Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

安卓9:调用backup时触发exception != nullptr而崩溃(Android 9: crash when call backup() due to a Exception in thread.cc) #152

Closed
Gstalker opened this issue Sep 10, 2021 · 6 comments
Closed

安卓9:调用backup时触发exception != nullptr而崩溃(Android 9: crash when call backup() due to a Exception in thread.cc) #152

Gstalker opened this issue Sep 10, 2021 · 6 comments

Comments

@Gstalker
Copy link

Gstalker commented Sep 10, 2021
edited
Loading

07-19 15:23:11.202 4286 4286 I YAHFA-Native: init to SDK 28
07-19 15:23:11.202 4286 4286 I YAHFA-Native: ArtMethod: 0x70a7bbe8
07-19 15:23:11.202 4286 4286 I YAHFA-Native: ArtMethod: 0x71f61c9e88
07-19 15:23:11.202 4286 4286 I YAHFA-Native: ArtMethod: 0x71f61c9e60
07-19 15:23:11.202 4286 4286 I YAHFA-Native: target method is at 0x70a7bbe8, hook method is at 0x71f61c9e88, backup method is at 0x71f61c9e60
07-19 15:23:11.202 4286 4286 I YAHFA-Native: setNonCompilable: change access flags from 0x80009 to 0x2080009
07-19 15:23:11.202 4286 4286 I YAHFA-Native: setNonCompilable: change access flags from 0x9 to 0x2000009
07-19 15:23:11.202 4286 4286 I YAHFA-Native: replace method from 0x71f61c9e60 to 0x70a7bbe8
07-19 15:23:11.202 4286 4286 I YAHFA-Native: allocating space for trampoline code at 0x71fb038000
07-19 15:23:11.202 4286 4286 I YAHFA-Native: replace entry point from 0x7175707a10 to 0x71fb038004
07-19 15:23:11.202 4286 4286 I YAHFA-Native: change access flags from 0x2000009 to 0x2000109
07-19 15:23:11.202 4286 4286 I YAHFA-Native: replace method from 0x70a7bbe8 to 0x71f61c9e88
07-19 15:23:11.203 4286 4286 I YAHFA-Native: replace entry point from 0x70ddf040 to 0x71fb03801c
07-19 15:23:11.203 4286 4286 I YAHFA-Native: change access flags from 0x2080009 to 0x2080109
07-19 15:23:11.203 4286 4286 I YAHFA-Native: hook and backup done
07-19 15:23:11.203 4286 4286 W KEEN TEST: in Log.e(): KEEN, this is a test for JavaLayerHooker!
07-19 15:23:11.203 4286 4286 F droid.gallery3: thread.cc:3333] Check failed: exception != nullptr
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] Runtime aborting...
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] Dumping all threads without appropriate locks held: thread list lock mutator lock
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] All threads:
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] DALVIK THREADS (4):
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] "main" prio=5 tid=1 Runnable
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] | group="" sCount=0 dsCount=0 flags=0 obj=0x7301f9e8 self=0x7175814c00
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] | sysTid=4286 nice=0 cgrp=default sched=0/0 handle=0x71fb3d0548
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] | state=R schedstat=( 75367037 69894841 66 ) utm=1 stm=5 core=2 HZ=100
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] | stack=0x7ff78a2000-0x7ff78a4000 stackSize=8MB
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] | held mutexes= "abort lock" "mutator lock"(shared held)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #00 pc 00000000003c8f54 /system/lib64/libart.so (offset 360000) (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits>&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+220)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #1 pc 000000000049a394 /system/lib64/libart.so (offset 360000) (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits>&, bool, BacktraceMap*, bool) const+352)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #2 pc 00000000004b41a8 /system/lib64/libart.so (offset 360000) (art::DumpCheckpoint::Run(art::Thread*)+828)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #3 pc 00000000004acf24 /system/lib64/libart.so (offset 360000) (art::ThreadList::RunCheckpoint(art::Closure*, art::Closure*)+476)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #4 pc 00000000004ac378 /system/lib64/libart.so (offset 360000) (art::ThreadList::Dump(std::__1::basic_ostream<char, std::__1::char_traits>&, bool)+1036)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #5 pc 000000000046f09c /system/lib64/libart.so (offset 360000) (art::Runtime::Abort(char const*)+392)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #6 pc 0000000000008d08 /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+720)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #7 pc 00000000004a5518 /system/lib64/libart.so (offset 360000) (art::Thread::QuickDeliverException()+128)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #8 pc 00000000005211cc /system/lib64/libart.so (offset 360000) (artDeliverPendingExceptionFromCode+8)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #9 pc 000000000056ac98 /system/lib64/libart.so (offset 360000) (art_quick_generic_jni_trampoline+328)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #10 pc 000000000056abac /system/lib64/libart.so (offset 360000) (art_quick_generic_jni_trampoline+92)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #11 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #12 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #13 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #14 pc 000000000027cd70 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+960)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #15 pc 0000000000532788 /system/lib64/libart.so (offset 360000) (MterpInvokeStatic+200)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #16 pc 0000000000554314 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+14612)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #17 pc 00000000000019b4 /data/local/tmp/dexfile/inject.dex (xxxxxxx.hook+68)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #18 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #19 pc 0000000000521a88 /system/lib64/libart.so (offset 360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #20 pc 000000000056acfc /system/lib64/libart.so (offset 360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #21 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #22 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #23 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #24 pc 000000000027cd70 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+960)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #25 pc 0000000000532788 /system/lib64/libart.so (offset 360000) (MterpInvokeStatic+200)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #26 pc 0000000000554314 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+14612)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #27 pc 0000000000001866 /data/local/tmp/dexfile/inject.dex (xxxxxxx.init+162)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #28 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #29 pc 0000000000521a88 /system/lib64/libart.so (offset 360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #30 pc 000000000056acfc /system/lib64/libart.so (offset 360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #31 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #32 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #33 pc 00000000004679d8 /system/lib64/libart.so (offset 360000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #34 pc 00000000004675dc /system/lib64/libart.so (offset 360000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #35 pc 00000000003686e4 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #36 pc 00000000000594c4 /sbin/.magisk/modules/antiDebugModule/riru/lib64/libxxxxxxxx.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+192)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #37 pc 00000000000593c4 /sbin/.magisk/modules/antiDebugModule/riru/lib64/libxxxxx.so (xxxxxx(_JNIEnv*, _jclass*, char const*)+268)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #38 pc 000000000004d02c /sbin/.magisk/modules/antiDebugModule/riru/lib64/libxxxxx.so (xxxxxxxt(_JNIEnv*, _jclass*, int)+280)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #39 pc 0000000000002d58 /sbin/.magisk/modules/riru-core/lib64/libriru.so (???)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] native: #40 pc 00000000000032d8 /sbin/.magisk/modules/riru-core/lib64/libriru.so (???)
07-19 15:23:11.270 4286 4286 F droid.gallery3: runtime.cc:558] at xxxx.backup(Native method)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] at xxxxxxxx.hook(LogHooker.java:20)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] at xxxxxx.init(JavaLayerHooker.java:35)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:139)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.ZygoteConnection.processOneCommand(ZygoteConnection.java:234)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.ZygoteServer.runSelectLoop(ZygoteServer.java:204)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:847)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558]
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] "Jit thread pool worker thread 0" prio=5 tid=2 Native
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | group="" sCount=1 dsCount=0 flags=1 obj=0x14500030 self=0x716f00e000
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | sysTid=4291 nice=9 cgrp=default sched=0/0 handle=0x716ef034f0
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | state=S schedstat=( 1454323 29137865 2 ) utm=0 stm=0 core=1 HZ=100
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | stack=0x716ee05000-0x716ee07000 stackSize=1021KB
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | held mutexes=
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] kernel: (couldn't read /proc/self/task/4291/stack)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #00 pc 000000000001f02c /system/lib64/libc.so (offset 7000) (syscall+28)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #1 pc 00000000000d8284 /system/lib64/libart.so (art::ConditionVariable::WaitHoldingLocks(art::Thread*)+148)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #2 pc 00000000004b59fc /system/lib64/libart.so (offset 360000) (art::ThreadPool::GetTask(art::Thread*)+260)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #3 pc 00000000004b4f64 /system/lib64/libart.so (offset 360000) (art::ThreadPoolWorker::Run()+124)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #4 pc 00000000004b4a24 /system/lib64/libart.so (offset 360000) (art::ThreadPoolWorker::Callback(void*)+148)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #5 pc 00000000000847b8 /system/lib64/libc.so (offset 7000) (__pthread_start(void*)+36)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #6 pc 0000000000023574 /system/lib64/libc.so (offset 7000) (__start_thread+68)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] (no managed stack frames)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558]
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] "Signal Catcher" prio=5 tid=3 WaitingInMainSignalCatcherLoop
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | group="" sCount=1 dsCount=0 flags=1 obj=0x14540020 self=0x7175816400
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | sysTid=4292 nice=0 cgrp=default sched=0/0 handle=0x716ee024f0
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | state=S schedstat=( 460574 28771927 2 ) utm=0 stm=0 core=2 HZ=100
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | stack=0x716ed07000-0x716ed09000 stackSize=1009KB
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | held mutexes=
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] kernel: (couldn't read /proc/self/task/4292/stack)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #00 pc 0000000000070ef4 /system/lib64/libc.so (offset 7000) (__rt_sigtimedwait+8)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #1 pc 000000000002db50 /system/lib64/libc.so (offset 7000) (sigwait+64)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #2 pc 000000000048806c /system/lib64/libart.so (offset 360000) (art::SignalCatcher::WaitForSignal(art::Thread*, art::SignalSet&)+416)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #3 pc 0000000000486974 /system/lib64/libart.so (offset 360000) (art::SignalCatcher::Run(void*)+272)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #4 pc 00000000000847b8 /system/lib64/libc.so (offset 7000) (__pthread_start(void*)+36)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #5 pc 0000000000023574 /system/lib64/libc.so (offset 7000) (__start_thread+68)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] (no managed stack frames)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558]
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] "ADB-JDWP Connection Control Thread" prio=5 tid=4 WaitingInMainDebuggerLoop
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | group="" sCount=1 dsCount=0 flags=1 obj=0x12c219f0 self=0x716f015800
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | sysTid=4293 nice=0 cgrp=default sched=0/0 handle=0x715ea9e4f0
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | state=S schedstat=( 7684116 25666510 18 ) utm=0 stm=0 core=2 HZ=100
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | stack=0x715e9a3000-0x715e9a5000 stackSize=1009KB
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | held mutexes=
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] kernel: (couldn't read /proc/self/task/4293/stack)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #00 pc 0000000000070e34 /system/lib64/libc.so (offset 7000) (__ppoll+8)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #1 pc 000000000002b814 /system/lib64/libc.so (offset 7000) (poll+88)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #2 pc 0000000000006cbc /system/lib64/libadbconnection.so (adbconnection::AdbConnectionState::RunPollLoop(art::Thread*)+824)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #3 pc 000000000000525c /system/lib64/libadbconnection.so (adbconnection::CallbackFunction(void*)+1060)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #4 pc 00000000000847b8 /system/lib64/libc.so (offset 7000) (__pthread_start(void*)+36)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] native: #5 pc 0000000000023574 /system/lib64/libc.so (offset 7000) (__start_thread+68)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] (no managed stack frames)
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558]
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] Aborting thread:
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] "main" prio=5 tid=1 Native
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | group="" sCount=0 dsCount=0 flags=0 obj=0x7301f9e8 self=0x7175814c00
07-19 15:23:11.271 4286 4286 F droid.gallery3: runtime.cc:558] | sysTid=4286 nice=0 cgrp=default sched=0/0 handle=0x71fb3d0548
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] | state=R schedstat=( 88260210 70061457 73 ) utm=2 stm=5 core=2 HZ=100
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] | stack=0x7ff78a2000-0x7ff78a4000 stackSize=8MB
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] | held mutexes= "abort lock"
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #00 pc 00000000003c8f54 /system/lib64/libart.so (offset 360000) (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits>&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+220)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #1 pc 000000000049a394 /system/lib64/libart.so (offset 360000) (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits>&, bool, BacktraceMap*, bool) const+352)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #2 pc 000000000047ed20 /system/lib64/libart.so (offset 360000) (art::AbortState::DumpThread(std::__1::basic_ostream<char, std::__1::char_traits>&, art::Thread*) const+60)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #3 pc 000000000046f114 /system/lib64/libart.so (offset 360000) (art::Runtime::Abort(char const*)+512)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #4 pc 0000000000008d08 /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+720)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #5 pc 00000000004a5518 /system/lib64/libart.so (offset 360000) (art::Thread::QuickDeliverException()+128)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #6 pc 00000000005211cc /system/lib64/libart.so (offset 360000) (artDeliverPendingExceptionFromCode+8)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #7 pc 000000000056ac98 /system/lib64/libart.so (offset 360000) (art_quick_generic_jni_trampoline+328)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #8 pc 000000000056abac /system/lib64/libart.so (offset 360000) (art_quick_generic_jni_trampoline+92)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #9 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #10 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #11 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #12 pc 000000000027cd70 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+960)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #13 pc 0000000000532788 /system/lib64/libart.so (offset 360000) (MterpInvokeStatic+200)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #14 pc 0000000000554314 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+14612)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #15 pc 00000000000019b4 /data/local/tmp/dexfile/inject.dex (xxxxxxx.hook+68)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #16 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #17 pc 0000000000521a88 /system/lib64/libart.so (offset 360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #18 pc 000000000056acfc /system/lib64/libart.so (offset 360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #19 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #20 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #21 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #22 pc 000000000027cd70 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+960)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #23 pc 0000000000532788 /system/lib64/libart.so (offset 360000) (MterpInvokeStatic+200)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #24 pc 0000000000554314 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+14612)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #25 pc 0000000000001866 /data/local/tmp/dexfile/inject.dex (xxxxxxxx.init+162)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #26 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #27 pc 0000000000521a88 /system/lib64/libart.so (offset 360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #28 pc 000000000056acfc /system/lib64/libart.so (offset 360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #29 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #30 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #31 pc 00000000004679d8 /system/lib64/libart.so (offset 360000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #32 pc 00000000004675dc /system/lib64/libart.so (offset 360000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #33 pc 00000000003686e4 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #34 pc 00000000000594c4 /sbin/.magisk/modules/antiDebugModule/riru/lib64/libxxxxxx.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+192)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #35 pc 00000000000593c4 /sbin/.magisk/modules/antiDebugModule/riru/lib64/libxxxxxxso (init_java_layer_hooker(_JNIEnv*, _jclass*, char const*)+268)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #36 pc 000000000004d02c /sbin/.magisk/modules/antiDebugModule/riru/lib64/libxxxxxx.so (forkAndSpecializePost(_JNIEnv*, _jclass*, int)+280)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #37 pc 0000000000002d58 /sbin/.magisk/modules/riru-core/lib64/libriru.so (???)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #38 pc 00000000000032d8 /sbin/.magisk/modules/riru-core/lib64/libriru.so (???)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #39 pc 00000000000790e0 /system/framework/arm64/boot-framework.oat (offset 46000) (com.android.internal.os.Zygote.nativeForkAndSpecialize+416)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #40 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #41 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #42 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #43 pc 000000000027de68 /system/lib64/libart.so (bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+772)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #44 pc 0000000000533f54 /system/lib64/libart.so (offset 360000) (MterpInvokeStaticRange+148)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #45 pc 0000000000554614 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+15380)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #46 pc 0000000000c12c16 /system/framework/boot-framework.vdex (com.android.internal.os.Zygote.forkAndSpecialize+16)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #47 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #48 pc 000000000025ca80 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #49 pc 000000000027de4c /system/lib64/libart.so (bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+744)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #50 pc 0000000000533f54 /system/lib64/libart.so (offset 360000) (MterpInvokeStaticRange+148)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #51 pc 0000000000554614 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+15380)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #52 pc 0000000000c10f14 /system/framework/boot-framework.vdex (com.android.internal.os.ZygoteConnection.processOneCommand+528)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #53 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #54 pc 000000000025ca80 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #55 pc 000000000027cd54 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+932)
07-19 15:23:11.272 4286 4286 F droid.gallery3: runtime.cc:558] native: #56 pc 00000000005312c0 /system/lib64/libart.so (offset 360000) (MterpInvokeVirtual+576)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #57 pc 0000000000554194 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+14228)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #58 pc 0000000000c12988 /system/framework/boot-framework.vdex (com.android.internal.os.ZygoteServer.runSelectLoop+208)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #59 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #60 pc 000000000025ca80 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #61 pc 000000000027cd54 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+932)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #62 pc 00000000005312c0 /system/lib64/libart.so (offset 360000) (MterpInvokeVirtual+576)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #63 pc 0000000000554194 /system/lib64/libart.so (offset 360000) (ExecuteMterpImpl+14228)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #64 pc 0000000000c11dac /system/framework/boot-framework.vdex (com.android.internal.os.ZygoteInit.main+526)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #65 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #66 pc 0000000000521a88 /system/lib64/libart.so (offset 360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #67 pc 000000000056acfc /system/lib64/libart.so (offset 360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #68 pc 0000000000561e4c /system/lib64/libart.so (offset 360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #69 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #70 pc 00000000004679d8 /system/lib64/libart.so (offset 360000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #71 pc 00000000004675dc /system/lib64/libart.so (offset 360000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #72 pc 00000000003686e4 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #73 pc 00000000000b1f04 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+136)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #74 pc 00000000000b4890 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vectorandroid::String8 const&, bool)+752)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #75 pc 000000000000219c /system/bin/app_process64 (main+1200)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] native: #76 pc 00000000000b0558 /system/lib64/libc.so (offset 7000) (__libc_init+88)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] atxxxxxx.backup(Native method)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] at xxxxxxx.hook(LogHooker.java:20)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] at xxxxxxxx.JavaLayerHooker.init(JavaLayerHooker.java:35)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:139)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.ZygoteConnection.processOneCommand(ZygoteConnection.java:234)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.ZygoteServer.runSelectLoop(ZygoteServer.java:204)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558] at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:847)
07-19 15:23:11.273 4286 4286 F droid.gallery3: runtime.cc:558]
07-19 15:23:11.273 4286 4286 F libc : Fatal signal 6 (SIGABRT), code -6 (SI_TKILL) in tid 4286 (droid.gallery3), pid 4286 (droid.gallery3)
07-19 15:23:11.343 4297 4297 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
07-19 15:23:11.343 894 894 I /system/bin/tombstoned: received crash request for pid 4286
07-19 15:23:11.344 4297 4297 I crash_dump64: performing dump of process 4286 (target tid = 4286)
07-19 15:23:11.350 4297 4297 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
07-19 15:23:11.350 4297 4297 F DEBUG : Build fingerprint: 'Android/aosp_sailfish/sailfish:9/PQ3A.190801.002/zqqz07191520:userdebug/release-keys'
07-19 15:23:11.350 4297 4297 F DEBUG : Revision: '0'
07-19 15:23:11.350 4297 4297 F DEBUG : ABI: 'arm64'
07-19 15:23:11.350 4297 4297 F DEBUG : pid: 4286, tid: 4286, name: droid.gallery3 >>> zygote64 <<<
07-19 15:23:11.350 4297 4297 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
07-19 15:23:11.350 4297 4297 F DEBUG : Abort message: 'app_dir : /data/user/0/com.android.gallery3d'
07-19 15:23:11.350 4297 4297 F DEBUG : x0 0000000000000000 x1 00000000000010be x2 0000000000000006 x3 0000000000000008
07-19 15:23:11.350 4297 4297 F DEBUG : x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 0000000000000080
07-19 15:23:11.350 4297 4297 F DEBUG : x8 0000000000000083 x9 6ae3586563165576 x10 fffffff87ffffbdf x11 fffffffc7ffffbdf
07-19 15:23:11.350 4297 4297 F DEBUG : x12 fffffffffffff000 x13 ffffffffffffefff x14 ffffffffffffffff x15 0000007ff809b5e8
07-19 15:23:11.350 4297 4297 F DEBUG : x16 00000071f70332c8 x17 00000071f6f71358 x18 0000007ff809b070 x19 00000000000010be
07-19 15:23:11.350 4297 4297 F DEBUG : x20 00000000000010be x21 0000000000000083 x22 0000007175814c00 x23 00000071758e7060
07-19 15:23:11.350 4297 4297 F DEBUG : x24 000000000000000d x25 00000000ffffffff x26 0000000000000012 x27 0000000000000005
07-19 15:23:11.350 4297 4297 F DEBUG : x28 000000717570ebaa x29 0000007ff809bde0
07-19 15:23:11.350 4297 4297 F DEBUG : sp 0000007ff809bda0 lr 00000071f6f65c7c pc 00000071f6f65c9c
07-19 15:23:11.354 4246 4246 W .huolala.drive: ClassLoaderContext classpath size mismatch for position 0. expected=3, found=0 (PCL[/system/framework/android.test.runner.jar3846605392:/system/framework/android.test.mock.jar2077058553:/system/framework/org.apache.http.legacy.boot.jar796383208] | PCL[])
07-19 15:23:11.353 4297 4297 I crash_dump64: type=1400 audit(0.0:243): avc: denied { read } for name="inject.dex" dev="sda35" ino=745479 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=1
07-19 15:23:11.353 4297 4297 I crash_dump64: type=1400 audit(0.0:244): avc: denied { open } for path="/data/local/tmp/dexfile/inject.dex" dev="sda35" ino=745479 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=1
07-19 15:23:11.353 4297 4297 I crash_dump64: type=1400 audit(0.0:245): avc: denied { getattr } for path="/data/local/tmp/dexfile/inject.dex" dev="sda35" ino=745479 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=1
07-19 15:23:11.383 4297 4297 F DEBUG :
07-19 15:23:11.383 4297 4297 F DEBUG : backtrace:
07-19 15:23:11.383 4297 4297 F DEBUG : #00 pc 0000000000021c9c /system/lib64/libc.so (offset 0x7000) (abort+112)
07-19 15:23:11.383 4297 4297 F DEBUG : #1 pc 000000000046f3cc /system/lib64/libart.so (offset 0x360000) (art::Runtime::Abort(char const)+1208)
07-19 15:23:11.383 4297 4297 F DEBUG : #2 pc 0000000000008d08 /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+720)
07-19 15:23:11.383 4297 4297 F DEBUG : #3 pc 00000000004a5518 /system/lib64/libart.so (offset 0x360000) (art::Thread::QuickDeliverException()+128)
07-19 15:23:11.383 4297 4297 F DEBUG : #4 pc 00000000005211cc /system/lib64/libart.so (offset 0x360000) (artDeliverPendingExceptionFromCode+8)
07-19 15:23:11.383 4297 4297 F DEBUG : #5 pc 000000000056ac98 /system/lib64/libart.so (offset 0x360000) (art_quick_generic_jni_trampoline+328)
07-19 15:23:11.383 4297 4297 F DEBUG : #6 pc 000000000056abac /system/lib64/libart.so (offset 0x360000) (art_quick_generic_jni_trampoline+92)
07-19 15:23:11.383 4297 4297 F DEBUG : #7 pc 0000000000561e4c /system/lib64/libart.so (offset 0x360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.383 4297 4297 F DEBUG : #8 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.383 4297 4297 F DEBUG : #9 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.383 4297 4297 F DEBUG : #10 pc 000000000027cd70 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+960)
07-19 15:23:11.383 4297 4297 F DEBUG : #11 pc 0000000000532788 /system/lib64/libart.so (offset 0x360000) (MterpInvokeStatic+200)
07-19 15:23:11.383 4297 4297 F DEBUG : #12 pc 0000000000554314 /system/lib64/libart.so (offset 0x360000) (ExecuteMterpImpl+14612)
07-19 15:23:11.383 4297 4297 F DEBUG : #13 pc 00000000000019b4 /data/local/tmp/dexfile/inject.dex (xxxxxxx.hook+68)
07-19 15:23:11.383 4297 4297 F DEBUG : #14 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.383 4297 4297 F DEBUG : #15 pc 0000000000521a88 /system/lib64/libart.so (offset 0x360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.383 4297 4297 F DEBUG : #16 pc 000000000056acfc /system/lib64/libart.so (offset 0x360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.384 4297 4297 F DEBUG : #17 pc 0000000000561e4c /system/lib64/libart.so (offset 0x360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.384 4297 4297 F DEBUG : #18 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.384 4297 4297 F DEBUG : #19 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.384 4297 4297 F DEBUG : #20 pc 000000000027cd70 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+960)
07-19 15:23:11.384 4297 4297 F DEBUG : #21 pc 0000000000532788 /system/lib64/libart.so (offset 0x360000) (MterpInvokeStatic+200)
07-19 15:23:11.384 4297 4297 F DEBUG : #22 pc 0000000000554314 /system/lib64/libart.so (offset 0x360000) (ExecuteMterpImpl+14612)
07-19 15:23:11.384 4297 4297 F DEBUG : #23 pc 0000000000001866 /data/local/tmp/dexfile/inject.dex (xxxxxxx.JavaLayerHooker.init+162)
07-19 15:23:11.384 4297 4297 F DEBUG : #24 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.384 4297 4297 F DEBUG : #25 pc 0000000000521a88 /system/lib64/libart.so (offset 0x360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.384 4297 4297 F DEBUG : #26 pc 000000000056acfc /system/lib64/libart.so (offset 0x360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.384 4297 4297 F DEBUG : #27 pc 0000000000561e4c /system/lib64/libart.so (offset 0x360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.384 4297 4297 F DEBUG : #28 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.384 4297 4297 F DEBUG : #29 pc 00000000004679d8 /system/lib64/libart.so (offset 0x360000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
07-19 15:23:11.384 4297 4297 F DEBUG : #30 pc 00000000004675dc /system/lib64/libart.so (offset 0x360000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
07-19 15:23:11.384 4297 4297 F DEBUG : #31 pc 00000000003686e4 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
07-19 15:23:11.384 4297 4297 F DEBUG : #32 pc 00000000000594c4 /sbin/.magisk/modules/antiDebugModule/riru/lib64/xxxxxxx。so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+192)
07-19 15:23:11.384 4297 4297 F DEBUG : #33 pc 00000000000593c4 /sbin/.magisk/modules/antiDebugModule/riru/lib64/xxxxxx.so (init_java_layer_hooker(_JNIEnv*, _jclass*, char const*)+268)
07-19 15:23:11.384 4297 4297 F DEBUG : #34 pc 000000000004d02c /sbin/.magisk/modules/antiDebugModule/riru/lib64/xxxxxxx.so (forkAndSpecializePost(_JNIEnv*, _jclass*, int)+280)
07-19 15:23:11.384 4297 4297 F DEBUG : #35 pc 0000000000002d58 /sbin/.magisk/modules/riru-core/lib64/libriru.so
07-19 15:23:11.384 4297 4297 F DEBUG : #36 pc 00000000000032d8 /sbin/.magisk/modules/riru-core/lib64/libriru.so
07-19 15:23:11.384 4297 4297 F DEBUG : #37 pc 00000000000790e0 /system/framework/arm64/boot-framework.oat (offset 0x46000) (com.android.internal.os.Zygote.nativeForkAndSpecialize+416)
07-19 15:23:11.384 4297 4297 F DEBUG : #38 pc 0000000000561e4c /system/lib64/libart.so (offset 0x360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.384 4297 4297 F DEBUG : #39 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
07-19 15:23:11.384 4297 4297 F DEBUG : #40 pc 0000000000282cc0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
07-19 15:23:11.384 4297 4297 F DEBUG : #41 pc 000000000027de68 /system/lib64/libart.so (bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+772)
07-19 15:23:11.384 4297 4297 F DEBUG : #42 pc 0000000000533f54 /system/lib64/libart.so (offset 0x360000) (MterpInvokeStaticRange+148)
07-19 15:23:11.384 4297 4297 F DEBUG : #43 pc 0000000000554614 /system/lib64/libart.so (offset 0x360000) (ExecuteMterpImpl+15380)
07-19 15:23:11.384 4297 4297 F DEBUG : #44 pc 0000000000c12c16 /system/framework/boot-framework.vdex (com.android.internal.os.Zygote.forkAndSpecialize+16)
07-19 15:23:11.384 4297 4297 F DEBUG : #45 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.384 4297 4297 F DEBUG : #46 pc 000000000025ca80 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
07-19 15:23:11.384 4297 4297 F DEBUG : #47 pc 000000000027de4c /system/lib64/libart.so (bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+744)
07-19 15:23:11.384 4297 4297 F DEBUG : #48 pc 0000000000533f54 /system/lib64/libart.so (offset 0x360000) (MterpInvokeStaticRange+148)
07-19 15:23:11.384 4297 4297 F DEBUG : #49 pc 0000000000554614 /system/lib64/libart.so (offset 0x360000) (ExecuteMterpImpl+15380)
07-19 15:23:11.384 4297 4297 F DEBUG : #50 pc 0000000000c10f14 /system/framework/boot-framework.vdex (com.android.internal.os.ZygoteConnection.processOneCommand+528)
07-19 15:23:11.384 4297 4297 F DEBUG : #51 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.385 4297 4297 F DEBUG : #52 pc 000000000025ca80 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
07-19 15:23:11.385 4297 4297 F DEBUG : #53 pc 000000000027cd54 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+932)
07-19 15:23:11.385 4297 4297 F DEBUG : #54 pc 00000000005312c0 /system/lib64/libart.so (offset 0x360000) (MterpInvokeVirtual+576)
07-19 15:23:11.385 4297 4297 F DEBUG : #55 pc 0000000000554194 /system/lib64/libart.so (offset 0x360000) (ExecuteMterpImpl+14228)
07-19 15:23:11.385 4297 4297 F DEBUG : #56 pc 0000000000c12988 /system/framework/boot-framework.vdex (com.android.internal.os.ZygoteServer.runSelectLoop+208)
07-19 15:23:11.385 4297 4297 F DEBUG : #57 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.386 4297 4297 F DEBUG : #58 pc 000000000025ca80 /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
07-19 15:23:11.386 4297 4297 F DEBUG : #59 pc 000000000027cd54 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+932)
07-19 15:23:11.386 4297 4297 F DEBUG : #60 pc 00000000005312c0 /system/lib64/libart.so (offset 0x360000) (MterpInvokeVirtual+576)
07-19 15:23:11.386 4297 4297 F DEBUG : #61 pc 0000000000554194 /system/lib64/libart.so (offset 0x360000) (ExecuteMterpImpl+14228)
07-19 15:23:11.386 4297 4297 F DEBUG : #62 pc 0000000000c11dac /system/framework/boot-framework.vdex (com.android.internal.os.ZygoteInit.main+526)
07-19 15:23:11.386 4297 4297 F DEBUG : #63 pc 0000000000256ed0 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2445068178+488)
07-19 15:23:11.386 4297 4297 F DEBUG : #64 pc 0000000000521a88 /system/lib64/libart.so (offset 0x360000) (artQuickToInterpreterBridge+944)
07-19 15:23:11.386 4297 4297 F DEBUG : #65 pc 000000000056acfc /system/lib64/libart.so (offset 0x360000) (art_quick_to_interpreter_bridge+92)
07-19 15:23:11.386 4297 4297 F DEBUG : #66 pc 0000000000561e4c /system/lib64/libart.so (offset 0x360000) (art_quick_invoke_static_stub+604)
07-19 15:23:11.386 4297 4297 F DEBUG : #67 pc 00000000000d053c /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+248)
JValue*, char const*)+104)
07-19 15:23:11.386 4297 4297 F DEBUG : #69 pc 00000000004675dc /system/lib64/libart.so (offset 0x360000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
07-19 15:23:11.386 4297 4297 F DEBUG : #70 pc 00000000003686e4 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
07-19 15:23:11.386 4297 4297 F DEBUG : #71 pc 00000000000b1f04 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+136)
07-19 15:23:11.386 4297 4297 F DEBUG : #72 pc 00000000000b4890 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vectorandroid::String8 const&, bool)+752)
07-19 15:23:11.386 4297 4297 F DEBUG : #73 pc 000000000000219c /system/bin/app_process64 (main+1200)
07-19 15:23:11.386 4297 4297 F DEBUG : #74 pc 00000000000b0558 /system/lib64/libc.so (offset 0x7000) (__libc_init+88)
07-19 15:23:11.396 4297 4297 I crash_dump64: type=1400 audit(0.0:246): avc: denied { read } for name="framework-res__auto_generated_rro.apk" dev="dm-0" ino=287 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:vendor_overlay_file:s0 tclass=file permissive=1
07-19 15:23:11.396 4297 4297 I crash_dump64: type=1400 audit(0.0:247): avc: denied { open } for path="/vendor/overlay/framework-res__auto_generated_rro.apk" dev="dm-0" ino=287 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:vendor_overlay_file:s0 tclass=file permissive=1
07-19 15:23:11.396 4297 4297 I crash_dump64: type=1400 audit(0.0:248): avc: denied { getattr } for path="/vendor/overlay/framework-res__auto_generated_rro.apk" dev="dm-0" ino=287 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:vendor_overlay_file:s0 tclass=file permissive=1
07-19 15:23:11.400 4297 4297 I crash_dump64: type=1400 audit(0.0:249): avc: denied { read } for name="vendor@overlay@framework-res__auto_generated_rro.apk@idmap" dev="sda35" ino=16386 scontext=u:r:crash_dump:s0:c512,c768 tcontext=u:object_r:resourcecache_data_file:s0 tclass=file permissive=1
07-19 15:23:11.505 894 894 E /system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_04
@Gstalker
Copy link
Author

我把您的代码整合到一个riru插件中了。现在的情况是这样的:
钩子可以钩到目标方法,但是不能调用backup()
调用backup()会出现如上问所示的报错
走的Java_lab_galaxy_yahfa_HookMain_backupAndHookNative

@Gstalker
Copy link
Author

架构(Architecture):arm64

系统(System Version):Android 9

java层的代码(HookMain.java)是插件加载后从native层手动加载的dex文件

@Gstalker Gstalker changed the title Android 9: crash when call backup() due to a Exception in thread.cc 安卓9:调用backup时触发exception != nullptr而崩溃(Android 9: crash when call backup() due to a Exception in thread.cc) Sep 10, 2021
@rk700
Copy link
Member

rk700 commented Sep 13, 2021

调用栈里有jni相关,是jni方法吗

@Gstalker
Copy link
Author

调用栈里有jni相关,是jni方法吗

不是jni方法

使用yahfa的方式:riru注入zygote,在 native: #38 forkAndSpecializePost()处加载了一个dex文件。这个dex文件再调用yahfa的api

@Gstalker
Copy link
Author

已解决:
解决方案见#126
虽然并不清楚原理,但是现在backup()可以跑了

@Gstalker
Copy link
Author

Gstalker commented Sep 27, 2021
edited
Loading

这个问题一直困扰我很久,最后我想到一个可能性,但是还没验证:
backup()调用失败后会触发一个java thread.CC的exception,那么backup()到底调用了什么会触发这个东西?
#126 的处理方法是用Class.forName来让Class初始化后再进行hook,参考http://rk700.github.io/2017/03/30/YAHFA-introduction/ 中有关ArtMethod的“重定向”的描述,这个exception可能是因为触发了resolution_method_导致的。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rk700 @Gstalker