Why Does UC Browser Crash on Android 12? Inside the VerifyError Mystery and Its Fix
A fatal UC kernel crash on Android 12, triggered by a hidden VerifyError during class verification, was dissected through log analysis, runtime thread inspection, and clever code‑injection tricks, ultimately resolved by preventing background verification via a core.jar symlink workaround.
UC kernel experiences a fatal crash on Android 12, affecting roughly 10% of cold starts and threatening the release of the UC kernel.
The top of the stack trace shows a NoClassDefFoundError caused by a preceding VerifyError during class verification:
10-12 19:03:21.461 1038 2723 I id.AlipayGphon: Rejecting re-init on previously-failed class com.uc.webkit.impl.WebViewChromiumFactoryProvider: java.lang.VerifyError: Verifier rejected class com.uc.webkit.impl.WebViewChromiumFactoryProvider.g() ...
10-12 19:03:21.464 1038 2723 E WebViewEntry: java.lang.NoClassDefFoundError: com.uc.webkit.impl.WebViewChromiumFactoryProvider
... (additional log lines omitted for brevity)The error originates from the Android ART verifier, which cannot resolve the return type android.os.IBinder, leading to an empty stack trace for the initial VerifyError. The problematic thread runs without a Java environment, so the verifier’s stack trace is suppressed.
Two “black‑tech” analysis methods were applied:
Enabling ART verbose logging by modifying the global gLogVerbosity flag via the /proc/self/maps symbol resolver, then locating the gLogVerbosity variable in libart.so and toggling it to true.
Identifying the verification‑error‑throwing function, inserting immediate crash code at its address using /proc/self/mem with the pwrite API, and observing the thread name Verification th which runs as a RuntimeThread from a thread pool (the BackgroundVerificationTask).
Further investigation revealed that the background verification is triggered by OatFileManager::RunBackgroundVerification. The function checks the SDK level and the file suffix; UC browser raises the SDK level to 30, causing the verification thread to start.
By forcing the verification code to think the dex file has no extension (removing the "." separator in DexLocationToOdexFilename), the background verification thread can be prevented from launching.
The final fix consists of creating a symlink for core.jar (named corejar) so that the verification code fails to find a valid suffix and exits gracefully, eliminating the crash on Android 12.
Images illustrating the verbose log structure, symbol resolution, and thread analysis are omitted for brevity.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.