000000000000000  x13 000000007fffffff  x14 0000000003912028  x15 00001b32d1e43d91
02-28 15:57:01.960 30136 30136 F DEBUG   :     x16 0000007d03a76730  x17 0000007ce5aeeb70  x18 0000007804138000  x19 000000006f570000
02-28 15:57:01.960 30136 30136 F DEBUG   :     x20 000000006f570000  x21 0000000071e94000  x22 000000009e0a7000  x23 000000009e0a7000
02-28 15:57:01.960 30136 30136 F DEBUG   :     x24 0000007d0a565f90  x25 000000002c213000  x26 b400007ba54c2298  x27 0000000000000008
02-28 15:57:01.960 30136 30136 F DEBUG   :     x28 00000078ca27f2d8  x29 00000078ca27efc0
02-28 15:57:01.960 30136 30136 F DEBUG   :     lr  0000007a513a3440  sp  00000078ca27ec70  pc  0000007a513a345c  pst 0000000060001000
02-28 15:57:01.960 30136 30136 F DEBUG   : 50 total frames
02-28 15:57:01.960 30136 30136 F DEBUG   : backtrace:
02-28 15:57:01.960 30136 30136 F DEBUG   :       #00 pc 00000000003a345c  /apex/com.android.art/lib64/libart.so (bool art::gc::space::ImageSpace::Loader::RelocateInPlace<(art::PointerSize)8>(unsigned int, unsigned char*, art::gc::accounting::SpaceBitmap<8ul>*, art::OatFile const*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)+504) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #01 pc 000000000039dac8  /apex/com.android.art/lib64/libart.so (art::gc::space::ImageSpace::Loader::InitAppImage(char const*, char const*, art::OatFile const*, art::ArrayRef<art::gc::space::ImageSpace* const>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)+820) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #02 pc 00000000002182f0  /apex/com.android.art/lib64/libart.so (art::OatFileManager::OpenDexFilesFromOat(char const*, _jobject*, _jobjectArray*, art::OatFile const**, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >*)+2384) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #03 pc 000000000021645c  /apex/com.android.art/lib64/libart.so (art::DexFile_openDexFileNative(_JNIEnv*, _jclass*, _jstring*, _jstring*, int, _jobject*, _jobjectArray*) (.__uniq.325793859780145791435928139633802341359)+192) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #04 pc 000000000000fc2c  /system/framework/arm64/boot-core-libart.oat (art_jni_trampoline+172) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #05 pc 0000000000019110  /system/framework/arm64/boot-core-libart.oat (dalvik.system.DexFile.openDexFile+240) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #06 pc 000000000001ae44  /system/framework/arm64/boot-core-libart.oat (dalvik.system.DexPathList.makeDexElements+804) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #07 pc 000000000001a674  /system/framework/arm64/boot-core-libart.oat (dalvik.system.DexPathList.<init>+660) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #08 pc 00000000000173d8  /system/framework/arm64/boot-core-libart.oat (dalvik.system.BaseDexClassLoader.<init>+232) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #09 pc 0000000000744f10  /system/framework/arm64/boot-framework.oat (com.android.internal.os.ClassLoaderFactory.createClassLoader+960) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #10 pc 0000000000744fd4  /system/framework/arm64/boot-framework.oat (com.android.internal.os.ClassLoaderFactory.createClassLoader+100) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #11 pc 000000000022c110  /system/framework/arm64/boot-framework.oat (android.app.ApplicationLoaders.getClassLoader+464) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #12 pc 000000000022c880  /system/framework/arm64/boot-framework.oat (android.app.ApplicationLoaders.getClassLoaderWithSharedLibraries+96) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #13 pc 0000000000239bcc  /system/framework/arm64/boot-framework.oat (android.app.LoadedApk.createOrUpdateClassLoaderLocked+5340) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #14 pc 0000000000330e68  /system/framework/arm64/boot-framework.oat (android.app.ContextImpl.getClassLoader+136) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #15 pc 00000000007187f8  /system/framework/arm64/boot-framework.oat (android.webkit.WebViewFactory.getProviderClass+1016) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #16 pc 0000000000718048  /system/framework/arm64/boot-framework.oat (android.webkit.WebViewFactory.getProvider+584) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #17 pc 00000000007167c0  /system/framework/arm64/boot-framework.oat (android.webkit.CookieManager.getInstance+32) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #18 pc 0000000000589d98  /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #19 pc 0000000000320d90  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (com.facebook.react.modules.network.ForwardingCookieHandler.getCookieManager+20)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #20 pc 000000000058ac54  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #21 pc 0000000000320e1c  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (com.facebook.react.modules.network.ForwardingCookieHandler.get+0)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #22 pc 000000000058ac54  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #23 pc 0000000000b956c2  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.JavaNetCookieJar.loadForRequest+30)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #24 pc 000000000058ba74  /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #25 pc 0000000000322918  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (com.facebook.react.modules.network.ReactCookieJarContainer.loadForRequest+8)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #26 pc 000000000058ba74  /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #27 pc 0000000000ba4954  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.internal.http.BridgeInterceptor.intercept+260)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #28 pc 000000000058ba74  /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #29 pc 0000000000ba58c4  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.internal.http.RealInterceptorChain.proceed+332)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #30 pc 000000000058ac54  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #31 pc 0000000000ba6240  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept+68)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #32 pc 000000000058ba74  /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #33 pc 0000000000ba58c4  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.internal.http.RealInterceptorChain.proceed+332)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #34 pc 000000000058ba74  /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #35 pc 000000000027e724  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (<REDACTED>.UserAgentInterceptor.intercept+104)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #36 pc 000000000058ba74  /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #37 pc 0000000000ba58c4  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.internal.http.RealInterceptorChain.proceed+332)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #38 pc 000000000058ac54  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #39 pc 0000000000ba194e  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp+234)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #40 pc 000000000058ac54  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #41 pc 0000000000ba0f46  /data/app/<REDACTED>/<REDACTED>/oat/arm64/base.vdex (okhttp3.internal.connection.RealCall$AsyncCall.run+102)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #42 pc 00000000002b4d7c  /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor.runWorker+796) (BuildId: 346aa1c12d60ef27b361b7674283f56798c9ebdf)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #43 pc 00000000002b1ea0  /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor$Worker.run+64) (BuildId: 346aa1c12d60ef27b361b7674283f56798c9ebdf)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #44 pc 0000000000160778  /system/framework/arm64/boot.oat (java.lang.Thread.run+72) (BuildId: 346aa1c12d60ef27b361b7674283f56798c9ebdf)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #45 pc 00000000003605a4  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #46 pc 000000000034b8a4  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+144) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.960 30136 30136 F DEBUG   :       #47 pc 00000000004f3e30  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1888) (BuildId: b10f5696fea1b32039b162aef3850ed3)
02-28 15:57:01.961 30136 30136 F DEBUG   :       #48 pc 00000000000c9ccc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 19c32900d9d702c303d2b4164fbba76c)
02-28 15:57:01.961 30136 30136 F DEBUG   :       #49 pc 000000000005db00  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 19c32900d9d702c303d2b4164fbba76c)
02-28 15:57:01.980  1563 30155 I DropBoxManagerService: add tag=data_app_native_crash isTagEnabled=true flags=0x2
@zeeshanjamal
Copy link

Same issue we have started facing with our LOB android app that is using intune sdk version 10.0.0, earlier we had raised the security exception with in our company to disable the app protection policies for our android users until we sort out this crash issue, disabling the app protection MAM policies had fixed the issue as well, now after two months our exception is about to expire and we enabled the app protection policies again, and then all of a sudden there is a surge in incidents regarding app crash. We are asking the users to uninstall and then reinstall/update the Android System WebView to fix their crash but it's a temporary workaround until there is another Android OS or WebView update.
So the scenario is:
Users are able to login for the first time and get the policies and use the app without issues, until they kill the app and tries to reopen it again, then it is not opening at all and we are seeing the similar crash log in logcat as pasted by OP. We are using Capacitor with react. I think the issue lies when the intune sdk takes the policies after login, enrolment and tries to write the policies around the app, where it fails to write the policies due to the memory permission i guess. Are you planning to target any fix for this?

@sn-michiyo
Copy link

@mcsimons can you comment, given your having context on #192?

A number of folks on the google issue have commented that they are using the intune sdk. We also are, and have not seen this problem in the non-intune variants of the app, only on the intune variant.

@banasiak
Copy link

@zeeshanjamal Seeing the exact same issue in our LOB app. Out of curiosity, did you happen to narrow down a specific MAM policy that triggers this, or did you just blanket disable all of them? Thanks!

@mukeshk-ms mukeshk-ms self-assigned this Apr 17, 2024
@mukeshk-ms
Copy link

Hi, we are aware of this issue and following up with Google on this however please note we don't have much influence on their investigation/release of fix. If you look at the top couple of reviews for WebView on Google Play, you may see the issue is not limited to Intune.

@zeeshanjamal
Copy link

zeeshanjamal commented Apr 17, 2024
edited
Loading

@zeeshanjamal Seeing the exact same issue in our LOB app. Out of curiosity, did you happen to narrow down a specific MAM policy that triggers this, or did you just blanket disable all of them? Thanks!

We just removed the users from the MAM app protection group, so it disable all the policies, haven't drilled down to one policy yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mukeshk-ms mukeshk-ms

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@banasiak @zeeshanjamal @nickplucker @sn-michiyo @mukeshk-ms