Crash on startup in AresOS Android15

[bocchi810]

Steps to reproduce/复现步骤

1. Flash module
2. Restart
3. Start LSPosed
4. Crash

Expected behaviour/预期行为

Working expected

Actual behaviour/实际行为

Crash on start the LSPosed

Xposed Module List/Xposed 模块列表

N/A

Magisk Module List/Magisk 模块列表

音量键极速救砖
爱玩机工具箱
LSPosed
NeoZygisk

LSPosed version/LSPosed 版本

7161

Android version/Android 版本

15

Magisk version/Magisk 版本

KernelSU

Riru version/Riru 版本

N/A

Version requirement/版本要求

• I am using latest debug CI version of LSPosed and enable verbose log/我正在使用最新 CI 调试版本且启用详细日志

Logs/日志

--------- beginning of crash
12-27 23:59:02.090  1900  1914 F libc    : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 1914 (rkstack.process), pid 1900 (rkstack.process)
12-27 23:59:02.354  1931  1931 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-27 23:59:02.354  1931  1931 F DEBUG   : AresOS Version: 'AresOS-v15.0-GAPPS-20241222-190322'
12-27 23:59:02.354  1931  1931 F DEBUG   : Build fingerprint: 'Redmi/xaga/xaga:12/SP1A.210812.016/V816.0.8.0.ULOCNXM:user/release-keys'
12-27 23:59:02.354  1931  1931 F DEBUG   : Revision: '0'
12-27 23:59:02.354  1931  1931 F DEBUG   : ABI: 'arm64'
12-27 23:59:02.354  1931  1931 F DEBUG   : Timestamp: 2024-12-27 23:59:02.165465000+0800
12-27 23:59:02.354  1931  1931 F DEBUG   : Process uptime: 0s
12-27 23:59:02.354  1931  1931 F DEBUG   : Cmdline: com.android.networkstack.process
12-27 23:59:02.354  1931  1931 F DEBUG   : pid: 1900, tid: 1914, name: rkstack.process  >>> com.android.networkstack.process <<<
12-27 23:59:02.354  1931  1931 F DEBUG   : uid: 1073
12-27 23:59:02.354  1931  1931 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
12-27 23:59:02.354  1931  1931 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
12-27 23:59:02.354  1931  1931 F DEBUG   : Cause: null pointer dereference
12-27 23:59:02.354  1931  1931 F DEBUG   :     x0  0000000000000000  x1  000000734e4f6da0  x2  000000734e4f6e20  x3  0000000000000008
12-27 23:59:02.354  1931  1931 F DEBUG   :     x4  0000000000000000  x5  0000000000000001  x6  0000000034313931  x7  7f7f7f7f7f7f7f7f
12-27 23:59:02.354  1931  1931 F DEBUG   :     x8  0000000000000000  x9  0000007085ab9e00  x10 00000070513b0ac0  x11 0000000000000000
12-27 23:59:02.354  1931  1931 F DEBUG   :     x12 0000000000000001  x13 0000000000000000  x14 0000000000000004  x15 0000000000000031
12-27 23:59:02.354  1931  1931 F DEBUG   :     x16 00000070858d5658  x17 0000000000000000  x18 0000007050fcc000  x19 000000734e4f6e20
12-27 23:59:02.354  1931  1931 F DEBUG   :     x20 000000734e4f6da0  x21 000000000000000b  x22 0000000000000001  x23 0000007346f74000
12-27 23:59:02.354  1931  1931 F DEBUG   :     x24 00000070513b0a80  x25 000000707fddc968  x26 0000007346f74684  x27 0000007346f74688
12-27 23:59:02.354  1931  1931 F DEBUG   :     x28 0000007346f733f8  x29 000000734e4f6c90
12-27 23:59:02.354  1931  1931 F DEBUG   :     lr  0000007085392328  sp  000000734e4f6b60  pc  0000000000000000  pst 0000000060001000
12-27 23:59:02.354  1931  1931 F DEBUG   : 9 total frames
12-27 23:59:02.354  1931  1931 F DEBUG   : backtrace:
12-27 23:59:02.354  1931  1931 F DEBUG   :       #00 pc 0000000000000000  <unknown>
12-27 23:59:02.354  1931  1931 F DEBUG   :       #01 pc 00000000004e0324  /apex/com.android.art/lib64/libart.so (art::FaultManager::HandleSigsegvFault(int, siginfo*, void*)+1092) (BuildId: ccfdf13ac16da112f226fb8666cced3e)
12-27 23:59:02.354  1931  1931 F DEBUG   :       #02 pc 0000000000004968  /apex/com.android.art/lib64/libsigchain.so (art::SignalChain::Handler(int, siginfo*, void*)+368) (BuildId: ca17e75b3aa920826797adf55fbdaa29)
12-27 23:59:02.354  1931  1931 F DEBUG   :       #03 pc 000000000000089c  [vdso]
12-27 23:59:02.354  1931  1931 F DEBUG   :       #04 pc 0000000000602a34  /apex/com.android.art/lib64/libart.so (art::Thread* art::Thread::Attach<art::Thread::Attach(char const*, bool, _jobject*, bool, bool)::$_0>(char const*, bool, art::Thread::Attach(char const*, bool, _jobject*, bool, bool)::$_0, bool) (.__uniq.112444171608964125319761912539055931073.llvm.13822151748548531530)+80) (BuildId: ccfdf13ac16da112f226fb8666cced3e)
12-27 23:59:02.354  1931  1931 F DEBUG   :       #05 pc 000000000065657c  /apex/com.android.art/lib64/libart.so (art::Runtime::AttachCurrentThread(char const*, bool, _jobject*, bool, bool)+108) (BuildId: ccfdf13ac16da112f226fb8666cced3e)
12-27 23:59:02.354  1931  1931 F DEBUG   :       #06 pc 00000000000288b4  /apex/com.android.art/lib64/libperfetto_hprof.so (void* std::__1::__thread_proxy[abi:nn180000]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, ArtPlugin_Initialize::$_7>>(void*)+116) (BuildId: aac13ee0664b7011a9019b129f13f69d)
12-27 23:59:02.354  1931  1931 F DEBUG   :       #07 pc 000000000006b02c  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+200) (BuildId: 4185ab1fb01da8318682b9b22307e096)
12-27 23:59:02.354  1931  1931 F DEBUG   :       #08 pc 000000000005e03c  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 4185ab1fb01da8318682b9b22307e096)
--------- beginning of main
12-28 00:08:39.466  9853 13059 D nativeloader: Load /data/user/0/com.tencent.mobileqq/files/ZRes/online/4cd6974be1/1/res/tencent-avif-v2/214/tencent-avif-v2_214.res using ns clns-7 from class loader (caller=/data/app/~~-ZUlOvOnDKzEWXJLirp4PA==/com.tencent.mobileqq-YCKseGmVuOMSrYIeQ0JC1Q==/base.apk!classes2.dex): ok
12-28 00:09:02.915 13624 13624 D nativeloader: Load libframework-connectivity-tiramisu-jni.so using APEX ns com_android_tethering for caller /apex/com.android.tethering/javalib/framework-connectivity-t.jar: ok
12-28 00:09:02.939 13624 13624 D nativeloader: Configuring clns-7 for other apk /data/app/~~zPNOl1dEJtOFpI3ODQ0ANw==/com.google.android.trichromelibrary_677820033-_Qp_8ddz-8eFGF5QARtOTA==/base.apk. target_sdk_version=34, uses_libraries=ALL, library_path=/data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/lib/arm64:/data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/base.apk!/lib/arm64-v8a:/data/app/~~zPNOl1dEJtOFpI3ODQ0ANw==/com.google.android.trichromelibrary_677820033-_Qp_8ddz-8eFGF5QARtOTA==/base.apk!/lib/arm64-v8a, permitted_path=/data:/mnt/expand:/data/user/0/com.android.chrome
12-28 00:09:02.939 13624 13624 D nativeloader: Extending system_exposed_libraries: libcamera_algoup_jni.xiaomi.so:libcamera_mianode_jni.xiaomi.so
12-28 00:09:02.947 13624 13624 D nativeloader: Configuring clns-8 for other apk /data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/base.apk. target_sdk_version=34, uses_libraries=, library_path=/data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/lib/arm64:/data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/base.apk!/lib/arm64-v8a:/data/app/~~zPNOl1dEJtOFpI3ODQ0ANw==/com.google.android.trichromelibrary_677820033-_Qp_8ddz-8eFGF5QARtOTA==/base.apk!/lib/arm64-v8a, permitted_path=/data:/mnt/expand:/data/user/0/com.android.chrome
12-28 00:09:03.008 13624 13644 D nativeloader: Load /data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/base.apk!/lib/arm64-v8a/libchromium_android_linker.so using ns clns-8 from class loader (caller=/data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/base.apk): ok
12-28 00:09:03.088 13624 13644 D nativeloader: Load /data/app/~~zPNOl1dEJtOFpI3ODQ0ANw==/com.google.android.trichromelibrary_677820033-_Qp_8ddz-8eFGF5QARtOTA==/base.apk!/lib/arm64-v8a/libmonochrome_64.so using ns clns-8 from class loader (caller=/data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/base.apk): ok
12-28 00:09:03.889 13676 13676 D nativeloader: Load libframework-connectivity-tiramisu-jni.so using APEX ns com_android_tethering for caller /apex/com.android.tethering/javalib/framework-connectivity-t.jar: ok
12-28 00:09:03.919 13676 13676 D nativeloader: Configuring clns-shared-7 for other apk /apex/com.android.adservices/priv-app/AdServicesApk@AP3A.241105.008/AdServicesApk.apk. target_sdk_version=35, uses_libraries=, library_path=/apex/com.android.adservices/priv-app/AdServicesApk@AP3A.241105.008/lib/arm64:/system/lib64:/system_ext/lib64, permitted_path=/data:/mnt/expand:/data/user/0/com.android.adservices.api:/apex/com.android.adservices/priv-app/AdServicesApk@AP3A.241105.008:/system/lib64:/system_ext/lib64
12-28 00:09:03.920 13676 13676 D nativeloader: InitApexLibraries:
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_adservices: libhpke_jni.so:libtflite_support_classifiers_native.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_appsearch: libicing.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_art: libartservice.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_btservices: libbluetooth_jni.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_conscrypt: libjavacrypto.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_extservices: libtflite_support_classifiers_native.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_mediaprovider: libpdfclient.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_nfcservices: libnfc_nci_jni.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_ondevicepersonalization: libfcp_cpp_dep_jni.so:libfcp_hpke_jni.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_os_statsd: libstats_jni.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_tethering: libandroid_net_connectivity_com_android_net_module_util_jni.so:libcrypto.so:libframework-connectivity-jni.so:libframework-connectivity-tiramisu-jni.so:libmainlinecronet.121.0.6167.71.so:libservice-connectivity.so:libservice-thread-jni.so:libssl.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_uwb: libuwb_uci_jni_rust.so
12-28 00:09:03.920 13676 13676 D nativeloader:   com_android_virt: libvirtualizationservice_jni.so:libvirtualmachine_jni.so
12-28 00:09:04.114 13624 13663 D nativeloader: Configuring clns-9 for other apk . target_sdk_version=35, uses_libraries=, library_path=/data/app/~~KA-8o5x2BnDsi_Ozbh42Mw==/com.google.android.gms-yEbVY-uqDLkYlnwjRbiX4g==/lib/arm64:/data/app/~~KA-8o5x2BnDsi_Ozbh42Mw==/com.google.android.gms-yEbVY-uqDLkYlnwjRbiX4g==/base.apk!/lib/arm64-v8a, permitted_path=/data:/mnt/expand:/data/user/0/com.google.android.gms
12-28 00:09:08.635 13624 13942 D nativeloader: Configuring clns-10 for other apk . target_sdk_version=34, uses_libraries=ALL, library_path=, permitted_path=/data:/mnt/expand
12-28 00:09:08.635 13624 13942 D nativeloader: Extending system_exposed_libraries: libcamera_algoup_jni.xiaomi.so:libcamera_mianode_jni.xiaomi.so
12-28 00:09:08.648 13624 13942 D nativeloader: Load /data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/base.apk!/lib/arm64-v8a/libelements.so using isolated ns clns-10 (caller=/data/app/~~t_4Nch2M5jbd7mXBhHAPMQ==/com.android.chrome-SJ6hkW-oJ_DZMwMwAOPS2A==/split_feedv2.apk): ok

[bocchi810]

Full log record again
lsposed.log

[JingMatrix]

Thank for reporting, this is a NeoZygisk issue. The critical log is

zygisk-core64: dlopen fd -1: dlopen failed: unable to stat file for the library "/jit-cache-zygisk": Bad file descriptor

I will solve it from the NeoZygisk side.

[bocchi810]

avc log
avc.log

[JingMatrix]

It is indeed a SELinux problem. Please set SELinux to be permissive so that I can find all rules to add.

adb shell su -c setenforce 0

And update your log with

adb shell su -c 'cat /proc/kmsg | grep avc' > avc.log

[bocchi810]

It is indeed a SELinux problem. Please set SELinux to be permissive so that I can find all rules to add.

adb shell su -c setenforce 0

And update your log with

adb shell su -c 'cat /proc/kmsg | grep avc' > avc.log

avc.log

[JingMatrix]

Please try the build from #143

[bocchi810]

Fixed