Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fatal signal 4 (SIGILL) on armv7, Android 10 (Nexus 7 2013) #21

Closed
KieronQuinn opened this issue Jun 14, 2022 · 1 comment
Closed

Fatal signal 4 (SIGILL) on armv7, Android 10 (Nexus 7 2013) #21

KieronQuinn opened this issue Jun 14, 2022 · 1 comment

Comments

@KieronQuinn
Copy link

I'm using LSPlant (via Aliuhook) in an app, and while it works perfectly on modern armv8 devices, I've just tried to get it going on armv7 for laughs and LSPlant seems to not like the platform:

Ignore the fingerprint, the device is actually running Android 10, this ROM (QQ2A.2000405.005)

06-14 20:15:04.090 10935 10935 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-14 20:15:04.090 10935 10935 F DEBUG   : Build fingerprint: 'google/razor/flo:6.0.1/MOB30X/3036618:user/release-keys'
06-14 20:15:04.090 10935 10935 F DEBUG   : Revision: '0'
06-14 20:15:04.090 10935 10935 F DEBUG   : ABI: 'arm'
06-14 20:15:04.102 10935 10935 F DEBUG   : Timestamp: 2022-06-14 20:15:04+0100
06-14 20:15:04.102 10935 10935 F DEBUG   : pid: 10867, tid: 10867, name: xelambientmusic  >>> com.kieronquinn.app.pixelambientmusic <<<
06-14 20:15:04.102 10935 10935 F DEBUG   : uid: 10158
06-14 20:15:04.103 10935 10935 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xa74e0004 (*pc=0xf010f8df)
06-14 20:15:04.103 10935 10935 F DEBUG   :     r0  aab6aa80  r1  13026628  r2  a74e0001  r3  80c092c4
06-14 20:15:04.103 10935 10935 F DEBUG   :     r4  13026628  r5  aab6aa80  r6  aab6aa80  r7  be9c56b0
06-14 20:15:04.103 10935 10935 F DEBUG   :     r8  be9c5728  r9  0000015f  r10 5a587b3d  r11 aa60c260
06-14 20:15:04.103 10935 10935 F DEBUG   :     ip  80033d1c  sp  be9c55a0  lr  80076761  pc  a74e0004
06-14 20:15:08.048 10935 10935 F DEBUG   :
06-14 20:15:08.048 10935 10935 F DEBUG   : backtrace:
06-14 20:15:08.048 10935 10935 F DEBUG   :       #00 pc 00000004  <anonymous:a74e0000>
06-14 20:15:08.048 10935 10935 F DEBUG   :       #01 pc 0001175f  /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/lib/arm/liblsplant.so (BuildId: 4283a16ea35097d9497b6c7d2fe132833796d5d9)
06-14 20:15:08.048 10935 10935 F DEBUG   :       #02 pc 00100e45  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0xfd000) (art::ClassLinker::InitializeClass(art::Thread*, art::Handle<art::mirror::Class>, bool, bool)+2048) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.052 10935 10935 F DEBUG   :       #03 pc 000f10f3  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0xed000) (art::ClassLinker::EnsureInitialized(art::Thread*, art::Handle<art::mirror::Class>, bool, bool)+58) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.052 10935 10935 F DEBUG   :       #04 pc 001f2d25  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+352) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.052 10935 10935 F DEBUG   :       #05 pc 0020dfa1  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+768) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.053 10935 10935 F DEBUG   :       #06 pc 0042dbe5  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeStatic+336) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.053 10935 10935 F DEBUG   :       #07 pc 000d2994  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_static+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.053 10935 10935 F DEBUG   :       #08 pc 0000f3b6  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks.hookMethod+6)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #09 pc 0042d749  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeDirect+940) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #10 pc 000d2914  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_direct+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #11 pc 0000f66e  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks.setupHooks+650)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #12 pc 0042d749  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeDirect+940) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #13 pc 000d2914  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_direct+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #14 pc 0000f69a  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks.init+2)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #15 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #16 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #17 pc 0000edae  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks$Companion.setupHooks+546)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #18 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #19 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #20 pc 00004ade  [anon:dalvik-classes10.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes10.dex] (com.kieronquinn.app.pixelambientmusic.Injector.attachBaseContext+74)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #21 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #22 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #23 pc 00199a20  /system/framework/framework.jar (android.app.Application.attach)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #24 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #25 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #26 pc 001e5f08  /system/framework/framework.jar (android.app.Instrumentation.newApplication+24)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #27 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #28 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #29 pc 001ea874  /system/framework/framework.jar (android.app.LoadedApk.makeApplication+120)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #30 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #31 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #32 pc 0017f018  /system/framework/framework.jar (android.app.ActivityThread.handleBindApplication+2032)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #33 pc 001ee197  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.8948476230334279806+170) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #34 pc 001f2b79  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+120) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #35 pc 0041fced  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (artQuickToInterpreterBridge+820) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #36 pc 000dc5a1  /apex/com.android.runtime/lib/libart.so (art_quick_to_interpreter_bridge+32) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #37 pc 000d7bc5  /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #38 pc 004363ab  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (art_quick_invoke_stub+250) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #39 pc 000dff93  /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+166) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #40 pc 00376a67  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x338000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+54) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #41 pc 00377d31  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x338000) (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+788) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.059 10935 10935 F DEBUG   :       #42 pc 003237f3  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x2e9000) (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+30) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.059 10935 10935 F DEBUG   :       #43 pc 000b97ef  /system/framework/arm/boot.oat (BuildId: 6b3463fcb05baab29017e055a20411ff5c16d16c)

Other logs before the crash:

                 Zygote  I  seccomp disabled by setenforce 0
         xelambientmusi  I  Late-enabling -Xcheck:jni
                         E  Unknown bits set in runtime_flags: 0x8000
                   Riru  V  hook removed
                         V  edxp: forkAndSpecializePost
         xelambientmusi  W  Unsupported class loader
               SandHook  D  method <public java.lang.ClassLoader android.app.LoadedApk.getClassLoader()> hook <replacement> success!

Using the latest Aliuhook build, which itself uses LSPlant v4.0

As far as I can tell the crash is in LSPlant, but if it's within the scope of Aliuhook, I'll move it there.

This is a pretty old device so if it doesn't work that's not the end of the world, but I thought I'd report it anyway.

Cheers!
@yujincheng08
Copy link
Member

yujincheng08 commented Jun 23, 2022
edited

ILL_ILLOPC is caused by the native hooker, e.g. Dobby.

This is usually because you hook a function twice by different Dobby. And I can see you have edxposed hooking the same process, which causes the conflict.

@yujincheng08 yujincheng08 closed this as not planned Won't fix, can't repro, duplicate, stale Jun 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KieronQuinn @yujincheng08