Both are running Android 11, so this issue has been assumed to be related to Android 11 itself. This does not happen on versions before or after it (tested on 10, 12, 13)
Backtrace from Motorola Edge (2021) running Android 11:
03-20 09:55:51.295 30141 30200 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 30200 (RenderThread), pid 30141 (games.umamusume)
03-20 09:55:51.522 30213 30213 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-20 09:55:51.522 30213 30213 F DEBUG : Build fingerprint: 'motorola/racer_retail/racer:11/RPDS31.Q4U-39-26-14-13/17601e:user/release-keys'
03-20 09:55:51.522 30213 30213 F DEBUG : Revision: 'pvt'
03-20 09:55:51.522 30213 30213 F DEBUG : ABI: 'arm64'
03-20 09:55:51.523 30213 30213 F DEBUG : Timestamp: 2024-03-20 09:55:51-0500
03-20 09:55:51.523 30213 30213 F DEBUG : pid: 30141, tid: 30200, name: RenderThread >>> jp.co.cygames.umamusume <<<
03-20 09:55:51.523 30213 30213 F DEBUG : uid: 11153
03-20 09:55:51.524 30213 30213 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
03-20 09:55:51.524 30213 30213 F DEBUG : Cause: null pointer dereference
03-20 09:55:51.524 30213 30213 F DEBUG : x0 0000000000000000 x1 0000006cbb94d1c0 x2 0000006ca0001c98 x3 0000000000000008
03-20 09:55:51.524 30213 30213 F DEBUG : x4 0000006d21ec8748 x5 0000006d21ec8af4 x6 0000000000000000 x7 0000000000000000
03-20 09:55:51.524 30213 30213 F DEBUG : x8 0000006cbb94d1d0 x9 fffffffffffffff0 x10 0000000000000004 x11 0000000000000004
03-20 09:55:51.524 30213 30213 F DEBUG : x12 0000000000000000 x13 000000000000ffff x14 0000000000000006 x15 0000006ca00f5930
03-20 09:55:51.524 30213 30213 F DEBUG : x16 0000006cb5329a00 x17 0000006fcef43c7c x18 0000006cb9036000 x19 0000006ca0001c98
03-20 09:55:51.524 30213 30213 F DEBUG : x20 0000006ca00f5fb8 x21 0000006ca00f5790 x22 0000006d21ec8748 x23 0000000000000000
03-20 09:55:51.524 30213 30213 F DEBUG : x24 000000000000ffff x25 0000000000000001 x26 0000006d21ec8748 x27 0000000000001050
03-20 09:55:51.524 30213 30213 F DEBUG : x28 0000000000000001 x29 0000000000000000
03-20 09:55:51.524 30213 30213 F DEBUG : lr 0000006cb4afb7dc sp 0000006d21ec86f0 pc 0000006cb4ae87a0 pst 0000000080000000
03-20 09:55:51.611 30213 30213 F DEBUG : backtrace:
03-20 09:55:51.611 30213 30213 F DEBUG : #00 pc 00000000008597a0 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.611 30213 30213 F DEBUG : #01 pc 000000000086c7d8 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.611 30213 30213 F DEBUG : #02 pc 000000000086cad8 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.611 30213 30213 F DEBUG : #03 pc 000000000086d9f0 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.611 30213 30213 F DEBUG : #04 pc 000000000085dca0 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.611 30213 30213 F DEBUG : #05 pc 0000000000859d5c /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.612 30213 30213 F DEBUG : #06 pc 0000000000396960 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.612 30213 30213 F DEBUG : #07 pc 0000000000396ac8 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.612 30213 30213 F DEBUG : #08 pc 0000000000389600 /data/app/~~oulA7uyz07HoAYe9sOXYRQ==/jp.co.cygames.umamusume-gJQi2cAxghW8_GumwpwJtg==/lib/arm64/libunity.so (BuildId: 565c677840bbe73e52ea460b18cb90fbde78365d)
03-20 09:55:51.612 30213 30213 F DEBUG : #09 pc 00000000000005c4 [vdso] (__kernel_rt_sigreturn)
03-20 09:55:51.612 30213 30213 F DEBUG : #10 pc 0000000000031198 /apex/com.android.runtime/bin/linker64 (__loader_dlopen+8) (BuildId: f973854810260f3568df23436074dee3)
03-20 09:55:51.612 30213 30213 F DEBUG : #11 pc 000000000000104c /apex/com.android.runtime/lib64/bionic/libdl.so (dlsym+12) (BuildId: 0ef8b9fd3ba84892809321b735317a50)
03-20 09:55:51.612 30213 30213 F DEBUG : #12 pc 0000000000051a04 /apex/com.android.vndk.v30/lib64/libhidlbase.so (android::hardware::PassthroughServiceManager::get(android::hardware::hidl_string const&, android::hardware::hidl_string const&)::'lambda'(void*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::operator()(void*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const+76) (BuildId: 441744a3e8eac97619ec117a3898fc51)
03-20 09:55:51.612 30213 30213 F DEBUG : #13 pc 000000000004d794 /apex/com.android.vndk.v30/lib64/libhidlbase.so (android::hardware::PassthroughServiceManager::openLibs(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::function<bool (void*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)> const&)+944) (BuildId: 441744a3e8eac97619ec117a3898fc51)
03-20 09:55:51.612 30213 30213 F DEBUG : #14 pc 000000000004ff24 /apex/com.android.vndk.v30/lib64/libhidlbase.so (android::hardware::PassthroughServiceManager::get(android::hardware::hidl_string const&, android::hardware::hidl_string const&)+92) (BuildId: 441744a3e8eac97619ec117a3898fc51)
03-20 09:55:51.612 30213 30213 F DEBUG : #15 pc 000000000004e730 /apex/com.android.vndk.v30/lib64/libhidlbase.so (android::hardware::details::getRawServiceInternal(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool, bool)+1488) (BuildId: 441744a3e8eac97619ec117a3898fc51)
03-20 09:55:51.612 30213 30213 F DEBUG : #16 pc 0000000000014824 /apex/com.android.vndk.v30/lib64/android.hardware.graphics.mapper@4.0.so (android::sp<android::hardware::graphics::mapper::V4_0::IMapper> android::hardware::details::getServiceInternal<android::hardware::graphics::mapper::V4_0::BpHwMapper, android::hardware::graphics::mapper::V4_0::IMapper, void, void>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool, bool)+96) (BuildId: 023174d30f71d92d020ea1b5010d97a0)
03-20 09:55:51.612 30213 30213 F DEBUG : #17 pc 00000000000062e8 /vendor/lib64/egl/eglSubDriverAndroid.so (BuildId: 252dac9562ac22b1ce5d681effd73158)
03-20 09:55:51.612 30213 30213 F DEBUG : #18 pc 000000000023f384 /vendor/lib64/egl/libGLESv2_adreno.so (BuildId: 8f58bda1c70fa129f4e013d6faea0796)
03-20 09:55:51.612 30213 30213 F DEBUG : #19 pc 00000000000148cc /system/lib64/libEGL.so (android::egl_display_t::initialize(int*, int*)+296) (BuildId: daf6e31c6e30abf1d84cb51ece958136)
03-20 09:55:51.612 30213 30213 F DEBUG : #20 pc 0000000000220c8c /system/lib64/libhwui.so (android::uirenderer::renderthread::EglManager::initialize()+84) (BuildId: 482eb17a4653001b53079d35f149cf47)
03-20 09:55:51.613 30213 30213 F DEBUG : #21 pc 000000000022f7dc /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::requireGlContext()+84) (BuildId: 482eb17a4653001b53079d35f149cf47)
03-20 09:55:51.613 30213 30213 F DEBUG : #22 pc 0000000000215680 /system/lib64/libhwui.so (android::uirenderer::skiapipeline::SkiaOpenGLPipeline::setSurface(ANativeWindow*, android::uirenderer::renderthread::SwapBehavior)+88) (BuildId: 482eb17a4653001b53079d35f149cf47)
03-20 09:55:51.613 30213 30213 F DEBUG : #23 pc 000000000021d14c /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::setSurface(ANativeWindow*, bool)+368) (BuildId: 482eb17a4653001b53079d35f149cf47)
03-20 09:55:51.613 30213 30213 F DEBUG : #24 pc 000000000022c9f4 /system/lib64/libhwui.so (_ZNSt3__110__function6__funcIZN7android10uirenderer12renderthread11RenderProxy10setSurfaceEP13ANativeWindowbE3$_6NS_9allocatorIS8_EEFvvEEclEv$81825b4554ba48924a771fcb836d7698+28) (BuildId: 482eb17a4653001b53079d35f149cf47)
03-20 09:55:51.613 30213 30213 F DEBUG : #25 pc 000000000020ed94 /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+220) (BuildId: 482eb17a4653001b53079d35f149cf47)
03-20 09:55:51.613 30213 30213 F DEBUG : #26 pc 0000000000230024 /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+88) (BuildId: 482eb17a4653001b53079d35f149cf47)
03-20 09:55:51.613 30213 30213 F DEBUG : #27 pc 00000000000154d0 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+260) (BuildId: d1aa3b02347f658128fc75fb371856b9)
03-20 09:55:51.613 30213 30213 F DEBUG : #28 pc 0000000000014d94 /system/lib64/libutils.so (thread_data_t::trampoline(thread_data_t const*)+412) (BuildId: d1aa3b02347f658128fc75fb371856b9)
03-20 09:55:51.613 30213 30213 F DEBUG : #29 pc 00000000000afce8 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64) (BuildId: 41c660c694a41af9265f00d2b0edc316)
03-20 09:55:51.613 30213 30213 F DEBUG : #30 pc 00000000000502c8 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 41c660c694a41af9265f00d2b0edc316)
This may seem to be caused by the hook to __dl___loader_dlopen; but upon hooking to dlopen directly, the game will actually start, with the other hooks initialized correctly, but in a very unstable state. The graphics is not rendered at all, with only audio working, and the game may crash once it gets to the title screen.
The crash occurs on the render thread. The game will display a black screen for a few seconds before it crashes.
Affected devices: Motorola Edge (2021), Oppo A5 (2020)
Backtrace from Motorola Edge (2021) running Android 11:
This may seem to be caused by the hook to
__dl___loader_dlopen; but upon hooking todlopendirectly, the game will actually start, with the other hooks initialized correctly, but in a very unstable state. The graphics is not rendered at all, with only audio working, and the game may crash once it gets to the title screen.The exact cause is still unknown.