Steps to reproduce/复现步骤
Environment
vector_perm2_logcat.txt
tombstones25.zip
arm64-v8a.zip
- ROM: crDroid 12.9
- Android: 16
- Build fingerprint / build number:
BP4A.251205.006 release-keys
- Kernel:
4.14.356-perf-gdba9c2b39451
- Root: KernelSU Next
v3.1.0-spoofed
- Zygisk: Zygisk Next
1.3.4 (746-d1b76b3-release)
- Vector:
v2.0 (3021)
- Install package used:
Vector-v2.0-3021-Release.zip
- I also tested with the matching debug build:
Vector-v2.0-3021-Debug.zip
Problem
On this Android 16 device, Vector crashes zygote64 very early during startup.
Zygisk Next then shows:
Stop inject zygote due to crash
This happens consistently and prevents Vector from working at all.
Expected behavior
zygote64 should start normally and Vector should initialize without crashing the system server / zygote.
Actual behavior
zygote64 crashes with:
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr ... (write)
The raw tombstone shows the crash path as:
#00 __memcpy_aarch64_simd
#01..#23 /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so
#24..#26 /data/adb/modules/zygisksu/lib64/libzygisk.so
#27 android::com_android_internal_os_Zygote_nativeForkSystemServer(...)
Symbolicated stack
I pulled the installed arm64-v8a.so from the device and verified that its SHA256 matches the debug archive SHA256 from Vector-v2.0-3021-Debug.zip, so the symbolication below is from the exact same binary.
Relevant symbolicated frames from arm64-v8a.so:
DobbyCodePatch
AssemblyCodeBuilder::FinalizeFromTurboAssembler(zz::AssemblerBase*)
relo_relocate(relo_ctx_t*, bool)
GenRelocateCode(void*, MemBlock*, MemBlock*, bool)
GenRelocateCodeAndBranch(void*, MemBlock*, MemBlock*)
InterceptRouting::GenerateRelocatedCode()
FunctionInlineHookRouting::DispatchRouting()
DobbyHook
vector::native::HookInline(void*, void*, void**)
...
lsplant::v2::Init(_JNIEnv*, lsplant::v2::InitInfo const&)
vector::native::Context::InitArtHooker(_JNIEnv*, lsplant::v2::InitInfo const&)
vector::native::module::VectorModule::postServerSpecialize(zygisk::ServerSpecializeArgs const*)
This strongly suggests the crash happens during early LSPlant initialization, when Dobby is trying to patch an ART/libart target.
Important notes
This is not caused by VPN Hide itself. The crash happens in Vector before module-level functionality can even work.
The fault is always a write fault (SEGV_ACCERR) and the crash path is consistent across boots.
I also tried to make tombstones expose more symbols, but Android still marked /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so as unreadable, so I symbolicated locally from the debug build instead.
Example raw crash snippet
Cmdline: zygote64
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x00000076e4e8f000 (write)
#00 pc 000000000006a5b0 /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy_aarch64_simd+48)
#01 pc 00000000002cfa30 /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so
#02 pc 00000000002cca4c /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so
#03 pc 00000000002c891c /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so
...
#27 pc 000000000026fa24 /system/lib64/libandroid_runtime.so (android::com_android_internal_os_Zygote_nativeForkSystemServer...)
Files I can attach
vector_perm2_logcat.txt
one or more tombstones, for example tombstone_25
pulled installed arm64-v8a.so
If needed, I can also provide more crash samples, but they all appear to fail in the same place.
### Expected behaviour/预期行为
Vector should initialize normally on Android 16, zygote64 should not crash, and the system should boot with the framework active.
### Actual behaviour/实际行为
Vector crashes zygote64 very early during startup. Zygisk Next then shows "Stop inject zygote due to crash". The crash is reproducible on every boot when Vector is enabled.
### Xposed Module List/Xposed 模块列表
```shell
VPN Hide (dev.okhsunrog.vpnhide)
The crash happens during Vector initialization in zygote64, before normal module functionality can really start.
Root implementation/Root 方案
KernelSU Next v3.1.0-spoofed + Zygisk Next 1.3.4 (746-d1b76b3-release)
System Module List/系统模块列表
- Vector v2.0 (3021)
- Zygisk Next 1.3.4 (746-d1b76b3-release)
- YouTube ReVanced v20.40.45 (patches 6.1.0.rvp)
LSPosed version/LSPosed 版本
N/A, I am using Vector instead of LSPosed. Vector version: v2.0 (3021)
Android version/Android 版本
Android 16 crDroid 12.9 Build number: BP4A.251205.006 release-keys Kernel: 4.14.356-perf-gdba9c2b39451 Device: OnePlus 7 Pro
Version requirement/版本要求
Logs/日志
Main crash summary:
- Process: zygote64
- Signal: SIGSEGV
- Code: SEGV_ACCERR (write)
- Top frame: __memcpy_aarch64_simd
- Vector frames are in /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so
Raw crash pattern:
#00 __memcpy_aarch64_simd
#1..#23 /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so
#24..#26 /data/adb/modules/zygisksu/lib64/libzygisk.so
Local symbolication from the matching debug build shows this path:
DobbyCodePatch
AssemblyCodeBuilder::FinalizeFromTurboAssembler
relo_relocate
GenRelocateCode
GenRelocateCodeAndBranch
InterceptRouting::GenerateRelocatedCode
FunctionInlineHookRouting::DispatchRouting
DobbyHook
vector::native::HookInline(void*, void*, void**)
lsplant::v2::Init(_JNIEnv*, lsplant::v2::InitInfo const&)
vector::native::Context::InitArtHooker(_JNIEnv*, lsplant::v2::InitInfo const&)
vector::native::module::VectorModule::postServerSpecialize(...)
This suggests the crash happens during early LSPlant/Dobby ART hook patching inside Vector on Android 16.
Attached files:
- vector_perm2_logcat.txt
- tombstone_25
- matching debug build: Vector-v2.0-3021-Debug.zip
Steps to reproduce/复现步骤
Environment
vector_perm2_logcat.txt
tombstones25.zip
arm64-v8a.zip
BP4A.251205.006 release-keys4.14.356-perf-gdba9c2b39451v3.1.0-spoofed1.3.4 (746-d1b76b3-release)v2.0 (3021)Vector-v2.0-3021-Release.zipVector-v2.0-3021-Debug.zipProblem
On this Android 16 device, Vector crashes
zygote64very early during startup.Zygisk Next then shows:
Root implementation/Root 方案
KernelSU Next v3.1.0-spoofed + Zygisk Next 1.3.4 (746-d1b76b3-release)
System Module List/系统模块列表
LSPosed version/LSPosed 版本
N/A, I am using Vector instead of LSPosed. Vector version: v2.0 (3021)
Android version/Android 版本
Android 16 crDroid 12.9 Build number: BP4A.251205.006 release-keys Kernel: 4.14.356-perf-gdba9c2b39451 Device: OnePlus 7 Pro
Version requirement/版本要求
Logs/日志
Main crash summary:
Raw crash pattern:
#00 __memcpy_aarch64_simd
#1..#23 /data/adb/modules/zygisk_vector/zygisk/arm64-v8a.so
#24..#26 /data/adb/modules/zygisksu/lib64/libzygisk.so
Local symbolication from the matching debug build shows this path:
DobbyCodePatch
AssemblyCodeBuilder::FinalizeFromTurboAssembler
relo_relocate
GenRelocateCode
GenRelocateCodeAndBranch
InterceptRouting::GenerateRelocatedCode
FunctionInlineHookRouting::DispatchRouting
DobbyHook
vector::native::HookInline(void*, void*, void**)
lsplant::v2::Init(_JNIEnv*, lsplant::v2::InitInfo const&)
vector::native::Context::InitArtHooker(_JNIEnv*, lsplant::v2::InitInfo const&)
vector::native::module::VectorModule::postServerSpecialize(...)
This suggests the crash happens during early LSPlant/Dobby ART hook patching inside Vector on Android 16.
Attached files: