How to determine this crash? (signal 11 (SIGSEGV))
etmltg69 opened this issue · comments
I constantly get these crash but I don't know how to figure out what's the problem. Is it a frida-il2cpp-bridge problem at all or a frida related?
I use bridge version 0.9.0
01-25 12:32:58.873 31840 31904 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 31904 (UnityMain), pid 31840 ()
01-25 12:32:59.367 4819 4819 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-25 12:32:59.367 4819 4819 F DEBUG : Revision: '0'
01-25 12:32:59.367 4819 4819 F DEBUG : ABI: 'arm64'
01-25 12:32:59.367 4819 4819 F DEBUG : Processor: '6'
01-25 12:32:59.367 4819 4819 F DEBUG : Timestamp: 2024-01-25 12:32:59.033656980+0100
01-25 12:32:59.367 4819 4819 F DEBUG : Process uptime: 264s
01-25 12:32:59.367 4819 4819 F DEBUG : Cmdline: com.example.app
01-25 12:32:59.367 4819 4819 F DEBUG : pid: 31840, tid: 31904, name: UnityMain >>> com.example.app <<<
01-25 12:32:59.367 4819 4819 F DEBUG : uid: 10293
01-25 12:32:59.367 4819 4819 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
01-25 12:32:59.367 4819 4819 F DEBUG : Cause: null pointer dereference
01-25 12:32:59.367 4819 4819 F DEBUG : x0 0000006edc2c3b18 x1 0000000000004002 x2 0000000000000000 x3 0000000000000000
01-25 12:32:59.367 4819 4819 F DEBUG : x4 00000000ffffffff x5 00000000ffffffff x6 00000000ffffffff x7 0000006ff0546e40
01-25 12:32:59.367 4819 4819 F DEBUG : x8 0000000000000000 x9 0000000000000000 x10 0000000000000001 x11 0000000000007ca0
01-25 12:32:59.367 4819 4819 F DEBUG : x12 0000000000000001 x13 0000000000000030 x14 00000000ffffffff x15 0000006e12c000c0
01-25 12:32:59.367 4819 4819 F DEBUG : x16 0000006ef98afb70 x17 0000006ffb4b0fc0 x18 0000006e70cb8818 x19 0000006edc2c3760
01-25 12:32:59.367 4819 4819 F DEBUG : x20 0000006ef8320408 x21 0000006ffe334e00 x22 0000006ff5557570 x23 0000006ffe397238
01-25 12:32:59.367 4819 4819 F DEBUG : x24 0000006ff55575a0 x25 0000006edc2c3bb0 x26 0000006edc2c3d40 x27 0000000000000008
01-25 12:32:59.367 4819 4819 F DEBUG : x28 0000006ef8320450 x29 0000006edc2c3b50
01-25 12:32:59.367 4819 4819 F DEBUG : lr 0000006ef8c4a044 sp 0000006edc2c3760 pc 0000006ef8c4a054 pst 0000000020001000
01-25 12:32:59.367 4819 4819 F DEBUG : backtrace:
01-25 12:32:59.367 4819 4819 F DEBUG : #00 pc 0000000000b8a054 /memfd:frida-agent-64.so (deleted)
01-25 12:32:59.367 4819 4819 F DEBUG : #1 pc 0000000000ab67d0 /memfd:frida-agent-64.so (deleted)
01-25 12:32:59.367 4819 4819 F DEBUG : #2 pc 0000000000ab91f0 /memfd:frida-agent-64.so (deleted)
01-25 12:32:59.367 4819 4819 F DEBUG : #3 pc 0000000000000a08 anonymous:6dc0001000
01-25 18:17:11.694 23018 23085 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 23085 (UnityMain), pid 23018 ()
01-25 18:17:12.504 27013 27013 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-25 18:17:12.504 27013 27013 F DEBUG : Revision: '0'
01-25 18:17:12.504 27013 27013 F DEBUG : ABI: 'arm64'
01-25 18:17:12.504 27013 27013 F DEBUG : Processor: '6'
01-25 18:17:12.504 27013 27013 F DEBUG : Timestamp: 2024-01-25 18:17:11.882560288+0100
01-25 18:17:12.504 27013 27013 F DEBUG : Process uptime: 239s
01-25 18:17:12.504 27013 27013 F DEBUG : Cmdline: com.example.app
01-25 18:17:12.504 27013 27013 F DEBUG : pid: 23018, tid: 23085, name: UnityMain >>> com.example.app <<<
01-25 18:17:12.504 27013 27013 F DEBUG : uid: 10293
01-25 18:17:12.504 27013 27013 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
01-25 18:17:12.504 27013 27013 F DEBUG : Cause: null pointer dereference
01-25 18:17:12.504 27013 27013 F DEBUG : x0 b400006edf867800 x1 0000000000000001 x2 b400006edf867800 x3 0000000000000000
01-25 18:17:12.504 27013 27013 F DEBUG : x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 0000000000000002
01-25 18:17:12.504 27013 27013 F DEBUG : x8 0000000000000000 x9 000000007fffffff x10 0000000000000010 x11 0000006ec5135000
01-25 18:17:12.504 27013 27013 F DEBUG : x12 00000000fffffff0 x13 0000000000000000 x14 0000000000000020 x15 00000000ffffff80
01-25 18:17:12.504 27013 27013 F DEBUG : x16 0000006ed1e73d90 x17 0000006ffb4b0fc0 x18 0000006e70cb7198 x19 b400006edf867800
01-25 18:17:12.504 27013 27013 F DEBUG : x20 b400006edf867800 x21 0000000000000001 x22 0000006ee7ab50e8 x23 0000000000001070
01-25 18:17:12.504 27013 27013 F DEBUG : x24 0000006f6c9b0c80 x25 0000006ec51346a0 x26 0000006ec51346a4 x27 0000006ec51346a0
01-25 18:17:12.504 27013 27013 F DEBUG : x28 0000006ec51345a0 x29 0000006ec5134530
01-25 18:17:12.504 27013 27013 F DEBUG : lr 0000006f6c755844 sp 0000006ec5134160 pc 0000006f6c85822c pst 0000000000001000
01-25 18:17:12.504 27013 27013 F DEBUG : backtrace:
01-25 18:17:12.504 27013 27013 F DEBUG : #00 pc 000000000045822c /apex/com.android.art/lib64/libart.so (artQuickGenericJniEndTrampoline+64) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.504 27013 27013 F DEBUG : #1 pc 0000000000355840 /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+160) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.504 27013 27013 F DEBUG : #2 pc 00000000005ba6b0 /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.504 27013 27013 F DEBUG : #3 pc 0000000000fc50e8 /data/dalvik-cache/arm64/data@app@~~CI-9k23WhPbqdTCd-oBV3w==@com.example.app-Fv0HDW7-0OO6feddrdmrxw==@base.apk@classes.vdex (com.unity3d.player.UnityPlayer.access$500+0)
01-25 18:17:12.505 27013 27013 F DEBUG : #04 pc 00000000005b9734 /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.505 27013 27013 F DEBUG : #05 pc 0000000000fc4708 /data/dalvik-cache/arm64/data@app@~~CI-9k23WhPbqdTCd-oBV3w==@com.example.app-Fv0HDW7-0OO6feddrdmrxw==@base.apk@classes.vdex (com.unity3d.player.UnityPlayer$e$1.handleMessage+252)
01-25 18:17:12.505 27013 27013 F DEBUG : #6 pc 0000000000b5943c /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Handler.dispatchMessage+140)
01-25 18:17:12.505 27013 27013 F DEBUG : #07 pc 0000000000b5cf68 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Looper.loopOnce+1000)
01-25 18:17:12.505 27013 27013 F DEBUG : #8 pc 0000000000b5cad8 /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (android.os.Looper.loop+1112)
01-25 18:17:12.505 27013 27013 F DEBUG : #09 pc 00000000005b9798 /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.505 27013 27013 F DEBUG : #10 pc 0000000000fc4b04 /data/dalvik-cache/arm64/data@app@~~CI-9k23WhPbqdTCd-oBV3w==@com.example.app-Fv0HDW7-0OO6feddrdmrxw==@base.apk@classes.vdex (com.unity3d.player.UnityPlayer$e.run+40)
01-25 18:17:12.505 27013 27013 F DEBUG : #11 pc 000000000033eda4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.505 27013 27013 F DEBUG : #12 pc 0000000000239d54 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+144) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.505 27013 27013 F DEBUG : #13 pc 000000000053a1b0 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1600) (BuildId: 735f12f804f88d62a2cb437261076ff7)
01-25 18:17:12.505 27013 27013 F DEBUG : #14 pc 00000000000fb6dc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 78adab9f292c6cd4c8368ceb9830b9a8)
01-25 18:17:12.505 27013 27013 F DEBUG : #15 pc 000000000008e3b0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 78adab9f292c6cd4c8368ceb9830b9a8)
It could be everything (even an anti-re mechanism); you have to incrementally add component after component from scratch to see what's causing the crash.
It could be everything (even an anti-re mechanism); you have to incrementally add component after component from scratch to see what's causing the crash.
It's because of new libpairipcore lib in the Unity games. From last month almost every apps and games which distribute by Google Play should to use this protect lib by Google. Some part of protection code is running in VM and frida cannot read memory properly because of that. There's a reason
It could be everything (even an anti-re mechanism); you have to incrementally add component after component from scratch to see what's causing the crash.
It's because of new libpairipcore lib in the Unity games. From last month almost every apps and games which distribute by Google Play should to use this protect lib by Google. Some part of protection code is running in VM and frida cannot read memory properly because of that. There's a reason
Thanks, I wasn't aware of that.
Closing as this is not related to frida-il2cpp-bridge!
But if I do enumerateModules and print all modules there is no libpairipcore.so...
So I assume this isn't the reason and I have to incrementally add component after component from scratch like @vfsfitvnm said or?
But if I do enumerateModules and print all modules there is no libpairipcore.so...
So I assume this isn't the reason and I have to incrementally add component after component from scratch like @vfsfitvnm said or?
Just open your APK file via any archive app and check if any libpairipcore.so exist. I'm almost sure that u have it.
And if u can bypass this error just let me know dude