[Feature Request] Support stripped ART

[shanoaice]

Steps to reproduce/复现步骤

1. Setup KernelSU and Zygisk Next, install the LSPosed Module.
2. Reboot, then attempt to enter the LSPosed Manager by tapping the notification (or desktop icon)

Expected behaviour/预期行为

The manager starts normally.

Actual behaviour/实际行为

The manager (Android Shell) crashes, and the bug report log indicates a SIGSEGV (segfault) in the zygote64 process caused by nullptr deref.

Xposed Module List/Xposed 模块列表

Does not have this information, can't even access the manager.

Magisk Module List/Magisk 模块列表

Zygisk Next
Shamiko
LSPosed
some font substitution module

LSPosed version/LSPosed 版本

7043

Android version/Android 版本

14 (Xiaomi HyperOS 1.0.23.11.27.DEV, Xiaomi EU Mod)

Magisk version/Magisk 版本

KernelSU 0.7.1 + Zygisk Next v4-0.8.1

Riru version/Riru 版本

N/A

Version requirement/版本要求

• I am using latest debug CI version of LSPosed and enable verbose log/我正在使用最新 CI 调试版本且启用详细日志

Logs/日志

12-04 09:30:28.323  1000 10371 10371 W ActivityThread: registerApplicationScoutThread result:false
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : Build fingerprint: 'Redmi/socrates/socrates:13/TKQ1.221114.001/V816.0.23.11.27.DEV:user/release-keys'
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : Revision: '0'
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : ABI: 'arm64'
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : Timestamp: 2023-12-04 09:30:26.505695665+0800
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : Process uptime: 0s
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : ZygotePid: 1809
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : Cmdline: zygote64
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : pid: 9721, tid: 9721, name: m.android.shell  >>> zygote64 <<<
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : uid: 2000
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : Cause: null pointer dereference
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x0  0000000000000000  x1  000000005c000000  x2  b4000077e0a42c00  x3  0000007fe31deab0
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x4  0000000000000000  x5  00000000708148eb  x6  6871416364726e4f  x7  7f7f7f7f7f7f7f7f
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x8  0000000000000000  x9  fdf2db1652cff36c  x10 0000000000000072  x11 00000000ffffffff
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x12 00000077e0a0161c  x13 b4000077e0a8da20  x14 000000000000000a  x15 000000789f303064
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x16 00000077b2130ff8  x17 000000788af44bc0  x18 00000078a0310000  x19 b4000077e0a8da00
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x20 0000007fe31df92c  x21 0000000000000000  x22 000000789f303065  x23 0000000000000000
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x24 000000789f30304d  x25 000000789f303049  x26 000000789f30305d  x27 0000000000000000
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     x28 0000000000000000  x29 0000000000000011
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :     lr  00000077b20ed48c  sp  0000007fe31df0b0  pc  000000788af44bd0  pst 0000000080001000
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : 27 total frames
12-04 09:30:28.335 shell  9815  9815 F DEBUG   : backtrace:
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #00 pc 000000000008ebd0  /apex/com.android.runtime/lib64/bionic/libc.so (__strlen_aarch64+16) (BuildId: 1e3ca19bcae05c01b019c85f3f422e56)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #01 pc 000000000005d488  /memfd:jit-cache (deleted)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #02 pc 0000000000051290  /memfd:jit-cache (deleted)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #03 pc 000000000037fb70  /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #04 pc 00000000006cd758  /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #05 pc 0000000000086846  [anon:dalvik-DEX data] (PKJdgxk.K.mrPBQmTnDBVG.XposedBridge.hookMethod+138)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #06 pc 00000000006cd6f4  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #07 pc 0000000000087226  [anon:dalvik-DEX data] (PKJdgxk.K.mrPBQmTnDBVG.XposedHelpers.findAndHookMethod+62)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #08 pc 00000000006cd758  /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #09 pc 00000000000bff9e  [anon:dalvik-DEX data] (org.lsposed.lspd.util.ParasiticManagerHooker.hookForManager+30)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #10 pc 0000000000369640  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #11 pc 000000000031afec  /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, bool, art::JValue*)+1016) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #12 pc 00000000005f5b8c  /apex/com.android.art/lib64/libart.so (void art::interpreter::ExecuteSwitchImplCpp<false>(art::interpreter::SwitchImplContext*)+13524) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #13 pc 00000000003821d8  /apex/com.android.art/lib64/libart.so (ExecuteSwitchImplAsm+8) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #14 pc 00000000000c0178  [anon:dalvik-DEX data] (org.lsposed.lspd.util.ParasiticManagerHooker.start+0)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #15 pc 0000000000349e74  /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.__uniq.112435418011751916792819755956732575238.llvm.14359194596130675542)+228) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #16 pc 00000000003496e4  /apex/com.android.art/lib64/libart.so (artQuickToInterpreterBridge+780) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #17 pc 000000000037fc98  /apex/com.android.art/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #18 pc 00000000006cd758  /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #19 pc 00000000000bbbfe  [anon:dalvik-DEX data] (ggh.tAOvzm.lZubFNS.rh.Main.forkCommon+46)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #20 pc 0000000000369640  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #21 pc 0000000000685ab8  /apex/com.android.art/lib64/libart.so (art::JNI<false>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+480) (BuildId: cd335317e87ebac5867205bbee33d6ce)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #22 pc 000000000003ef38  /memfd:jit-cache (deleted)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #23 pc 00000000000355cc  /memfd:jit-cache (deleted)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #24 pc 00000000000352b8  /memfd:jit-cache (deleted)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #25 pc 0000000000045940  /memfd:jit-cache (deleted)
12-04 09:30:28.335 shell  9815  9815 F DEBUG   :       #26 pc 0000000000005e08  /system/lib64/libzygisk.so (BuildId: d1f33ada3469f111f5e529a5fc0b5b378ba4a0fc)

[yujincheng08]

hyper os supports. but not eu custom ROM since they use stripped ART.

[yujincheng08]

marked it as enhancement instead of bug.

[Howard20181]

#2866
#2817

[shanoaice]

#2866 #2817

Yes, I have just been aware of that. Maybe I will wait until this is properly implemented.

[cptmacp]

They have reverted to Stock ART

https://xiaomi.eu/community/threads/23-11-27-30.70685/post-708958

OS1.0.23.12.4.DEV

OS1.0.23.12.9.DEV

these have stock ART and Lsposed works again .

[shanoaice]

They have reverted to Stock ART

xiaomi.eu/community/threads/23-11-27-30.70685/post-708958

OS1.0.23.12.4.DEV

OS1.0.23.12.9.DEV

these have stock ART and Lsposed works again .

Good news then, but I do believe that having stripped ART support will be better (not a priority though) in case some ROM also attempted to deliver stripped ART instead of stock ART.