DEMO在Pixel 8.1.0很大概率会崩溃
Closed this issue · 9 comments
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] "ReferenceQueueDaemon" prio=5 tid=5 Waiting
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | group="" sCount=1 dsCount=0 flags=1 obj=0x13344ba8 self=0x7cd8757e00
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | sysTid=18870 nice=4 cgrp=default sched=0/0 handle=0x7cd9c9f4f0
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | state=S schedstat=( 520104 142656 2 ) utm=0 stm=0 core=2 HZ=100
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | stack=0x7cd9b9d000-0x7cd9b9f000 stackSize=1037KB
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | held mutexes=
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __switch_to+0x88/0xbc
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait_queue_me+0xdc/0x168
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait+0xf4/0x21c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: do_futex+0x16c/0xb3c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: SyS_futex+0x98/0x1b0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: sys_trace_return+0x0/0x4
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #00 pc 000000000000082c /system/lib64/libc.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #1 pc 000000000000785c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #2 pc 000000000000c4d4 /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #3 pc 000000000000df3c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #4 pc 000000000000070c /system/framework/arm64/boot.oat (Java_java_lang_Object_wait+124)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting on <0x05ee3340> (a java.lang.Class<java.lang.ref.ReferenceQueue>)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$ReferenceQueueDaemon.runInternal(Daemons.java:178)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - locked <0x05ee3340> (a java.lang.Class<java.lang.ref.ReferenceQueue>)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$Daemon.run(Daemons.java:103)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.AndHook.invoke(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.invokeOriginalMethod(XposedBridge.java:301)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:237)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run!(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523]
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] "FinalizerDaemon" prio=5 tid=6 Waiting
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | group="" sCount=1 dsCount=0 flags=1 obj=0x13344c48 self=0x7cd8758800
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | sysTid=18871 nice=4 cgrp=default sched=0/0 handle=0x7cd9b9a4f0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | state=S schedstat=( 406094 436458 1 ) utm=0 stm=0 core=2 HZ=100
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | stack=0x7cd9a98000-0x7cd9a9a000 stackSize=1037KB
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | held mutexes=
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __switch_to+0x88/0xbc
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait_queue_me+0xdc/0x168
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait+0xf4/0x21c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: do_futex+0x16c/0xb3c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: SyS_futex+0x98/0x1b0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __sys_trace_return+0x0/0x4
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #00 pc 000000000000082c /system/lib64/libc.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #1 pc 000000000000785c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #2 pc 000000000000c4d4 /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #3 pc 000000000000df3c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #4 pc 0000000000000aec /system/framework/arm64/boot.oat (Java_java_lang_Object_wait__JI+140)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting on <0x0d898279> (a java.lang.Object)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Object.java:422)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:188)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - locked <0x0d898279> (a java.lang.Object)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:209)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$FinalizerDaemon.runInternal(Daemons.java:232)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$Daemon.run(Daemons.java:103)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.AndHook.invoke(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.invokeOriginalMethod(XposedBridge.java:301)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:237)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run!(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523]
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] "FinalizerWatchdogDaemon" prio=5 tid=7 Waiting
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | group="" sCount=1 dsCount=0 flags=1 obj=0x13344ce8 self=0x7cd8759200
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | sysTid=18872 nice=4 cgrp=default sched=0/0 handle=0x7cd9a954f0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | state=S schedstat=( 342395 580677 3 ) utm=0 stm=0 core=2 HZ=100
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | stack=0x7cd9993000-0x7cd9995000 stackSize=1037KB
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | held mutexes=
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __switch_to+0x88/0xbc
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait_queue_me+0xdc/0x168
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait+0xf4/0x21c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: do_futex+0x16c/0xb3c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: SyS_futex+0x98/0x1b0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: sys_trace_return+0x0/0x4
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #00 pc 000000000000082c /system/lib64/libc.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #1 pc 000000000000785c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #2 pc 000000000000c4d4 /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #3 pc 000000000000df3c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #4 pc 000000000000070c /system/framework/arm64/boot.oat (Java_java_lang_Object_wait+124)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting on <0x0be39bbe> (a java.lang.Daemons$FinalizerWatchdogDaemon)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$FinalizerWatchdogDaemon.sleepUntilNeeded(Daemons.java:297)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - locked <0x0be39bbe> (a java.lang.Daemons$FinalizerWatchdogDaemon)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$FinalizerWatchdogDaemon.runInternal(Daemons.java:277)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$Daemon.run(Daemons.java:103)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.AndHook.invoke(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.invokeOriginalMethod(XposedBridge.java:301)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:237)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run!(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523]
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] "HeapTaskDaemon" prio=5 tid=8 Blocked
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting to lock an unknown object
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)
跑一边测试,一会就crash了
能否排除定位下具体是那几个case导致的,demo会去hook Thread系函数,如果已有线程在栈上确不稳定
在连续点击,也就是连续进行hook操作的时候(实际使用可能只在Application进行hook),
也就是疯狂打印下面这两条日志
method 0x7d719f37f0 cannot be hooked
duplicate key error! already hooked
多次以后就会出现issue中提到的线程异常,导致Crash
主要集中在Virtual、WideningConversion、Constructor三个Hook点
就是最上面的日志输出
你贴出的日志不完整, 关键部分不在里面. 能否提供完整崩溃日志?
可以看到入口是:
andhook.test.WideningConversion.jdouble
下面是完整日志:
04-27 12:45:56.903 25522-25522/andhook.test E/AndHook: duplicate key error! already hooked?
04-27 12:45:58.084 25522-25536/andhook.test A/zygote64: profile_saver.cc:359] Check failed: method.GetCounter() == 0u (method.GetCounter()=310, 0u=0) double andhook.test.WideningConversion.jdouble!(double, long, short, long) access_flags=34078986
04-27 12:45:58.125 25522-25522/andhook.test E/AndHook: duplicate key error! already hooked?
04-27 12:45:58.132 25522-25522/andhook.test E/AndHook: method 0x7d719f3250 cannot be hooked again!
04-27 12:45:58.138 25522-25536/andhook.test A/zygote64: runtime.cc:523] Runtime aborting...
04-27 12:45:58.138 25522-25536/andhook.test A/zygote64: runtime.cc:523] Dumping all threads without appropriate locks held: thread list lock
测试了下,问题没有出现!
ok,感谢反馈。