hardened_malloc icon indicating copy to clipboard operation
hardened_malloc copied to clipboard
verified publisher icon GrapheneOS

GrapheneOS hardened_malloc error with MyLebara app

Open jonpsp opened this issue 3 months ago • 2 comments

If the MyLebara app (installed from the Google Play Store) is open but on the background, when I go back to it I get an error from hardened_malloc

type: crash
flags: dev options enabled
package: com.lebara.wallet:151, targetSdk 34
osVersion: google/komodo/komodo:16/BP2A.250805.005/2025081400:user/release-keys
uid: 10281 (u:r:untrusted_app:s0:c25,c257,c512,c768)
cmdline: com.lebara.wallet
processUptime: 1921s

abortMessage: hardened_malloc: fatal allocator error: detected write after free

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: m.lebara.wallet
MTE: not enabled

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+160, pc 7c270)
    /apex/com.android.runtime/lib64/bionic/libc.so (fatal_error+48, pc 650cc)
    /apex/com.android.runtime/lib64/bionic/libc.so (allocate+2236, pc 61ffc)
    /apex/com.android.runtime/lib64/bionic/libc.so (malloc+44, pc 5d51c)
    /system/lib64/libz.so (inflate+4456, pc eb48)
    /system/lib64/libandroid_runtime.so (zip_archive::Inflate(zip_archive::Reader const&, unsigned long, unsigned long, zip_archive::Writer*, unsigned long*)+664, pc 2973b8)
    /system/lib64/libandroidfw.so (android::ZipUtils::inflateToBuffer(android::incfs::map_ptr<void, false>, void*, long, long)+104, pc f2478)
    /system/lib64/libandroidfw.so (android::_CompressedAsset::getBuffer(bool)+124, pc 47f8c)
    /system/lib64/libandroidfw.so (android::_CompressedAsset::getIncFsBuffer(bool)+28, pc 4804c)
    /system/lib64/libandroid_runtime.so (android::NativeOpenXmlAsset(_JNIEnv*, _jobject*, long, int, _jstring*)+692, pc 1131d4)
    /system/framework/arm64/boot-framework.oat (art_jni_trampoline+128, pc 849790)
    /apex/com.android.art/lib64/libart.so (nterp_helper+1948, pc 6a9d8c)
    /system/framework/framework.jar (android.content.res.AssetManager.openXmlBlockAsset+22, pc 4069b2)
    /apex/com.android.art/lib64/libart.so (nterp_helper+3924, pc 6aa544)
    /system/framework/framework.jar (android.content.res.ResourcesImpl.loadXmlResourceParser+88, pc 415c10)
    /system/framework/arm64/boot-framework.oat (android.content.res.ResourcesImpl.loadComplexColorForCookie+600, pc 3ce428)
    /system/framework/arm64/boot-framework.oat (android.content.res.ResourcesImpl.loadComplexColorFromName+388, pc 3ce9a4)
    /system/framework/arm64/boot-framework.oat (android.content.res.ResourcesImpl.loadColorStateList+196, pc 3d1f04)
    /system/framework/arm64/boot-framework.oat (android.content.res.Resources.loadColorStateList+76, pc 3beadc)
    /system/framework/arm64/boot-framework.oat (android.content.res.TypedArray.getColor+208, pc 3d76b0)
    /system/framework/arm64/boot-framework.oat (android.widget.TextView.readTextAppearance+1368, pc 781b08)
    /system/framework/arm64/boot-framework.oat (android.widget.TextView.<init>+1600, pc 778890)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (androidx.appcompat.widget.AppCompatTextView.<init>+116, pc 12a14c4)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.views.text.ReactTextViewManager.createViewInstance+92, pc 2bcae9c)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex ([DEDUPED] ?.createViewInstance+44, pc 2b978dc)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.uimanager.ViewManager.createViewInstance+248, pc 265a838)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.uimanager.ViewManager.createView+60, pc 265a68c)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.uimanager.NativeViewHierarchyManager.createView+1396, pc 2aa61e4)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.uimanager.UIViewOperationQueue$CreateViewOperation.execute+356, pc 2ad8374)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.uimanager.UIViewOperationQueue$DispatchUIFrameCallback.dispatchPendingNonBatchedOperations+380, pc 2ad8d8c)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.uimanager.UIViewOperationQueue$DispatchUIFrameCallback.doFrameGuarded+284, pc 2ad8fbc)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.uimanager.GuardedFrameCallback.doFrame+48, pc 293a670)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.modules.core.ReactChoreographer.frameCallback$lambda$1+264, pc 2a09428)
    /data/app/~~ti5Tj0WUUCMSbUGVh8dqJA==/com.lebara.wallet-xhiswqAoOtAcvXOP4oq2ig==/oat/arm64/base.odex (com.facebook.react.modules.core.ReactChoreographer$$ExternalSyntheticLambda0.doFrame+72, pc 2a08608)
    /system/framework/arm64/boot-framework.oat (android.view.Choreographer.doCallbacks+884, pc 652274)
    /system/framework/arm64/boot-framework.oat (android.view.Choreographer.doFrame+2588, pc 652f0c)
    /system/framework/arm64/boot-framework.oat (android.view.Choreographer$FrameDisplayEventReceiver.run+72, pc 650ba8)
    /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+68, pc 4ebf24)
    /system/framework/arm64/boot-framework.oat (android.os.Looper.loopOnce+1260, pc 52379c)
    /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+244, pc 523234)
    /system/framework/arm64/boot-framework.oat (android.app.ActivityThread.main+1500, pc 254fbc)
    /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640, pc 333860)
    /apex/com.android.art/lib64/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+556, pc 32d79c)
    /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+36, pc 5d69b4)
    /system/framework/arm64/boot.oat (art_jni_trampoline+116, pc 2d6264)
    /system/framework/arm64/boot-framework.oat (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+116, pc 7fbdd4)
    /apex/com.android.art/lib64/libart.so (nterp_helper+7636, pc 6ab3c4)
    /system/framework/framework.jar (com.android.internal.os.ExecInit.main+88, pc 31ef5c)
    /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640, pc 333860)
    /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+928, pc 3324d0)
    /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+144, pc 6448c0)
    /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+108, pc 10339c)
    /system/lib64/libandroid_runtime.so (android::AndroidRuntime::callMain(android::String8 const&, _jclass*, android::Vector<android::String8> const&)+340, pc 12a5e4)
    /system/bin/app_process64 (android::AppRuntime::onStarted()+72, pc 49e8)
    /system/framework/arm64/boot-framework.oat (art_jni_trampoline+104, pc 847ff8)
    /apex/com.android.art/lib64/libart.so (nterp_helper+152, pc 6a9688)
    /system/framework/framework.jar (com.android.internal.os.RuntimeInit.main+48, pc 32e834)
    /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640, pc 333860)
    /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+928, pc 3324d0)
    /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+144, pc 6448c0)
    /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+108, pc 10339c)
    /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+908, pc 12f11c)
    /system/bin/app_process64 (main+1232, pc 45b0)
    /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+124, pc 7450c)

jonpsp avatar Sep 02 '25 11:09 jonpsp

I've also experienced this, and I believe this is the fault of Lebara. I would try asking them over Email about this bug, alongside the crash dump, so that it gets resolved.

amadaluzia avatar Nov 08 '25 18:11 amadaluzia

Yes, it's an app bug and they need to fix it. You can use the per-app exploit protection compatibility mode if it happens often but it's better to leave hardened_malloc enabled if it's not unusable.

thestinger avatar Nov 08 '25 18:11 thestinger