Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash on attempting to trace any application #15

Open
casept opened this issue Apr 21, 2024 · 0 comments
Open

Crash on attempting to trace any application #15

casept opened this issue Apr 21, 2024 · 0 comments

Comments

@casept
Copy link

casept commented Apr 21, 2024

The crash also happens when trying to trace other applications as well. Device is a Moto G8 on stock ROM rooted via Magisk, Android 11.

$ frida -U --codeshare FrenchYeti/android-arm64-strace -f lv.amberphone.pasazieruvilciens
     ____
    / _  |   Frida 16.1.5 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to moto g 8  (id=ZY2282SCS6)
Spawned `lv.amberphone.pasazieruvilciens`. Resuming main thread!
[moto g 8 ::lv.amberphone.pasazieruvilciens ]-> [LINKER] Loading '/data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so'
[INTERRUPTOR][STARTING] Module '/data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so' is loading, tracer will start
[INTERRUPTOR][STARTING] Tracing thread 11412 []
[STARTING TRACE] UID=0 Thread 11412
Deploying pthread_create hook
0 1
 [TID=11412] [/apex/com.android.runtime/lib64/bionic/libc.so +0x38c]   futex (   word = 0x780fc3de40 ,  op = FUTEX_WAKE_PRIVATE ,  u32 val = 0x7fffffff ,  struct __kernel_timespec *utime = 0x0 ,  u32 *uaddr2 = 0x0 ,  u32 val3[ = 0x0  )    > 0x0
 [TID=11412] [/apex/com.android.runtime/lib64/bionic/libc.so +0x38c]   futex (   word = 0x780fc3de20 ,  op = FUTEX_WAKE_PRIVATE ,  u32 val = 0x7fffffff ,  struct __kernel_timespec *utime = 0x0 ,  u32 *uaddr2 = 0x0 ,  u32 val3[ = 0x0  )    > 0x0
Process crashed: Bad access due to invalid address

***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'motorola/rav_reteu/rav:11/RPJS31.Q4U-47-35-17/4bff0:user/release-keys'
Revision: 'pvt1'
ABI: 'arm64'
Timestamp: 2024-04-21 13:04:08+0200
pid: 11412, tid: 11412, name: sazieruvilciens  >>> lv.amberphone.pasazieruvilciens <<<
uid: 10252
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x8
Cause: null pointer dereference
    x0  0000007fe8cd7038  x1  0000000000000006  x2  0000007831111bc0  x3  0000007fe8cd6fb0
    x4  0000007fe8cd6fa0  x5  0000007882848280  x6  000000780fc3f1f0  x7  0000007fe8cd72f8
    x8  0000000000000000  x9  0000000000000000  x10 000000000000062b  x11 0000000000000001
    x12 000000780fc3e510  x13 48646e4a362d736e  x14 0000000000000000  x15 000000780fafa43c
    x16 0000000000000001  x17 0000000000000000  x18 0000007b27098000  x19 0000000000000000
    x20 0000007fe8cd7038  x21 000000780fc25000  x22 000000780fc25000  x23 000000780fc25000
    x24 00000000ffffffff  x25 000000780fc3d2f8  x26 000000780fc12fd0  x27 0000007b24405d50
    x28 000000780fc3d2f8  x29 0000007fe8cd7010
    lr  000000780faf99fc  sp  0000007fe8cd7010  pc  000000787eb960d8  pst 0000000080000000
backtrace:
      #00 pc 000000000001a0d8  <anonymous:787eb7c000>
      #01 pc 000000000031d9f8  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #02 pc 000000000031d9f8  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #03 pc 000000000031df78  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #04 pc 00000000000915ec  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x8f000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #05 pc 000000000004a0f0  /apex/com.android.runtime/bin/linker64!ld-android.so (offset 0x49000) (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+284) (BuildId: f973854810260f3568df23436074dee3)
      #06 pc 000000000004a2f0  /apex/com.android.runtime/bin/linker64!ld-android.so (offset 0x49000) (__dl__ZN6soinfo17call_constructorsEv+380) (BuildId: f973854810260f3568df23436074dee3)
      #07 pc 0000000000000e08  <anonymous:7b27f59000>
***
[moto g 8 ::lv.amberphone.pasazieruvilciens ]->

Thank you for using Frida!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@casept