08-28 10:39:42.931 26048 26048 I org.chromium.chrome: ==26048==ERROR: AddressSanitizer: heap-use-after-free on address 0x004fae7f8a58 at pc 0x006dc4dddb24 bp 0x007ff1015df0 sp 0x007ff1015de8 08-28 10:39:42.931 26047 26047 I wrap.sh : ==26048==ERROR: AddressSanitizer: heap-use-after-free on address 0x004fae7f8a58 at pc 0x006dc4dddb24 bp 0x007ff1015df0 sp 0x007ff1015de8 08-28 10:39:42.931 26048 26048 I org.chromium.chrome: READ of size 8 at 0x004fae7f8a58 thread T0 (chromium.chrome) 08-28 10:39:42.931 26047 26047 I wrap.sh : READ of size 8 at 0x004fae7f8a58 thread T0 (chromium.chrome) 08-28 10:39:42.948 26047 26047 I wrap.sh : #0 0x6dc4dddb20 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18bb7b20) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: #0 0x6dc4dddb20 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18bb7b20) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.948 26047 26047 I wrap.sh : #1 0x6efc1a7570 (/apex/com.android.art/lib64/libart.so+0x3a7570) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: #1 0x6efc1a7570 (/apex/com.android.art/lib64/libart.so+0x3a7570) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26047 26047 I wrap.sh : #2 0x6efc4e53dc (/apex/com.android.art/lib64/libart.so+0x6e53dc) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: #2 0x6efc4e53dc (/apex/com.android.art/lib64/libart.so+0x6e53dc) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26047 26047 I wrap.sh : #3 0x6efc4e69b4 (/apex/com.android.art/lib64/libart.so+0x6e69b4) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: #3 0x6efc4e69b4 (/apex/com.android.art/lib64/libart.so+0x6e69b4) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26047 26047 I wrap.sh : #4 0x6efc4e69b4 (/apex/com.android.art/lib64/libart.so+0x6e69b4) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: #4 0x6efc4e69b4 (/apex/com.android.art/lib64/libart.so+0x6e69b4) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.948 26047 26047 I wrap.sh : 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: 08-28 10:39:42.948 26047 26047 I wrap.sh : 0x004fae7f8a58 is located 472 bytes inside of 1600-byte region [0x004fae7f8880,0x004fae7f8ec0) 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: 0x004fae7f8a58 is located 472 bytes inside of 1600-byte region [0x004fae7f8880,0x004fae7f8ec0) 08-28 10:39:42.948 26047 26047 I wrap.sh : freed by thread T0 (chromium.chrome) here: 08-28 10:39:42.948 26048 26048 I org.chromium.chrome: freed by thread T0 (chromium.chrome) here: 08-28 10:39:42.949 26047 26047 I wrap.sh : #0 0x719d2f4710 (/system/lib64/libclang_rt.asan-aarch64-android.so+0xe8710) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: #0 0x719d2f4710 (/system/lib64/libclang_rt.asan-aarch64-android.so+0xe8710) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:42.949 26047 26047 I wrap.sh : #1 0x6dc50a8f74 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e82f74) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: #1 0x6dc50a8f74 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e82f74) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26047 26047 I wrap.sh : #2 0x6dc50a8744 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e82744) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: #2 0x6dc50a8744 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e82744) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26047 26047 I wrap.sh : #3 0x6dbe8712e0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1264b2e0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: #3 0x6dbe8712e0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1264b2e0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26047 26047 I wrap.sh : #4 0x6dbe8733a0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1264d3a0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: #4 0x6dbe8733a0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1264d3a0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26047 26047 I wrap.sh : #5 0x6dc4c4fa68 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18a29a68) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: #5 0x6dc4c4fa68 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18a29a68) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.949 26047 26047 I wrap.sh : #6 0x6efc1a7570 (/apex/com.android.art/lib64/libart.so+0x3a7570) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.949 26047 26047 I wrap.sh : 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: #6 0x6efc1a7570 (/apex/com.android.art/lib64/libart.so+0x3a7570) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: 08-28 10:39:42.949 26047 26047 I wrap.sh : previously allocated by thread T0 (chromium.chrome) here: 08-28 10:39:42.949 26048 26048 I org.chromium.chrome: previously allocated by thread T0 (chromium.chrome) here: 08-28 10:39:42.950 26047 26047 I wrap.sh : #0 0x719d2f3e90 (/system/lib64/libclang_rt.asan-aarch64-android.so+0xe7e90) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:42.950 26047 26047 I wrap.sh : #1 0x6dcd2c5c84 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x2109fc84) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #2 0x6dcd338be0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x21112be0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #0 0x719d2f3e90 (/system/lib64/libclang_rt.asan-aarch64-android.so+0xe7e90) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:42.950 26047 26047 I wrap.sh : #3 0x6dc4c59b48 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18a33b48) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #1 0x6dcd2c5c84 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x2109fc84) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #4 0x6dbe89b6b0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x126756b0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #2 0x6dcd338be0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x21112be0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #5 0x6dbe2c91c0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x120a31c0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #3 0x6dc4c59b48 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18a33b48) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #6 0x6dbc48fea8 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x10269ea8) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #4 0x6dbe89b6b0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x126756b0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #7 0x6dc4f372a4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d112a4) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #8 0x6dc4f48860 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d22860) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #5 0x6dbe2c91c0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x120a31c0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #9 0x6dc4f3af1c (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d14f1c) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #6 0x6dbc48fea8 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x10269ea8) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #10 0x6dc6ec8078 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1aca2078) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #7 0x6dc4f372a4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d112a4) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #11 0x6dc6ec98b4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1aca38b4) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #8 0x6dc4f48860 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d22860) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #12 0x6dc50b9358 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e93358) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #9 0x6dc4f3af1c (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d14f1c) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #13 0x6dc510bcf4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18ee5cf4) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #10 0x6dc6ec8078 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1aca2078) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #14 0x6dc510b140 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18ee5140) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #11 0x6dc6ec98b4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1aca38b4) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #15 0x6dc51e8f30 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2f30) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #12 0x6dc50b9358 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e93358) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #16 0x6dc51e8cd0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2cd0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #13 0x6dc510bcf4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18ee5cf4) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #17 0x6dc51e8204 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2204) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #14 0x6dc510b140 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18ee5140) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #18 0x719b8a65fc (/system/lib64/libutils.so+0xf5fc) (BuildId: 76084bd1839ac5b79bbe3f2abb199da1) 08-28 10:39:42.950 26047 26047 I wrap.sh : #19 0x71a56147cc (/system/lib64/libandroid_runtime.so+0x1817cc) (BuildId: 018f7126f3f91dbd25018e66353d2ba1) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #15 0x6dc51e8f30 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2f30) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : #20 0x71356e80 (/system/framework/arm64/boot-framework.oat+0x1ede80) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #16 0x6dc51e8cd0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2cd0) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26047 26047 I wrap.sh : 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #17 0x6dc51e8204 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2204) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #18 0x719b8a65fc (/system/lib64/libutils.so+0xf5fc) (BuildId: 76084bd1839ac5b79bbe3f2abb199da1) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #19 0x71a56147cc (/system/lib64/libandroid_runtime.so+0x1817cc) (BuildId: 018f7126f3f91dbd25018e66353d2ba1) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: #20 0x71356e80 (/system/framework/arm64/boot-framework.oat+0x1ede80) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: 08-28 10:39:42.950 26047 26047 I wrap.sh : SUMMARY: AddressSanitizer: heap-use-after-free (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18bb7b20) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.950 26048 26048 I org.chromium.chrome: SUMMARY: AddressSanitizer: heap-use-after-free (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18bb7b20) (BuildId: cff9066ee28dccf2) 08-28 10:39:42.951 26047 26047 I wrap.sh : Shadow bytes around the buggy address: 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa f7 fa 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Shadow bytes around the buggy address: 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa f7 fa 08-28 10:39:42.951 26047 26047 I wrap.sh : =>0x004fae7f8a00: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: =>0x004fae7f8a00: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : 0x004fae7f8c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : Shadow byte legend (one shadow byte represents 8 application bytes): 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : Addressable: 00 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : Partially addressable: 01 02 03 04 05 06 07 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : Heap left redzone: fa 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: 0x004fae7f8c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:42.951 26047 26047 I wrap.sh : Freed heap region: fd 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Shadow byte legend (one shadow byte represents 8 application bytes): 08-28 10:39:42.951 26047 26047 I wrap.sh : Stack left redzone: f1 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Addressable: 00 08-28 10:39:42.951 26047 26047 I wrap.sh : Stack mid redzone: f2 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Partially addressable: 01 02 03 04 05 06 07 08-28 10:39:42.951 26047 26047 I wrap.sh : Stack right redzone: f3 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Heap left redzone: fa 08-28 10:39:42.951 26047 26047 I wrap.sh : Stack after return: f5 08-28 10:39:42.951 26047 26047 I wrap.sh : Stack use after scope: f8 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Freed heap region: fd 08-28 10:39:42.951 26047 26047 I wrap.sh : Global redzone: f9 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Stack left redzone: f1 08-28 10:39:42.951 26047 26047 I wrap.sh : Global init order: f6 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Stack mid redzone: f2 08-28 10:39:42.951 26047 26047 I wrap.sh : Poisoned by user: f7 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Stack right redzone: f3 08-28 10:39:42.951 26047 26047 I wrap.sh : Container overflow: fc 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Stack after return: f5 08-28 10:39:42.951 26047 26047 I wrap.sh : Array cookie: ac 08-28 10:39:42.951 26047 26047 I wrap.sh : Intra object redzone: bb 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Stack use after scope: f8 08-28 10:39:42.951 26047 26047 I wrap.sh : ASan internal: fe 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Global redzone: f9 08-28 10:39:42.951 26047 26047 I wrap.sh : Left alloca redzone: ca 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Global init order: f6 08-28 10:39:42.951 26047 26047 I wrap.sh : Right alloca redzone: cb 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Poisoned by user: f7 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Container overflow: fc 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Array cookie: ac 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Intra object redzone: bb 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: ASan internal: fe 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Left alloca redzone: ca 08-28 10:39:42.951 26048 26048 I org.chromium.chrome: Right alloca redzone: cb 08-28 10:39:42.951 26047 26047 I wrap.sh : 08-28 10:39:42.951 26047 26047 I wrap.sh : ==26048==ADDITIONAL INFO 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: ==26048==ADDITIONAL INFO 08-28 10:39:42.952 26047 26047 I wrap.sh : 08-28 10:39:42.952 26047 26047 I wrap.sh : ==26048==Note: Please include this section with the ASan report. 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: ==26048==Note: Please include this section with the ASan report. 08-28 10:39:42.952 26047 26047 I wrap.sh : Task trace: 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: Task trace: 08-28 10:39:42.952 26047 26047 I wrap.sh : 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: 08-28 10:39:42.952 26047 26047 I wrap.sh : 08-28 10:39:42.952 26047 26047 I wrap.sh : Command line: ` --use-mobile-user-agent --top-controls-show-threshold=0.5 --top-controls-hide-threshold=0.5 --use-mobile-user-agent --enable-viewport --validate-input-event-stream --enable-longpress-drag-selection --touch-selection-strategy=direction --disable-composited-antialiasing --enable-dom-distiller --flag-switches-begin --flag-switches-end` 08-28 10:39:42.952 26047 26047 I wrap.sh : 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: Command line: ` --use-mobile-user-agent --top-controls-show-threshold=0.5 --top-controls-hide-threshold=0.5 --use-mobile-user-agent --enable-viewport --validate-input-event-stream --enable-longpress-drag-selection --touch-selection-strategy=direction --disable-composited-antialiasing --enable-dom-distiller --flag-switches-begin --flag-switches-end` 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: 08-28 10:39:42.952 26047 26047 I wrap.sh : 08-28 10:39:42.952 26047 26047 I wrap.sh : MiraclePtr Status: NOT PROTECTED 08-28 10:39:42.952 26047 26047 I wrap.sh : No raw_ptr access to this region was detected prior to this crash. 08-28 10:39:42.952 26047 26047 I wrap.sh : This crash is still exploitable with MiraclePtr. 08-28 10:39:42.952 26047 26047 I wrap.sh : Refer to https://chromium.googlesource.com/chromium/src/+/main/base/memory/raw_ptr.md for details. 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: MiraclePtr Status: NOT PROTECTED 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: No raw_ptr access to this region was detected prior to this crash. 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: This crash is still exploitable with MiraclePtr. 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: Refer to https://chromium.googlesource.com/chromium/src/+/main/base/memory/raw_ptr.md for details. 08-28 10:39:42.952 26047 26047 I wrap.sh : 08-28 10:39:42.952 26047 26047 I wrap.sh : ==26048==END OF ADDITIONAL INFO 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: ==26048==END OF ADDITIONAL INFO 08-28 10:39:42.952 26047 26047 I wrap.sh : ==26048==ABORTING 08-28 10:39:42.952 26048 26048 I org.chromium.chrome: ==26048==ABORTING 08-28 10:39:42.994 26910 26910 W libchrome_crash: type=1400 audit(0.0:4215): avc: denied { search } for name="tests" dev="dm-46" ino=112 scontext=u:r:untrusted_app:s0:c110,c256,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 bug=b/305600845 app=org.chromium.chrome 08-28 10:39:42.994 26910 26910 W libchrome_crash: type=1400 audit(0.0:4216): avc: denied { search } for name="tests" dev="dm-46" ino=112 scontext=u:r:untrusted_app:s0:c110,c256,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 bug=b/305600845 app=org.chromium.chrome 08-28 10:39:42.994 26910 26910 W libchrome_crash: type=1400 audit(0.0:4217): avc: denied { search } for name="tests" dev="dm-46" ino=112 scontext=u:r:untrusted_app:s0:c110,c256,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 bug=b/305600845 app=org.chromium.chrome 08-28 10:39:42.994 26910 26910 W libchrome_crash: type=1400 audit(0.0:4218): avc: denied { search } for name="tests" dev="dm-46" ino=112 scontext=u:r:untrusted_app:s0:c110,c256,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 bug=b/305600845 app=org.chromium.chrome 08-28 10:39:43.002 26047 26047 I wrap.sh : CANNOT LINK EXECUTABLE "/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome_crashpad_handler.so": library "libc++_chrome.so" not found: needed by main executable 08-28 10:39:43.002 26910 26910 F linker : CANNOT LINK EXECUTABLE "/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome_crashpad_handler.so": library "libc++_chrome.so" not found: needed by main executable 08-28 10:39:43.002 26048 26048 F libc : Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 26048 (chromium.chrome), pid 26048 (chromium.chrome) 08-28 10:39:43.074 26912 26912 W crash_dump64: type=1400 audit(0.0:4219): avc: denied { read write } for path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:crash_dump:s0:c110,c256,c512,c768 tcontext=u:object_r:untrusted_app_all_devpts:s0:c110,c256,c512,c768 tclass=chr_file permissive=0 app=org.chromium.chrome 08-28 10:39:43.157 26913 26913 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstoneProto 08-28 10:39:43.158 669 669 I tombstoned: received crash request for pid 26048 08-28 10:39:43.159 26913 26913 I crash_dump64: performing dump of process 26048 (target tid = 26048) 08-28 10:39:41.896 481 481 I logd : logdr: UID=10110 GID=10110 PID=26913 n tail=500 logMask=8 pid=26048 start=0ns deadline=0ns 08-28 10:39:41.902 481 481 I logd : logdr: UID=10110 GID=10110 PID=26913 n tail=500 logMask=1 pid=26048 start=0ns deadline=0ns 08-28 10:39:43.366 26913 26913 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 08-28 10:39:43.366 26913 26913 F DEBUG : Build fingerprint: 'Android/aosp_oriole/oriole:VanillaIceCream/MAIN/11606294:userdebug/test-keys' 08-28 10:39:43.366 26913 26913 F DEBUG : Revision: 'MP1.0' 08-28 10:39:43.366 26913 26913 F DEBUG : ABI: 'arm64' 08-28 10:39:43.366 26913 26913 F DEBUG : Timestamp: 2024-08-28 10:39:43.176571747+0800 08-28 10:39:43.366 26913 26913 F DEBUG : Process uptime: 365s 08-28 10:39:43.366 26913 26913 F DEBUG : Cmdline: org.chromium.chrome 08-28 10:39:43.366 26913 26913 F DEBUG : pid: 26048, tid: 26048, name: chromium.chrome >>> org.chromium.chrome <<< 08-28 10:39:43.366 26913 26913 F DEBUG : uid: 10110 08-28 10:39:43.366 26913 26913 F DEBUG : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE) 08-28 10:39:43.366 26913 26913 F DEBUG : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 08-28 10:39:43.366 26913 26913 F DEBUG : Abort message: '================================================================= 08-28 10:39:43.366 26913 26913 F DEBUG : ==26048==ERROR: AddressSanitizer: heap-use-after-free on address 0x004fae7f8a58 at pc 0x006dc4dddb24 bp 0x007ff1015df0 sp 0x007ff1015de8 08-28 10:39:43.366 26913 26913 F DEBUG : READ of size 8 at 0x004fae7f8a58 thread T0 (chromium.chrome) 08-28 10:39:43.366 26913 26913 F DEBUG : #0 0x6dc4dddb20 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18bb7b20) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #1 0x6efc1a7570 (/apex/com.android.art/lib64/libart.so+0x3a7570) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #2 0x6efc4e53dc (/apex/com.android.art/lib64/libart.so+0x6e53dc) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #3 0x6efc4e69b4 (/apex/com.android.art/lib64/libart.so+0x6e69b4) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #4 0x6efc4e69b4 (/apex/com.android.art/lib64/libart.so+0x6e69b4) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8a58 is located 472 bytes inside of 1600-byte region [0x004fae7f8880,0x004fae7f8ec0) 08-28 10:39:43.366 26913 26913 F DEBUG : freed by thread T0 (chromium.chrome) here: 08-28 10:39:43.366 26913 26913 F DEBUG : #0 0x719d2f4710 (/system/lib64/libclang_rt.asan-aarch64-android.so+0xe8710) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:43.366 26913 26913 F DEBUG : #1 0x6dc50a8f74 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e82f74) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #2 0x6dc50a8744 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e82744) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #3 0x6dbe8712e0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1264b2e0) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #4 0x6dbe8733a0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1264d3a0) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #5 0x6dc4c4fa68 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18a29a68) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #6 0x6efc1a7570 (/apex/com.android.art/lib64/libart.so+0x3a7570) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : 08-28 10:39:43.366 26913 26913 F DEBUG : previously allocated by thread T0 (chromium.chrome) here: 08-28 10:39:43.366 26913 26913 F DEBUG : #0 0x719d2f3e90 (/system/lib64/libclang_rt.asan-aarch64-android.so+0xe7e90) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:43.366 26913 26913 F DEBUG : #1 0x6dcd2c5c84 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x2109fc84) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #2 0x6dcd338be0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x21112be0) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #3 0x6dc4c59b48 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18a33b48) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #4 0x6dbe89b6b0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x126756b0) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #5 0x6dbe2c91c0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x120a31c0) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #6 0x6dbc48fea8 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x10269ea8) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #7 0x6dc4f372a4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d112a4) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #8 0x6dc4f48860 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d22860) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #9 0x6dc4f3af1c (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18d14f1c) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #10 0x6dc6ec8078 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1aca2078) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #11 0x6dc6ec98b4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x1aca38b4) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #12 0x6dc50b9358 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18e93358) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #13 0x6dc510bcf4 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18ee5cf4) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #14 0x6dc510b140 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18ee5140) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #15 0x6dc51e8f30 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2f30) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #16 0x6dc51e8cd0 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2cd0) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #17 0x6dc51e8204 (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18fc2204) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #18 0x719b8a65fc (/system/lib64/libutils.so+0xf5fc) (BuildId: 76084bd1839ac5b79bbe3f2abb199da1) 08-28 10:39:43.366 26913 26913 F DEBUG : #19 0x71a56147cc (/system/lib64/libandroid_runtime.so+0x1817cc) (BuildId: 018f7126f3f91dbd25018e66353d2ba1) 08-28 10:39:43.366 26913 26913 F DEBUG : #20 0x71356e80 (/system/framework/arm64/boot-framework.oat+0x1ede80) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : 08-28 10:39:43.366 26913 26913 F DEBUG : SUMMARY: AddressSanitizer: heap-use-after-free (/data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so+0x18bb7b20) (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : Shadow bytes around the buggy address: 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa f7 fa 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : =>0x004fae7f8a00: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : 0x004fae7f8c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 08-28 10:39:43.366 26913 26913 F DEBUG : Shadow byte legend (one shadow byte represents 8 application bytes): 08-28 10:39:43.366 26913 26913 F DEBUG : Addressable: 00 08-28 10:39:43.366 26913 26913 F DEBUG : Partially addressable: 01 02 03 04 05 06 07 08-28 10:39:43.366 26913 26913 F DEBUG : Heap left redzone: fa 08-28 10:39:43.366 26913 26913 F DEBUG : Freed heap region: fd 08-28 10:39:43.366 26913 26913 F DEBUG : Stack left redzone: f1 08-28 10:39:43.366 26913 26913 F DEBUG : Stack mid redzone: f2 08-28 10:39:43.366 26913 26913 F DEBUG : Stack right redzone: f3 08-28 10:39:43.366 26913 26913 F DEBUG : Stack after return: f5 08-28 10:39:43.366 26913 26913 F DEBUG : Stack use after scope: f8 08-28 10:39:43.366 26913 26913 F DEBUG : Global redzone: f9 08-28 10:39:43.366 26913 26913 F DEBUG : Global init order: f6 08-28 10:39:43.366 26913 26913 F DEBUG : Poisoned by user: f7 08-28 10:39:43.366 26913 26913 F DEBUG : Container overflow: fc 08-28 10:39:43.366 26913 26913 F DEBUG : Array cookie: ac 08-28 10:39:43.366 26913 26913 F DEBUG : Intra object redzone: bb 08-28 10:39:43.366 26913 26913 F DEBUG : ASan internal: fe 08-28 10:39:43.366 26913 26913 F DEBUG : Left alloca redzone: ca 08-28 10:39:43.366 26913 26913 F DEBUG : Right alloca redzone: cb' 08-28 10:39:43.366 26913 26913 F DEBUG : x0 0000000000000000 x1 00000000000065c0 x2 0000000000000006 x3 0000007ff1015010 08-28 10:39:43.366 26913 26913 F DEBUG : x4 0000000000000010 x5 0000000000000010 x6 0000000000000010 x7 7f7f7f7f7f7f7f7f 08-28 10:39:43.366 26913 26913 F DEBUG : x8 00000000000000f0 x9 00000071a166b350 x10 0000000000000001 x11 00000071a16bc0f0 08-28 10:39:43.366 26913 26913 F DEBUG : x12 0000000e35955c02 x13 0000000000000000 x14 0000000000000000 x15 0000007fffffffff 08-28 10:39:43.366 26913 26913 F DEBUG : x16 00000071a1722fd0 x17 00000071a170e4f0 x18 00000071ad864000 x19 00000000000065c0 08-28 10:39:43.366 26913 26913 F DEBUG : x20 00000000000065c0 x21 00000000ffffffff x22 1000000000000000 x23 0000000000000000 08-28 10:39:43.366 26913 26913 F DEBUG : x24 bfffff00000fffff x25 000000719d3d3d08 x26 ffffff0000000000 x27 10000000000fffff 08-28 10:39:43.366 26913 26913 F DEBUG : x28 0000000000000000 x29 0000007ff1015090 08-28 10:39:43.366 26913 26913 F DEBUG : lr 00000071a16a58b8 sp 0000007ff1014ff0 pc 00000071a16a58e4 pst 0000000000001000 08-28 10:39:43.366 26913 26913 F DEBUG : 41 total frames 08-28 10:39:43.366 26913 26913 F DEBUG : backtrace: 08-28 10:39:43.366 26913 26913 F DEBUG : #00 pc 000000000005d8e4 /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: 44c64bd1bdbdec3746eda35259727df2) 08-28 10:39:43.366 26913 26913 F DEBUG : #01 pc 000000000005b6e0 /system/lib64/libclang_rt.asan-aarch64-android.so (__sanitizer::Abort()+60) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:43.366 26913 26913 F DEBUG : #02 pc 000000000005a1b0 /system/lib64/libclang_rt.asan-aarch64-android.so (__sanitizer::Die()+204) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:43.366 26913 26913 F DEBUG : #03 pc 00000000000de5a8 /system/lib64/libclang_rt.asan-aarch64-android.so (__asan::ScopedInErrorReport::~ScopedInErrorReport()+1160) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:43.366 26913 26913 F DEBUG : #04 pc 00000000000e134c /system/lib64/libclang_rt.asan-aarch64-android.so (__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool)+1888) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:43.366 26913 26913 F DEBUG : #05 pc 00000000000e2250 /system/lib64/libclang_rt.asan-aarch64-android.so (__asan_report_load8+52) (BuildId: 076a3aa118eaf0d7275c7f5323293b645dde2fcb) 08-28 10:39:43.366 26913 26913 F DEBUG : #06 pc 0000000018bb7b20 /data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/lib/arm64/libchrome.so (BuildId: cff9066ee28dccf2) 08-28 10:39:43.366 26913 26913 F DEBUG : #07 pc 00000000003a7570 /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #08 pc 00000000006e53dc /apex/com.android.art/lib64/libart.so (nterp_helper+1948) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #09 pc 000000000058263e [anon:dalvik-classes.dex extracted in memory from /data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/base.apk] (org.chromium.chrome.browser.touch_to_fill.payments.TouchToFillPaymentMethodControllerBridge.a+38) 08-28 10:39:43.366 26913 26913 F DEBUG : #10 pc 00000000006e69b4 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #11 pc 0000000000477ec0 [anon:dalvik-classes.dex extracted in memory from /data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/base.apk] (A52.run+60) 08-28 10:39:43.366 26913 26913 F DEBUG : #12 pc 00000000006e69b4 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #13 pc 0000000000478516 [anon:dalvik-classes.dex extracted in memory from /data/app/~~-kJjMZuYR5bAJoDFkSEQ0w==/org.chromium.chrome-4odtA800riLB5GqYegrN4A==/base.apk] (I52.onClick+58) 08-28 10:39:43.366 26913 26913 F DEBUG : #14 pc 0000000000737530 /system/framework/arm64/boot-framework.oat (android.view.View.performClick+416) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : #15 pc 0000000000687158 /system/framework/arm64/boot-framework.oat (android.view.View$PerformClick.run+440) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : #16 pc 00000000005265e4 /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+68) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : #17 pc 0000000000529504 /system/framework/arm64/boot-framework.oat (android.os.Looper.loopOnce+980) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : #18 pc 00000000005290b4 /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+244) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : #19 pc 00000000002faf78 /system/framework/arm64/boot-framework.oat (android.app.ActivityThread.main+1560) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : #20 pc 0000000000391040 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #21 pc 00000000003ae6b8 /apex/com.android.art/lib64/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+904) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #22 pc 00000000003ae320 /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+32) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #23 pc 000000000009b114 /system/framework/arm64/boot.oat (art_jni_trampoline+116) (BuildId: d51621ed619fd9c643348cb49b7222c3f36fec43) 08-28 10:39:43.366 26913 26913 F DEBUG : #24 pc 00000000006e41e4 /system/framework/arm64/boot-framework.oat (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+116) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.366 26913 26913 F DEBUG : #25 pc 00000000006e6a14 /apex/com.android.art/lib64/libart.so (nterp_helper+7636) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #26 pc 000000000051bfee /system/framework/framework.jar (com.android.internal.os.WrapperInit.main+182) 08-28 10:39:43.366 26913 26913 F DEBUG : #27 pc 0000000000391040 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #28 pc 00000000006a4560 /apex/com.android.art/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+880) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.366 26913 26913 F DEBUG : #29 pc 00000000000d7408 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+104) (BuildId: 018f7126f3f91dbd25018e66353d2ba1) 08-28 10:39:43.366 26913 26913 F DEBUG : #30 pc 00000000000df560 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::callMain(android::String8 const&, _jclass*, android::Vector const&)+336) (BuildId: 018f7126f3f91dbd25018e66353d2ba1) 08-28 10:39:43.366 26913 26913 F DEBUG : #31 pc 00000000000029b4 /system/bin/app_process64.real (android::AppRuntime::onStarted()+68) (BuildId: 38b8298a839c55c4826ac7e728a98978) 08-28 10:39:43.367 26913 26913 F DEBUG : #32 pc 00000000001ee198 /system/framework/arm64/boot-framework.oat (art_jni_trampoline+104) (BuildId: 85de1bdf510c2212a470fa4255a23560b2424fa6) 08-28 10:39:43.367 26913 26913 F DEBUG : #33 pc 00000000006e4cd8 /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.367 26913 26913 F DEBUG : #34 pc 000000000051a6ec /system/framework/framework.jar (com.android.internal.os.RuntimeInit.main+48) 08-28 10:39:43.367 26913 26913 F DEBUG : #35 pc 0000000000391040 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.367 26913 26913 F DEBUG : #36 pc 00000000006a4560 /apex/com.android.art/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+880) (BuildId: 7235eadf7f2345670bbe480eb7e491e7) 08-28 10:39:43.367 26913 26913 F DEBUG : #37 pc 00000000000d7408 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+104) (BuildId: 018f7126f3f91dbd25018e66353d2ba1) 08-28 10:39:43.367 26913 26913 F DEBUG : #38 pc 00000000000e2fac /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector const&, bool)+844) (BuildId: 018f7126f3f91dbd25018e66353d2ba1) 08-28 10:39:43.367 26913 26913 F DEBUG : #39 pc 00000000000025b8 /system/bin/app_process64.real (main+1240) (BuildId: 38b8298a839c55c4826ac7e728a98978) 08-28 10:39:43.367 26913 26913 F DEBUG : #40 pc 0000000000057044 /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+116) (BuildId: 44c64bd1bdbdec3746eda35259727df2)