Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASAN is crashing app_process on Android #1101

Open
bog-dan-ro opened this issue May 30, 2019 · 8 comments
Open

ASAN is crashing app_process on Android #1101

bog-dan-ro opened this issue May 30, 2019 · 8 comments

Comments

@bog-dan-ro
Copy link

bog-dan-ro commented May 30, 2019
edited
Loading

Hi,

I tried ASAN on arm & x86 (emulators) but it always fails. I'm using the wrap.sh technique to load libclang_rt.asan-x86_64-android.so.
If needed I can upload the .apk somewhere.

Here is the backtrace on x86_64 emulator:

 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
 Build fingerprint: 'google/sdk_gphone_x86_64/generic_x86_64:9/PSR1.180720.075/5124027:user/release-keys'
 Revision: '0'
 ABI: 'x86_64'
 pid: 5910, tid: 5910, name: app_process64  >>> /system/bin/app_process64 <<<
 signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
 Cause: seccomp prevented call to disallowed x86_64 system call 4
     rax 0000000000000004  rbx 00007101e6e74c15  rcx 00007101e6e96b40  rdx 0000000000000061
     r8  0000000000000004  r9  0000000000000000  r10 0000000000000022  r11 0000000000000206
     r12 00007ffd25559000  r13 00007101e6fc0908  r14 00007101e6e73b3e  r15 0000000000000000
     rdi 00007101e6e73b3e  rsi 00007ffd254da858
     rbp 00007ffd254db290  rsp 00007ffd254da8d8  rip 00007101e6e96b40
 
 backtrace:
     #00 pc 0000000000052b40  /data/app/org.example.testasan-xlNXflZKhFKPq0WWFY2LGQ==/lib/x86_64/libclang_rt.asan-x86_64-android.so (offset 0x4c000)
     #01 pc 000000000004ea45  /data/app/org.example.testasan-xlNXflZKhFKPq0WWFY2LGQ==/lib/x86_64/libclang_rt.asan-x86_64-android.so (offset 0x4c000)
     #02 pc 000000000005bfd6  /data/app/org.example.testasan-xlNXflZKhFKPq0WWFY2LGQ==/lib/x86_64/libclang_rt.asan-x86_64-android.so (offset 0x4c000)
     #03 pc 000000000005ab83  /data/app/org.example.testasan-xlNXflZKhFKPq0WWFY2LGQ==/lib/x86_64/libclang_rt.asan-x86_64-android.so (offset 0x4c000)
     #04 pc 000000000005c1d5  /data/app/org.example.testasan-xlNXflZKhFKPq0WWFY2LGQ==/lib/x86_64/libclang_rt.asan-x86_64-android.so (offset 0x4c000)
     #05 pc 00000000000d8b5c  /data/app/org.example.testasan-xlNXflZKhFKPq0WWFY2LGQ==/lib/x86_64/libclang_rt.asan-x86_64-android.so (offset 0x4c000)
     #06 pc 00000000000774f7  /data/app/org.example.testasan-xlNXflZKhFKPq0WWFY2LGQ==/lib/x86_64/libclang_rt.asan-x86_64-android.so (offset 0x4c000) (strcmp+1591)
     #07 pc 000000000001d3b5  /system/lib64/libc.so (__libc_init_vdso(libc_globals*, KernelArgumentBlock&)+565)
     #08 pc 0000000000030fdc  /system/lib64/libc.so (__libc_init_globals(KernelArgumentBlock&)+108)
     #09 pc 00000000000c2698  /system/lib64/libc.so (__libc_preinit_impl(KernelArgumentBlock&)+8)
     #10 pc 000000000002d9ff  /system/bin/linker64 (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+255)
     #11 pc 000000000002dc3c  /system/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+428)
     #12 pc 000000000002db28  /system/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+152)
     #13 pc 000000000002db28  /system/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+152)
     #14 pc 00000000000298c0  /system/bin/linker64 (__dl___linker_init+3760)
     #15 pc 00000000000300c7  /system/bin/linker64 (__dl__start+7)
@bog-dan-ro bog-dan-ro mentioned this issue May 30, 2019
Closed
@eugenis
Copy link
Contributor

eugenis commented May 30, 2019

Does the arm failure look the same?
This is asan trying to do stat() that is forbidden in the app seccomp policy.
ASan does stat() on x86_64 because that's what glibc does, and it used to work on Android, too.
We can switch to stat64 or even fstatat64 upstream.

@bog-dan-ro
Copy link
Author

I rechecked again and only x86_64 is affected.

@enh
Copy link

enh commented Jun 4, 2019

We can switch to stat64 or even fstatat64 upstream.

yeah, only the system calls that bionic actually uses tend to be allowed by seccomp. if we'd have caught this during P development we'd probably have added an exception -- we already have several just for sanitizers [open/readlink/stat64] -- but at this point it's too late for adding stat to be any use anyway.

(note that bionic doesn't use stat64 itself either: whenever there's an *at variant of a system call, bionic only uses that, because that's all that's supported on arm64 and we try to ensure that everything goes through the same codepaths where possible.)

@sarora5
Copy link

sarora5 commented Jun 12, 2019
edited
Loading

@eugenis
Same issue is happening on pixel 2 device using 32 bit App build.
NDK 15.
Android 9

I am using following wrap.sh script:
#!/system/bin/sh
HERE="$(cd "$(dirname "$0")" && pwd)"
export ASAN_OPTIONS=log_to_syslog=false,allow_user_segv_handler=1,detect_stack_use_after_return=1,check_initialization_order=true
export LD_PRELOAD="$HERE/libclang_rt.asan-arm-android.so $HERE/libc++_shared.so"
exec "$@"

---- new stack ----
Build fingerprint: 'google/walleye/walleye:9/PPR2.181005.003/4984323:user/release-keys'
Revision: 'MP1'
ABI: 'arm'
pid: 16356, tid: 16356, name: main >>> com.xxx --------
Cause: seccomp prevented call to disallowed arm system call 214
r0 000003e8 r1 ffeae538 r2 00000000 r3 00000000
r4 00000000 r5 70262820 r6 00000000 r7 000000d6
r8 00000000 r9 ce603080 r10 12cd6e58 r11 12cd6ec8
ip 12cd6e18 sp ffeae510 lr f2b3ffb9 pc f099fdb0

backtrace:
#00 pc 0000000000054db0 libgcc2.c:? (setgid) /system/lib/libc.so
#1 pc 00000000000bffb5 ??:? (android::register_android_content_AssetManager(_JNIEnv*)) /system/lib/libandroid_runtime.so
#2 pc 003ae1df /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.content.res.AssetManager.nativeVerifySystemIdmaps [DEDUPED]+94)
#3 pc 006c63c7 /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.content.res.AssetManager.createSystemAssetsInZygoteLocked+86)
#4 pc 006c67cf /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.content.res.AssetManager.getSystem+78)
#5 pc 006ca953 /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.content.res.Resources.+274)
#6 pc 006cac4f /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.content.res.Resources.getSystem+118)
#7 pc 00a11c6f /system/framework/arm/boot-framework.oat (offset 0x3ab000) (com.android.internal.os.ZygoteInit.preloadResources+70)
#8 pc 00a107ed /system/framework/arm/boot-framework.oat (offset 0x3ab000) (com.android.internal.os.ZygoteInit.preload+228)
#9 pc 000000000040d575 zutil.c:? (art_quick_invoke_stub_internal) /system/lib/libart.so
#10 pc 00000000003e6c7b zutil.c:? (art_quick_invoke_static_stub) /system/lib/libart.so
#11 pc 00000000000a1027 zutil.c:? (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)) /system/lib/libart.so
#12 pc 00000000001e5ae9 zutil.c:? (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)) /system/lib/libart.so
#13 pc 00000000001e05d7 zutil.c:? (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)) /system/lib/libart.so
#14 pc 00000000003e27af zutil.c:? (MterpInvokeStatic) /system/lib/libart.so
#15 pc 0000000000400494 zutil.c:? (artMterpAsmInstructionStart) /system/lib/libart.so
#16 pc 00dbee36 /system/framework/boot-framework.vdex (com.android.internal.os.WrapperInit.main+134)
#17 pc 00000000001c4d53 zutil.c:? (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool) [clone .llvm.2471763592]) /system/lib/libart.so
#18 pc 00000000001c937f zutil.c:? (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)) /system/lib/libart.so
#19 pc 00000000003d52b9 zutil.c:? (artQuickToInterpreterBridge) /system/lib/libart.so
#20 pc 0000000000411aff zutil.c:? (art_quick_to_interpreter_bridge) /system/lib/libart.so
#21 pc 000000000040d575 zutil.c:? (art_quick_invoke_stub_internal) /system/lib/libart.so
#22 pc 00000000003e6c7b zutil.c:? (art_quick_invoke_static_stub) /system/lib/libart.so
#23 pc 00000000000a1027 zutil.c:? (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)) /system/lib/libart.so
#24 pc 0000000000347ac5 zutil.c:? (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)) /system/lib/libart.so
#25 pc 00000000003478ef zutil.c:? (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)) /system/lib/libart.so
#26 pc 000000000028eb11 zutil.c:? (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)) /system/lib/libart.so
#27 pc 000000000006c93b ??:? (android::AndroidRuntime::getJNIEnv()) /system/lib/libandroid_runtime.so
#28 pc 000000000006c881 ??:? (android::AndroidRuntime::callMain(android::String8 const&, _jclass*, android::Vectorandroid::String8 const&)) /system/lib/libandroid_runtime.so
#29 pc 00001d63 /system/bin/app_process32 (android::AppRuntime::onStarted()+42)
#30 pc 003ae1df /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.content.res.AssetManager.nativeVerifySystemIdmaps [DEDUPED]+94)
#31 pc 000000000040d575 zutil.c:? (art_quick_invoke_stub_internal) /system/lib/libart.so
#32 pc 00000000003e6c7b zutil.c:? (art_quick_invoke_static_stub) /system/lib/libart.so
#33 pc 00000000000a1027 zutil.c:? (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)) /system/lib/libart.so
#34 pc 00000000001e5ae9 zutil.c:? (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)) /system/lib/libart.so
#35 pc 00000000001e05d7 zutil.c:? (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)) /system/lib/libart.so
#36 pc 00000000003e27af zutil.c:? (MterpInvokeStatic) /system/lib/libart.so
#37 pc 0000000000400494 zutil.c:? (artMterpAsmInstructionStart) /system/lib/libart.so
#38 pc 00dbe426 /system/framework/boot-framework.vdex (com.android.internal.os.RuntimeInit.main+48)
#39 pc 00000000001c4d53 zutil.c:? (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool) [clone .llvm.2471763592]) /system/lib/libart.so
#40 pc 00000000001c937f zutil.c:? (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)) /system/lib/libart.so
#41 pc 00000000003d52b9 zutil.c:? (artQuickToInterpreterBridge) /system/lib/libart.so
#42 pc 0000000000411aff zutil.c:? (art_quick_to_interpreter_bridge) /system/lib/libart.so
#43 pc 000000000040d575 zutil.c:? (art_quick_invoke_stub_internal) /system/lib/libart.so
#44 pc 00000000003e6c7b zutil.c:? (art_quick_invoke_static_stub) /system/lib/libart.so
#45 pc 00000000000a1027 zutil.c:? (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)) /system/lib/libart.so
#46 pc 0000000000347ac5 zutil.c:? (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)) /system/lib/libart.so
#47 pc 00000000003478ef zutil.c:? (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)) /system/lib/libart.so
#48 pc 000000000028eb11 zutil.c:? (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)) /system/lib/libart.so
#49 pc 000000000006c93b ??:? (android::AndroidRuntime::getJNIEnv()) /system/lib/libandroid_runtime.so
#50 pc 000000000006eb93 ??:? (android::AndroidRuntime::start(char const*, android::Vectorandroid::String8 const&, bool)) /system/lib/libandroid_runtime.so
#51 pc 00001989 /system/bin/app_process32 (main+728)
#52 pc 000000000008b00d libgcc2.c:? (__libc_init) /system/lib/libc.so
#53 pc 0000166f /system/bin/app_process32 (_start_main+38)
#54 pc 00000306 <anonymous:f408c000

@enh
Copy link

enh commented Jun 20, 2019

that's not the same issue. ARM system call 214 is setgid32. i don't think the code in question should be run if you're actually using wrap.sh, though (because that code is for cloning the zygote, not for running as a new process).

@sarora5
Copy link

sarora5 commented Jun 21, 2019
edited
Loading

@eugenis
Check this :

06-21 09:32:10.079 7647 7647 D AndroidRuntime: Calling main entry com.android.internal.os.WrapperInit │
06-21 09:32:10.079 773 773 I Zygote : Wrapped process has pid 7647 ==> ID for my process

Active Processes ( What is process 7649 doing ? )

u0_a142 7647 7644 1823692 158876 0 0 S com.xxx.crashy
root 7656 2 0 0 0 0 S [kworker/7:2]
root 7657 2 0 0 0 0 S [kworker/7:3]
u0_a142 7679 7647 572156 4528 0 0 S crashy_e1c90cf7-0255-18db-03a5-86483e9a92a8.txt

===============
Crash is happening in 7661 which is not my process but it is consistently happening on other process , here process name shows my process but ID is different

06-21 09:32:10.450 7664 7664 I crash_dump32: performing dump of process 7661 (target tid = 7661) ┤
06-21 09:32:10.458 7664 7664 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** │
06-21 09:32:10.458 7664 7664 F DEBUG : Build fingerprint: 'google/walleye/walleye:9/PQ1A.190105.004/5148680:user/release-keys' │
06-21 09:32:10.458 7664 7664 F DEBUG : Revision: 'MP1' │
06-21 09:32:10.458 7664 7664 F DEBUG : ABI: 'arm' │
06-21 09:32:10.458 7664 7664 F DEBUG : pid: 7661, tid: 7661, name: main >>> com.xxx.crashy <<< │
06-21 09:32:10.458 7664 7664 F DEBUG : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr -------- │
06-21 09:32:10.458 7664 7664 F DEBUG : Cause: seccomp prevented call to disallowed arm system call 214 │
06-21 09:32:10.458 7664 7664 F DEBUG : r0 000003e8 r1 ffd21ac8 r2 00000000 r3 00000000 │
06-21 09:32:10.458 7664 7664 F DEBUG : r4 00000000 r5 6f69e848 r6 00000000 r7 000000d6 │
06-21 09:32:10.458 7664 7664 F DEBUG : r8 00000000 r9 ca303080 r10 12cda5c8 r11 12cda638 │
06-21 09:32:10.458 7664 7664 F DEBUG : ip 12cda588 sp ffd21aa0 lr ed07d0b9 pc eee17e10

@oviano
Copy link

oviano commented Mar 30, 2020

I have a similar issue trying to run Asan on a Samsung tablet.

As reported above, the PID is not the actual PID of my application which continues for a short time before abort()ing on a thrown exception, even though the exception is caught in my code and works fine when Asan is disabled. But perhaps this secondary exception problem is a result of the first issue I am reporting here regarding the app process being terminated?

2020-03-30 15:10:53.423 8498-8498/? A/libc: Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 8498 (main), pid 8498 (main)
2020-03-30 15:10:53.481 8501-8501/? E/crash_dump64: unknown process state: t
2020-03-30 15:10:53.499 5973-5973/? I/SKBD: alm isTosAccept false
2020-03-30 15:10:53.509 8501-8501/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2020-03-30 15:10:53.510 764-764/? I//system/bin/tombstoned: received crash request for pid 8498
2020-03-30 15:10:53.511 8501-8501/? I/crash_dump64: performing dump of process 8498 (target tid = 8498)
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: Build fingerprint: 'samsung/gtowifieea/gtowifi:9/PPR1.180610.011/T290XXU2ASL3:user/release-keys'
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: Revision: '4'
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: ABI: 'arm64'
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: pid: 8498, tid: 8498, name: main >>> com.olivercollyer.emuplayer <<<
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: Cause: seccomp prevented call to disallowed arm64 system call 144
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: x0 00000000000003e8 x1 0000007ff979c5a0 x2 0000000000000000 x3 0000000000000000
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: x4 0000007e9a9fb558 x5 0000007e9a9fb558 x6 0000007e9a9fb558 x7 0000000000000068
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: x8 0000000000000090 x9 0000000000000001 x10 0000000000004001 x11 0000000000000000
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: x12 0000007e9a9fb558 x13 0000000000000000 x14 00000000ffffffff x15 0000000000000009
2020-03-30 15:10:53.535 8501-8501/? A/DEBUG: x16 0000007e953c7e00 x17 0000007e980c5970 x18 0000000000000008 x19 0000007313e73880
2020-03-30 15:10:53.536 8501-8501/? A/DEBUG: x20 0000007e952965d0 x21 0000007e9a9fb5e0 x22 0000000000000000 x23 00000000133f5928
2020-03-30 15:10:53.536 8501-8501/? A/DEBUG: x24 00000000133f5968 x25 00000000133f5a40 x26 00000000133f5a00 x27 0000000000000001
2020-03-30 15:10:53.536 8501-8501/? A/DEBUG: x28 0000000000000003 x29 0000007ff979c650
2020-03-30 15:10:53.536 8501-8501/? A/DEBUG: sp 0000007ff979c4e0 lr 0000007e952966f0 pc 0000007e980c5978
2020-03-30 15:10:53.673 8501-8501/? A/DEBUG: backtrace:
2020-03-30 15:10:53.673 8501-8501/? A/DEBUG: #00 pc 000000000007c978 /system/lib64/libc.so (setgid+8)
2020-03-30 15:10:53.673 8501-8501/? A/DEBUG: #1 pc 000000000013b6ec /system/lib64/libandroid_runtime.so (android::NativeVerifySystemIdmaps(_JNIEnv*, _jclass*)+284)
2020-03-30 15:10:53.673 8501-8501/? A/DEBUG: #2 pc 0000000000423190 /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.content.res.AssetManager.nativeVerifySystemIdmaps [DEDUPED]+144)
2020-03-30 15:10:53.673 8501-8501/? A/DEBUG: #3 pc 00000000008441e4 /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.content.res.AssetManager.createSystemAssetsInZygoteLocked+100)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #4 pc 0000000000844630 /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.content.res.AssetManager.getSystem+80)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #5 pc 0000000000849908 /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.content.res.Resources.+392)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #6 pc 0000000000849ccc /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.content.res.Resources.getSystem+124)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #7 pc 0000000000e13a90 /system/framework/arm64/boot-framework.oat (offset 0x41e000) (com.android.internal.os.ZygoteInit.preloadResources+80)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #8 pc 0000000000e12614 /system/framework/arm64/boot-framework.oat (offset 0x41e000) (com.android.internal.os.ZygoteInit.preload+324)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #9 pc 000000000055924c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #10 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #11 pc 00000000002806c0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #12 pc 000000000027a6c8 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #13 pc 0000000000529390 /system/lib64/libart.so (MterpInvokeStatic+204)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #14 pc 000000000054b694 /system/lib64/libart.so (ExecuteMterpImpl+14612)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #15 pc 00000000015151d6 /system/framework/boot-framework.vdex (com.android.internal.os.WrapperInit.main+134)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #16 pc 000000000025431c /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2915286849+488)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #17 pc 0000000000518720 /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #18 pc 00000000005620fc /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #19 pc 000000000055924c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #20 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #21 pc 000000000045e6b8 /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #22 pc 000000000045e318 /system/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #23 pc 0000000000363000 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #24 pc 00000000000b6cb4 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+116)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #25 pc 00000000000b6b70 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::callMain(android::String8 const&, _jclass*, android::Vectorandroid::String8 const&)+596)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #26 pc 0000000000004f48 /system/bin/app_process64 (android::AppRuntime::onStarted()+64)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #27 pc 0000000000423190 /system/framework/arm64/boot-framework.oat (offset 0x41e000) (android.content.res.AssetManager.nativeVerifySystemIdmaps [DEDUPED]+144)
2020-03-30 15:10:53.674 8501-8501/? A/DEBUG: #28 pc 000000000055924c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #29 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #30 pc 00000000002806c0 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #31 pc 000000000027a6c8 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #32 pc 0000000000529390 /system/lib64/libart.so (MterpInvokeStatic+204)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #33 pc 000000000054b694 /system/lib64/libart.so (ExecuteMterpImpl+14612)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #34 pc 00000000015147c4 /system/framework/boot-framework.vdex (com.android.internal.os.RuntimeInit.main+48)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #35 pc 000000000025431c /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2915286849+488)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #36 pc 0000000000518720 /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #37 pc 00000000005620fc /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #38 pc 000000000055924c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #39 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #40 pc 000000000045e6b8 /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #41 pc 000000000045e318 /system/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #42 pc 0000000000363000 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #43 pc 00000000000b6cb4 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+116)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #44 pc 00000000000b990c /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vectorandroid::String8 const&, bool)+768)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #45 pc 0000000000004b44 /system/bin/app_process64 (main+1832)
2020-03-30 15:10:53.675 8501-8501/? A/DEBUG: #46 pc 00000000000c372c /system/lib64/libc.so (__libc_init+88)

@oviano oviano mentioned this issue Mar 31, 2020
Open
@linyang59685689
Copy link

I have a similar issue trying to run Asan on a xiaomi tablet.
Build fingerprint: 'Xiaomi/jason/jason:9/PKQ1.181007.001/V12.0.1.0.PCHCNXM:user/release-keys'
Revision: '0'
ABI: 'arm64'
pid: 15856, tid: 15856, name: main >>> xxxx <<<
signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
Cause: seccomp prevented call to disallowed arm64 system call 144
x0 00000000000003e8 x1 0000007ff1450f10 x2 0000000000000000 x3 0000000000000000
x4 000000716b16b558 x5 000000716b16b558 x6 000000716b16b558 x7 0000000001a3a458
x8 0000000000000090 x9 0000000000000001 x10 0000000000004001 x11 0000000000000000
x12 000000716b16b558 x13 0000000000000000 x14 00000000ffffffff x15 0000cea911e95813
x16 0000007168cb7be8 x17 0000007166cc87cc x18 0000000000000008 x19 00000053772a8880
x20 0000007168b80e40 x21 000000716b16b5e0 x22 0000000000000000 x23 000000001322fd20
x24 0000000012c52fd8 x25 000000001322fdb8 x26 00000053772a8920 x27 0000000000000000
x28 0000000000000000 x29 0000007ff1450fc0
sp 0000007ff1450e50 lr 0000007168b80f60 pc 0000007166cc87d4

backtrace:
#00 pc 000000000007b7d4 /system/lib64/libc.so (setgid+8)
#1 pc 0000000000135f5c /system/lib64/libandroid_runtime.so (android::NativeVerifySystemIdmaps(_JNIEnv*, _jclass*)+284)
#2 pc 0000000000bcd620 /system/framework/arm64/boot-framework.oat (offset 0xa59000) (android.content.res.AssetManager.nativeVerifySystemIdmaps [DEDUPED]+144)
#3 pc 0000000000bca97c /system/framework/arm64/boot-framework.oat (offset 0xa59000) (android.content.res.AssetManager.createSystemAssetsInZygoteLocked+108)
#4 pc 0000000000bcb130 /system/framework/arm64/boot-framework.oat (offset 0xa59000) (android.content.res.AssetManager.getSystem+80)
#5 pc 0000000000bd44cc /system/framework/arm64/boot-framework.oat (offset 0xa59000) (android.content.res.Resources.+396)
#6 pc 0000000000bd49ec /system/framework/arm64/boot-framework.oat (offset 0xa59000) (android.content.res.Resources.getSystem+140)
#7 pc 000000000055764c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
#8 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
#9 pc 0000000000280338 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
#10 pc 000000000027a34c /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
#11 pc 0000000000527a30 /system/lib64/libart.so (MterpInvokeStatic+204)
#12 pc 0000000000549b14 /system/lib64/libart.so (ExecuteMterpImpl+14612)
#13 pc 00000000013e3a6a /system/framework/boot-framework.vdex (miui.os.DeviceFeature.)
#14 pc 0000000000254050 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.972697677+488)
#15 pc 0000000000516de0 /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
#16 pc 00000000005604fc /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
#17 pc 000000000055764c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
#18 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
#19 pc 0000000000128044 /system/lib64/libart.so (art::ClassLinker::InitializeClass(art::Thread*, art::Handleart::mirror::Class, bool, bool)+2196)
#20 pc 00000000001133dc /system/lib64/libart.so (art::ClassLinker::EnsureInitialized(art::Thread*, art::Handleart::mirror::Class, bool, bool)+192)
#21 pc 000000000052be70 /system/lib64/libart.so (MterpGet32Static+308)
#22 pc 0000000000549290 /system/lib64/libart.so (ExecuteMterpImpl+12432)
#23 pc 0000000000bf7b9e /system/framework/boot-framework.vdex (android.os.PowerManager.)
#24 pc 0000000000254050 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.972697677+488)
#25 pc 0000000000516de0 /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
#26 pc 00000000005604fc /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
#27 pc 000000000055764c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
#28 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
#29 pc 0000000000128044 /system/lib64/libart.so (art::ClassLinker::InitializeClass(art::Thread*, art::Handleart::mirror::Class, bool, bool)+2196)
#30 pc 00000000001133dc /system/lib64/libart.so (art::ClassLinker::EnsureInitialized(art::Thread*, art::Handleart::mirror::Class, bool, bool)+192)
#31 pc 00000000003d5fd0 /system/lib64/libart.so (art::Class_classForName(_JNIEnv*, _jclass*, _jstring*, unsigned char, _jobject*)+296)
#32 pc 000000000056ab30 /system/framework/arm64/boot-core-oj.oat (offset 0x2dc000) (java.lang.reflect.Parameter.getAnnotationNative [DEDUPED]+208)
#33 pc 000000000078e960 /system/framework/arm64/boot-core-oj.oat (offset 0x2dc000) (java.lang.Class.forName+112)
#34 pc 00000000024b3fc0 /system/framework/arm64/boot-framework.oat (offset 0xa59000) (com.android.internal.os.ZygoteInit.preloadClasses+960)
#35 pc 00000000024b3924 /system/framework/arm64/boot-framework.oat (offset 0xa59000) (com.android.internal.os.ZygoteInit.preload+196)
#36 pc 00000000024ac014 /system/framework/arm64/boot-framework.oat (offset 0xa59000) (com.android.internal.os.WrapperInit.main+532)
#37 pc 000000000055764c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
#38 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
#39 pc 000000000045de48 /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#40 pc 000000000045daa8 /system/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
#41 pc 0000000000362cd8 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
#42 pc 00000000000b4220 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+116)
#43 pc 00000000000b40dc /system/lib64/libandroid_runtime.so (android::AndroidRuntime::callMain(android::String8 const&, _jclass*, android::Vectorandroid::String8 const&)+596)
#44 pc 0000000000002938 /system/bin/app_process64 (android::AppRuntime::onStarted()+64)
#45 pc 0000000000bcd620 /system/framework/arm64/boot-framework.oat (offset 0xa59000) (android.content.res.AssetManager.nativeVerifySystemIdmaps [DEDUPED]+144)
#46 pc 000000000249b0e8 /system/framework/arm64/boot-framework.oat (offset 0xa59000) (com.android.internal.os.RuntimeInit.main+184)
#47 pc 000000000055764c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
#48 pc 00000000000cfce8 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
#49 pc 000000000045de48 /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#50 pc 000000000045daa8 /system/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
#51 pc 0000000000362cd8 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
#52 pc 00000000000b4220 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+116)
#53 pc 00000000000b6dbc /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vectorandroid::String8 const&, bool)+924)
#54 pc 0000000000002528 /system/bin/app_process64 (main+2012)
#55 pc 00000000000c8584 /system/lib64/libc.so (__libc_init+88)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@eugenis @oviano @bog-dan-ro @enh @sarora5 @linyang59685689