Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
GWP-ASan and KFENCE
Stay organized with collections
Save and categorize content based on your preferences.
GWP-ASan and KFENCE are probabilistic memory detection tools for userspace
and the kernel, respectively. When enabled, a small number of allocations are
guarded with additional memory pages that surround the allocated memory.
This allows detecting buffer overflows and use-after-frees at a negligible
performance overhead. Even with a small sample rate for the guarded allocations,
when deployed at scale they can effectively detect memory safety bugs.
Since their introduction these tools have helped identify numerous platform
bugs and have proved to be a valuable tool for improving stability and security.
We encourage vendors to enable them and to closely monitor the bugs detected on
end user devices.
Developers should check the presence of crashes by checking
/data/tombstones, logcat or by monitoring the vendor
DropboxManager
pipeline for end user bugs.
For more information see our docs on debugging Android native
code.
Debugging Native Android Platform Codearrow_forward
GWP-ASan for detecting userspace memory safety bugs
GWP-ASan was introduced in Android 11 for userspace
heap allocations. When GWP-ASan detects a bug, it records a crash report with
Cause: [GWP-ASan]: and terminates the process. The bug reports
contain additional allocation and deallocation information that make it easier
to identify the root cause.
GWP-ASan is randomly enabled, at start-up, for 1% of system processes or
apps and for applications that set the android:gwpAsanMode in their
AndroidManifest.xml file.
GWP-ASanarrow_forward
KFENCE for detecting kernel memory safety bugs
Android 12 introduced KFENCE for kernel heap
allocations. When KFENCE detects a bug, it records a crash report starting
with BUG: KFENCE, disables the guard pages and continues execution.
This enables a kernel bug detection mechanism that minimally impacts the user
experience.
To learn more about KFENCE see the documentation available at https://www.kernel.org
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-08-29 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# GWP-ASan and KFENCE are probabilistic memory detection tools for userspace\nand the kernel, respectively. When enabled, a small number of allocations are\nguarded with additional memory pages that surround the allocated memory.\nThis allows detecting buffer overflows and use-after-frees at a negligible\nperformance overhead. Even with a small sample rate for the guarded allocations,\nwhen deployed at scale they can effectively detect memory safety bugs.\nSince their introduction these tools have helped identify numerous platform\nbugs and have proved to be a valuable tool for improving stability and security.\nWe encourage vendors to enable them and to closely monitor the bugs detected on\nend user devices.\n\n\nDevelopers should check the presence of crashes by checking\n`/data/tombstones`, `logcat` or by monitoring the vendor\n[DropboxManager](https://developer.android.com/reference/android/os/DropBoxManager)\npipeline for end user bugs.\n\n\nFor more information see our docs on debugging Android native\ncode.\n[Debugging Native Android Platform Codearrow_forward](/docs/core/tests/debug)\n\nGWP-ASan for detecting userspace memory safety bugs\n---------------------------------------------------\n\n\nGWP-ASan was introduced in Android 11 for userspace\nheap allocations. When GWP-ASan detects a bug, it records a crash report with\n`Cause: [GWP-ASan]:` and terminates the process. The bug reports\ncontain additional allocation and deallocation information that make it easier\nto identify the root cause.\n\n\nGWP-ASan is randomly enabled, at start-up, for 1% of system processes or\napps and for applications that set the `android:gwpAsanMode` in their\n`AndroidManifest.xml` file.\n[GWP-ASanarrow_forward](https://developer.android.com/ndk/guides/gwp-asan)\n\nKFENCE for detecting kernel memory safety bugs\n----------------------------------------------\n\n\nAndroid 12 introduced KFENCE for kernel heap\nallocations. When KFENCE detects a bug, it records a crash report starting\nwith `BUG: KFENCE,` disables the guard pages and continues execution.\nThis enables a kernel bug detection mechanism that minimally impacts the user\nexperience.\n\n\nTo learn more about KFENCE see the documentation available at [https://www.kernel.org](https://www.kernel.org/doc/html/latest/dev-tools/kfence.html)"]]
