search

rovo89 / android_art

Android ART with modifications for the Xposed framework.
Other
369 stars 211 forks source link

art/runtime/stack.cc:205 Check failed: success Failed to read the this object in... #71

Closed ioantsaf closed 6 years ago

ioantsaf commented 6 years ago

When any function of Messenger app is hooked, random ANRs may occur. The ANRs seem to be unrelated to the functions being hooked (they even occur when hooking the “attach” function), and this error appears in the Xposed log: art/runtime/stack.cc:205] Check failed: success Failed to read the this object in <random class/function name> Where <random class/function name> is not the hooked function, but another random function that seems to be called on Messenger initialization.

After facing the ANR, only solution to solve it while hooking Messenger’s functions is deleting the oat directory of Messenger in /data/app, or reinstalling it from scratch.

The bug occurs only on Nougat, so I suspect it is related with Nougat’s ART compilation and dexopt.

ioantsaf commented 6 years ago

I am attaching an Xposed log:

xposed_error_20171031_012545.log

During this log, I have faced no Messenger ANR, but in lines 96-1023, some ART errors are reported. The first error states: art/runtime/gc/collector/mark_sweep.cc:415] Tried to mark 0x12ca7b80 not contained by any spaces

rovo89 commented 6 years ago

These crashes should be fixed with v89 which I released last night.

ChristophPech commented 6 years ago

It crashes a little bit later this time: art/runtime/stack.cc:205] Check failed: success Failed to read the this object in void (void instead of classname)

The beforeHookedMethod() is inside a "public static class".

rovo89 commented 6 years ago

That's strange. Do you have the complete stack trace of this crash? I had hooked onAttach() for all apps and also used hook-intensive modules like XPrivacy, but I don't think I saw this exact crash.

ChristophPech commented 6 years ago

Sadly it doesn't provide any callstack. Before the bugfix today I could move things around and make everything static but as soon as it hit a try-catch the error was unavoidable.

This is all the log: 12-18 15:20:16.148 F/art ( 8543): art/runtime/stack.cc:205] Check failed: success Failed to read the this object in void net.mypackage.Myclass$MyStaticClass.beforeHookedMethod(de.robv.android.xposed.XC_MethodHook$MethodHookParam)

rovo89 commented 6 years ago

Could you show your hook code please?

ChristophPech commented 6 years ago

The error will occur because of the try-catch block in initHooks

` public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable { if (!lpparam.packageName.equals("somepackage")) return; XposedBridge.log("!!!!!!!!!! Loaded app: " + lpparam.packageName); findAndHookMethod("somepackage.Activity", lpparam.classLoader, "onCreate", Bundle.class, new MyActivityHook()); }

public static class MyActivityHook extends XC_MethodHook {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        if(param.thisObject==null) {return;};
        mCtx = (Context) param.thisObject;

        XposedBridge.log("!!!!!!!!!! newActivity: " + mCtx.getClass().getName());

        if(!mHooksInitialized)
        {
            mHooksInitialized=true;
            initHooks();
        }
    }
}

public static void initHooks() throws Throwable {

    try {
        findAndHookMethod("com.badlogic.gdx.backends.android.AndroidInput", mClsLdr, "onKey", android.view.View.class, int.class, android.view.KeyEvent.class, new AndroidInputH());
    } catch (Throwable e) {
        XposedBridge.log(">>>>>>>>>> exception1: " + e.toString());
        e.printStackTrace();
    }

    //some more hooks
}`
Phoenix09 commented 6 years ago

I just got this:

12-2 8:3:33.667 I/Xposed (14862): XMessengerPrivacyPremium: Started Messenger 12-2 8:3:33.675 I/Xposed (14862): XMessengerPrivacyPremium: Messenger version: 147...25.86 12-2 8:3:33.731 F/art (14862): art/runtime/stack.cc:25] Check failed: success Failed to read the this object in void X..d()
wanam commented 6 years ago

@Phoenix09 Any reason why the developer of this module would remove the odex file of the target app? getPackageManager().getPackageInfo("com.facebook.orca", 0).applicationInfo.sourceDir + "/oat/"

Phoenix09 commented 6 years ago

because the issue seemed to be caused by dexopt, deleting the oat fixed it until it ran again in another issue disabling BackgroundDexOptService was mentioned as a temporary solution

https://github.com/rovo89/Xposed/issues/275#issuecomment-348553705 https://github.com/rovo89/Xposed/issues/275#issuecomment-339176692

disabling the service and clearing profile data fixed all the problems I had on v88.2

ioantsaf commented 6 years ago

@wanam I remove the odex file when a crash is detected, because it temporarily fixes the art bug, and thus prevents the crash from happening again, until something within dexopt triggers the bug again. Do you have another solution to propose for preventing the art related crashes? Btw, thanks for decompiling my code.

NHellFire commented 6 years ago

12-22 14:04:15.997 F/art (8502): art/runtime/stack.cc:205] Check failed: success Failed to read the this object in void X.000.d()

Just got this using v89

Phoenix09 commented 6 years ago

just going to add that since using the same workaround I haven't had any problems again.