Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JNI DETECTED ERROR IN APPLICATION: use of invalid jobject xxxx #62

Open
buffcow opened this issue Aug 6, 2020 · 2 comments
Open

JNI DETECTED ERROR IN APPLICATION: use of invalid jobject xxxx #62

buffcow opened this issue Aug 6, 2020 · 2 comments

Comments

@buffcow
Copy link

buffcow commented Aug 6, 2020

xposedcompat_new 会出现这个异常
方法应该在SetObjectArrayElement
here

这个错误类似
@Jokerman1991 Jokerman1991 mentioned this issue Nov 18, 2020
Closed
@Jokerman1991 Jokerman1991 mentioned this issue Dec 2, 2020
Closed
@baibaomen baibaomen mentioned this issue Dec 28, 2020
Open
@FD-
Copy link

FD- commented Apr 28, 2021
edited

It seems like this problem is caused by a bug when extracting the genericJniStub in CastArtMethod::init. When I ensure that getInterpreterBridge(true) is used, this crash does not occur anymore. I don't know the side effects though, so a comment from @ganyao114 would be highly appreciated!

@FD-
Copy link

FD- commented Apr 28, 2021

More complete stack trace of the crash on Android 9 (though please note I'm using a modified version of SandHook):

2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542] JNI DETECTED ERROR IN APPLICATION: use of invalid jobject 0x178d2c30
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]     from void android.content.UriMatcher.addURI(java.lang.String, java.lang.String, int)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542] "main" prio=5 tid=1 Runnable
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   | group="main" sCount=0 dsCount=0 flags=0 obj=0x783bc870 self=0x76da414c00
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   | sysTid=6416 nice=0 cgrp=default sched=1073741825/1 handle=0x7760311548
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   | state=R schedstat=( 433716405 4673284 153 ) utm=34 stm=9 core=3 HZ=100
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   | stack=0x7ffa487000-0x7ffa489000 stackSize=8MB
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   | held mutexes= "mutator lock"(shared held)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #00 pc 00000000003c15a4  /system/lib64/libart.so (offset fa000) (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+220)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #01 pc 000000000048ec54  /system/lib64/libart.so (offset 3e5000) (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, bool, BacktraceMap*, bool) const+352)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #02 pc 00000000002e4b1c  /system/lib64/libart.so (offset fa000) (art::JavaVMExt::JniAbort(char const*, char const*)+968)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #03 pc 00000000002e501c  /system/lib64/libart.so (offset fa000) (art::JavaVMExt::JniAbortF(char const*, char const*, ...)+180)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #04 pc 0000000000494878  /system/lib64/libart.so (offset 3e5000) (art::Thread::DecodeJObject(_jobject*) const+808)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #05 pc 000000000045d710  /system/lib64/libart.so (offset 3e5000) (art::(anonymous namespace)::ArgArray::BuildArgArrayFromJValues(art::ScopedObjectAccessAlreadyRunnable const&, art::ObjPtr<art::mirror::Object>, jvalue*)+208)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #06 pc 000000000045d500  /system/lib64/libart.so (offset 3e5000) (art::InvokeWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue*)+384)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #07 pc 00000000003621cc  /system/lib64/libart.so (offset fa000) (art::JNI::CallStaticVoidMethodA(_JNIEnv*, _jclass*, _jmethodID*, jvalue*)+636)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #08 pc 00000000000077d0  /data/app/com.fd.sandhooktest-ebs_bejhZrDKWm7cQ7Czug==/base.apk (offset 1ae000) (_JNIEnv::CallStaticVoidMethodA(_jclass*, _jmethodID*, jvalue const*)+56)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #09 pc 00000000000074bc  /data/app/com.fd.sandhooktest-ebs_bejhZrDKWm7cQ7Czug==/base.apk (offset 1ae000) (FFIJniDispatcher(FFIClosure*, void*, void**, void*)+712)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #10 pc 0000000000018b70  /data/app/com.fd.sandhooktest-ebs_bejhZrDKWm7cQ7Czug==/base.apk (offset 1ae000) (FFIDispatcher(ffi_cif*, void*, void**, void*)+120)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #11 pc 000000000001b320  /data/app/com.fd.sandhooktest-ebs_bejhZrDKWm7cQ7Czug==/base.apk (offset 1ae000) (???)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #12 pc 000000000001bc40  /data/app/com.fd.sandhooktest-ebs_bejhZrDKWm7cQ7Czug==/base.apk (offset 1ae000) (???)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #13 pc 000000000000f34c  /data/app/com.fd.sandhooktest-ebs_bejhZrDKWm7cQ7Czug==/oat/arm64/base.odex (offset f000) (com.swift.sandhook.ClassNeverCall.neverCallNative [DEDUPED]+124)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #14 pc 0000000000554f88  /system/lib64/libart.so (offset 3e5000) (art_quick_invoke_stub+584)
2021-04-27 15:36:58.044 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #15 pc 00000000000cf6c8  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #16 pc 000000000027f22c  /system/lib64/libart.so (offset fa000) (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #17 pc 0000000000279240  /system/lib64/libart.so (offset fa000) (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #18 pc 0000000000527738  /system/lib64/libart.so (offset 3e5000) (MterpInvokeVirtualQuick+584)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #19 pc 000000000054b414  /system/lib64/libart.so (offset 3e5000) (ExecuteMterpImpl+29972)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #20 pc 000000000015b626  /data/app/com.fd.sandhooktest-ebs_bejhZrDKWm7cQ7Czug==/oat/arm64/base.vdex (com.fd.sandhooktest.MainActivity.onCreate+78)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #21 pc 0000000000252f44  /system/lib64/libart.so (offset fa000) (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.1476001603+488)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #22 pc 0000000000514fa8  /system/lib64/libart.so (offset 3e5000) (artQuickToInterpreterBridge+1020)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #23 pc 000000000055e0fc  /system/lib64/libart.so (offset 3e5000) (art_quick_to_interpreter_bridge+92)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #24 pc 00000000014eee1c  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.Activity.performCreate+172)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #25 pc 000000000096a8f0  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.Instrumentation.callActivityOnCreate+80)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #26 pc 0000000000de7b40  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.ActivityThread.performLaunchActivity+2112)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #27 pc 0000000000dee8d8  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.ActivityThread.handleLaunchActivity+424)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #28 pc 000000000151e534  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.servertransaction.LaunchActivityItem.execute+372)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #29 pc 00000000009dfdb4  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.servertransaction.TransactionExecutor.executeCallbacks+708)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #30 pc 00000000009dfa78  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.servertransaction.TransactionExecutor.execute+280)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #31 pc 0000000000dd2324  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.ActivityThread$H.handleMessage+340)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #32 pc 0000000001640574  /system/framework/arm64/boot-framework.oat (offset 916000) (android.os.Handler.dispatchMessage+180)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #33 pc 0000000001647b70  /system/framework/arm64/boot-framework.oat (offset 916000) (android.os.Looper.loop+1264)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #34 pc 0000000000de6648  /system/framework/arm64/boot-framework.oat (offset 916000) (android.app.ActivityThread.main+664)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #35 pc 000000000055524c  /system/lib64/libart.so (offset 3e5000) (art_quick_invoke_static_stub+604)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #36 pc 00000000000cf6e8  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #37 pc 000000000045c85c  /system/lib64/libart.so (offset 3e5000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #38 pc 000000000045e2b0  /system/lib64/libart.so (offset 3e5000) (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1440)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #39 pc 00000000003ee18c  /system/lib64/libart.so (offset fa000) (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #40 pc 000000000078eed4  /system/framework/arm64/boot-core-oj.oat (offset 2dc000) (java.lang.Class.getDeclaredMethodInternal [DEDUPED]+180)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #41 pc 0000000001a4cb08  /system/framework/arm64/boot-framework.oat (offset 916000) (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+136)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #42 pc 0000000001a58380  /system/framework/arm64/boot-framework.oat (offset 916000) (com.android.internal.os.ZygoteInit.main+3088)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #43 pc 000000000055524c  /system/lib64/libart.so (offset 3e5000) (art_quick_invoke_static_stub+604)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #44 pc 00000000000cf6e8  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #45 pc 000000000045c85c  /system/lib64/libart.so (offset 3e5000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #46 pc 000000000045c4bc  /system/lib64/libart.so (offset 3e5000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #47 pc 0000000000361ac8  /system/lib64/libart.so (offset fa000) (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #48 pc 00000000000b1fa0  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+116)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #49 pc 00000000000b49c4  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+752)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #50 pc 000000000000251c  /system/bin/app_process64 (main+2000)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   native: #51 pc 00000000000ca47c  /system/lib64/libc.so (__libc_init+88)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.content.UriMatcher.addURI(Native method)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at com.fd.sandhooktest.MainActivity.onCreate(MainActivity.java:65)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.Activity.performCreate(Activity.java:7136)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.Activity.performCreate(Activity.java:7127)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1272)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2905)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3060)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1818)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.os.Handler.dispatchMessage(Handler.java:106)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.os.Looper.loop(Looper.java:193)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at android.app.ActivityThread.main(ActivityThread.java:6762)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at java.lang.reflect.Method.invoke(Native method)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]   at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
2021-04-27 15:36:58.045 6416-6416/? A/fd.sandhooktes: java_vm_ext.cc:542]

@nnjun nnjun mentioned this issue May 6, 2021
Closed
@15198184721 15198184721 mentioned this issue Apr 25, 2022
Open
@lwugang lwugang mentioned this issue Jul 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FD- @buffcow