Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASAN on AOSP build for emulator #1402

Closed
marcinguy opened this issue May 1, 2021 · 3 comments
Closed

ASAN on AOSP build for emulator #1402

marcinguy opened this issue May 1, 2021 · 3 comments

Comments

@marcinguy
Copy link

marcinguy commented May 1, 2021
edited
Loading

I am building a executable binary stagefright (from frameworks/av/cmds/stagefright)

I built it with ASAN


nm -an stagefright | grep asan
                 U __asan_alloca_poison
                 U __asan_allocas_unpoison
                 U __asan_handle_no_return
                 U __asan_init
                 U __asan_memcpy
                 U __asan_memmove
                 U __asan_memset
                 U __asan_option_detect_stack_use_after_return
                 U __asan_report_load1
                 U __asan_report_load2
                 U __asan_report_load4
                 U __asan_report_load8
                 U __asan_report_load_n
                 U __asan_report_store1
                 U __asan_report_store16
                 U __asan_report_store2
                 U __asan_report_store4
                 U __asan_report_store8
                 U __asan_report_store_n
                 U __asan_set_shadow_00
                 U __asan_set_shadow_f8
                 U __asan_stack_free_5
                 U __asan_stack_free_6
                 U __asan_stack_malloc_0
                 U __asan_stack_malloc_1
                 U __asan_stack_malloc_5
                 U __asan_stack_malloc_6
                 U __asan_version_mismatch_check_v8
000000000001f0e0 t asan.module_ctor
000000000001f980 t asan.module_ctor
0000000000020880 t asan.module_ctor

readelf -l stagefright 

Elf file type is DYN (Shared object file)
Entry point 0xb000
There are 10 program headers, starting at offset 64

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
                 0x0000000000000230 0x0000000000000230  R      0x8
  INTERP         0x0000000000000270 0x0000000000000270 0x0000000000000270
                 0x000000000000001a 0x000000000000001a  R      0x1
      [Requesting program interpreter: /system/bin/linker_asan64]
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x000000000000aeac 0x000000000000aeac  R      0x1000
  LOAD           0x000000000000b000 0x000000000000b000 0x000000000000b000
                 0x00000000000163b0 0x00000000000163b0  R E    0x1000
  LOAD           0x0000000000022000 0x0000000000022000 0x0000000000022000
                 0x0000000000001098 0x000000000000203f  RW     0x1000
  DYNAMIC        0x00000000000227c8 0x00000000000227c8 0x00000000000227c8
                 0x00000000000002c0 0x00000000000002c0  RW     0x8
  GNU_RELRO      0x0000000000022000 0x0000000000022000 0x0000000000022000
                 0x0000000000001098 0x0000000000002000  R      0x1
  GNU_EH_FRAME   0x0000000000009700 0x0000000000009700 0x0000000000009700
                 0x00000000000003f4 0x00000000000003f4  R      0x4
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     0x0
  NOTE           0x000000000000028c 0x000000000000028c 0x000000000000028c
                 0x0000000000000038 0x0000000000000038  R      0x4

I also put a buffer overflow code and also Heap Overflow in main() but it never gets caught.

i.e

int main(int argc, char **argv) {
        char buf[10];
        memcpy(&buf,"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",100000000000000);
        android::ProcessState::self()->startThreadPool();



ASAN_OPTIONS=verbosity=1 ./stagefright                                                 <
==26540==AddressSanitizer: libc interceptors initialized
|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem    ||
|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||
|| `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap  ||
|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow  ||
|| `[0x000000000000, 0x00007fff7fff]` || LowMem     ||
MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00 0x02008fff6fff
redzone=16
max_redzone=2048
quarantine_size_mb=16M
thread_local_quarantine_size_kb=64K
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x7fff8000
==26540==Installed the sigaction for signal 11
==26540==Installed the sigaction for signal 7
==26540==Installed the sigaction for signal 8
==26540==T0: stack [0x7fff0d440000,0x7fff0dc40000) size 0x800000; local=0x7fff0dc3cf24
==26540==AddressSanitizer Init done
==26540==T1: stack [0x7a56eeba8000,0x7a56eeca0d50) size 0xf8d50; local=0x7a56eeca0cd4
==26540==T2: stack [0x7a56e8103000,0x7a56e81fbd50) size 0xf8d50; local=0x7a56e81fbcd4

Why ASAN is not catching it?

I copied appropriate files from aosp/out/target/product/generic_x86_64/symbols/data/asan/system/lib64 to /data/asan/system/lib64/ (on Emulator)

Any ideas?

Thanks,
@marcinguy
Copy link
Author

Asan seems to be working (test via asan_test on Emulator)

generic_x86_64:/data/local/tmp # ./asan_test                                   
Running main() from external/googletest/googletest/src/gtest_main.cc
[==========] Running 43 tests from 1 test suite.
[----------] Global test environment set-up.
[----------] 43 tests from AddressSanitizer
[ RUN      ] AddressSanitizer.HasFeatureAddressSanitizerTest
[       OK ] AddressSanitizer.HasFeatureAddressSanitizerTest (0 ms)
[ RUN      ] AddressSanitizer.SimpleDeathTest
[       OK ] AddressSanitizer.SimpleDeathTest (4 ms)
[ RUN      ] AddressSanitizer.VariousMallocsTest
[       OK ] AddressSanitizer.VariousMallocsTest (0 ms)
[ RUN      ] AddressSanitizer.CallocTest
[       OK ] AddressSanitizer.CallocTest (0 ms)
[ RUN      ] AddressSanitizer.CallocReturnsZeroMem
[       OK ] AddressSanitizer.CallocReturnsZeroMem (636 ms)
[ RUN      ] AddressSanitizer.UAF_char
external/compiler-rt/lib/asan/tests/asan_test.cc:180: Failure
Death test: uaf_test<U1>(kLargeMalloc, 0)
    Result: died but not with expected error.
  Expected: contains regular expression "AddressSanitizer:.*heap-use-after-free"
Actual msg:
[  DEATH   ] writing 1 byte(s) at 0x70815d5ff800 with offset 0
[  DEATH   ] AddressSanitizer:DEADLYSIGNAL
[  DEATH   ] =================================================================
[  DEATH   ] ==25236==ERROR: AddressSanitizer: SEGV on unknown address 0x70815d5ff800 (pc 0x64b4a3f51145 bp 0x7ffdf9a53fb0 sp 0x7ffdf9a53fb0 T0)
[  DEATH   ] ==25236==The signal is caused by a WRITE memory access.
[  DEATH   ]     #0 0x64b4a3f51144  (/data/local/tmp/asan_test+0x61144)
[  DEATH   ]     #1 0x64b4a3f12853  (/data/local/tmp/asan_test+0x22853)
[  DEATH   ]     #2 0x64b4a3f758de  (/data/local/tmp/asan_test+0x858de)
[  DEATH   ]     #3 0x64b4a3f77db9  (/data/local/tmp/asan_test+0x87db9)
[  DEATH   ]     #4 0x64b4a3f79176  (/data/local/tmp/asan_test+0x89176)
[  DEATH   ]     #5 0x64b4a3fa3db6  (/data/local/tmp/asan_test+0xb3db6)
[  DEATH   ]     #6 0x64b4a3fa2eb0  (/data/local/tmp/asan_test+0xb2eb0)
[  DEATH   ]     #7 0x64b4a3f5fab7  (/data/local/tmp/asan_test+0x6fab7)
[  DEATH   ]     #8 0x708161b0f985  (/apex/com.android.runtime/lib64/bionic/libc.so+0x8a985)
[  DEATH   ] 
[  DEATH   ] AddressSanitizer can not provide additional info.
[  DEATH   ] SUMMARY: AddressSanitizer: SEGV (/data/local/tmp/asan_test+0x61144) 
[  DEATH   ] ==25236==ABORTING
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:181: Failure
Death test: uaf_test<U1>(kLargeMalloc, kLargeMalloc / 2)
    Result: died but not with expected error.
  Expected: contains regular expression "AddressSanitizer:.*heap-use-after-free"
Actual msg:
[  DEATH   ] writing 1 byte(s) at 0x70815d5ff800 with offset 8388608
[  DEATH   ] AddressSanitizer:DEADLYSIGNAL
[  DEATH   ] =================================================================
[  DEATH   ] ==25247==ERROR: AddressSanitizer: SEGV on unknown address 0x70815ddff800 (pc 0x64b4a3f51145 bp 0x7ffdf9a53fb0 sp 0x7ffdf9a53fb0 T0)
[  DEATH   ] ==25247==The signal is caused by a WRITE memory access.
[  DEATH   ]     #0 0x64b4a3f51144  (/data/local/tmp/asan_test+0x61144)
[  DEATH   ]     #1 0x64b4a3f12c4a  (/data/local/tmp/asan_test+0x22c4a)
[  DEATH   ]     #2 0x64b4a3f758de  (/data/local/tmp/asan_test+0x858de)
[  DEATH   ]     #3 0x64b4a3f77db9  (/data/local/tmp/asan_test+0x87db9)
[  DEATH   ]     #4 0x64b4a3f79176  (/data/local/tmp/asan_test+0x89176)
[  DEATH   ]     #5 0x64b4a3fa3db6  (/data/local/tmp/asan_test+0xb3db6)
[  DEATH   ]     #6 0x64b4a3fa2eb0  (/data/local/tmp/asan_test+0xb2eb0)
[  DEATH   ]     #7 0x64b4a3f5fab7  (/data/local/tmp/asan_test+0x6fab7)
[  DEATH   ]     #8 0x708161b0f985  (/apex/com.android.runtime/lib64/bionic/libc.so+0x8a985)
[  DEATH   ] 
[  DEATH   ] AddressSanitizer can not provide additional info.
[  DEATH   ] SUMMARY: AddressSanitizer: SEGV (/data/local/tmp/asan_test+0x61144) 
[  DEATH   ] ==25247==ABORTING
[  DEATH   ] 
[  FAILED  ] AddressSanitizer.UAF_char (779 ms)
[ RUN      ] AddressSanitizer.UAF_long_double
[       OK ] AddressSanitizer.UAF_long_double (372 ms)
[ RUN      ] AddressSanitizer.UAF_Packed5
[       OK ] AddressSanitizer.UAF_Packed5 (330 ms)
[ RUN      ] AddressSanitizer.IgnoreTest
[       OK ] AddressSanitizer.IgnoreTest (0 ms)
[ RUN      ] AddressSanitizer.BitFieldPositiveTest
[       OK ] AddressSanitizer.BitFieldPositiveTest (678 ms)
[ RUN      ] AddressSanitizer.BitFieldNegativeTest
[       OK ] AddressSanitizer.BitFieldNegativeTest (0 ms)
[ RUN      ] AddressSanitizer.LargeMallocTest
[       OK ] AddressSanitizer.LargeMallocTest (2790 ms)
[ RUN      ] AddressSanitizer.HugeMallocTest
[       OK ] AddressSanitizer.HugeMallocTest (497 ms)
[ RUN      ] AddressSanitizer.ManyThreadsTest
[       OK ] AddressSanitizer.ManyThreadsTest (2127 ms)
[ RUN      ] AddressSanitizer.ReallocTest
[       OK ] AddressSanitizer.ReallocTest (27 ms)
[ RUN      ] AddressSanitizer.ReallocFreedPointerTest
[       OK ] AddressSanitizer.ReallocFreedPointerTest (194 ms)
[ RUN      ] AddressSanitizer.ReallocInvalidPointerTest
[       OK ] AddressSanitizer.ReallocInvalidPointerTest (179 ms)
[ RUN      ] AddressSanitizer.ZeroSizeMallocTest
[       OK ] AddressSanitizer.ZeroSizeMallocTest (0 ms)
[ RUN      ] AddressSanitizer.WrongFreeTest
[       OK ] AddressSanitizer.WrongFreeTest (210 ms)
[ RUN      ] AddressSanitizer.DoubleFreeTest
[       OK ] AddressSanitizer.DoubleFreeTest (242 ms)
[ RUN      ] AddressSanitizer.SimpleStackTest
[       OK ] AddressSanitizer.SimpleStackTest (16030 ms)
[ RUN      ] AddressSanitizer.ManyStackObjectsTest
[       OK ] AddressSanitizer.ManyStackObjectsTest (194 ms)
[ RUN      ] AddressSanitizer.LongJmpTest
[       OK ] AddressSanitizer.LongJmpTest (0 ms)
[ RUN      ] AddressSanitizer.UnderscopeLongJmpTest
[       OK ] AddressSanitizer.UnderscopeLongJmpTest (0 ms)
[ RUN      ] AddressSanitizer.SigLongJmpTest
[       OK ] AddressSanitizer.SigLongJmpTest (0 ms)
[ RUN      ] AddressSanitizer.ThreadStackReuseTest
[       OK ] AddressSanitizer.ThreadStackReuseTest (16 ms)
[ RUN      ] AddressSanitizer.Store128Test
[       OK ] AddressSanitizer.Store128Test (541 ms)
[ RUN      ] AddressSanitizer.ThreadedTest
[       OK ] AddressSanitizer.ThreadedTest (188 ms)
[ RUN      ] AddressSanitizer.ThreadNamesTest

[WARNING] external/googletest/googletest/src/gtest-death-test.cc:1108:: Death tests use fork(), which is unsafe particularly in a threaded context. For this test, Google Test detected 2 threads. See https://github.com/google/googletest/blob/master/googletest/docs/advanced.md#death-tests-and-threads for more explanation and suggested solutions, especially if this is the last message you see before your test times out.
external/compiler-rt/lib/asan/tests/asan_test.cc:923: Failure
Death test: ThreadedTestSpawn()
    Result: died but not with expected error.
  Expected: contains regular expression "WRITE .*thread T. .UseThr..*freed by thread T. .FreeThr. here:.*previously allocated by thread T. .AllocThr. here:.*Thread T. .UseThr. created by T.*TestFunc.*Thread T. .FreeThr. created by T.*Thread T. .AllocThr. created by T"
Actual msg:
[  DEATH   ] =================================================================
[  DEATH   ] ==27674==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000001bf0 at pc 0x64b4a3f3cfda bp 0x70815e3fbbf0 sp 0x70815e3fbbe8
[  DEATH   ] WRITE of size 4 at 0x602000001bf0 thread T1006 (UseThr)
[  DEATH   ]     #0 0x64b4a3f3cfd9  (/data/local/tmp/asan_test+0x4cfd9)
[  DEATH   ]     #1 0x708161b85fce  (/apex/com.android.runtime/lib64/bionic/libc.so+0x100fce)
[  DEATH   ]     #2 0x708161b1dfe7  (/apex/com.android.runtime/lib64/bionic/libc.so+0x98fe7)
[  DEATH   ] 
[  DEATH   ] 0x602000001bf0 is located 0 bytes inside of 4-byte region [0x602000001bf0,0x602000001bf4)
[  DEATH   ] freed by thread T1005 (FreeThr) here:
[  DEATH   ]     #0 0x7081618ac4a2  (/data/asan/system/lib64/libclang_rt.asan-x86_64-android.so+0xdf4a2)
[  DEATH   ]     #1 0x64b4a3f3ca98  (/data/local/tmp/asan_test+0x4ca98)
[  DEATH   ]     #2 0x708161b85fce  (/apex/com.android.runtime/lib64/bionic/libc.so+0x100fce)
[  DEATH   ] 
[  DEATH   ] previously allocated by thread T1004 (AllocThr) here:
[  DEATH   ]     #0 0x7081618ab862  (/data/asan/system/lib64/libclang_rt.asan-x86_64-android.so+0xde862)
[  DEATH   ]     #1 0x64b4a3f3c611  (/data/local/tmp/asan_test+0x4c611)
[  DEATH   ]     #2 0x708161b85fce  (/apex/com.android.runtime/lib64/bionic/libc.so+0x100fce)
[  DEATH   ] 
[  DEATH   ] Thread T1006 (UseThr) created by T1003 (TestFunc) here:
[  DEATH   ]     #0 0x70816188eced  (/data/asan/system/lib64/libclang_rt.asan-x86_64-android.so+0xc1ced)
[  DEATH   ]     #1 0x64b4a3f3d6d1  (/data/local/tmp/asan_test+0x4d6d1)
[  DEATH   ]     #2 0x64b4a3f3f318  (/data/local/tmp/asan_test+0x4f318)
[  DEATH   ]     #3 0x708161b85fce  (/apex/com.android.runtime/lib64/bionic/libc.so+0x100fce)
[  DEATH   ] 
[  DEATH   ] Thread T1003 (TestFunc) created by T0 here:
[  DEATH   ]     #0 0x70816188eced  (/data/asan/system/lib64/libclang_rt.asan-x86_64-android.so+0xc1ced)
[  DEATH   ]     #1 0x64b4a3f3f652  (/data/local/tmp/asan_test+0x4f652)
[  DEATH   ]     #2 0x64b4a3f758de  (/data/local/tmp/asan_test+0x858de)
[  DEATH   ]     #3 0x64b4a3f77db9  (/data/local/tmp/asan_test+0x87db9)
[  DEATH   ]     #4 0x64b4a3f79176  (/data/local/tmp/asan_test+0x89176)
[  DEATH   ]     #5 0x64b4a3fa3db6  (/data/local/tmp/asan_test+0xb3db6)
[  DEATH   ]     #6 0x64b4a3fa2eb0  (/data/local/tmp/asan_test+0xb2eb0)
[  DEATH   ]     #7 0x64b4a3f5fab7  (/data/local/tmp/asan_test+0x6fab7)
[  DEATH   ]     #8 0x708161b0f985  (/apex/com.android.runtime/lib64/bionic/libc.so+0x8a985)
[  DEATH   ] 
[  DEATH   ] Thread T1005 (FreeThr) created by T1003 (TestFunc) here:
[  DEATH   ]     #0 0x70816188eced  (/data/asan/system/lib64/libclang_rt.asan-x86_64-android.so+0xc1ced)
[  DEATH   ]     #1 0x64b4a3f3d452  (/data/local/tmp/asan_test+0x4d452)
[  DEATH   ]     #2 0x64b4a3f3f318  (/data/local/tmp/asan_test+0x4f318)
[  DEATH   ]     #3 0x708161b85fce  (/apex/com.android.runtime/lib64/bionic/libc.so+0x100fce)
[  DEATH   ] 
[  DEATH   ] Thread T1004 (AllocThr) created by T1003 (TestFunc) here:
[  DEATH   ]     #0 0x70816188eced  (/data/asan/system/lib64/libclang_rt.asan-x86_64-android.so+0xc1ced)
[  DEATH   ]     #1 0x64b4a3f3d1cb  (/data/local/tmp/asan_test+0x4d1cb)
[  DEATH   ]     #2 0x64b4a3f3f318  (/data/local/tmp/asan_test+0x4f318)
[  DEATH   ]     #3 0x708161b85fce  (/apex/com.android.runtime/lib64/bionic/libc.so+0x100fce)
[  DEATH   ] 
[  DEATH   ] SUMMARY: AddressSanitizer: heap-use-after-free (/data/local/tmp/asan_test+0x4cfd9) 
[  DEATH   ] Shadow bytes around the buggy address:
[  DEATH   ]   0x0c047fff8320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff8330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff8340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff8350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff8360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ] =>0x0c047fff8370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fd]fa
[  DEATH   ]   0x0c047fff8380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff8390: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff83a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff83b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ]   0x0c047fff83c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[  DEATH   ] Shadow byte legend (one shadow byte represents 8 application bytes):
[  DEATH   ]   Addressable:           00
[  DEATH   ]   Partially addressable: 01 02 03 04 05 06 07 
[  DEATH   ]   Heap left redzone:       fa
[  DEATH   ]   Freed heap region:       fd
[  DEATH   ]   Stack left redzone:      f1
[  DEATH   ]   Stack mid redzone:       f2
[  DEATH   ]   Stack right redzone:     f3
[  DEATH   ]   Stack after return:      f5
[  DEATH   ]   Stack use after scope:   f8
[  DEATH   ]   Global redzone:          f9
[  DEATH   ]   Global init order:       f6
[  DEATH   ]   Poisoned by user:        f7
[  DEATH   ]   Container overflow:      fc
[  DEATH   ]   Array cookie:            ac
[  DEATH   ]   Intra object redzone:    bb
[  DEATH   ]   ASan internal:           fe
[  DEATH   ]   Left alloca redzone:     ca
[  DEATH   ]   Right alloca redzone:    cb
[  DEATH   ]   Shadow gap:              cc
[  DEATH   ] ==27674==ABORTING
[  DEATH   ] 
[  FAILED  ] AddressSanitizer.ThreadNamesTest (171 ms)
[ RUN      ] AddressSanitizer.UseThenFreeThenUseTest
[       OK ] AddressSanitizer.UseThenFreeThenUseTest (143 ms)
[ RUN      ] AddressSanitizer.StrDupTest
[       OK ] AddressSanitizer.StrDupTest (0 ms)
[ RUN      ] AddressSanitizer.GlobalTest
external/compiler-rt/lib/asan/tests/asan_test.cc:988: Failure
Death test: glob5[Ident(5)] = 0
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:990: Failure
Death test: glob5[Ident(5+6)] = 0
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:995: Failure
Death test: static110[Ident(110)] = 0
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:997: Failure
Death test: static110[Ident(110+7)] = 0
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:1002: Failure
Death test: func_static15[Ident(15)] = 0
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:1004: Failure
Death test: func_static15[Ident(15 + 9)] = 0
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:1012: Failure
Death test: fs2[Ident(-1)] = 0
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:1015: Failure
Death test: Ident(Ident(ConstGlob)[8])
    Result: failed to die.
 Error msg:
[  DEATH   ] 
external/compiler-rt/lib/asan/tests/asan_test.cc:1017: Failure
Death test: Ident(Ident(StaticConstGlob)[5])
    Result: failed to die.
 Error msg:
[  DEATH   ] 
[  FAILED  ] AddressSanitizer.GlobalTest (76 ms)
[ RUN      ] AddressSanitizer.GlobalStringConstTest
external/compiler-rt/lib/asan/tests/asan_test.cc:1026: Failure
Death test: Ident(p[15])
    Result: failed to die.
 Error msg:
[  DEATH   ] 
[  FAILED  ] AddressSanitizer.GlobalStringConstTest (9 ms)
[ RUN      ] AddressSanitizer.FileNameInGlobalReportTest
external/compiler-rt/lib/asan/tests/asan_test.cc:1033: Failure
Death test: Ident(p[15])
    Result: failed to die.
 Error msg:
[  DEATH   ] 
[  FAILED  ] AddressSanitizer.FileNameInGlobalReportTest (7 ms)
[ RUN      ] AddressSanitizer.StressStackReuseTest
[       OK ] AddressSanitizer.StressStackReuseTest (25 ms)
[ RUN      ] AddressSanitizer.ThreadedStressStackReuseTest
[       OK ] AddressSanitizer.ThreadedStressStackReuseTest (224 ms)
[ RUN      ] AddressSanitizer.PthreadExitTest
[       OK ] AddressSanitizer.PthreadExitTest (769 ms)
[ RUN      ] AddressSanitizer.MlockTest
[       OK ] AddressSanitizer.MlockTest (0 ms)
[ RUN      ] AddressSanitizer.LargeStructCopyTest
[       OK ] AddressSanitizer.LargeStructCopyTest (0 ms)
[ RUN      ] AddressSanitizer.AttributeNoSanitizeAddressTest
[       OK ] AddressSanitizer.AttributeNoSanitizeAddressTest (0 ms)
[ RUN      ] AddressSanitizer.BufferOverflowAfterManyFrees
[       OK ] AddressSanitizer.BufferOverflowAfterManyFrees (1475 ms)
[ RUN      ] AddressSanitizer.LongDoubleNegativeTest
[       OK ] AddressSanitizer.LongDoubleNegativeTest (0 ms)
[ RUN      ] AddressSanitizer.pthread_getschedparam
[       OK ] AddressSanitizer.pthread_getschedparam (366 ms)
[----------] 43 tests from AddressSanitizer (29303 ms total)

[----------] Global test environment tear-down
[==========] 43 tests from 1 test suite ran. (29303 ms total)
[  PASSED  ] 38 tests.
[  FAILED  ] 5 tests, listed below:
[  FAILED  ] AddressSanitizer.UAF_char
[  FAILED  ] AddressSanitizer.ThreadNamesTest
[  FAILED  ] AddressSanitizer.GlobalTest
[  FAILED  ] AddressSanitizer.GlobalStringConstTest
[  FAILED  ] AddressSanitizer.FileNameInGlobalReportTest

 5 FAILED TESTS
  YOU HAVE 16 DISABLED TESTS

But somehow sometimes asan_test and stagefright with ASAN shows this error:

1|generic_x86_64:/data/local/tmp # ./asan_test                                 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==28776==ERROR: AddressSanitizer: SEGV on unknown address 0x634ad7e39a70 (pc 0x7ced101c32fd bp 0x000082f34aae sp 0x7ffedb6467f0 T0)
==28776==The signal is caused by a READ memory access.
AddressSanitizer:DEADLYSIGNAL
AddressSanitizer: nested bug in the same thread, aborting.

So the issues are:

  1. Why ASAN does not detect simple memory corruption in stagefright (when it is there). Seems like everything is compiled in.
  2. Why sometimes it receives DEADLYSIGNAL in asan_test and stagefright

@eugenis
Copy link
Contributor

eugenis commented May 11, 2021 via email

@marcinguy
Copy link
Author

Hi @eugenis

You're right, ASAN is working in my binary (was able to detect "planted" Heap Buffer Overflow)

Attaching both Stacktrace and Tombstone for "asan_test" binary. DEADLYSIGNAL happens once in a while. Affect also other binaries.

I am running this on Emulator.

Let me know if you need more info.

Thanks,

Stacktrace:

05-21 11:46:17.227 17577 17577 F libc    : Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x6249a04bda70 in tid 17577 (asan_test), pid 17577 (asan_test)
05-21 11:46:17.248 17580 17580 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
05-21 11:46:17.248  1844  1844 I /system/bin/tombstoned: received crash request for pid 17577
05-21 11:46:17.249 17580 17580 I crash_dump64: performing dump of process 17577 (target tid = 17577)
05-21 11:46:17.250 17580 17580 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-21 11:46:17.250 17580 17580 F DEBUG   : Build fingerprint: 'google/sdk_gphone_x86_64/generic_x86_64:10/QSR1.200715.002/6695061:userdebug/dev-keys'
05-21 11:46:17.250 17580 17580 F DEBUG   : Revision: '0'
05-21 11:46:17.250 17580 17580 F DEBUG   : ABI: 'x86_64'
05-21 11:46:17.250 17580 17580 F DEBUG   : Timestamp: 2021-05-21 11:46:17+0200
05-21 11:46:17.250 17580 17580 F DEBUG   : pid: 17577, tid: 17577, name: asan_test  >>> ./asan_test <<<
05-21 11:46:17.250 17580 17580 F DEBUG   : uid: 0
05-21 11:46:17.250 17580 17580 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x6249a04bda70
05-21 11:46:17.250 17580 17580 F DEBUG   :     rax 0000000000000000  rbx 00007c87e0023010  rcx 00006249a04bda70  rdx 0000000082f34aae
05-21 11:46:17.250 17580 17580 F DEBUG   :     r8  0000000000000000  r9  0000000000000000  r10 00007c87e0257760  r11 0000000000000000
05-21 11:46:17.250 17580 17580 F DEBUG   :     r12 00007c87e0023010  r13 0000000000000020  r14 0000000082f34aae  r15 00007ffd7350f604
05-21 11:46:17.250 17580 17580 F DEBUG   :     rdi 00007c87e0023010  rsi 00007ffd7350f640
05-21 11:46:17.250 17580 17580 F DEBUG   :     rbp 0000000082f34aae  rsp 00007ffd7350f5a0  rip 00007c87e01ae2fd
05-21 11:46:17.251 17580 17580 F DEBUG   : 
05-21 11:46:17.251 17580 17580 F DEBUG   : backtrace:
05-21 11:46:17.251 17580 17580 F DEBUG   :       #00 pc 00000000000652fd  /apex/com.android.runtime/bin/linker64 (__dl__ZNK6soinfo10gnu_lookupER10SymbolNamePK12version_infoPj+141) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #01 pc 0000000000065241  /apex/com.android.runtime/bin/linker64 (__dl__ZNK6soinfo19find_symbol_by_nameER10SymbolNamePK12version_infoPPK9elf64_sym+49) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #02 pc 000000000004d8f0  /apex/com.android.runtime/bin/linker64 (__dl__ZL19dlsym_linear_lookupP19android_namespace_tPKcPK12version_infoPP6soinfoS7_Pv+192) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #03 pc 000000000004d49c  /apex/com.android.runtime/bin/linker64 (__dl__Z8do_dlsymPvPKcS1_PKvPS_+524) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #04 pc 00000000000481b9  /apex/com.android.runtime/bin/linker64 (__dl__Z10dlsym_implPvPKcS1_PKv+73) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #05 pc 0000000000059fc3  /system/lib64/libclang_rt.asan-x86_64-android.so (__sanitizer::Symbolizer::LateInitialize()+19) (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #06 pc 00000000000daa80  /system/lib64/libclang_rt.asan-x86_64-android.so (__asan::AsanInitInternal()+496) (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #07 pc 000000000007509d  /system/lib64/libclang_rt.asan-x86_64-android.so (__interceptor_strcmp+1597) (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #08 pc 000000000008af10  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init_vdso(libc_globals*)+528) (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #09 pc 000000000009fd65  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init_globals()+85) (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #10 pc 000000000008a886  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_preinit_impl()+38) (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
05-21 11:46:17.251 17580 17580 F DEBUG   :       #11 pc 0000000000065caf  /apex/com.android.runtime/bin/linker64 (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+255) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.252 17580 17580 F DEBUG   :       #12 pc 0000000000065ef1  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+433) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.252 17580 17580 F DEBUG   :       #13 pc 0000000000065dd8  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+152) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.252 17580 17580 F DEBUG   :       #14 pc 0000000000065dd8  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+152) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.252 17580 17580 F DEBUG   :       #15 pc 000000000006185c  /apex/com.android.runtime/bin/linker64 (__dl__ZL29__linker_init_post_relocationR19KernelArgumentBlockR6soinfo+4348) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.252 17580 17580 F DEBUG   :       #16 pc 0000000000060712  /apex/com.android.runtime/bin/linker64 (__dl___linker_init+434) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.252 17580 17580 F DEBUG   :       #17 pc 0000000000068ab7  /apex/com.android.runtime/bin/linker64 (__dl__start+7) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
05-21 11:46:17.266  1915  2104 W NativeCrashListener: Couldn't find ProcessRecord for pid 17577
05-21 11:46:17.267  1844  1844 E /system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_32

Tombstone:



generic_x86_64:/data/local/tmp # cat /data/tombstones/tombstone_32
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/sdk_gphone_x86_64/generic_x86_64:10/QSR1.200715.002/6695061:userdebug/dev-keys'
Revision: '0'
ABI: 'x86_64'
Timestamp: 2021-05-21 11:46:17+0200
pid: 17577, tid: 17577, name: asan_test  >>> ./asan_test <<<
uid: 0
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x6249a04bda70
    rax 0000000000000000  rbx 00007c87e0023010  rcx 00006249a04bda70  rdx 0000000082f34aae
    r8  0000000000000000  r9  0000000000000000  r10 00007c87e0257760  r11 0000000000000000
    r12 00007c87e0023010  r13 0000000000000020  r14 0000000082f34aae  r15 00007ffd7350f604
    rdi 00007c87e0023010  rsi 00007ffd7350f640
    rbp 0000000082f34aae  rsp 00007ffd7350f5a0  rip 00007c87e01ae2fd

backtrace:
      #00 pc 00000000000652fd  /apex/com.android.runtime/bin/linker64 (__dl__ZNK6soinfo10gnu_lookupER10SymbolNamePK12version_infoPj+141) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #01 pc 0000000000065241  /apex/com.android.runtime/bin/linker64 (__dl__ZNK6soinfo19find_symbol_by_nameER10SymbolNamePK12version_infoPPK9elf64_sym+49) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #02 pc 000000000004d8f0  /apex/com.android.runtime/bin/linker64 (__dl__ZL19dlsym_linear_lookupP19android_namespace_tPKcPK12version_infoPP6soinfoS7_Pv+192) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #03 pc 000000000004d49c  /apex/com.android.runtime/bin/linker64 (__dl__Z8do_dlsymPvPKcS1_PKvPS_+524) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #04 pc 00000000000481b9  /apex/com.android.runtime/bin/linker64 (__dl__Z10dlsym_implPvPKcS1_PKv+73) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #05 pc 0000000000059fc3  /system/lib64/libclang_rt.asan-x86_64-android.so (__sanitizer::Symbolizer::LateInitialize()+19) (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
      #06 pc 00000000000daa80  /system/lib64/libclang_rt.asan-x86_64-android.so (__asan::AsanInitInternal()+496) (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
      #07 pc 000000000007509d  /system/lib64/libclang_rt.asan-x86_64-android.so (__interceptor_strcmp+1597) (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
      #08 pc 000000000008af10  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init_vdso(libc_globals*)+528) (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
      #09 pc 000000000009fd65  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init_globals()+85) (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
      #10 pc 000000000008a886  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_preinit_impl()+38) (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
      #11 pc 0000000000065caf  /apex/com.android.runtime/bin/linker64 (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+255) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #12 pc 0000000000065ef1  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+433) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #13 pc 0000000000065dd8  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+152) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #14 pc 0000000000065dd8  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+152) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #15 pc 000000000006185c  /apex/com.android.runtime/bin/linker64 (__dl__ZL29__linker_init_post_relocationR19KernelArgumentBlockR6soinfo+4348) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #16 pc 0000000000060712  /apex/com.android.runtime/bin/linker64 (__dl___linker_init+434) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
      #17 pc 0000000000068ab7  /apex/com.android.runtime/bin/linker64 (__dl__start+7) (BuildId: 8c58e8673bbdf607f2614ae6235399f5)

stack:
         00007ffd7350f520  0000000000000003
         00007ffd7350f528  00007c87e025e11d  /apex/com.android.runtime/bin/linker64
         00007ffd7350f530  0000000000000000
         00007ffd7350f538  00007c87e0293480
         00007ffd7350f540  0000000000000002
         00007ffd7350f548  00007ffd7350f677  [stack]
         00007ffd7350f550  00007c87e00870b0  /dev/__properties__/u:object_r:debug_prop:s0
         00007ffd7350f558  00000001fffffffc  [anon:shadow gap]
         00007ffd7350f560  00007c87e0087000  /dev/__properties__/u:object_r:debug_prop:s0
         00007ffd7350f568  00007c87e025e387  /apex/com.android.runtime/bin/linker64
         00007ffd7350f570  00007ffd7350f679  [stack]
         00007ffd7350f578  0000001600000000  [anon:shadow gap]
         00007ffd7350f580  0000000000000000
         00007ffd7350f588  00007ffd7350f671  [stack]
         00007ffd7350f590  0000000000000000
         00007ffd7350f598  0000000000000006
    #00  00007ffd7350f5a0  00007c87e00ce854  /dev/__properties__/property_info
         00007ffd7350f5a8  00007c87e0087080  /dev/__properties__/u:object_r:debug_prop:s0
         00007ffd7350f5b0  00007ffd7350f63a  [stack]
         00007ffd7350f5b8  00007ffd7350f640  [stack]
         00007ffd7350f5c0  00007ffd7350f671  [stack]
         00007ffd7350f5c8  00007c87e0023010  [anon:linker_alloc]
         00007ffd7350f5d0  0000000000000000
         00007ffd7350f5d8  00007c87e00d5020  [anon:linker_alloc]
         00007ffd7350f5e0  00007ffd7350f620  [stack]
         00007ffd7350f5e8  00007c87e0023010  [anon:linker_alloc]
         00007ffd7350f5f0  00007ffd7350f640  [stack]
         00007ffd7350f5f8  00007c87e01ae242  /apex/com.android.runtime/bin/linker64
    #01  00007ffd7350f600  0000000000000100
         00007ffd7350f608  00007c87e00234b0  [anon:linker_alloc]
         00007ffd7350f610  00007ffd7350f620  [stack]
         00007ffd7350f618  00007c87e01968f1  /apex/com.android.runtime/bin/linker64
    #02  00007ffd7350f620  0000000000000000
         00007ffd7350f628  00007c87dfb3cffb  /system/lib64/libclang_rt.asan-x86_64-android.so
         00007ffd7350f630  00007ffd7350f6a0  [stack]
         00007ffd7350f638  0000000000000000
         00007ffd7350f640  00007c87dfb3cffb  /system/lib64/libclang_rt.asan-x86_64-android.so
         00007ffd7350f648  00000000e0250100  [anon:shadow gap]
         00007ffd7350f650  70a2789582f34aae
         00007ffd7350f658  00007c87e00234b0  [anon:linker_alloc]
         00007ffd7350f660  00007c87dfb3cffb  /system/lib64/libclang_rt.asan-x86_64-android.so
         00007ffd7350f668  0000000000000000
         00007ffd7350f670  00007c87e028fa18
         00007ffd7350f678  0000000000000000
         00007ffd7350f680  0000000000000000
         00007ffd7350f688  00007c87e019649d  /apex/com.android.runtime/bin/linker64
    #03  00007ffd7350f690  0000000000000000
         00007ffd7350f698  00007c87dfb3cffb  /system/lib64/libclang_rt.asan-x86_64-android.so
         00007ffd7350f6a0  0000000000000000
         00007ffd7350f6a8  0000000000000000
         00007ffd7350f6b0  0000000000000000
         00007ffd7350f6b8  0000000000000000
         00007ffd7350f6c0  00007c87e028f5c0
         00007ffd7350f6c8  00007ffd7350f738  [stack]
         00007ffd7350f6d0  0000000000000000
         00007ffd7350f6d8  0000000000000001
         00007ffd7350f6e0  0000000000000000
         00007ffd7350f6e8  0000000000000000
         00007ffd7350f6f0  0000000000000000
         00007ffd7350f6f8  0000000000000000
         00007ffd7350f700  0000000000000000
         00007ffd7350f708  00007c87dfb3cffb  /system/lib64/libclang_rt.asan-x86_64-android.so
         ................  ................
    #04  00007ffd7350f730  00007ffd7356c000  [vdso]
         00007ffd7350f738  00007c87dfd08f90  [anon:.bss]
         00007ffd7350f740  00007ffd7350f788  [stack]
         00007ffd7350f748  000000000000000a
         00007ffd7350f750  00007ffd7356c000  [vdso]
         00007ffd7350f758  00007c87dfd17020  [anon:.bss]
         00007ffd7350f760  00007c87dfc888f8  [anon:.bss]
         00007ffd7350f768  00007c87dfb64fc4  /system/lib64/libclang_rt.asan-x86_64-android.so
    #05  00007ffd7350f770  0000000000000000
         00007ffd7350f778  00007c87dfbe5a81  /system/lib64/libclang_rt.asan-x86_64-android.so
    #06  00007ffd7350f780  0000000000000000
         00007ffd7350f788  0000004000000010  [anon:shadow gap]
         00007ffd7350f790  0000000008000010
         00007ffd7350f798  0000000000001388
         00007ffd7350f7a0  0000000000000000
         00007ffd7350f7a8  00007ffd7356c298  [vdso]
         00007ffd7350f7b0  00007c87df89dd28  /apex/com.android.runtime/lib64/bionic/libc.so
         00007ffd7350f7b8  00007c87dfb8009e  /system/lib64/libclang_rt.asan-x86_64-android.so
    #07  00007ffd7350f7c0  0000000000000000
         00007ffd7350f7c8  0000000000000000
         00007ffd7350f7d0  0000000000000000
         00007ffd7350f7d8  0000000000000000
         00007ffd7350f7e0  0000000000000000
         00007ffd7350f7e8  0000000000000000
         00007ffd7350f7f0  0000000000000000
         00007ffd7350f7f8  0000000000000000
         00007ffd7350f800  0000000000000000
         00007ffd7350f808  0000000000000000
         00007ffd7350f810  0000000000000000
         00007ffd7350f818  0000000000000000
         00007ffd7350f820  0000000000000000
         00007ffd7350f828  0000000000000000
         00007ffd7350f830  0000000000000000
         00007ffd7350f838  0000000000000000
         ................  ................
    #08  00007ffd73510050  00007c87df89dd28  /apex/com.android.runtime/lib64/bionic/libc.so
         00007ffd73510058  00007c87df996000  [anon:.bss]
         00007ffd73510060  00007c87e014acc8  /apex/com.android.runtime/bin/linker64
         00007ffd73510068  00007c87df90b840  /apex/com.android.runtime/lib64/bionic/libc.so
         00007ffd73510070  0000000000000004
         00007ffd73510078  00007c87e014f52b  /apex/com.android.runtime/bin/linker64
         00007ffd73510080  0000000000000000
         00007ffd73510088  00007c87df920d66  /apex/com.android.runtime/lib64/bionic/libc.so
    #09  00007ffd73510090  00007c87df990350  /apex/com.android.runtime/lib64/bionic/libc.so
         00007ffd73510098  00007c87df90b887  /apex/com.android.runtime/lib64/bionic/libc.so
    #10  00007ffd735100a0  00007c87df990350  /apex/com.android.runtime/lib64/bionic/libc.so
         00007ffd735100a8  00007c87e01aecb0  /apex/com.android.runtime/bin/linker64
    #11  00007ffd735100b0  00007ffd735100f0  [stack]
         00007ffd735100b8  00007c87e0258dda  /apex/com.android.runtime/bin/linker64
         00007ffd735100c0  00007c87e0022d40  [anon:bionic_alloc_small_objects]
         00007ffd735100c8  0000000000000000
         00007ffd735100d0  00007c87e0022d40  [anon:bionic_alloc_small_objects]
         00007ffd735100d8  00007c87e0023950  [anon:linker_alloc]
         00007ffd735100e0  00007c87e0022d40  [anon:bionic_alloc_small_objects]
         00007ffd735100e8  0000000000000000
         00007ffd735100f0  0000000000000000
         00007ffd735100f8  00007c87e01aeef2  /apex/com.android.runtime/bin/linker64
    #12  00007ffd73510100  0000000000000051
         00007ffd73510108  0000000000000044
         00007ffd73510110  00007c87e0021480  [anon:bionic_alloc_small_objects]
         00007ffd73510118  0000000000000000
         00007ffd73510120  0000000000000000
         00007ffd73510128  0000000000000000
         00007ffd73510130  00007c87e00d5220  [anon:linker_alloc]
         00007ffd73510138  00007ffd73510250  [stack]
         00007ffd73510140  00007c87e00234b0  [anon:linker_alloc]
         00007ffd73510148  00006249a05a29f8  [heap]
         00007ffd73510150  00007ffd73510220  [stack]
         00007ffd73510158  00007c87e01aedd9  /apex/com.android.runtime/bin/linker64
    #13  00007ffd73510160  0000000000000000
         00007ffd73510168  00007c87e0024040  [anon:linker_alloc]
         00007ffd73510170  00007ffd735101d0  [stack]
         00007ffd73510178  00007ffd735101c8  [stack]
         00007ffd73510180  00007ffd735101c8  [stack]
         00007ffd73510188  00007c87e01546e3  /apex/com.android.runtime/bin/linker64
         00007ffd73510190  00007c87e00d5140  [anon:linker_alloc]
         00007ffd73510198  00007ffd73510250  [stack]
         00007ffd735101a0  00007c87e0023010  [anon:linker_alloc]
         00007ffd735101a8  00006249a05a29f8  [heap]
         00007ffd735101b0  00007ffd73510220  [stack]
         00007ffd735101b8  00007c87e01aedd9  /apex/com.android.runtime/bin/linker64
    #14  00007ffd735101c0  00007c87dfff9000
         00007ffd735101c8  0000000000000000
         00007ffd735101d0  00007c87e01546e3  /apex/com.android.runtime/bin/linker64
         00007ffd735101d8  00000000dfff0100  [anon:shadow gap]
         00007ffd735101e0  00007c87e0022040  [anon:bionic_alloc_small_objects]
         00007ffd735101e8  00006249a04bdaba  [heap]
         00007ffd735101f0  00006249a04bdaba  [heap]
         00007ffd735101f8  00007ffd73510250  [stack]
         00007ffd73510200  00007c87e0023010  [anon:linker_alloc]
         00007ffd73510208  00006249a05a29f8  [heap]
         00007ffd73510210  00007ffd73510220  [stack]
         00007ffd73510218  00007c87e01aa85d  /apex/com.android.runtime/bin/linker64
    #15  00007ffd73510220  00007c87e00221c0  [anon:bionic_alloc_small_objects]
         00007ffd73510228  00007c87e00221e8  [anon:bionic_alloc_small_objects]
         00007ffd73510230  00007c87e0022200  [anon:bionic_alloc_small_objects]
         00007ffd73510238  0000000000000000
         00007ffd73510240  0000000000000000
         00007ffd73510248  0000000000000000
         00007ffd73510250  00006249a04bdaba  [heap]
         00007ffd73510258  0000000000000000
         00007ffd73510260  0000000000000000
         00007ffd73510268  0000000000000000
         00007ffd73510270  0000000000000021
         00007ffd73510278  0000000000000019
         00007ffd73510280  00007c87e013a060  [anon:bionic_alloc_small_objects]
         00007ffd73510288  000000000000fd20
         00007ffd73510290  000000000000fa19
         00007ffd73510298  0000000000000001
         ................  ................
    #16  00007ffd73511390  0000000000000001
         00007ffd73511398  00007ffd73511678  [stack]
         00007ffd735113a0  00007ffd73511688  [stack]
         00007ffd735113a8  00007ffd73511750  [stack]
         00007ffd735113b0  00007ffd735113b0  [stack]
         00007ffd735113b8  00007c87e0293ed8
         00007ffd735113c0  0000000000000000
         00007ffd735113c8  0000000000000000
         00007ffd735113d0  0000000000000000
         00007ffd735113d8  70a27895242b8140
         00007ffd735113e0  0000000000000000
         00007ffd735113e8  0000000000000000
         00007ffd735113f0  00007c87e0163d18  /apex/com.android.runtime/bin/linker64
         00007ffd735113f8  00007c87e0146000  [anon:Allocate]
         00007ffd73511400  00007c87e0149040  /apex/com.android.runtime/bin/linker64
         00007ffd73511408  0000000000000009
         ................  ................
    #17  00007ffd73511670  0000000000000001
         00007ffd73511678  00007ffd735128dd  [stack]
         00007ffd73511680  0000000000000000
         00007ffd73511688  00007ffd735128e9  [stack]
         00007ffd73511690  00007ffd73512904  [stack]
         00007ffd73511698  00007ffd73512912  [stack]
         00007ffd735116a0  00007ffd73512925  [stack]
         00007ffd735116a8  00007ffd7351292c  [stack]
         00007ffd735116b0  00007ffd7351295b  [stack]
         00007ffd735116b8  00007ffd73512988  [stack]
         00007ffd735116c0  00007ffd73512a3b  [stack]
         00007ffd735116c8  00007ffd73512a4f  [stack]
         00007ffd735116d0  00007ffd73512a66  [stack]
         00007ffd735116d8  00007ffd73512a7f  [stack]
         00007ffd735116e0  00007ffd73512a98  [stack]
         00007ffd735116e8  00007ffd73512ab3  [stack]

memory near rbx ([anon:linker_alloc]):
    00007c87e0022ff0 0000000000000000 0000000000000000  ................
    00007c87e0023000 0000000000000000 0000000000000000  ................
    00007c87e0023010 00006249a04bc040 000000000000000a  @.K.Ib..........
    00007c87e0023020 00006249a04bc000 00000000000e9000  ..K.Ib..........
    00007c87e0023030 00006249a05a27f0 00007c87e0023260  .'Z.Ib..`2...|..
    00007c87e0023040 0000000040000145 00006249a04bda7c  E..@....|.K.Ib..
    00007c87e0023050 00006249a04bc2c8 0000000000000000  ..K.Ib..........
    00007c87e0023060 0000000000000000 0000000000000000  ................
    00007c87e0023070 0000000000000000 00006249a04bf688  ..........K.Ib..
    00007c87e0023080 00000000000000c3 0000000000000000  ................
    00007c87e0023090 0000000000000000 00006249a05a0000  ..........Z.Ib..
    00007c87e00230a0 0000000000000002 00006249a05a0010  ..........Z.Ib..
    00007c87e00230b0 0000000000000008 00006249a05a0050  ........P.Z.Ib..
    00007c87e00230c0 0000000000000002 0000000000000000  ................
    00007c87e00230d0 0000000000000000 0000000000000000  ................
    00007c87e00230e0 00006249a04bc000 00007c87e013a080  ..K.Ib.......|..

memory near rcx ([heap]):
    00006249a04bda50 ---------------- ----------------  ................
    00006249a04bda60 ---------------- ----------------  ................
    00006249a04bda70 ---------------- ----------------  ................
    00006249a04bda80 ---------------- ----------------  ................
    00006249a04bda90 ---------------- ----------------  ................
    00006249a04bdaa0 ---------------- ----------------  ................
    00006249a04bdab0 ---------------- ----------------  ................
    00006249a04bdac0 ---------------- ----------------  ................
    00006249a04bdad0 ---------------- ----------------  ................
    00006249a04bdae0 ---------------- ----------------  ................
    00006249a04bdaf0 ---------------- ----------------  ................
    00006249a04bdb00 ---------------- ----------------  ................
    00006249a04bdb10 ---------------- ----------------  ................
    00006249a04bdb20 ---------------- ----------------  ................
    00006249a04bdb30 ---------------- ----------------  ................
    00006249a04bdb40 ---------------- ----------------  ................

memory near rdx ([anon:low shadow]):
    0000000082f34a88 0000000000000000 0000000000000000  ................
    0000000082f34a98 0000000000000000 0000000000000000  ................
    0000000082f34aa8 0000000000000000 0000000000000000  ................
    0000000082f34ab8 0000000000000000 0000000000000000  ................
    0000000082f34ac8 0000000000000000 0000000000000000  ................
    0000000082f34ad8 0000000000000000 0000000000000000  ................
    0000000082f34ae8 0000000000000000 0000000000000000  ................
    0000000082f34af8 0000000000000000 0000000000000000  ................
    0000000082f34b08 0000000000000000 0000000000000000  ................
    0000000082f34b18 0000000000000000 0000000000000000  ................
    0000000082f34b28 0000000000000000 0000000000000000  ................
    0000000082f34b38 0000000000000000 0000000000000000  ................
    0000000082f34b48 0000000000000000 0000000000000000  ................
    0000000082f34b58 0000000000000000 0000000000000000  ................
    0000000082f34b68 0000000000000000 0000000000000000  ................
    0000000082f34b78 0000000000000000 0000000000000000  ................

memory near r10 (/apex/com.android.runtime/bin/linker64):
    00007c87e0257740 730f660e0c6f0f66 e908db730f6608d8  f.o..f.s..f.s...
    00007c87e0257750 1f0f2e6600000a0c 9066000000000084  ....f.........f.
    00007c87e0257760 176f0f66c0ef0f66 c1740f660e6f0f66  f...f.o.f.o.f.t.
    00007c87e0257770 740f6607fa730f66 0f4466d0f80f66d1  f.s..f.t.f...fD.
    00007c87e0257780 44e9d341ead3cad7 000009e5850fca29  ....A..D).......
    00007c87e0257790 194c8d4e1f6f0f66 0a02820fcb394df0  f.o.N.L..M9.....
    00007c87e02577a0 f9840fc9854d0000 0f66cb894d000009  ..M........M..f.
    00007c87e02577b0 000010c1c748c0ef 4c00000009b94100  ..H......A.....L
    00007c87e02577c0 0fffe2814909578d 001000ea81490000  .W.I......I.....
    00007c87e02577d0 0000841f0f2e6600 0000441f0f000000  .f...........D..
    00007c87e02577e0 00968f0f10c28349 660e0c6f0f660000  I.........f.o..f
    00007c87e02577f0 e26f0f660f146f0f 0f6609d30f3a0f66  .o..f.o.f.:...f.
    00007c87e0257800 0f66ca740f66c174 ea81d1d70f66c8f8  t.f.t.f...f.....
    00007c87e0257810 0956850f0000ffff 860f10eb83490000  ......V...I.....
    00007c87e0257820 10c1834800000980 10c28349dc6f0f66  ....H...f.o.I...
    00007c87e0257830 660e0c6f0f664e7f e26f0f660f146f0f  .Nf.o..f.o..f.o.

memory near r12 ([anon:linker_alloc]):
    00007c87e0022ff0 0000000000000000 0000000000000000  ................
    00007c87e0023000 0000000000000000 0000000000000000  ................
    00007c87e0023010 00006249a04bc040 000000000000000a  @.K.Ib..........
    00007c87e0023020 00006249a04bc000 00000000000e9000  ..K.Ib..........
    00007c87e0023030 00006249a05a27f0 00007c87e0023260  .'Z.Ib..`2...|..
    00007c87e0023040 0000000040000145 00006249a04bda7c  E..@....|.K.Ib..
    00007c87e0023050 00006249a04bc2c8 0000000000000000  ..K.Ib..........
    00007c87e0023060 0000000000000000 0000000000000000  ................
    00007c87e0023070 0000000000000000 00006249a04bf688  ..........K.Ib..
    00007c87e0023080 00000000000000c3 0000000000000000  ................
    00007c87e0023090 0000000000000000 00006249a05a0000  ..........Z.Ib..
    00007c87e00230a0 0000000000000002 00006249a05a0010  ..........Z.Ib..
    00007c87e00230b0 0000000000000008 00006249a05a0050  ........P.Z.Ib..
    00007c87e00230c0 0000000000000002 0000000000000000  ................
    00007c87e00230d0 0000000000000000 0000000000000000  ................
    00007c87e00230e0 00006249a04bc000 00007c87e013a080  ..K.Ib.......|..

memory near r14 ([anon:low shadow]):
    0000000082f34a88 0000000000000000 0000000000000000  ................
    0000000082f34a98 0000000000000000 0000000000000000  ................
    0000000082f34aa8 0000000000000000 0000000000000000  ................
    0000000082f34ab8 0000000000000000 0000000000000000  ................
    0000000082f34ac8 0000000000000000 0000000000000000  ................
    0000000082f34ad8 0000000000000000 0000000000000000  ................
    0000000082f34ae8 0000000000000000 0000000000000000  ................
    0000000082f34af8 0000000000000000 0000000000000000  ................
    0000000082f34b08 0000000000000000 0000000000000000  ................
    0000000082f34b18 0000000000000000 0000000000000000  ................
    0000000082f34b28 0000000000000000 0000000000000000  ................
    0000000082f34b38 0000000000000000 0000000000000000  ................
    0000000082f34b48 0000000000000000 0000000000000000  ................
    0000000082f34b58 0000000000000000 0000000000000000  ................
    0000000082f34b68 0000000000000000 0000000000000000  ................
    0000000082f34b78 0000000000000000 0000000000000000  ................

memory near r15 ([stack]):
    00007ffd7350f5e0 00007ffd7350f620 00007c87e0023010   .Ps.....0...|..
    00007ffd7350f5f0 00007ffd7350f640 00007c87e01ae242  @.Ps....B....|..
    00007ffd7350f600 0000000000000100 00007c87e00234b0  .........4...|..
    00007ffd7350f610 00007ffd7350f620 00007c87e01968f1   .Ps.....h...|..
    00007ffd7350f620 0000000000000000 00007c87dfb3cffb  .............|..
    00007ffd7350f630 00007ffd7350f6a0 0000000000000000  ..Ps............
    00007ffd7350f640 00007c87dfb3cffb 00000000e0250100  .....|....%.....
    00007ffd7350f650 70a2789582f34aae 00007c87e00234b0  .J...x.p.4...|..
    00007ffd7350f660 00007c87dfb3cffb 0000000000000000  .....|..........
    00007ffd7350f670 00007c87e028fa18 0000000000000000  ..(..|..........
    00007ffd7350f680 0000000000000000 00007c87e019649d  .........d...|..
    00007ffd7350f690 0000000000000000 00007c87dfb3cffb  .............|..
    00007ffd7350f6a0 0000000000000000 0000000000000000  ................
    00007ffd7350f6b0 0000000000000000 0000000000000000  ................
    00007ffd7350f6c0 00007c87e028f5c0 00007ffd7350f738  ..(..|..8.Ps....
    00007ffd7350f6d0 0000000000000000 0000000000000001  ................

memory near rdi ([anon:linker_alloc]):
    00007c87e0022ff0 0000000000000000 0000000000000000  ................
    00007c87e0023000 0000000000000000 0000000000000000  ................
    00007c87e0023010 00006249a04bc040 000000000000000a  @.K.Ib..........
    00007c87e0023020 00006249a04bc000 00000000000e9000  ..K.Ib..........
    00007c87e0023030 00006249a05a27f0 00007c87e0023260  .'Z.Ib..`2...|..
    00007c87e0023040 0000000040000145 00006249a04bda7c  E..@....|.K.Ib..
    00007c87e0023050 00006249a04bc2c8 0000000000000000  ..K.Ib..........
    00007c87e0023060 0000000000000000 0000000000000000  ................
    00007c87e0023070 0000000000000000 00006249a04bf688  ..........K.Ib..
    00007c87e0023080 00000000000000c3 0000000000000000  ................
    00007c87e0023090 0000000000000000 00006249a05a0000  ..........Z.Ib..
    00007c87e00230a0 0000000000000002 00006249a05a0010  ..........Z.Ib..
    00007c87e00230b0 0000000000000008 00006249a05a0050  ........P.Z.Ib..
    00007c87e00230c0 0000000000000002 0000000000000000  ................
    00007c87e00230d0 0000000000000000 0000000000000000  ................
    00007c87e00230e0 00006249a04bc000 00007c87e013a080  ..K.Ib.......|..

memory near rsi ([stack]):
    00007ffd7350f620 0000000000000000 00007c87dfb3cffb  .............|..
    00007ffd7350f630 00007ffd7350f6a0 0000000000000000  ..Ps............
    00007ffd7350f640 00007c87dfb3cffb 00000000e0250100  .....|....%.....
    00007ffd7350f650 70a2789582f34aae 00007c87e00234b0  .J...x.p.4...|..
    00007ffd7350f660 00007c87dfb3cffb 0000000000000000  .....|..........
    00007ffd7350f670 00007c87e028fa18 0000000000000000  ..(..|..........
    00007ffd7350f680 0000000000000000 00007c87e019649d  .........d...|..
    00007ffd7350f690 0000000000000000 00007c87dfb3cffb  .............|..
    00007ffd7350f6a0 0000000000000000 0000000000000000  ................
    00007ffd7350f6b0 0000000000000000 0000000000000000  ................
    00007ffd7350f6c0 00007c87e028f5c0 00007ffd7350f738  ..(..|..8.Ps....
    00007ffd7350f6d0 0000000000000000 0000000000000001  ................
    00007ffd7350f6e0 0000000000000000 0000000000000000  ................
    00007ffd7350f6f0 0000000000000000 0000000000000000  ................
    00007ffd7350f700 0000000000000000 00007c87dfb3cffb  .............|..
    00007ffd7350f710 00007c87e028fa18 00007c87dfb64fc4  ..(..|...O...|..

memory near rbp ([anon:low shadow]):
    0000000082f34a88 0000000000000000 0000000000000000  ................
    0000000082f34a98 0000000000000000 0000000000000000  ................
    0000000082f34aa8 0000000000000000 0000000000000000  ................
    0000000082f34ab8 0000000000000000 0000000000000000  ................
    0000000082f34ac8 0000000000000000 0000000000000000  ................
    0000000082f34ad8 0000000000000000 0000000000000000  ................
    0000000082f34ae8 0000000000000000 0000000000000000  ................
    0000000082f34af8 0000000000000000 0000000000000000  ................
    0000000082f34b08 0000000000000000 0000000000000000  ................
    0000000082f34b18 0000000000000000 0000000000000000  ................
    0000000082f34b28 0000000000000000 0000000000000000  ................
    0000000082f34b38 0000000000000000 0000000000000000  ................
    0000000082f34b48 0000000000000000 0000000000000000  ................
    0000000082f34b58 0000000000000000 0000000000000000  ................
    0000000082f34b68 0000000000000000 0000000000000000  ................
    0000000082f34b78 0000000000000000 0000000000000000  ................

memory near rsp ([stack]):
    00007ffd7350f580 0000000000000000 00007ffd7350f671  ........q.Ps....
    00007ffd7350f590 0000000000000000 0000000000000006  ................
    00007ffd7350f5a0 00007c87e00ce854 00007c87e0087080  T....|...p...|..
    00007ffd7350f5b0 00007ffd7350f63a 00007ffd7350f640  :.Ps....@.Ps....
    00007ffd7350f5c0 00007ffd7350f671 00007c87e0023010  q.Ps.....0...|..
    00007ffd7350f5d0 0000000000000000 00007c87e00d5020  ........ P...|..
    00007ffd7350f5e0 00007ffd7350f620 00007c87e0023010   .Ps.....0...|..
    00007ffd7350f5f0 00007ffd7350f640 00007c87e01ae242  @.Ps....B....|..
    00007ffd7350f600 0000000000000100 00007c87e00234b0  .........4...|..
    00007ffd7350f610 00007ffd7350f620 00007c87e01968f1   .Ps.....h...|..
    00007ffd7350f620 0000000000000000 00007c87dfb3cffb  .............|..
    00007ffd7350f630 00007ffd7350f6a0 0000000000000000  ..Ps............
    00007ffd7350f640 00007c87dfb3cffb 00000000e0250100  .....|....%.....
    00007ffd7350f650 70a2789582f34aae 00007c87e00234b0  .J...x.p.4...|..
    00007ffd7350f660 00007c87dfb3cffb 0000000000000000  .....|..........
    00007ffd7350f670 00007c87e028fa18 0000000000000000  ..(..|..........

memory near rip (/apex/com.android.runtime/bin/linker64):
    00007c87e01ae2d8 ee89410000017424 894cedd349f5894d  $t...A..M..I..L.
    00007c87e01ae2e8 84234106e8c148f0 8c8b490000017024  .H...A#.$p...I..
    00007c87e01ae2f8 1c8b480000017824 0000000007c741c1  $x...H...A......
    00007c87e01ae308 7c02000e16893d83 894d20247c894c58  .=.....|XL.|$ M.
    00007c87e01ae318 8b481824448b48c7 0001a02484f64108  .H.D$.H..A..$...
    00007c87e01ae328 24848d4d0e750100 01c08349000001a0  ..u.M..$....I...
    00007c87e01ae338 01b024848b4d08eb 4810244c8b4d0000  ..M..$....M.L$.H
    00007c87e01ae348 8d48fff9c97a358d 0004bffffa0b9815  .5z...H.........
    00007c87e01ae358 004e1fe8c0310000 247c8b4cf8894d00  ..1...N..M..L.|$
    00007c87e01ae368 d348e989d8894820 21ebd348e98944e8   H....H..D..H..!
    00007c87e01ae378 000115840f01a8d8 000160248c8b4900  .........I..$`..
    00007c87e01ae388 f749d231f0894c00 1c8b0000015824b4  .L..1.I..$X.....
    00007c87e01ae398 0000f5840fdb8591 0000162444c76600  .........f.D$...
    00007c87e01ae3a8 e7894c1624548d48 fffe9a88e8c6894c  H.T$.L..L.......
    00007c87e01ae3b8 0000012c840fc084 0f2e6620247c894c  ....,...L.|$ f..
    00007c87e01ae3c8 900000000000841f 848b4940247c8b4d  ........M.|$@I..

memory map (86 entries): (fault address prefixed with --->)
    00000000'7fff7000-00000000'8fff6fff rw-         0  10000000  [anon:low shadow]
    00000000'8fff7000-00000200'8fff6fff ---         0  20000000000  [anon:shadow gap]
    00000200'8fff7000-00001000'2e59afff rw-         0  dff9e5a4000  [anon:high shadow]
    00001000'2e59b000-00001000'2e699fff rw-         0     ff000
    00001000'2e69a000-00001000'7fff7fff rw-         0  5195e000  [anon:high shadow]
--->00006000'00000000-000063ff'ffffffff ---         0  40000000000  [heap]
    00006400'00000000-00006400'00002fff rw-         0      3000  [anon:SizeClassAllocator: region info]
    00007c87'dcc9f000-00007c87'dd49efff ---         0    800000
    00007c87'dd49f000-00007c87'df49efff rw-         0   2000000  [anon:ThreadRegistry]
    00007c87'df49f000-00007c87'df7f0fff rw-         0    352000  [anon:AddrHashMap]
    00007c87'df7f1000-00007c87'df854fff rw-         0     64000  [anon:linker_alloc]
    00007c87'df855000-00007c87'df85afff r--         0      6000  /system/lib64/liblog.so (BuildId: abf7dd965db188dfd23cf87c0d4cf7)
    00007c87'df85b000-00007c87'df869fff r-x      6000      f000  /system/lib64/liblog.so (BuildId: abf7dd965db188dfd23cf87c0d4cf7)
    00007c87'df86a000-00007c87'df86afff rw-     15000      1000  /system/lib64/liblog.so (BuildId: abf7dd965db188dfd23cf87c0d4cf7)
    00007c87'df86b000-00007c87'df86bfff r--     16000      1000  /system/lib64/liblog.so (BuildId: abf7dd965db188dfd23cf87c0d4cf7)
    00007c87'df86c000-00007c87'df86cfff rw-         0      1000  [anon:.bss]
    00007c87'df881000-00007c87'df8cafff r--         0     4a000  /apex/com.android.runtime/lib64/bionic/libc.so (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
    00007c87'df8cb000-00007c87'df987fff r-x     4a000     bd000  /apex/com.android.runtime/lib64/bionic/libc.so (BuildId: b5c6019a3b4ea61b5e9a2f56319b584e)
    00007c87'df988000-00007c87'df98afff rw-    107000      3000  /apex/com.android.runtime/lib64/bionic/libc.so (BuildId: b5c6019a3b4ea61b5e9a2f56319b58)
    00007c87'df98b000-00007c87'df991fff r--    10a000      7000  /apex/com.android.runtime/lib64/bionic/libc.so (BuildId: b5c6019a3b4ea61b5e9a2f56319b58)
    00007c87'df992000-00007c87'df9e8fff rw-         0     57000  [anon:.bss]
    00007c87'dfa1d000-00007c87'dfa74fff r--         0     58000  /system/lib64/libc++.so (BuildId: 6e7d445478dfe67181dda7edc9b593)
    00007c87'dfa75000-00007c87'dfaeafff r-x     58000     76000  /system/lib64/libc++.so (BuildId: 6e7d445478dfe67181dda7edc9b593)
    00007c87'dfaeb000-00007c87'dfaebfff rw-     ce000      1000  /system/lib64/libc++.so (BuildId: 6e7d445478dfe67181dda7edc9b593)
    00007c87'dfaec000-00007c87'dfaf3fff r--     cf000      8000  /system/lib64/libc++.so (BuildId: 6e7d445478dfe67181dda7edc9b593)
    00007c87'dfaf4000-00007c87'dfaf7fff rw-         0      4000  [anon:.bss]
    00007c87'dfb0b000-00007c87'dfb54fff r--         0     4a000  /system/lib64/libclang_rt.asan-x86_64-android.so (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
    00007c87'dfb55000-00007c87'dfbf1fff r-x     4a000     9d000  /system/lib64/libclang_rt.asan-x86_64-android.so (BuildId: 787225c73f95eede6b0262edee9fc32898c1912a)
    00007c87'dfbf2000-00007c87'dfbf4fff rw-     e7000      3000  /system/lib64/libclang_rt.asan-x86_64-android.so (BuildId: 787225c73f95eede6b0262edee9fc32898c191)
    00007c87'dfbf5000-00007c87'dfbf7fff r--     ea000      3000  /system/lib64/libclang_rt.asan-x86_64-android.so (BuildId: 787225c73f95eede6b0262edee9fc32898c191)
    00007c87'dfbf8000-00007c87'dfd9dfff rw-         0    1a6000  [anon:.bss]
    00007c87'dfdd2000-00007c87'dfdd2fff r--         0      1000  /apex/com.android.runtime/lib64/bionic/libdl.so (BuildId: 728753a80dd15c87238a4bb272bbe0)
    00007c87'dfdd3000-00007c87'dfdd3fff r-x      1000      1000  /apex/com.android.runtime/lib64/bionic/libdl.so (BuildId: 728753a80dd15c87238a4bb272bbe0)
    00007c87'dfdd4000-00007c87'dfdd4fff r--      2000      1000  /apex/com.android.runtime/lib64/bionic/libdl.so (BuildId: 728753a80dd15c87238a4bb272bbe0)
    00007c87'dfdd5000-00007c87'dfdd5fff rw-         0      1000  [anon:.bss]
    00007c87'dfe0b000-00007c87'dfe2dfff r--         0     23000  /apex/com.android.runtime/lib64/bionic/libm.so (BuildId: 0e2b19ead6c2dfcad1cb3e1b6c68fd)
    00007c87'dfe2e000-00007c87'dfe59fff r-x     23000     2c000  /apex/com.android.runtime/lib64/bionic/libm.so (BuildId: 0e2b19ead6c2dfcad1cb3e1b6c68fd)
    00007c87'dfe5a000-00007c87'dfe5afff rw-     4f000      1000  /apex/com.android.runtime/lib64/bionic/libm.so (BuildId: 0e2b19ead6c2dfcad1cb3e1b6c68fd)
    00007c87'dfe5b000-00007c87'dfe5bfff r--     50000      1000  /apex/com.android.runtime/lib64/bionic/libm.so (BuildId: 0e2b19ead6c2dfcad1cb3e1b6c68fd)
    00007c87'dfe5c000-00007c87'dfe5cfff rw-         0      1000  [anon:.bss]
    00007c87'dfe88000-00007c87'dfe88fff rw-         0      1000  [anon:bionic_alloc_small_objects]
    00007c87'dfe9e000-00007c87'dfe9ffff rw-         0      2000  [anon:InternalMmapVector]
    00007c87'dfea1000-00007c87'dfea1fff rw-         0      1000  [anon:Allocate]
    00007c87'dfea2000-00007c87'dfea9fff rw-         0      8000  [anon:SetAlternateSignalStack]
    00007c87'dfeaa000-00007c87'dfeabfff rw-         0      2000  [anon:ReadFileToBuffer]
    00007c87'dfeac000-00007c87'dfeacfff rw-         0      1000  [anon:Allocate]
    00007c87'dfead000-00007c87'dfebafff rw-         0      e000  [anon:Create]
    00007c87'dfebb000-00007c87'dfebbfff r--         0      1000  [anon:atexit handlers]
    00007c87'dfebc000-00007c87'dfec3fff rw-         0      8000  [anon:SetAlternateSignalStack]
    00007c87'dfec4000-00007c87'dfec5fff rw-         0      2000  [anon:InternalMmapVector]
    00007c87'dfec6000-00007c87'dfff1fff rw-         0    12c000  [anon:linker_alloc]
    00007c87'dfff2000-00007c87'dfff4fff rw-         0      3000  [anon:bionic_alloc_small_objects]
    00007c87'dfff5000-00007c87'dfff8fff rw-         0      4000  [anon:Allocate]
    00007c87'dfff9000-00007c87'dfff9fff ---         0      1000
    00007c87'dfffa000-00007c87'dfffcfff rw-         0      3000
    00007c87'dfffd000-00007c87'dfffdfff ---         0      1000
    00007c87'dfffe000-00007c87'dfffffff rw-         0      2000  [anon:bionic_alloc_small_objects]
    00007c87'e0000000-00007c87'e001ffff r--         0     20000  /dev/__properties__/u:object_r:exported_default_prop:s0
    00007c87'e0020000-00007c87'e0022fff rw-         0      3000  [anon:bionic_alloc_small_objects]
    00007c87'e0023000-00007c87'e0086fff rw-         0     64000  [anon:linker_alloc]
    00007c87'e0087000-00007c87'e00a6fff r--         0     20000  /dev/__properties__/u:object_r:debug_prop:s0
    00007c87'e00a7000-00007c87'e00a7fff ---         0      1000
    00007c87'e00a8000-00007c87'e00a8fff rw-         0      1000
    00007c87'e00a9000-00007c87'e00a9fff ---         0      1000
    00007c87'e00aa000-00007c87'e00c9fff r--         0     20000  /dev/__properties__/properties_serial
    00007c87'e00ca000-00007c87'e00cbfff rw-         0      2000  [anon:System property context nodes]
    00007c87'e00cc000-00007c87'e00d4fff r--         0      9000  /dev/__properties__/property_info
    00007c87'e00d5000-00007c87'e0138fff rw-         0     64000  [anon:linker_alloc]
    00007c87'e0139000-00007c87'e013afff rw-         0      2000  [anon:bionic_alloc_small_objects]
    00007c87'e013b000-00007c87'e013bfff r--         0      1000  [anon:atexit handlers]
    00007c87'e013c000-00007c87'e013cfff ---         0      1000
    00007c87'e013d000-00007c87'e0144fff rw-         0      8000  [anon:thread signal stack]
    00007c87'e0145000-00007c87'e0145fff rw-         0      1000  [anon:arc4random data]
    00007c87'e0146000-00007c87'e0147fff rw-         0      2000  [anon:Allocate]
    00007c87'e0148000-00007c87'e0148fff rw-         0      1000  [anon:ReadFileToBuffer]
    00007c87'e0149000-00007c87'e0190fff r--         0     48000  /apex/com.android.runtime/bin/linker64 (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
    00007c87'e0191000-00007c87'e0282fff r-x     48000     f2000  /apex/com.android.runtime/bin/linker64 (BuildId: 8c58e8673bbdf607f2614ae6235399f5)
    00007c87'e0283000-00007c87'e0283fff rw-    13a000      1000  /apex/com.android.runtime/bin/linker64 (BuildId: 8c58e8673bbdf607f2614ae6235399)
    00007c87'e0284000-00007c87'e028afff r--    13b000      7000  /apex/com.android.runtime/bin/linker64 (BuildId: 8c58e8673bbdf607f2614ae6235399)
    00007c87'e028b000-00007c87'e0291fff rw-         0      7000
    00007c87'e0292000-00007c87'e0292fff r--         0      1000
    00007c87'e0293000-00007c87'e0294fff rw-         0      2000
    00007ffd'734f2000-00007ffd'73512fff rw-         0     21000  [stack]
    00007ffd'73569000-00007ffd'7356bfff r--         0      3000  [vvar]
    00007ffd'7356c000-00007ffd'7356dfff r-x         0      2000  [vdso]
    ffffffff'ff600000-ffffffff'ff600fff r-x         0      1000  [vsyscall]

open files:
    fd 0: /dev/pts/0 (unowned)
    fd 1: /dev/pts/0 (unowned)
    fd 2: /dev/pts/0 (unowned)
    fd 16: /dev/goldfish_pipe (unowned)
    fd 17: socket:[16642] (unowned)
    fd 38: /dev/goldfish_pipe (unowned)
generic_x86_64:/data/local/tmp #

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eugenis @marcinguy