MTE crash on P8P
-
Hello,
With MTE enabled on a Pixel 8 Pro, Windy crashed while I was simply browsing the map:
1707673089.926 3791 3859 E libsigchain: reverting to orig_action_ for MTE SEGV, si_code 9 --------- beginning of crash 1707673089.929 3791 3859 F libc : Fatal signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x800c9b3d4174748 in tid 3859 (mali-event-hand), pid 3791 (windyty.android) --------- switch to main 1707673090.020 4303 4303 E cutils-trace: Error opening trace file: No such file or directory (2) 1707673090.133 4304 4304 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstoneProto 1707673090.165 4304 4304 I crash_dump64: performing dump of process 3791 (target tid = 3859) 1707673090.246 4304 4304 E cutils-trace: Error opening trace file: No such file or directory (2) --------- switch to crash 1707673090.624 4304 4304 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 1707673090.624 4304 4304 F DEBUG : Build fingerprint: 'google/husky/husky:14/UQ1A.240205.004/2024020500:user/release-keys' 1707673090.624 4304 4304 F DEBUG : Revision: 'MP1.0' 1707673090.624 4304 4304 F DEBUG : ABI: 'arm64' 1707673090.624 4304 4304 F DEBUG : Timestamp: 2024-02-11 18:38:10.186112502+0100 1707673090.624 4304 4304 F DEBUG : Process uptime: 20s 1707673090.624 4304 4304 F DEBUG : Cmdline: com.windyty.android 1707673090.624 4304 4304 F DEBUG : pid: 3791, tid: 3859, name: mali-event-hand >>> com.windyty.android <<< 1707673090.624 4304 4304 F DEBUG : uid: 10180 1707673090.624 4304 4304 F DEBUG : tagged_addr_ctrl: 000000000007fff7 (PR_TAGGED_ADDR_ENABLE, PR_MTE_TCF_SYNC, PR_MTE_TCF_ASYNC, mask 0xfffe) 1707673090.624 4304 4304 F DEBUG : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY) 1707673090.624 4304 4304 F DEBUG : signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0800c9b3d4174748 1707673090.624 4304 4304 F DEBUG : x0 0800c9b3d4174748 x1 0000000000000000 x2 0000000000000000 x3 0000000000000000 1707673090.624 4304 4304 F DEBUG : x4 0000000000000000 x5 00000000d8ec0509 x6 00000000dc7965be x7 000000006b206574 1707673090.624 4304 4304 F DEBUG : x8 a6ce83fc46001c00 x9 a6ce83fc46001c00 x10 0000000000000000 x11 ff6bfffeffdff7fd 1707673090.624 4304 4304 F DEBUG : x12 ff6bfffeffdff7ff x13 0000cbb1cefa25c0 x14 000000000000003a x15 ff6bfffeffdff7fd 1707673090.624 4304 4304 F DEBUG : x16 0000c88ee8845ba8 x17 0000cbd279f8f6b0 x18 0000c88ecb8da000 x19 0800c9b3d4174748 1707673090.624 4304 4304 F DEBUG : x20 0000000000000000 x21 0800c9b3d4174720 x22 0000c88ecc9a8040 x23 0000cbd27fe8f000 1707673090.624 4304 4304 F DEBUG : x24 0f00c95105c56e70 x25 0000c88ecc9ae010 x26 0000c88ecc9a8038 x27 0000c88ecbfa7000 1707673090.624 4304 4304 F DEBUG : x28 0000000000a05000 x29 0000c88ecc79ed90 1707673090.624 4304 4304 F DEBUG : lr 0000c88ee763c048 sp 0000c88ecc79ed90 pc 0000cbd279f8f6c0 pst 0000000060001000 1707673090.624 4304 4304 F DEBUG : 7 total frames 1707673090.624 4304 4304 F DEBUG : backtrace: 1707673090.624 4304 4304 F DEBUG : #00 pc 00000000000d16c0 /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_unlock+16) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5) 1707673090.624 4304 4304 F DEBUG : #01 pc 000000000191e044 /vendor/lib64/egl/libGLES_mali.so (hal::halp::fence_internal::signal_internal()+148) (BuildId: 2e255f558c278252) 1707673090.624 4304 4304 F DEBUG : #02 pc 000000000198852c /vendor/lib64/egl/libGLES_mali.so (basep_cpu_queue_process+460) (BuildId: 2e255f558c278252) 1707673090.624 4304 4304 F DEBUG : #03 pc 0000000001986950 /vendor/lib64/egl/libGLES_mali.so (basep_process_command_queues+192) (BuildId: 2e255f558c278252) 1707673090.624 4304 4304 F DEBUG : #04 pc 0000000001984c80 /vendor/lib64/egl/libGLES_mali.so (basep_event_thread+240) (BuildId: 2e255f558c278252) 1707673090.624 4304 4304 F DEBUG : #05 pc 00000000000d006c /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5) 1707673090.624 4304 4304 F DEBUG : #06 pc 0000000000064db0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5) 1707673090.624 4304 4304 F DEBUG : Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
I tried to reproduce it but without luck so far.
-
@fr33tux Could you please define the MTE for an explanation?
Windyty, S.E. - all rights reserved. Powered by excellent NodeBB
NodeBB & contributors, OSM & contributors, HERE maps