Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gum-js-loop hang and crash when I tried to use frida #1000

Open
demonguy opened this issue Mar 7, 2025 · 0 comments
Open

gum-js-loop hang and crash when I tried to use frida #1000

demonguy opened this issue Mar 7, 2025 · 0 comments

Comments

@demonguy
Copy link

demonguy commented Mar 7, 2025
edited
Loading

gum-js-loop thread crashed but cannot understand the reason

Step:

  1. Write a empety script

  2. sudo frida -l /Users/cy/Documents/GitHub/AI/test.js TGOnDeviceInferenceProviderService 2>&1 | tee build.log

Phenomenon

  1. Command hangs for serveral minutes
  2. process crash and shows error below
(.cyvenv) cy@CY-MacBook-Pro-M4 ~ % sudo frida -l /Users/cy/Documents/GitHub/AI/test.js -p 1286 2>&1 | tee build.log
     ____
    / _  |   Frida 16.6.6 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)
Attaching...
Failed to load script: the connection is closed

Version:
16.6.6

MacOS:

  1. Version 15.3.1

  2. SIP disabled

  3. Apple M4 Pro

  4. sudo nvram boot-args="amfi_get_out_of_my_way=1 -arm64e_preview_abi" executed

Console Crash Log

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               TGOnDeviceInferenceProviderService [1286]
Path:                  /System/Library/ExtensionKit/Extensions/TGOnDeviceInferenceProviderService.appex/Contents/MacOS/TGOnDeviceInferenceProviderService
Identifier:            com.apple.tgondeviceinferenceproviderservice
Version:               1.0 (1)
Build Info:            TokenGenerationInference-158654000000000~1
Code Type:             ARM-64 (Native)
Parent Process:        launchd [1]
User ID:               301

Date/Time:             2025-03-07 21:13:49.6785 +0800
OS Version:            macOS 15.3.1 (24D70)
Report Version:        12
Anonymous UUID:        F36B840B-0CDC-F24D-1C7E-2D7ED5E507A5


Time Awake Since Boot: 340 seconds

System Integrity Protection: disabled

Crashed Thread:        9  gum-js-loop

Exception Type:        EXC_BAD_ACCESS (SIGKILL)
Exception Codes:       KERN_INVALID_ADDRESS at 0x006b00018d162418 -> 0x000000018d162418 (possible pointer authentication failure)
Exception Codes:       0x0000000000000001, 0x006b00018d162418

Termination Reason:    Namespace PAC_EXCEPTION, Code 1 

External Modification Warnings:
Thread creation by external task.

VM Region Info: 0x18d162418 is in 0x18c425000-0x18d26d000;  bytes after start: 13882392  bytes before end: 1092583
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               18c149000-18c425000    [ 2928K] r-x/r-x SM=COW  unused  unknown system shared lib __TEXT
--->  __TEXT                      18c425000-18d26d000    [ 14.3M] r-x/r-x SM=COW  /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
      unused __TEXT               18d26d000-18d42f000    [ 1800K] r-x/r-x SM=COW  unused  unknown system shared lib __TEXT

Thread 0::  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	       0x18b186f54 mach_msg2_trap + 8
1   libsystem_kernel.dylib        	       0x18b199604 mach_msg2_internal + 80
2   libsystem_kernel.dylib        	       0x18b18faf8 mach_msg_overwrite + 480
3   libsystem_kernel.dylib        	       0x18b18729c mach_msg + 24
4   CoreFoundation                	       0x18b2b0a4c __CFRunLoopServiceMachPort + 160
5   CoreFoundation                	       0x18b2af2ac __CFRunLoopRun + 1212
6   CoreFoundation                	       0x18b2ae734 CFRunLoopRunSpecific + 588
7   Foundation                    	       0x18c47f518 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
8   Foundation                    	       0x18c4f6e74 -[NSRunLoop(NSRunLoop) run] + 64
9   libxpc.dylib                  	       0x18aee162c _xpc_objc_main + 700
10  libxpc.dylib                  	       0x18aef1754 _xpc_main + 276
11  libxpc.dylib                  	       0x18aee11c8 xpc_main + 64
12  ExtensionFoundation           	       0x1e9d7dce4 0x1e9cfa000 + 539876
13  ExtensionFoundation           	       0x1e9d7ddac 0x1e9cfa000 + 540076
14  ExtensionFoundation           	       0x1e9cfe184 -[_EXRunningExtension startWithArguments:count:] + 460
15  ExtensionFoundation           	       0x1e9d143a8 EXExtensionMain + 232
16  Foundation                    	       0x18c4f909c NSExtensionMain + 204
17  dyld                          	       0x18ae48274 start + 2840

Thread 1:
0   libsystem_pthread.dylib       	       0x18b1c30e8 start_wqthread + 0

Thread 2:: H11ANEServicesThread
0   libsystem_kernel.dylib        	       0x18b186f54 mach_msg2_trap + 8
1   libsystem_kernel.dylib        	       0x18b199604 mach_msg2_internal + 80
2   libsystem_kernel.dylib        	       0x18b18faf8 mach_msg_overwrite + 480
3   libsystem_kernel.dylib        	       0x18b18729c mach_msg + 24
4   CoreFoundation                	       0x18b2b0a4c __CFRunLoopServiceMachPort + 160
5   CoreFoundation                	       0x18b2af2ac __CFRunLoopRun + 1212
6   CoreFoundation                	       0x18b2ae734 CFRunLoopRunSpecific + 588
7   CoreFoundation                	       0x18b3299d0 CFRunLoopRun + 64
8   ANEServices                   	       0x1a5ab41b4 H11ANE::H11ANEServicesThreadStart(H11ANE::H11ANEServicesThreadParams*) + 148
9   libsystem_pthread.dylib       	       0x18b1c82e4 _pthread_start + 136
10  libsystem_pthread.dylib       	       0x18b1c30fc thread_start + 8

Thread 3:
0   libsystem_pthread.dylib       	       0x18b1c30e8 start_wqthread + 0

Thread 4:
0   libsystem_kernel.dylib        	       0x18b18d01c kevent + 8
1   ???                           	       0x111937000 ???
2   ???                           	       0x111936328 ???
3   ???                           	       0x111936534 ???
4   ???                           	       0x1117801b8 ???
5   ???                           	       0x11176427c ???
6   libsystem_pthread.dylib       	       0x18b1c82e4 _pthread_start + 136
7   libsystem_pthread.dylib       	       0x18b1c30fc thread_start + 8

Thread 5:: pool-spawner
0   libsystem_kernel.dylib        	       0x18b18a6ec __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x18b1c8894 _pthread_cond_wait + 1204
2   ???                           	       0x11195bac8 ???
3   ???                           	       0x111922828 ???
4   ???                           	       0x111946d80 ???
5   ???                           	       0x111945c54 ???
6   libsystem_pthread.dylib       	       0x18b1c82e4 _pthread_start + 136
7   libsystem_pthread.dylib       	       0x18b1c30fc thread_start + 8

Thread 6:: gmain
0   libsystem_kernel.dylib        	       0x18b18d01c kevent + 8
1   ???                           	       0x111937000 ???
2   ???                           	       0x111936328 ???
3   ???                           	       0x1119363b8 ???
4   ???                           	       0x1119373f0 ???
5   ???                           	       0x111945c54 ???
6   libsystem_pthread.dylib       	       0x18b1c82e4 _pthread_start + 136
7   libsystem_pthread.dylib       	       0x18b1c30fc thread_start + 8

Thread 7:: pool-frida
0   libsystem_kernel.dylib        	       0x18b18a6ec __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x18b1c88c0 _pthread_cond_wait + 1248
2   ???                           	       0x11195bbe8 ???
3   ???                           	       0x11192281c ???
4   ???                           	       0x111946a9c ???
5   ???                           	       0x111945c54 ???
6   libsystem_pthread.dylib       	       0x18b1c82e4 _pthread_start + 136
7   libsystem_pthread.dylib       	       0x18b1c30fc thread_start + 8

Thread 8:: gdbus
0   libsystem_kernel.dylib        	       0x18b18d01c kevent + 8
1   ???                           	       0x111937000 ???
2   ???                           	       0x111936328 ???
3   ???                           	       0x111936534 ???
4   ???                           	       0x1118ed194 ???
5   ???                           	       0x111945c54 ???
6   libsystem_pthread.dylib       	       0x18b1c82e4 _pthread_start + 136
7   libsystem_pthread.dylib       	       0x18b1c30fc thread_start + 8

Thread 9 Crashed:: gum-js-loop
0   ???                           	       0x1117f4f40 ???
1   ???                           	       0x1117f4140 ???
2   ???                           	       0x1119c1020 ???
3   ???                           	       0x1119cafe0 ???
4   ???                           	       0x1119cad9c ???
5   ???                           	       0x1119c1020 ???
6   ???                           	       0x1119cafe0 ???
7   ???                           	       0x1119cad9c ???
8   ???                           	       0x1119df6fc ???
9   ???                           	       0x1119cc2fc ???
10  ???                           	       0x1119cc188 ???
11  ???                           	       0x1119c57d0 ???
12  ???                           	       0x1119c5d44 ???
13  ???                           	       0x1119ce81c ???
14  ???                           	       0x1119cc188 ???
15  ???                           	       0x1119cc188 ???
16  ???                           	       0x1119cad9c ???
17  ???                           	       0x1119c1020 ???
18  ???                           	       0x1119cafe0 ???
19  ???                           	       0x1119cc188 ???
20  ???                           	       0x1119cc00c ???
21  ???                           	       0x1119cc00c ???
22  ???                           	       0x1119cad9c ???
23  ???                           	       0x1119c1020 ???
24  ???                           	       0x1119cafe0 ???
25  ???                           	       0x1119cc188 ???
26  ???                           	       0x1119cc00c ???
27  ???                           	       0x1119cc00c ???
28  ???                           	       0x1119cad9c ???
29  ???                           	       0x1119c1020 ???
30  ???                           	       0x1119cafe0 ???
31  ???                           	       0x1119cc188 ???
32  ???                           	       0x1119cc00c ???
33  ???                           	       0x1119cc00c ???
34  ???                           	       0x1119cad9c ???
35  ???                           	       0x1119c1020 ???
36  ???                           	       0x1119cafe0 ???
37  ???                           	       0x1119cc188 ???
38  ???                           	       0x1119cc00c ???
39  ???                           	       0x1119cc00c ???
40  ???                           	       0x1119cad9c ???
41  ???                           	       0x1119c1020 ???
42  ???                           	       0x1119cafe0 ???
43  ???                           	       0x1119cc188 ???
44  ???                           	       0x1119cc00c ???
45  ???                           	       0x1119cc00c ???
46  ???                           	       0x1119c57d0 ???
47  ???                           	       0x1119d201c ???
48  ???                           	       0x1117df8b0 ???
49  ???                           	       0x1117e5414 ???
50  ???                           	       0x1119c1020 ???
51  ???                           	       0x1119cafe0 ???
52  ???                           	       0x1119cc188 ???
53  ???                           	       0x1119c57d0 ???
54  ???                           	       0x1119c5d44 ???
55  ???                           	       0x1119ccab4 ???
56  ???                           	       0x1119c57d0 ???
57  ???                           	       0x1119d201c ???
58  ???                           	       0x1117e5590 ???
59  ???                           	       0x1119c1020 ???
60  ???                           	       0x1119cafe0 ???
61  ???                           	       0x1119cc188 ???
62  ???                           	       0x1119e3890 ???
63  ???                           	       0x1119ece70 ???
64  ???                           	       0x1119d7904 ???
65  ???                           	       0x1119e4b24 ???
66  ???                           	       0x1119e494c ???
67  ???                           	       0x1119d20f4 ???
68  ???                           	       0x1117df0f8 ???
69  ???                           	       0x1117d58f0 ???
70  ???                           	       0x11193610c ???
71  ???                           	       0x11193634c ???
72  ???                           	       0x111936534 ???
73  ???                           	       0x1117d57e0 ???
74  ???                           	       0x111945c54 ???
75  libsystem_pthread.dylib       	       0x18b1c82e4 _pthread_start + 136
76  libsystem_pthread.dylib       	       0x18b1c30fc thread_start + 8


Thread 9 crashed with ARM Thread State (64-bit):
    x0: 0x0000000000000000   x1: 0x0000000000000000   x2: 0x000000016b924f58   x3: 0x0000000000001407
    x4: 0x000000016b924b50   x5: 0x0000000000000000   x6: 0x0000000000000000   x7: 0x0000000000000002
    x8: 0x0000000000000000   x9: 0x006b00018d162418  x10: 0x4347b14373de07f6  x11: 0xf661b14309330672
   x12: 0x4306314373de0316  x13: 0x0000000000000000  x14: 0x0000000000000040  x15: 0x000000016b9259e0
   x16: 0x00000001117f4f38  x17: 0x00000001117f4eb8  x18: 0x0000000000000000  x19: 0x0000000112c746c8
   x20: 0x0000000112d9fc00  x21: 0x0000000104b634c0  x22: 0x0000000000000006  x23: 0x000000016b924b50
   x24: 0x0000000112cf44a0  x25: 0x0000000112d9fc00  x26: 0x0000000112d0e190  x27: 0x0000000000000003
   x28: 0x0000000000000000   fp: 0x000000016b924fd0   lr: 0xb50a8001117f4e54
    sp: 0x000000016b924b30   pc: 0x00000001117f4f40 cpsr: 0x80000000
   far: 0x006b00018d162418  esr: 0x92000004 (Data Abort) byte read Translation fault

Binary Images:
       0x1049b8000 -        0x1049bbfff com.apple.tgondeviceinferenceproviderservice (1.0) <c7d7c519-1c32-3737-a0b6-13c4352b3839> /System/Library/ExtensionKit/Extensions/TGOnDeviceInferenceProviderService.appex/Contents/MacOS/TGOnDeviceInferenceProviderService
       0x18b186000 -        0x18b1c0ff7 libsystem_kernel.dylib (*) <eee9d0d3-dffc-37cb-9ced-b27cd0286d8c> /usr/lib/system/libsystem_kernel.dylib
       0x18b233000 -        0x18b727fff com.apple.CoreFoundation (6.9) <190e6a36-fcaa-3ea3-94bb-7009c44653da> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
       0x18c425000 -        0x18d26cfff com.apple.Foundation (6.9) <16d282d0-8b48-3e76-8036-fcb45dece518> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
       0x18aec8000 -        0x18af12fff libxpc.dylib (*) <564b7785-e7c4-3231-8bf1-3fbb266b6599> /usr/lib/system/libxpc.dylib
       0x1e9cfa000 -        0x1e9dc4fff com.apple.ExtensionFoundation (97) <c92a99b4-4adf-3935-8b99-b0440f294894> /System/Library/Frameworks/ExtensionFoundation.framework/Versions/A/ExtensionFoundation
       0x18ae42000 -        0x18aec3f3f dyld (*) <398a133c-9bcb-317f-a064-a40d3cea3c0f> /usr/lib/dyld
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
       0x18b1c1000 -        0x18b1cdfff libsystem_pthread.dylib (*) <642faf7a-874e-37e6-8aba-2b0cc09a3025> /usr/lib/system/libsystem_pthread.dylib
       0x1a5a9f000 -        0x1a5acafff com.apple.ANEServices (8.300) <cf5bd0b8-002c-3965-8fbb-00745ab79457> /System/Library/PrivateFrameworks/ANEServices.framework/Versions/A/ANEServices

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 4
    thread_create: 1
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 5
    thread_create: 1
    thread_set_state: 41

VM Region Summary:
ReadOnly portion of Libraries: Total=926.3M resident=0K(0%) swapped_out_or_unallocated=926.3M(100%)
Writable regions: Total=164.5M written=401K(0%) resident=401K(0%) swapped_out=0K(0%) unallocated=164.1M(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Activity Tracing                   256K        1 
Dispatch continuations           112.0M        1 
Kernel Alloc Once                   32K        1 
MALLOC                            32.7M       11 
MALLOC guard page                   32K        2 
Memory Tag 255                    20.0M       14 
STACK GUARD                       56.2M       10 
Stack                             12.8M       10 
VM_ALLOCATE                       5376K       71 
__AUTH                            1414K      219 
__AUTH_CONST                      18.9M      363 
__CTF                               824        1 
__DATA                            5260K      338 
__DATA_CONST                      10.9M      364 
__DATA_DIRTY                       513K      108 
__FONT_DATA                        2352        1 
__LINKEDIT                       606.2M        2 
__OBJC_RW                         2374K        1 
__TEXT                           320.1M      387 
__TPRO_CONST                       272K        2 
mapped file                       31.6M        4 
owned unmapped memory               32K        1 
page table in kernel               401K        1 
shared memory                      624K        6 
===========                     =======  ======= 
TOTAL                              1.2G     1919 



-----------
Full Report
-----------

{"app_name":"TGOnDeviceInferenceProviderService","timestamp":"2025-03-07 21:13:50.00 +0800","app_version":"1.0","slice_uuid":"c7d7c519-1c32-3737-a0b6-13c4352b3839","build_version":"1","platform":1,"bundleID":"com.apple.tgondeviceinferenceproviderservice","share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 15.3.1 (24D70)","roots_installed":0,"name":"TGOnDeviceInferenceProviderService","incident_id":"4F3F10E2-C90C-4A00-BD92-2E85AE9B7EBD"}
{
  "uptime" : 340,
  "procRole" : "Default",
  "version" : 2,
  "userID" : 301,
  "deployVersion" : 210,
  "modelCode" : "Mac16,8",
  "coalitionID" : 974,
  "osVersion" : {
    "train" : "macOS 15.3.1",
    "build" : "24D70",
    "releaseType" : "User"
  },
  "captureTime" : "2025-03-07 21:13:49.6785 +0800",
  "codeSigningMonitor" : 2,
  "incident" : "4F3F10E2-C90C-4A00-BD92-2E85AE9B7EBD",
  "pid" : 1286,
  "translated" : false,
  "cpuType" : "ARM-64",
  "roots_installed" : 0,
  "bug_type" : "309",
  "procLaunch" : "2025-03-07 21:08:48.5385 +0800",
  "procStartAbsTime" : 1144219269,
  "procExitAbsTime" : 8371028270,
  "procName" : "TGOnDeviceInferenceProviderService",
  "procPath" : "\/System\/Library\/ExtensionKit\/Extensions\/TGOnDeviceInferenceProviderService.appex\/Contents\/MacOS\/TGOnDeviceInferenceProviderService",
  "bundleInfo" : {"CFBundleShortVersionString":"1.0","CFBundleVersion":"1","CFBundleIdentifier":"com.apple.tgondeviceinferenceproviderservice"},
  "buildInfo" : {"ProjectName":"TokenGenerationInference","SourceVersion":"158654000000000","BuildVersion":"1"},
  "parentProc" : "launchd",
  "parentPid" : 1,
  "coalitionName" : "com.apple.tgondeviceinferenceproviderservice",
  "crashReporterKey" : "F36B840B-0CDC-F24D-1C7E-2D7ED5E507A5",
  "throttleTimeout" : 10,
  "codeSigningID" : "com.apple.tgondeviceinferenceproviderservice",
  "codeSigningTeamID" : "",
  "codeSigningFlags" : 570509857,
  "codeSigningValidationCategory" : 1,
  "codeSigningTrustLevel" : 4294967295,
  "instructionByteStream" : {"beforePC":"CAHAebcAABS9BACUCAFAebQAABS6BACUCAFAubEAABQIAIDSqYNa+A==","atPC":"KQFAueoDCaogAWMePwEAcQoAZp4poYqa6gCAUhahipoq\/WDT4AMJqg=="},
  "bootSessionUUID" : "533A4610-8E34-4571-921F-4EACB5F74C92",
  "sip" : "disabled",
  "vmRegionInfo" : "0x18d162418 is in 0x18c425000-0x18d26d000;  bytes after start: 13882392  bytes before end: 1092583\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      unused __TEXT               18c149000-18c425000    [ 2928K] r-x\/r-x SM=COW  unused  unknown system shared lib __TEXT\n--->  __TEXT                      18c425000-18d26d000    [ 14.3M] r-x\/r-x SM=COW  \/System\/Library\/Frameworks\/Foundation.framework\/Versions\/C\/Foundation\n      unused __TEXT               18d26d000-18d42f000    [ 1800K] r-x\/r-x SM=COW  unused  unknown system shared lib __TEXT",
  "exception" : {"codes":"0x0000000000000001, 0x006b00018d162418","rawCodes":[1,30117829170045976],"type":"EXC_BAD_ACCESS","signal":"SIGKILL","subtype":"KERN_INVALID_ADDRESS at 0x006b00018d162418 -> 0x000000018d162418 (possible pointer authentication failure)"},
  "termination" : {"namespace":"PAC_EXCEPTION","flags":2,"code":1},
  "vmregioninfo" : "0x18d162418 is in 0x18c425000-0x18d26d000;  bytes after start: 13882392  bytes before end: 1092583\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      unused __TEXT               18c149000-18c425000    [ 2928K] r-x\/r-x SM=COW  unused  unknown system shared lib __TEXT\n--->  __TEXT                      18c425000-18d26d000    [ 14.3M] r-x\/r-x SM=COW  \/System\/Library\/Frameworks\/Foundation.framework\/Versions\/C\/Foundation\n      unused __TEXT               18d26d000-18d42f000    [ 1800K] r-x\/r-x SM=COW  unused  unknown system shared lib __TEXT",
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":1,"thread_set_state":41,"task_for_pid":5},"targeted":{"thread_create":1,"thread_set_state":0,"task_for_pid":4},"warnings":1},
  "faultingThread" : 9,
  "threads" : [{"id":11005,"threadState":{"x":[{"value":268451845},{"value":21592279046},{"value":8589934592},{"value":25301652340736},{"value":0},{"value":25301652340736},{"value":2},{"value":4294967295},{"value":18446744073709550527},{"value":2},{"value":0},{"value":0},{"value":0},{"value":5891},{"value":0},{"value":0},{"value":18446744073709551569},{"value":8541134328},{"value":0},{"value":4294967295},{"value":2},{"value":25301652340736},{"value":0},{"value":25301652340736},{"value":6094611768},{"value":8589934592},{"value":21592279046},{"value":21592279046},{"value":4412409862}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6628677124},"cpsr":{"value":0},"fp":{"value":6094611616},"sp":{"value":6094611536},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628601684},"far":{"value":0}},"queue":"com.apple.main-thread","frames":[{"imageOffset":3924,"symbol":"mach_msg2_trap","symbolLocation":8,"imageIndex":1},{"imageOffset":79364,"symbol":"mach_msg2_internal","symbolLocation":80,"imageIndex":1},{"imageOffset":39672,"symbol":"mach_msg_overwrite","symbolLocation":480,"imageIndex":1},{"imageOffset":4764,"symbol":"mach_msg","symbolLocation":24,"imageIndex":1},{"imageOffset":514636,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":160,"imageIndex":2},{"imageOffset":508588,"symbol":"__CFRunLoopRun","symbolLocation":1212,"imageIndex":2},{"imageOffset":505652,"symbol":"CFRunLoopRunSpecific","symbolLocation":588,"imageIndex":2},{"imageOffset":369944,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":212,"imageIndex":3},{"imageOffset":859764,"symbol":"-[NSRunLoop(NSRunLoop) run]","symbolLocation":64,"imageIndex":3},{"imageOffset":103980,"symbol":"_xpc_objc_main","symbolLocation":700,"imageIndex":4},{"imageOffset":169812,"symbol":"_xpc_main","symbolLocation":276,"imageIndex":4},{"imageOffset":102856,"symbol":"xpc_main","symbolLocation":64,"imageIndex":4},{"imageOffset":539876,"imageIndex":5},{"imageOffset":540076,"imageIndex":5},{"imageOffset":16772,"symbol":"-[_EXRunningExtension startWithArguments:count:]","symbolLocation":460,"imageIndex":5},{"imageOffset":107432,"symbol":"EXExtensionMain","symbolLocation":232,"imageIndex":5},{"imageOffset":868508,"symbol":"NSExtensionMain","symbolLocation":204,"imageIndex":3},{"imageOffset":25204,"symbol":"start","symbolLocation":2840,"imageIndex":6}]},{"id":11016,"frames":[{"imageOffset":8424,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":8}],"threadState":{"x":[{"value":6097465344},{"value":24067},{"value":6096928768},{"value":0},{"value":409604},{"value":18446744073709551615},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":0},"cpsr":{"value":0},"fp":{"value":0},"sp":{"value":6097465344},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628847848},"far":{"value":0}}},{"id":11019,"name":"H11ANEServicesThread","threadState":{"x":[{"value":268451845},{"value":21592279046},{"value":8589934592},{"value":71481140707328},{"value":0},{"value":71481140707328},{"value":2},{"value":4294967295},{"value":18446744073709550527},{"value":2},{"value":0},{"value":0},{"value":0},{"value":16643},{"value":0},{"value":0},{"value":18446744073709551569},{"value":8541134328},{"value":0},{"value":4294967295},{"value":2},{"value":71481140707328},{"value":0},{"value":71481140707328},{"value":6098034760},{"value":8589934592},{"value":21592279046},{"value":21592279046},{"value":4412409862}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6628677124},"cpsr":{"value":0},"fp":{"value":6098034608},"sp":{"value":6098034528},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628601684},"far":{"value":0}},"frames":[{"imageOffset":3924,"symbol":"mach_msg2_trap","symbolLocation":8,"imageIndex":1},{"imageOffset":79364,"symbol":"mach_msg2_internal","symbolLocation":80,"imageIndex":1},{"imageOffset":39672,"symbol":"mach_msg_overwrite","symbolLocation":480,"imageIndex":1},{"imageOffset":4764,"symbol":"mach_msg","symbolLocation":24,"imageIndex":1},{"imageOffset":514636,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":160,"imageIndex":2},{"imageOffset":508588,"symbol":"__CFRunLoopRun","symbolLocation":1212,"imageIndex":2},{"imageOffset":505652,"symbol":"CFRunLoopRunSpecific","symbolLocation":588,"imageIndex":2},{"imageOffset":1010128,"symbol":"CFRunLoopRun","symbolLocation":64,"imageIndex":2},{"imageOffset":86452,"symbol":"H11ANE::H11ANEServicesThreadStart(H11ANE::H11ANEServicesThreadParams*)","symbolLocation":148,"imageIndex":9},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":8},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":8}]},{"id":11028,"frames":[{"imageOffset":8424,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":8}],"threadState":{"x":[{"value":6099185664},{"value":4359},{"value":6098649088},{"value":0},{"value":409604},{"value":18446744073709551615},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":0},"cpsr":{"value":0},"fp":{"value":0},"sp":{"value":6099185664},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628847848},"far":{"value":0}}},{"id":22659,"frames":[{"imageOffset":28700,"symbol":"kevent","symbolLocation":8,"imageIndex":1},{"imageOffset":4589842432,"imageIndex":7},{"imageOffset":4589839144,"imageIndex":7},{"imageOffset":4589839668,"imageIndex":7},{"imageOffset":4588044728,"imageIndex":7},{"imageOffset":4587930236,"imageIndex":7},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":8},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":8}],"threadState":{"x":[{"value":4},{"value":0},{"value":0},{"value":6096317904},{"value":1},{"value":0},{"value":0},{"value":1856},{"value":6096317936},{"value":32},{"value":1099511628032},{"value":1099511628034},{"value":256},{"value":1099511628032},{"value":0},{"value":1462698736000958464},{"value":363},{"value":4607280312},{"value":0},{"value":6096317904},{"value":4609024704},{"value":1},{"value":4386716112},{"value":1},{"value":4294967295},{"value":4386729984},{"value":4608335872},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4589842432},"cpsr":{"value":536870912},"fp":{"value":6096318016},"sp":{"value":6096317904},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628626460},"far":{"value":0}}},{"id":22662,"name":"pool-spawner","threadState":{"x":[{"value":260},{"value":0},{"value":256},{"value":0},{"value":0},{"value":160},{"value":0},{"value":0},{"value":6096891480},{"value":0},{"value":0},{"value":2},{"value":2},{"value":0},{"value":0},{"value":0},{"value":305},{"value":8541151864},{"value":0},{"value":4386726560},{"value":4386726640},{"value":6096892128},{"value":0},{"value":0},{"value":256},{"value":257},{"value":512},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6628870292},"cpsr":{"value":1610612736},"fp":{"value":6096891600},"sp":{"value":6096891456},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628615916},"far":{"value":0}},"frames":[{"imageOffset":18156,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":1},{"imageOffset":30868,"symbol":"_pthread_cond_wait","symbolLocation":1204,"imageIndex":8},{"imageOffset":4589992648,"imageIndex":7},{"imageOffset":4589758504,"imageIndex":7},{"imageOffset":4589907328,"imageIndex":7},{"imageOffset":4589902932,"imageIndex":7},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":8},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":8}]},{"id":22663,"name":"gmain","threadState":{"x":[{"value":4},{"value":0},{"value":0},{"value":6098611856},{"value":1},{"value":0},{"value":0},{"value":29195},{"value":6098611888},{"value":32},{"value":0},{"value":2},{"value":0},{"value":0},{"value":0},{"value":3},{"value":363},{"value":4607280312},{"value":0},{"value":6098611856},{"value":4374047808},{"value":1},{"value":4374001824},{"value":1},{"value":4294967295},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4589842432},"cpsr":{"value":536870912},"fp":{"value":6098611968},"sp":{"value":6098611856},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628626460},"far":{"value":0}},"frames":[{"imageOffset":28700,"symbol":"kevent","symbolLocation":8,"imageIndex":1},{"imageOffset":4589842432,"imageIndex":7},{"imageOffset":4589839144,"imageIndex":7},{"imageOffset":4589839288,"imageIndex":7},{"imageOffset":4589843440,"imageIndex":7},{"imageOffset":4589902932,"imageIndex":7},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":8},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":8}]},{"id":22665,"name":"pool-frida","threadState":{"x":[{"value":260},{"value":0},{"value":768},{"value":0},{"value":0},{"value":160},{"value":0},{"value":500000000},{"value":769},{"value":0},{"value":0},{"value":2},{"value":2},{"value":0},{"value":0},{"value":0},{"value":305},{"value":8541151864},{"value":0},{"value":4386725968},{"value":4386726048},{"value":1},{"value":500000000},{"value":0},{"value":768},{"value":769},{"value":1024},{"value":4608356352},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6628870336},"cpsr":{"value":2684354560},"fp":{"value":6095171280},"sp":{"value":6095171136},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628615916},"far":{"value":0}},"frames":[{"imageOffset":18156,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":1},{"imageOffset":30912,"symbol":"_pthread_cond_wait","symbolLocation":1248,"imageIndex":8},{"imageOffset":4589992936,"imageIndex":7},{"imageOffset":4589758492,"imageIndex":7},{"imageOffset":4589906588,"imageIndex":7},{"imageOffset":4589902932,"imageIndex":7},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":8},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":8}]},{"id":22666,"name":"gdbus","threadState":{"x":[{"value":4},{"value":0},{"value":0},{"value":6095744624},{"value":2},{"value":0},{"value":0},{"value":9728},{"value":6095744688},{"value":64},{"value":0},{"value":2},{"value":0},{"value":0},{"value":0},{"value":57},{"value":363},{"value":4607280312},{"value":0},{"value":6095744624},{"value":4609790864},{"value":2},{"value":4609199584},{"value":2},{"value":4294967295},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":4589842432},"cpsr":{"value":536870912},"fp":{"value":6095744768},"sp":{"value":6095744624},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6628626460},"far":{"value":0}},"frames":[{"imageOffset":28700,"symbol":"kevent","symbolLocation":8,"imageIndex":1},{"imageOffset":4589842432,"imageIndex":7},{"imageOffset":4589839144,"imageIndex":7},{"imageOffset":4589839668,"imageIndex":7},{"imageOffset":4589539732,"imageIndex":7},{"imageOffset":4589902932,"imageIndex":7},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":8},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":8}]},{"triggered":true,"id":22667,"name":"gum-js-loop","threadState":{"x":[{"value":0},{"value":0},{"value":6099717976},{"value":5127},{"value":6099716944},{"value":0},{"value":0},{"value":2},{"value":0},{"value":30117829170045976,"symbolLocation":30117822508040192,"symbol":"nominal type descriptor for AttributedString"},{"value":4848038427152484342},{"value":17753666107546470002},{"value":4829601816177935126},{"value":0},{"value":64},{"value":6099720672},{"value":4588523320},{"value":4588523192},{"value":0},{"value":4610016968},{"value":4611243008},{"value":4374017216},{"value":6},{"value":6099716944},{"value":4610540704},{"value":4611243008},{"value":4610646416},{"value":3},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":13045380012708941396},"cpsr":{"value":2147483648},"fp":{"value":6099718096},"sp":{"value":6099716912},"esr":{"value":2449473540,"description":"(Data Abort) byte read Translation fault"},"pc":{"value":4588523328,"matchesCrashFrame":1},"far":{"value":30117829170045976}},"frames":[{"imageOffset":4588523328,"imageIndex":7},{"imageOffset":4588519744,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590448028,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590448028,"imageIndex":7},{"imageOffset":4590532348,"imageIndex":7},{"imageOffset":4590453500,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590426064,"imageIndex":7},{"imageOffset":4590427460,"imageIndex":7},{"imageOffset":4590463004,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590448028,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590448028,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590448028,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590448028,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590448028,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590452748,"imageIndex":7},{"imageOffset":4590426064,"imageIndex":7},{"imageOffset":4590477340,"imageIndex":7},{"imageOffset":4588435632,"imageIndex":7},{"imageOffset":4588459028,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590426064,"imageIndex":7},{"imageOffset":4590427460,"imageIndex":7},{"imageOffset":4590455476,"imageIndex":7},{"imageOffset":4590426064,"imageIndex":7},{"imageOffset":4590477340,"imageIndex":7},{"imageOffset":4588459408,"imageIndex":7},{"imageOffset":4590407712,"imageIndex":7},{"imageOffset":4590448608,"imageIndex":7},{"imageOffset":4590453128,"imageIndex":7},{"imageOffset":4590549136,"imageIndex":7},{"imageOffset":4590587504,"imageIndex":7},{"imageOffset":4590500100,"imageIndex":7},{"imageOffset":4590553892,"imageIndex":7},{"imageOffset":4590553420,"imageIndex":7},{"imageOffset":4590477556,"imageIndex":7},{"imageOffset":4588433656,"imageIndex":7},{"imageOffset":4588394736,"imageIndex":7},{"imageOffset":4589838604,"imageIndex":7},{"imageOffset":4589839180,"imageIndex":7},{"imageOffset":4589839668,"imageIndex":7},{"imageOffset":4588394464,"imageIndex":7},{"imageOffset":4589902932,"imageIndex":7},{"imageOffset":29412,"symbol":"_pthread_start","symbolLocation":136,"imageIndex":8},{"imageOffset":8444,"symbol":"thread_start","symbolLocation":8,"imageIndex":8}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 4372267008,
    "CFBundleShortVersionString" : "1.0",
    "CFBundleIdentifier" : "com.apple.tgondeviceinferenceproviderservice",
    "size" : 16384,
    "uuid" : "c7d7c519-1c32-3737-a0b6-13c4352b3839",
    "path" : "\/System\/Library\/ExtensionKit\/Extensions\/TGOnDeviceInferenceProviderService.appex\/Contents\/MacOS\/TGOnDeviceInferenceProviderService",
    "name" : "TGOnDeviceInferenceProviderService",
    "CFBundleVersion" : "1"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6628597760,
    "size" : 241656,
    "uuid" : "eee9d0d3-dffc-37cb-9ced-b27cd0286d8c",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6629306368,
    "CFBundleShortVersionString" : "6.9",
    "CFBundleIdentifier" : "com.apple.CoreFoundation",
    "size" : 5197824,
    "uuid" : "190e6a36-fcaa-3ea3-94bb-7009c44653da",
    "path" : "\/System\/Library\/Frameworks\/CoreFoundation.framework\/Versions\/A\/CoreFoundation",
    "name" : "CoreFoundation",
    "CFBundleVersion" : "3302.1.400"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6648123392,
    "CFBundleShortVersionString" : "6.9",
    "CFBundleIdentifier" : "com.apple.Foundation",
    "size" : 14974976,
    "uuid" : "16d282d0-8b48-3e76-8036-fcb45dece518",
    "path" : "\/System\/Library\/Frameworks\/Foundation.framework\/Versions\/C\/Foundation",
    "name" : "Foundation",
    "CFBundleVersion" : "3302.1.400"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6625722368,
    "size" : 307200,
    "uuid" : "564b7785-e7c4-3231-8bf1-3fbb266b6599",
    "path" : "\/usr\/lib\/system\/libxpc.dylib",
    "name" : "libxpc.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 8217665536,
    "CFBundleShortVersionString" : "97",
    "CFBundleIdentifier" : "com.apple.ExtensionFoundation",
    "size" : 831488,
    "uuid" : "c92a99b4-4adf-3935-8b99-b0440f294894",
    "path" : "\/System\/Library\/Frameworks\/ExtensionFoundation.framework\/Versions\/A\/ExtensionFoundation",
    "name" : "ExtensionFoundation",
    "CFBundleVersion" : "97"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6625173504,
    "size" : 532288,
    "uuid" : "398a133c-9bcb-317f-a064-a40d3cea3c0f",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6628839424,
    "size" : 53248,
    "uuid" : "642faf7a-874e-37e6-8aba-2b0cc09a3025",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 7074344960,
    "CFBundleShortVersionString" : "8.300",
    "CFBundleIdentifier" : "com.apple.ANEServices",
    "size" : 180224,
    "uuid" : "cf5bd0b8-002c-3965-8fbb-00745ab79457",
    "path" : "\/System\/Library\/PrivateFrameworks\/ANEServices.framework\/Versions\/A\/ANEServices",
    "name" : "ANEServices",
    "CFBundleVersion" : "8.300"
  }
],
  "sharedCache" : {
  "base" : 6624362496,
  "size" : 4865835008,
  "uuid" : "d272b91e-f9f0-3854-b5b9-508b21c25dcc"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=926.3M resident=0K(0%) swapped_out_or_unallocated=926.3M(100%)\nWritable regions: Total=164.5M written=401K(0%) resident=401K(0%) swapped_out=0K(0%) unallocated=164.1M(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nActivity Tracing                   256K        1 \nDispatch continuations           112.0M        1 \nKernel Alloc Once                   32K        1 \nMALLOC                            32.7M       11 \nMALLOC guard page                   32K        2 \nMemory Tag 255                    20.0M       14 \nSTACK GUARD                       56.2M       10 \nStack                             12.8M       10 \nVM_ALLOCATE                       5376K       71 \n__AUTH                            1414K      219 \n__AUTH_CONST                      18.9M      363 \n__CTF                               824        1 \n__DATA                            5260K      338 \n__DATA_CONST                      10.9M      364 \n__DATA_DIRTY                       513K      108 \n__FONT_DATA                        2352        1 \n__LINKEDIT                       606.2M        2 \n__OBJC_RW                         2374K        1 \n__TEXT                           320.1M      387 \n__TPRO_CONST                       272K        2 \nmapped file                       31.6M        4 \nowned unmapped memory               32K        1 \npage table in kernel               401K        1 \nshared memory                      624K        6 \n===========                     =======  ======= \nTOTAL                              1.2G     1919 \n",
  "legacyInfo" : {
  "threadTriggered" : {
    "name" : "gum-js-loop"
  }
},
  "logWritingSignature" : "46659b241d348442ab1406910f9edd8c7040f92b"
}
@demonguy demonguy changed the title process hand and crash when I tried to use frida gum-js-loop hang and crash when I tried to use frida Mar 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@demonguy