Monday, 7 July 2014

Lenovo S650 VibeUI update 1427

This post is a follow up on my recent posts on Lenovo VibeUI KitKat ROM, which is a major step forward with many advantages, however, I experienced anomalies with 3 Google provided applications on this ROM.

  1. Google Authenticator generates invalid TOTP tokens, which I have describes in detail last month. My workaround I settled with was to permanently switch to FreeOTP, an open source TOTP app that, besides working properly on the new ROM, feels superior to Google Authenticator.
  2. Google Maps navigation is always crashing after a few minutes. The issue was narrowed down to affect newer versions, and downgrading to 8.0.0 proved to be a stable temporal workaround.
  3. Hangouts on the new ROM always exited when attempting to join a video call, audio-only calls were working fine. This issue remained unresolved as I preferred to use my thinkpad for video calls - and I do not consider hangout video calls critical anyway.

Lenovo published a firmware update for S650 smartphones on the 3rd of July, I downloaded and installed it over night out of curiosity.

The upgrade procedure

First, I downloaded the update itself and recent version of google apps minimal package. I made sure the following files are copied to the external storage:

I took a backup of my call logs and text messages, then booted into recovery and created a full TWRP backup. Read my previous posts for details on this step.

After wiping data, cache and dalvik cache partitions I installed the update from within TWRP recovery, then immediately applied Before installing the google apps package, I manually freed up some space on the system partition by deleting apps that I do not need:

mount /system
rm /system/vendor/operator/app/*.apk 
# BaiduSearch.apk DuomiMusic.apk GaodeMap.apk Lakala.apk LenovoPhonemgr.apk MobileQQ.apk 
# ReadingJoy.apk SinaWeather.apk SinaWeibo.apk SohuNews.apk SohuTv.apk Tmall.apk UCBrowser.apk
rm /system/app/BaiduInput.apk
rm /system/priv-app/GameWorld_Phone.apk
rm /system/priv-app/Youyue.apk
umount /system

Once this was done, but before installing the google apps package, I rebooted the phone, and chose English language in the setup wizard. I found this much harder to do if google apps was installed in one shot, before the initial boot & setup as the google setup wizard (in Chinese) was interfering with the native setup process... After language selection and initial setup, however, I went back to recovery and installed google apps minimal. After booting the system the google setup wizard was greeting me in English...

Later I restored my call logs and text messages as well as application data of come of my key apps.

First impressions

This updated fixed the Google Hangouts crash issue.

Unfortunately, Google Maps is still crashing after a few minutes of navigation. This issue, however, can be resolved by downgrading to version 8.0.0 of Google Maps, so it is not a show stopper.

Collecting debug info

As the Google Maps crash was very easy to reproduce, I decided to collect logs via ADB logcat and narrow down the data the lines related to the crash:

$ cd android-sdk-linux/platform-tools
$ ./adb logcat -c
$ ./adb logcat > /tmp/logcat14.txt
$ # wait until Google Maps navigation crashes, then immediately Ctrl-C

Taking an initial view on the data one realises the information is simply too much for human eyes. I started grepping for "", then identified the process ID which was 31858, and digging deeper I realised that navigation made the GL_THREAD die with SIGSEGV, that is, a segmentation fault. I ended up applying cropping unrelated logs from before the crash and after the diagnostics had completed, and also filtered out some noice with the following command, which yielded an output that can be processed manually and that demonstrated the 3 phases that android performs to collect data for diagnostics on application (native) crashes.

$ grep -A 100000000 "Fatal signal 11" /tmp/logcat14.txt | grep -B 100000000 "native_crash should" \
| grep -v "AlarmManager" | grep -v "PowerManager" > /tmp/logcat_filtered.txt
$ less -S /tmp/logcat_filtered.txt
F/libc    (31858): Fatal signal 11 (SIGSEGV) at 0x00000016 (code=1), thread 715 (GL_THREAD)
F/libc    (31858): Send stop signal to pid:31858 in void debuggerd_signal_handler(int, siginfo_t*, void*)
D/AEE/AED (  133): $===AEE===AEE===AEE===$
D/AEE/AED (  133): p 0 poll events 1 revents 0
D/AEE/AED (  133): not know revents:0
D/AEE/AED (  133): p 1 poll events 1 revents 0
D/AEE/AED (  133): not know revents:0
D/AEE/AED (  133): p 2 poll events 1 revents 1
D/AEE/AED (  133): aed_main_fork_worker: generator 0x12ca0d0, worker 0xbedb5918, recv_fd 15
D/AEE/AED (  133): p 3 poll events 1 revents 0
D/AEE/AED (  133): not know revents:0
D/AEE/AED (  133): p 4 poll events 1 revents 0
D/AEE/AED (  133): not know revents:0
I/DEBUG   ( 1047): handle_request(15)
I/DEBUG   ( 1047): check process 31858 name:droid.apps.maps
I/DEBUG   ( 1047): tid 715 abort msg address is:0
I/DEBUG   ( 1047): BOOM: pid=31858 uid=10112 gid=10112 tid=715
D/SurfaceFlinger(  139): ffi_3d_jank timespan = 33.007385 jankCount = 1
I/DEBUG   ( 1047): [OnPurpose Redunant in preset_info] pid: 31858, tid: 715, name: GL_THREAD  >>> <<<
I/DEBUG   ( 1047): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   ( 1047): Build fingerprint: 'Lenovo/sofina/S650:4.4.2/KOT49H/VIBEUI_V1.5_1427_2_ST_S650.:user/release-keys'
D/ADB_SERVICES(28073): adb fdevent_process list (11) (20) 
I/DEBUG   ( 1047): pid: 31858, tid: 715, name: GL_THREAD  >>> <<<
I/DEBUG   ( 1047): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000016
I/DEBUG   ( 1047):     r0 0000000c  r1 00000000  r2 4412ec00  r3 00000000
I/DEBUG   ( 1047):     r4 5f8c4d72  r5 62987e58  r6 64092a98  r7 000010f8
I/DEBUG   ( 1047):     r8 418a0900  r9 4251a500  sl 62987e40  fp 407aee6c
I/DEBUG   ( 1047):     ip 00000000  sp 62a85c30  lr 418a4b94  pc 418a4c00  cpsr 00070010
I/DEBUG   ( 1047): 
I/DEBUG   ( 1047): backtrace:
I/DEBUG   ( 1047):     #00  pc 00027c00  /system/lib/
I/DEBUG   ( 1047):     #01  pc 0002f2f0  /system/lib/ (dvmMterpStd(Thread*)+76)
I/DEBUG   ( 1047):     #02  pc 0002c7d4  /system/lib/ (dvmInterpret(Thread*, Method const*, JValue*)+188)
I/DEBUG   ( 1047):     #03  pc 00062ef9  /system/lib/ (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+340)
I/DEBUG   ( 1047):     #04  pc 00062f1d  /system/lib/ (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
I/DEBUG   ( 1047):     #05  pc 000575c5  /system/lib/
I/DEBUG   ( 1047):     #06  pc 0000d600  /system/lib/ (__thread_entry+72)
I/DEBUG   ( 1047): 
I/DEBUG   ( 1047): stack:
I/DEBUG   ( 1047):          62a85bf0  5f8c4d60  /data/dalvik-cache/
I/DEBUG   ( 1047):          62a85bf4  41901ad7  /system/lib/
I/DEBUG   ( 1047):          62a85bf8  64092a98  
I/DEBUG   ( 1047):          62a85bfc  5f8c4d60  /data/dalvik-cache/
I/DEBUG   ( 1047):          62a85c00  4193ded8  /system/lib/
I/DEBUG   ( 1047):          62a85c04  64092a98  
I/DEBUG   ( 1047):          62a85c08  64092ac0  
I/DEBUG   ( 1047):          62a85c0c  5f8c4d72  /data/dalvik-cache/
I/DEBUG   ( 1047):          62a85c10  62987e58  
I/DEBUG   ( 1047):          62a85c14  64092a98  
I/DEBUG   ( 1047):          62a85c18  000010f8  
I/DEBUG   ( 1047):          62a85c1c  418a0900  /system/lib/
I/DEBUG   ( 1047):          62a85c20  62987e68  
I/DEBUG   ( 1047):          62a85c24  425b39e0  /dev/ashmem/dalvik-heap (deleted)
I/DEBUG   ( 1047):          62a85c28  407aee6c  /system/lib/
I/DEBUG   ( 1047):          62a85c2c  4189f880  /system/lib/
D/dalvikvm(  696): create interp thread : stack size=128KB
D/dalvikvm(  696): create new thread
D/dalvikvm(  696): new thread created
D/dalvikvm(  696): update thread list
D/dalvikvm(  696): threadid=88: interp stack at 0x63ee3000
D/dalvikvm(  696): threadid=88: created from interp
D/dalvikvm(  696): start new thread
D/dalvikvm(  696): threadid=88: notify debugger
D/dalvikvm(  696): threadid=88 (Error dump: data_app_native_crash): calling run()
D/AES     (  696): ExceptionLog: notify aed
D/AES     (  696):     process :
D/AES     (  696):      module : v801010122 (8.1.1)
D/AES     (  696): 
D/AES     (  696):       cause : data_app_native_crash
D/AES     (  696):       pid : 31858
W/AES     (  696): native_crash should be processed by aee already

As highlighted above, downgrading Google Maps to 8.0.0 or turning to alternatives (Waze for online, MapFactor for offline navigation) gets around this issue. My motivation for collecting and filtering logs was rather curiosity that the intention to spend much time debugging and tinkering with this closed source application.

No comments:

Post a Comment