LSposed implementation failure, causes zygisk next to crash #2
Comments
|
Please read JingMatrix/LSPosed#123 and try the instructions there. |
|
Same here after the Feb. build update - official crDroid 11.2 for the Nokia 6.1. Error in KSU Manager > Modules after tapping onto the entry for the Zygisk Next:
Was still fine with crDroid 11.1. Not sure if this also affects current LineageOS users, but all points to the latest Android security update(s) breaking something in regards to LSPosed and Zygisk/zygote. Not just affected is KSU Next but also regular KSU (which the Nokia 6.1 crDroid ROM we're running uses) and Magisk as per posts here on reddit. @JingMatrix : also affected is your NeoZygisk which crashes, too, so it's not a ZygiskNext issue, either. Also its dev 5ec1cff clarifies here that this needs to be tackled on the LSPosed side. Funny enough mywalkb's old mod v.1.9.3 from 2024-03-08 does not crash Zygisk Next, LOL (hint by someone on reddit), [EDIT] and also (as you found out below), in real it stops working, too: only it's UI loads and reads "activated", but modules are not working, either, so that path is in vain because only cosmetic. Just wanted to add my findings right now already. Will install the latest LSPosed-v1.10.1-7169-zygisk-debug from Actions and can provide a logcat as per your exemplary detailed instructions in a little bit. |
|
NeoZygisk-v1-0.0-232-0780ff5-debug |
|
The log you provided is a bit too late to analyze. |
|
In the logs, LSPlant cannot find symbols for the class linker. |
|
Please upload your libart.so pulled by the following |
|
Do you in general think this can be fixed on LSPosed level, or would the LineageOS (/crDoid) devs need to adapt some code? |
|
I will try to fix it in LSPlant when I get more free time. |
|
Gotcha. I could extract and upload the previous libart.so if you think that could be helpful for further debugging Also not sure if these links could be of any help at all, but posting them won't hurt, either: |
|
The symbol for method |
|
The command readelf -wk --string-dump=.gnu_debuglink ./libart.sogives output It indicates that the debug_info data, which is supposed to be separated when the section I don't understand this messy choice of using separated debug_info files. |
|
All that are really valuable findings. Searching both, LOS and crDroid issues sections and social media corners for all the keywords didn't yield anything. Haven't gone into IRC and Telegram yet. So how to go on from here? All three - AOSP, LOS and crDroid are open source from what I know, so shouldn't it be possible to search the code base for Would you like me to do something specific to facilitate finding more information? |
|
The AOSP code base concerning You can help to find out if in previous builds of |
|
By the way, you said the fork LSPosed_mod worked well with your OS. |
you indicate the path to the file as I've dumped crDroid 11.1 payload.bin but there is no apex (image). Which image would I need to unpack to get libart.so - system? |
|
I think it is aggressive lto flags make symbol inlined |
|
The LSPosed_mod fork won't work as expected, in its log you find LSPosed_mod simply chose not to crash when LSPlant fails, while current project doesn't allow slient failures. |
|
I see. One module app I tested complained it wasn't working because LSPosed is too old so I thought that's why. Anyway, in the meantime I managed to extract crDroid 11.1 libart.so from payload.bin > system.img > /system/apex/com.android.art.capex > ..[even more hoops].. - here you go 😎: |
|
In your Hence, the cause of current issue is that crDroid removed this symbol in its recent update. |
|
.. or rather the downstream LineageOS which crDroid is based upon. So what to do? Can this symbol be extracted, included into LSPosed and loaded internally if not found? Or do you think this symbol still exists in/ was moved into another file in crDroid 11.2 and would need to be accessed by LSPosed from there? |
|
Fortunately, the symbol for method This issue will be thus transfered to JingMatrix/LSPlant. |
|
Wow, mighty cool, thank you. Resuscitated trampolines make me wanna jump for joy 🤘 I was just writing: when I searched the crDroid 11.1 lib64 folder for that symbol string and chose "file content" as search option, the search did find libart.so. So I could also search the crDroid 11.2 installation for that string to see if it indeed was moved to another file. But from what I conclude your findings, it's not necessary, right? |
|
for completion the entire archive in case needed: LSPosed_2025-02-15T00_34_53.tar.xz.zip (1.8 MB) |
|
Thanks for providing the logs, please test the new build again and upload logs. Only the (first) verbose log file is needed. |
|
LSPosed-v1.10.1-7169-zygisk-debug form https://github.com/JingMatrix/LSPosed/actions/runs/13339510844 NOT working Let me get the (first) log, hang on.. |
I also confirm it seems to be working , I'm on Matrixx 11.2 (Based on CrDroid 11.2) using KSU-next |
|
@JingMatrix In the working version you returned I could place debug statements into |
|
@Jenna-87 Could you paste the logs around the line that has non-zero returned value? I didn't know which file you are referring to. |
|
|
@JingMatrix it crashes with a Because, if it is not null it will be used in libart (from |
|
The hook of The reason for new crashs seems to a wrong parsing of the Handle class. Please try the CI build and upload your logs. |
|
Here ist the log-file: |
|
I give up parsing the class Handle. Let us simply restore for the whole thread. Please test the latest CI and upload logs again. |
|
Folks, urgently gotta catch some sleep - can join debugging some time tomorrow if necessary 🤘 |
|
Here is the latest log. I will also go to bed now, but try to look into it again tomorrow. |
|
Is there enough data at this point already to summarize why on earth the crDroid dev team chose to go this unusual route which caused a lot of turmoil, and how much sense all this makes (for "increased crDroid 11.1 ROM security" or whatever)?? @CanerKaraca23 can you please find out from @aviraxp on "LSPosed IT" (no search results at all - is that a Telegram channel)? |
In issue #2, it is reported that when the symbol of method `FixupStaticTrampolines` is not found, the LSPlant failure will crash Zygisk. We fix the logic of this workaround. Note for the method `MarkClassInitialized`: 1. Its source code is at https://cs.android.com/android/platform/superproject/main/+/main:art/runtime/class_linker.cc;drc=31c794ed606da73e856a2c577ac270abd9c8b631;bpv=0;bpt=1;l=433 . 2. From the mangling name, MarkClassInitialized has no returned value, but in the AOSP code base, this method does return a pointer to ClassLinker::VisiblyInitializedCallback. In reality, this method does return a pointer. 3. In some repos, such as https://github.com/canyie/pine/blob/master/enhances/src/main/cpp/enhances.cpp and https://github.com/ElderDrivers/EdXposed/blob/master/edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h, the handle to mirror::Class is treated simply as a pointer. 4. However, I haven't succeeded in parsing the Handle class. 5. From the logs for the tests with MarkClassInitialized hooked, we haven't found any entries added with effective calls of `RestoreBackup`, where we pass nullptr to its first parameter. Hence, it is (temporarily) unnecessary to hook MarkClassInitialized
1. Close #159 as fixed, though it points to the removal of warning `Unsupported class loader`, for which we can do later. 2. Take the commit from JingMatrix/LSPlant to fix the bug JingMatrix/LSPlant#2.
1. Close #159 as fixed, though it points to the removal of warning `Unsupported class loader`, for which we can do later. 2. Take the commit from JingMatrix/LSPlant to fix the bug JingMatrix/LSPlant#2.
|
Commit merged into the master branch of JingMatrix/LSPosed. P.S.: crDroid dev team might have made the choice of inline optimization out of perfermance consideration. |
|
Grüß dich @Jenna-87 out of pure curiosity: which phone (make & model) do you have crDroid 11.2 installed on? |
Samsung A52 4G, self-build, with KernelSU |
|
cool 👍 |
|
When's the fix going to be reflected into lsposed? |
|
You mean https://github.com/JingMatrix/LSPosed/releases - latest official release Oct 16, 2024? @JingMatrix can you share your goal post(s) which you want to be satisfied/ fulfilled before issuing a new release? |
|
I will put a new release if one of the following events happens:
This is purely a personal decision, and except the first event, it depends heavily on my progress. |
You can use one of the automatic-builds from https://github.com/JingMatrix/LSPosed/actions |
|
@JingMatrix good luck with and 👍 for your viva voce! Can you share what you are doing your doctorate's degree in - IT-related, I assume? Contributing documentation: I've been editing/ updating Troubleshooting.md - will upload once I'm done. |
|
@LeeBinder You are welcome to contributing to the docs, and I am glad to hear that since the perspective from a normal user instead of involved developers might be easier to follow. My research career has nothing to do with IT. You can find my research CV here. I am doing researches in the intersections of probability and geometry, precisely a domain called optimal transport, see my first preprint for a basic introduction of my focus. |
|
Needless to say I only understand the basic frame. However in that context I've been wondering about the probability of the Earth-Moon barycenter with the moon being locked around Earth the way it is, additionally at a distance exactly covering the sun during lunar eclipses, could've come about naturally by known cosmic forces. Maybe you and Prof. Vaseršteĭn have thoughts of your own on that peculiarity, too 😉. Thumbs 👍 you can convince everyone on the panel when the time comes! |
Steps to reproduce/复现步骤
Expected behaviour/预期行为
LSposed should not cause zygisk next to crash.
Actual behaviour/实际行为
It will make zygote injection to crash. Removing LSposed fixes the failure and zygisk next works
Xposed Module List/Xposed 模块列表
Magisk Module List/Magisk 模块列表
LSPosed version/LSPosed 版本
1.10.1
Android version/Android 版本
15
Magisk version/Magisk 版本
KSU next 1.0.4
Riru version/Riru 版本
N/A
Version requirement/版本要求
Logs/日志
I do not know how can I get these issue logs. LSposed UI doesn't even load. I believe the latest android security updates broke many android mods. LSposed broke after an update, before it worked just fine.
The text was updated successfully, but these errors were encountered: