Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vivo X90 Android 13 异常闪退 #37

Closed
allenjq opened this issue Apr 28, 2023 · 5 comments
Closed

Vivo X90 Android 13 异常闪退 #37

allenjq opened this issue Apr 28, 2023 · 5 comments
Labels
duplicate This issue or pull request already exists

Comments

@allenjq
Copy link

allenjq commented Apr 28, 2023
edited
Loading 

2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Softversion: PD2227B_A_*********.W10.V000L1
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Time: 2023-04-28 17:21:18
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Build fingerprint: 'vivo/PD2227/PD2227:13/TP1A.220624.014/compiler02180032:user/release-keys'
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Revision: '0'
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: ABI: 'arm'
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Timestamp: 2023-04-28 17:21:18.495547616+0800
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Process uptime: 3s
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Cmdline: com.
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: pid: 19494, tid: 19511, name: binder:19494_3  >>> com.<<<
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: uid: 10378
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xf26c8020
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:     r0  00000000  r1  dec5ebec  r2  00000000  r3  ea8fb140
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:     r4  00000018  r5  dec5ebb8  r6  dec5eb6c  r7  eaf0b7d2
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:     r8  00000000  r9  ed091810  r10 ed613080  r11 eaa507ec
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:     ip  f3cdd110  sp  dec5eb40  lr  ed61c430  pc  f26c8020
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: backtrace:
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #00 pc 00000020  [anon:pine codes]
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #01 pc 000dc42c  /apex/com.android.art/lib/libart.so (nterp_helper+1948) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #02 pc 001bc7ec  /system/framework/framework.jar (android.os.Binder.execTransact+0)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #03 pc 000e0bd5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #04 pc 004d9427  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub+270) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #05 pc 001336d7  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+138) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #06 pc 003fa17f  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+354) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #07 pc 003fa297  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+42) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #08 pc 00300d4f  /apex/com.android.art/lib/libart.so (art::JNI<true>::CallBooleanMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+550) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #09 pc 00291327  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::CallMethodV(char const*, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, std::__va_list, art::Primitive::Type, art::InvokeType)+1274) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #10 pc 00282309  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::CallBooleanMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list) (.llvm.3576642306481517745)+44) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #11 pc 00083a39  /system/lib/libandroid_runtime.so (_JNIEnv::CallBooleanMethod(_jobject*, _jmethodID*, ...)+28) (BuildId: 86b1e77d3e121e43800ede952e025ce3)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #12 pc 000fcf79  /system/lib/libandroid_runtime.so (JavaBBinder::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+96) (BuildId: 86b1e77d3e121e43800ede952e025ce3)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #13 pc 00039aab  /system/lib/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+222) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #14 pc 00040d81  /system/lib/libbinder.so (android::IPCThreadState::executeCommand(int)+604) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #15 pc 00040a8b  /system/lib/libbinder.so (android::IPCThreadState::getAndExecuteCommand()+98) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #16 pc 00041139  /system/lib/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+44) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #17 pc 00060969  /system/lib/libbinder.so (android::PoolThread::threadLoop()+12) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG:       #18 pc 0000d779  /system/lib/libutils.so (android::Thread::_threadLoop(void*)+264) (BuildId: 67575d9eb04856f75b463fba5ef73717)
2023-04-28 17:21:18.805 19585-19585/? A/DEBUG:       #19 pc 0008a261  /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+84) (BuildId: 86b1e77d3e121e43800ede952e025ce3)
2023-04-28 17:21:18.805 19585-19585/? A/DEBUG:       #20 pc 000b49e5  /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+40) (BuildId: 6586ece0dfc09c7750993482d2ca596c)
2023-04-28 17:21:18.805 19585-19585/? A/DEBUG:       #21 pc 0006b7e9  /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: 6586ece0dfc09c7750993482d2ca596c)
@canyie
Copy link
Owner

canyie commented Jun 3, 2023

能提供一下 hook 的是哪个方法吗,我这里没有复现出来

@allenjq
Copy link
Author

allenjq commented Jun 6, 2023 

 String methodName = Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT ? "openDexFileNative" : "openDexFile";
        XposedBridge.hookAllMethods(DexFile.class, methodName,new XC_MethodHook()
  XposedBridge.hookAllMethods(Camera.class, "native_setup",new XC_MethodHook() {}

@canyie
Copy link
Owner

canyie commented Jun 8, 2023

我尝试使用如下代码,未能复现闪退。麻烦确认一下同样的代码是否能在你那里复现闪退。
另外麻烦提供一下一些配置信息,比如应用是否 debuggable,是否打开了 pending hook.

        try {
            Pine.hook(Camera.class.getDeclaredMethod("native_setup", Object.class, int.class, String.class), new MethodHook() {
                @Override
                public void beforeCall(Pine.CallFrame callFrame) throws Throwable {
                    Log.e(TAG, "Calling with" + Arrays.toString(callFrame.args));
                }
            });

        } catch (NoSuchMethodException e) {
            throw new RuntimeException(e);
        }
        for (int i = 0;i < 2000;i++) {
            Camera camera = Camera.open();
            Log.e(TAG, "Opened " + i + " camera");
            camera.release();
        }
        Log.e(TAG, "Camera test done");

@allenjq
Copy link
Author

allenjq commented Jun 25, 2023

在另一款小米13(也是Android 13的系统)使用了上面那段代码,debuggable=true/false都是一样的,没有开启pending hook

Build fingerprint: 'Xiaomi/fuxi/fuxi:13/TKQ1.220905.001/V14.0.29.0.TMCCNXM:user/release-keys'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Revision: '0'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: ABI: 'arm'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Timestamp: 2023-06-25 16:32:09.155326060+0800
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Process uptime: 2s
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Cmdline: com.~
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: pid: 7247, tid: 7247, name: com. ~ >>> com.~ <<<
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: uid: 10330
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Abort message: 'JNI DETECTED ERROR IN APPLICATION: GetStringChars received NULL jstring
        in call to GetStringChars
        from int android.hardware.Camera.native_setup(java.lang.Object, int, java.lang.String)'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:     r0  00000000  r1  00001c4f  r2  00000006  r3  ffa20288
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:     r4  ffa20298  r5  ffa20280  r6  00001c4f  r7  0000016b
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:     r8  00000000  r9  ffffffff  r10 ffa20288  r11 e7fb5eb4
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:     ip  00001c4f  sp  ffa20268  lr  ebfccb37  pc  ebfccb4a
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: backtrace:
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #00 pc 00063b4a  /apex/com.android.runtime/lib/bionic/libc.so (abort+138) (BuildId: 79262a0e455f0f20f5258286ba5eba30)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #01 pc 00404ae7  /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+1018) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #02 pc 0000fcbf  /apex/com.android.art/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+46) (BuildId: 373512feb6576769e502d4ef74f6d413)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #03 pc 0000f57f  /apex/com.android.art/lib/libbase.so (android::base::LogMessage::~LogMessage()+230) (BuildId: 373512feb6576769e502d4ef74f6d413)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #04 pc 0029e5fb  /apex/com.android.art/lib/libart.so (art::JavaVMExt::JniAbort(char const*, char const*)+1834) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #05 pc 0029e671  /apex/com.android.art/lib/libart.so (art::JavaVMExt::JniAbortV(char const*, char const*, std::__va_list)+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #06 pc 00293491  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::AbortF(char const*, ...)+40) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #07 pc 00292a0b  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::CheckInstance(art::ScopedObjectAccess&, art::(anonymous namespace)::ScopedCheck::InstanceKind, _jobject*, bool)+146) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #08 pc 00291901  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::CheckPossibleHeapValue(art::ScopedObjectAccess&, char, art::(anonymous namespace)::JniValueType)+608) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #09 pc 00291093  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::Check(art::ScopedObjectAccess&, bool, char const*, art::(anonymous namespace)::JniValueType*)+590) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #10 pc 00298841  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::GetStringCharsInternal(char const*, _JNIEnv*, _jstring*, unsigned char*, bool, bool)+556) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #11 pc 002890d3  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::GetStringChars(_JNIEnv*, _jstring*, unsigned char*) (.llvm.1416632536408479998)+22) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #12 pc 0011f111  /system/lib/libandroid_runtime.so (android_hardware_Camera_native_setup(_JNIEnv*, _jobject*, _jobject*, int, _jstring*)+44) (BuildId: 2b706c35181e2b4a0aa88c7d93ca32f5)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #13 pc 001ae541  /system/framework/arm/boot-framework.oat (art_jni_trampoline+88) (BuildId: f3da7917d13e0db8a465710eb6bb679f0d7ca9e3)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #14 pc 000e1dd5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #15 pc 004deebf  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub+270) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #16 pc 001348d7  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+138) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #17 pc 003fd995  /apex/com.android.art/lib/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)4>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+904) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #18 pc 0039df29  /apex/com.android.art/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+40) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #19 pc 00092db1  /system/framework/arm/boot.oat (art_jni_trampoline+56) (BuildId: ace044f53a49db959a0ab67948203ce43c6f338c)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #20 pc 000dd9ec  /apex/com.android.art/lib/libart.so (nterp_helper+2908) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #21 pc 00a1978a  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.Pine.callBackupMethod+26)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #22 pc 000dcec8  /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #23 pc 00a191cc  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.Pine$CallFrame.invokeOriginalMethod+24)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #24 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #25 pc 00a198ca  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.Pine.handleCall+234)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #26 pc 000dcec8  /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #27 pc 00a1ac90  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.entry.Arm32Entry.handleBridge+1076)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #28 pc 000dcec8  /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #29 pc 00a1a834  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.entry.Arm32Entry.intBridge+0)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #30 pc 000de040  /apex/com.android.art/lib/libart.so (nterp_helper+4528) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #31 pc 00486fae  /system/framework/framework.jar (android.hardware.Camera.cameraInit+158)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #32 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #33 pc 004871c8  /system/framework/framework.jar (android.hardware.Camera.<init>+136)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #34 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #35 pc 00486a4a  /system/framework/framework.jar (android.hardware.Camera.open+42)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #36 pc 000dcec8  /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #37 pc 0075da4c  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.o.JniEngine.testHook+128)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #38 pc 000dcec8  /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #39 pc 0075d632  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.o.JniEngine.launchEngine+10)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #40 pc 000dd674  /apex/com.android.art/lib/libart.so (nterp_helper+2020) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #41 pc 0072776c  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.VClient.bindApplicationNoCheck+1608)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #42 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #43 pc 007270ae  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.VClient.bindApplication+238)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #44 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #45 pc 00734532  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.hook.proxies.am.HCallbackStub.handleLaunchActivity+342)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #46 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #47 pc 00734320  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.hook.proxies.am.HCallbackStub.handleExecuteTransaction+160)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #48 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #49 pc 0073480c  /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.hook.proxies.am.HCallbackStub.handleMessage+164)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #50 pc 000de32c  /apex/com.android.art/lib/libart.so (nterp_helper+5276) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG:       #51 pc 001c867c  /system/framework/framework.jar (android.os.Handler.dispatchMessage+24)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #52 pc 000dd980  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #53 pc 001eba78  /system/framework/framework.jar (android.os.Looper.loopOnce+364)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #54 pc 000dcec8  /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #55 pc 001ec1a0  /system/framework/framework.jar (android.os.Looper.loop+164)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #56 pc 000dcec8  /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #57 pc 001c70de  /system/framework/framework.jar (android.app.ActivityThread.main+246)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #58 pc 000e1dd5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #59 pc 004defe9  /apex/com.android.art/lib/libart.so (art_quick_invoke_static_stub+260) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #60 pc 001348ff  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+178) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #61 pc 003fd995  /apex/com.android.art/lib/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)4>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+904) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #62 pc 0039df29  /apex/com.android.art/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+40) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #63 pc 00092db1  /system/framework/arm/boot.oat (art_jni_trampoline+56) (BuildId: ace044f53a49db959a0ab67948203ce43c6f338c)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #64 pc 000dd9ec  /apex/com.android.art/lib/libart.so (nterp_helper+2908) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #65 pc 00413b7e  /system/framework/framework.jar (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #66 pc 006ade41  /system/framework/arm/boot-framework.oat (com.android.internal.os.ZygoteInit.main+2896) (BuildId: f3da7917d13e0db8a465710eb6bb679f0d7ca9e3)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #67 pc 000e1dd5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #68 pc 004defe9  /apex/com.android.art/lib/libart.so (art_quick_invoke_static_stub+260) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #69 pc 001348ff  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+178) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #70 pc 003feec1  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+336) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #71 pc 003ff193  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+42) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #72 pc 00329ed1  /apex/com.android.art/lib/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+484) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #73 pc 000821f1  /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+28) (BuildId: 2b706c35181e2b4a0aa88c7d93ca32f5)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #74 pc 0008b2d5  /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+632) (BuildId: 2b706c35181e2b4a0aa88c7d93ca32f5)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #75 pc 00002655  /system/bin/app_process32 (main+1096) (BuildId: ea351c7ae4acd66f472ef9d2083624b7)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG:       #76 pc 0005ce47  /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+54) (BuildId: 79262a0e455f0f20f5258286ba5eba30)
2023-06-25 16:32:09.373 7324-7324/? E/MIUINDBG: miui_native_debug_process_O
2023-06-25 16:32:09.373 7324-7324/? E/MIUINDBG: unable to connect to mqsas native socket
2023-06-25 16:32:09.378 1549-1549/? E/tombstoned: Tombstone written to: tombstone_00```

@canyie
Copy link
Owner

canyie commented Jun 26, 2023
edited
Loading

看起来这个错误和一开始的错误不一样,我怀疑是 ROM bug 或者参数解析方面有问题?把 hook 去掉,只保留循环和循环里面的代码再试试

@zwkaku zwkaku mentioned this issue Oct 12, 2023
Closed
@canyie canyie added the duplicate This issue or pull request already exists label Dec 10, 2023
@canyie canyie closed this as completed in fd829cc Dec 10, 2023
@9c-x 9c-x mentioned this issue Feb 27, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@allenjq @canyie