Hello,
With MTE enabled on a Pixel 8 Pro, Windy crashed while I was simply browsing the map:
1707673089.926 3791 3859 E libsigchain: reverting to orig_action_ for MTE SEGV, si_code 9
--------- beginning of crash
1707673089.929 3791 3859 F libc : Fatal signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x800c9b3d4174748 in tid 3859 (mali-event-hand), pid 3791 (windyty.android)
--------- switch to main
1707673090.020 4303 4303 E cutils-trace: Error opening trace file: No such file or directory (2)
1707673090.133 4304 4304 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstoneProto
1707673090.165 4304 4304 I crash_dump64: performing dump of process 3791 (target tid = 3859)
1707673090.246 4304 4304 E cutils-trace: Error opening trace file: No such file or directory (2)
--------- switch to crash
1707673090.624 4304 4304 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
1707673090.624 4304 4304 F DEBUG : Build fingerprint: 'google/husky/husky:14/UQ1A.240205.004/2024020500:user/release-keys'
1707673090.624 4304 4304 F DEBUG : Revision: 'MP1.0'
1707673090.624 4304 4304 F DEBUG : ABI: 'arm64'
1707673090.624 4304 4304 F DEBUG : Timestamp: 2024-02-11 18:38:10.186112502+0100
1707673090.624 4304 4304 F DEBUG : Process uptime: 20s
1707673090.624 4304 4304 F DEBUG : Cmdline: com.windyty.android
1707673090.624 4304 4304 F DEBUG : pid: 3791, tid: 3859, name: mali-event-hand >>> com.windyty.android <<<
1707673090.624 4304 4304 F DEBUG : uid: 10180
1707673090.624 4304 4304 F DEBUG : tagged_addr_ctrl: 000000000007fff7 (PR_TAGGED_ADDR_ENABLE, PR_MTE_TCF_SYNC, PR_MTE_TCF_ASYNC, mask 0xfffe)
1707673090.624 4304 4304 F DEBUG : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
1707673090.624 4304 4304 F DEBUG : signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0800c9b3d4174748
1707673090.624 4304 4304 F DEBUG : x0 0800c9b3d4174748 x1 0000000000000000 x2 0000000000000000 x3 0000000000000000
1707673090.624 4304 4304 F DEBUG : x4 0000000000000000 x5 00000000d8ec0509 x6 00000000dc7965be x7 000000006b206574
1707673090.624 4304 4304 F DEBUG : x8 a6ce83fc46001c00 x9 a6ce83fc46001c00 x10 0000000000000000 x11 ff6bfffeffdff7fd
1707673090.624 4304 4304 F DEBUG : x12 ff6bfffeffdff7ff x13 0000cbb1cefa25c0 x14 000000000000003a x15 ff6bfffeffdff7fd
1707673090.624 4304 4304 F DEBUG : x16 0000c88ee8845ba8 x17 0000cbd279f8f6b0 x18 0000c88ecb8da000 x19 0800c9b3d4174748
1707673090.624 4304 4304 F DEBUG : x20 0000000000000000 x21 0800c9b3d4174720 x22 0000c88ecc9a8040 x23 0000cbd27fe8f000
1707673090.624 4304 4304 F DEBUG : x24 0f00c95105c56e70 x25 0000c88ecc9ae010 x26 0000c88ecc9a8038 x27 0000c88ecbfa7000
1707673090.624 4304 4304 F DEBUG : x28 0000000000a05000 x29 0000c88ecc79ed90
1707673090.624 4304 4304 F DEBUG : lr 0000c88ee763c048 sp 0000c88ecc79ed90 pc 0000cbd279f8f6c0 pst 0000000060001000
1707673090.624 4304 4304 F DEBUG : 7 total frames
1707673090.624 4304 4304 F DEBUG : backtrace:
1707673090.624 4304 4304 F DEBUG : #00 pc 00000000000d16c0 /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_unlock+16) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1707673090.624 4304 4304 F DEBUG : #01 pc 000000000191e044 /vendor/lib64/egl/libGLES_mali.so (hal::halp::fence_internal::signal_internal()+148) (BuildId: 2e255f558c278252)
1707673090.624 4304 4304 F DEBUG : #02 pc 000000000198852c /vendor/lib64/egl/libGLES_mali.so (basep_cpu_queue_process+460) (BuildId: 2e255f558c278252)
1707673090.624 4304 4304 F DEBUG : #03 pc 0000000001986950 /vendor/lib64/egl/libGLES_mali.so (basep_process_command_queues+192) (BuildId: 2e255f558c278252)
1707673090.624 4304 4304 F DEBUG : #04 pc 0000000001984c80 /vendor/lib64/egl/libGLES_mali.so (basep_event_thread+240) (BuildId: 2e255f558c278252)
1707673090.624 4304 4304 F DEBUG : #05 pc 00000000000d006c /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1707673090.624 4304 4304 F DEBUG : #06 pc 0000000000064db0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1707673090.624 4304 4304 F DEBUG : Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
I tried to reproduce it but without luck so far.