Honkai: Star Rail crashes unless memory tagging and hardened memory allocator are disabled

[colleirose]

Crash log with memory tagging only or memory tagging with hardened memory allocator:

type: crash
osVersion: google/shiba/shiba:14/AP2A.240605.024/2024061400:user/release-keys
package: com.HoYoverse.hkrpgoversea:69
process: com.HoYoverse.hkrpgoversea
processUptime: 0 + 0 ms
installer: com.aurora.store

signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0f00c6b89ba4fc80

backtrace:
      #00 pc 000000000005fdcc  /apex/com.android.runtime/lib64/bionic/libc.so (__strchr_aarch64_mte+12) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
      #01 pc 00000000000d255c  /apex/com.android.runtime/lib64/bionic/libc.so (strstr+28) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
      #02 pc 00000000022f0644  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/split_config.arm64_v8a.apk!libunity.so (offset 0x11ea3000) (BuildId: f0e664ee047eb149)
      #03 pc 00000000022f3b64  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/split_config.arm64_v8a.apk!libunity.so (offset 0x11ea3000) (BuildId: f0e664ee047eb149)
      #04 pc 00000000023138b4  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/split_config.arm64_v8a.apk!libunity.so (offset 0x11ea3000) (BuildId: f0e664ee047eb149)
      #05 pc 0000000002e36090  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/oat/arm64/base.odex (art_jni_trampoline+112)
      #06 pc 0000000002e3dc00  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/oat/arm64/base.odex (com.unity3d.player.UnityPlayer$e$1.handleMessage+640)
      #07 pc 00000000004f393c  /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+124) (BuildId: eec9356b1c78f6d34c67809c10944b853c421db0)
      #08 pc 00000000004f6934  /system/framework/arm64/boot-framework.oat (android.os.Looper.loopOnce+980) (BuildId: eec9356b1c78f6d34c67809c10944b853c421db0)
      #09 pc 00000000004f64e4  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+244) (BuildId: eec9356b1c78f6d34c67809c10944b853c421db0)
      #10 pc 0000000002e3f114  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/oat/arm64/base.odex (com.unity3d.player.UnityPlayer$e.run+564)
      #11 pc 00000000003a9174  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
      #12 pc 00000000003454c4  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+148) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
      #13 pc 00000000004a4e5c  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1724) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
      #14 pc 00000000004a478c  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallbackWithUffdGc(void*)+12) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
      #15 pc 00000000000795dc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
      #16 pc 0000000000069fa4  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
Note: multiple potential causes for this crash were detected, listing them in decreasing order of likelihood.
Cause: [MTE]: Buffer Underflow, 1008 bytes left of a 128-byte allocation at 0xc6b89ba50070
Cause: [MTE]: Buffer Overflow, 2056 bytes right of a 104-byte allocation at 0xc6b89ba4f410
Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports

When opening with the hardened memory allocator and no memory tagging, it just shows a popup with the title "Error" and text "Unable to initialize the Unity Engine"

All text from "view logs" after disabling memory tagging and enabling hardened memory allocator (warning: very long)

type: logcat
osVersion: google/shiba/shiba:14/AP2A.240605.024/2024061400:user/release-keys
packageName: com.HoYoverse.hkrpgoversea:69
buffers: main,system,crash,events,kernel
level: verbose

--------- beginning of events
06-20 16:59:00.652 20495 20495 I auditd  : avc=type=1400 audit(0.0:6858): avc:  denied  { read } for  comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.664 20495 20495 I auditd  : avc=type=1400 audit(0.0:6859): avc:  denied  { read } for  comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.664 20495 20495 I auditd  : avc=type=1400 audit(0.0:6860): avc:  denied  { read } for  comm="se.hkrpgoversea" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.668 20495 20495 I auditd  : avc=type=1400 audit(0.0:6861): avc:  denied  { read } for  comm="se.hkrpgoversea" name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=284 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.668 20495 20495 I auditd  : avc=type=1400 audit(0.0:6862): avc:  denied  { read } for  comm="se.hkrpgoversea" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.672 20495 20495 I auditd  : avc=type=1400 audit(0.0:6863): avc:  denied  { getattr } for  comm="se.hkrpgoversea" path="/apex/apex-info-list.xml" dev="tmpfs" ino=83 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:apex_info_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.688 20495 20495 I auditd  : avc=type=1400 audit(0.0:6864): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot.art" dev="dm-12" ino=1336 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.688 20495 20495 I auditd  : avc=type=1400 audit(0.0:6865): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-core-libart.art" dev="dm-12" ino=1270 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.688 20495 20495 I auditd  : avc=type=1400 audit(0.0:6866): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-okhttp.art" dev="dm-12" ino=1318 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.688 20495 20495 I auditd  : avc=type=1400 audit(0.0:6867): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-bouncycastle.art" dev="dm-12" ino=1258 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.688 20495 20495 I auditd  : avc=type=1400 audit(0.0:6868): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-apache-xml.art" dev="dm-12" ino=1252 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.692 20495 20495 I auditd  : avc=type=1400 audit(0.0:6869): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-framework.art" dev="dm-12" ino=1306 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6870): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-framework-graphics.art" dev="dm-12" ino=1288 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6871): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-framework-location.art" dev="dm-12" ino=1294 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6872): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-ext.art" dev="dm-12" ino=1276 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6873): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-telephony-common.art" dev="dm-12" ino=1324 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6874): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-voip-common.art" dev="dm-12" ino=1330 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6875): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-ims-common.art" dev="dm-12" ino=1312 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6876): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-framework-nfc.art" dev="dm-12" ino=1300 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.700 20495 20495 I auditd  : avc=type=1400 audit(0.0:6877): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-core-icu4j.art" dev="dm-12" ino=1264 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.708 20495 20495 I auditd  : avc=type=1400 audit(0.0:6878): avc:  denied  { lock } for  comm="se.hkrpgoversea" path="/system/framework/arm64/boot-framework-adservices.art" dev="dm-12" ino=1282 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.760 20495 20495 I auditd  : avc=type=1400 audit(0.0:6879): avc:  denied  { read } for  comm="main" name="u:object_r:build_attestation_prop:s0" dev="tmpfs" ino=111 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:build_attestation_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.760 20495 20495 I auditd  : avc=type=1400 audit(0.0:6880): avc:  denied  { read } for  comm="main" name="u:object_r:build_attestation_prop:s0" dev="tmpfs" ino=111 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:build_attestation_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.760 20495 20495 I auditd  : avc=type=1400 audit(0.0:6881): avc:  denied  { read } for  comm="main" name="u:object_r:build_attestation_prop:s0" dev="tmpfs" ino=111 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:build_attestation_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.760 20495 20495 I auditd  : avc=type=1400 audit(0.0:6882): avc:  denied  { read } for  comm="main" name="u:object_r:build_attestation_prop:s0" dev="tmpfs" ino=111 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:build_attestation_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.760 20495 20495 I auditd  : avc=type=1400 audit(0.0:6883): avc:  denied  { read } for  comm="main" name="u:object_r:build_attestation_prop:s0" dev="tmpfs" ino=111 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:build_attestation_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.760 20495 20495 I auditd  : avc=type=1400 audit(0.0:6884): avc:  denied  { read } for  comm="main" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.788 20495 20495 I auditd  : avc=type=1400 audit(0.0:6885): avc:  denied  { read } for  comm="binder:20495_2" name="u:object_r:qemu_sf_lcd_density_prop:s0" dev="tmpfs" ino=307 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:qemu_sf_lcd_density_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.788 20495 20495 I auditd  : avc=type=1400 audit(0.0:6886): avc:  denied  { read } for  comm="binder:20495_2" name="u:object_r:qemu_sf_lcd_density_prop:s0" dev="tmpfs" ino=307 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:qemu_sf_lcd_density_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:00.968 20495 20495 I auditd  : avc=type=1400 audit(0.0:6887): avc:  denied  { read } for  comm="pool-2-thread-1" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
--------- beginning of system
06-20 16:59:01.036 20495 20495 E ActivityThread: Failed to find provider info for com.combosdk.framework.control
--------- switch to events
06-20 16:59:01.273 20495 20495 I wm_on_create_called: [Token=201591934,Component Name=com.mihoyo.combosdk.ComboSDKActivity,Reason=performCreate,time=190ms]
06-20 16:59:01.285 20495 20495 I wm_on_start_called: [Token=201591934,Component Name=com.mihoyo.combosdk.ComboSDKActivity,Reason=handleStartActivity,time=12ms]
06-20 16:59:01.290 20495 20495 I wm_on_resume_called: [Token=201591934,Component Name=com.mihoyo.combosdk.ComboSDKActivity,Reason=RESUME_ACTIVITY,time=4ms]
06-20 16:59:01.296 20495 20495 I wm_on_top_resumed_gained_called: [Token=201591934,Component Name=com.mihoyo.combosdk.ComboSDKActivity,Reason=topStateChangedWhenResumed]
06-20 16:59:01.308 20495 20495 I viewroot_draw_event: [window=VRI[ComboSDKActivity],event=applyTransactionOnDraw applyImmediately]
06-20 16:59:01.308 20495 20495 I viewroot_draw_event: [window=VRI[ComboSDKActivity],event=applyTransactionOnDraw applyImmediately]
--------- beginning of crash
06-20 16:59:01.325 20495 20585 F libc    : Fatal signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0xb00d092154f9cf0 in tid 20585 (UnityMain), pid 20495 (se.hkrpgoversea)
--------- switch to events
06-20 16:59:01.331 20495 20495 I viewroot_draw_event: [window=VRI[ComboSDKActivity],event=reportDrawFinished seqId=0]
06-20 16:59:01.376 20495 20495 I viewroot_draw_event: [window=VRI[ComboSDKActivity],event=reportDrawFinished seqId=0]
06-20 16:59:01.544 20495 20613 I jank_cuj_events_end_request: [CUJ Type=81,Unix Time Ns=1718902741540017s,Elapsed Time Ns=7731249550.241s,Uptime Time Ns=7730868853.341s]
--------- switch to crash
06-20 16:59:01.675 20603 20603 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-20 16:59:01.675 20603 20603 F DEBUG   : Build fingerprint: 'google/shiba/shiba:14/AP2A.240605.024/2024061400:user/release-keys'
06-20 16:59:01.675 20603 20603 F DEBUG   : Revision: 'MP1.0'
06-20 16:59:01.675 20603 20603 F DEBUG   : ABI: 'arm64'
06-20 16:59:01.675 20603 20603 F DEBUG   : Timestamp: 2024-06-20 09:59:01.380210149-0700
06-20 16:59:01.675 20603 20603 F DEBUG   : Process uptime: 2s
06-20 16:59:01.675 20603 20603 F DEBUG   : Cmdline: com.HoYoverse.hkrpgoversea
06-20 16:59:01.675 20603 20603 F DEBUG   : pid: 20495, tid: 20585, name: UnityMain  >>> com.HoYoverse.hkrpgoversea <<<
06-20 16:59:01.675 20603 20603 F DEBUG   : uid: 10147
06-20 16:59:01.675 20603 20603 F DEBUG   : tagged_addr_ctrl: 000000000007fff7 (PR_TAGGED_ADDR_ENABLE, PR_MTE_TCF_SYNC, PR_MTE_TCF_ASYNC, mask 0xfffe)
06-20 16:59:01.675 20603 20603 F DEBUG   : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
06-20 16:59:01.675 20603 20603 F DEBUG   : signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0b00d092154f9cf0
06-20 16:59:01.675 20603 20603 F DEBUG   :     x0  0b00d092154f9cf0  x1  0000000000000055  x2  0b00d092154f9cf0  x3  0000000000000008
06-20 16:59:01.675 20603 20603 F DEBUG   :     x4  0000000000002e6e  x5  0000d09113e1df8a  x6  0000000000000000  x7  0000d0912a02c1e4
06-20 16:59:01.675 20603 20603 F DEBUG   :     x8  0000d090a4000000  x9  0000000000000000  x10 00000000000000c0  x11 0000d090a000f310
06-20 16:59:01.675 20603 20603 F DEBUG   :     x12 000000000000051b  x13 000000000000051c  x14 0000000000000000  x15 0000d090a000f310
06-20 16:59:01.675 20603 20603 F DEBUG   :     x16 0000d094a55aa310  x17 0000d094a5522dc0  x18 0000d09111c54000  x19 0000d09113e521f1
06-20 16:59:01.675 20603 20603 F DEBUG   :     x20 0000000000000001  x21 0000000000000000  x22 0000d09113e1df8a  x23 0000d09113e521f1
06-20 16:59:01.675 20603 20603 F DEBUG   :     x24 0000d0912a02c638  x25 0000d0912a02c6b0  x26 0000d091166d5f00  x27 0b00d092154f9cf0
06-20 16:59:01.675 20603 20603 F DEBUG   :     x28 0000d090a000f370  x29 0000d0912a02c3a0
06-20 16:59:01.675 20603 20603 F DEBUG   :     lr  0000d094a5595560  sp  0000d0912a02c3a0  pc  0000d094a5522dcc  pst 0000000060001000
06-20 16:59:01.675 20603 20603 F DEBUG   : 17 total frames
06-20 16:59:01.675 20603 20603 F DEBUG   : backtrace:
06-20 16:59:01.675 20603 20603 F DEBUG   :       #00 pc 000000000005fdcc  /apex/com.android.runtime/lib64/bionic/libc.so (__strchr_aarch64_mte+12) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
06-20 16:59:01.675 20603 20603 F DEBUG   :       #01 pc 00000000000d255c  /apex/com.android.runtime/lib64/bionic/libc.so (strstr+28) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
06-20 16:59:01.675 20603 20603 F DEBUG   :       #02 pc 00000000022f0644  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/split_config.arm64_v8a.apk!libunity.so (offset 0x11ea3000) (BuildId: f0e664ee047eb149)
06-20 16:59:01.675 20603 20603 F DEBUG   :       #03 pc 00000000022f3b64  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/split_config.arm64_v8a.apk!libunity.so (offset 0x11ea3000) (BuildId: f0e664ee047eb149)
06-20 16:59:01.675 20603 20603 F DEBUG   :       #04 pc 00000000023138b4  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/split_config.arm64_v8a.apk!libunity.so (offset 0x11ea3000) (BuildId: f0e664ee047eb149)
06-20 16:59:01.675 20603 20603 F DEBUG   :       #05 pc 0000000002e36090  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/oat/arm64/base.odex (art_jni_trampoline+112)
06-20 16:59:01.675 20603 20603 F DEBUG   :       #06 pc 0000000002e3dc00  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/oat/arm64/base.odex (com.unity3d.player.UnityPlayer$e$1.handleMessage+640)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #07 pc 00000000004f393c  /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+124) (BuildId: eec9356b1c78f6d34c67809c10944b853c421db0)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #08 pc 00000000004f6934  /system/framework/arm64/boot-framework.oat (android.os.Looper.loopOnce+980) (BuildId: eec9356b1c78f6d34c67809c10944b853c421db0)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #09 pc 00000000004f64e4  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+244) (BuildId: eec9356b1c78f6d34c67809c10944b853c421db0)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #10 pc 0000000002e3f114  /data/app/~~UyRw99c5pINCOUwROEl1SA==/com.HoYoverse.hkrpgoversea-01LKw_QIOJF5a1Tmhwr-GA==/oat/arm64/base.odex (com.unity3d.player.UnityPlayer$e.run+564)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #11 pc 00000000003a9174  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #12 pc 00000000003454c4  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+148) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #13 pc 00000000004a4e5c  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1724) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #14 pc 00000000004a478c  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallbackWithUffdGc(void*)+12) (BuildId: 698580befba4a0ec105623e84e5e9b0a)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #15 pc 00000000000795dc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
06-20 16:59:01.676 20603 20603 F DEBUG   :       #16 pc 0000000000069fa4  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68) (BuildId: 5dc060303292ee294ec0e176f3fed4b3)
06-20 16:59:01.676 20603 20603 F DEBUG   : Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
--------- switch to events
06-20 16:59:01.704 20495 20495 I wm_on_top_resumed_lost_called: [Token=201591934,Component Name=com.mihoyo.combosdk.ComboSDKActivity,Reason=topStateChangedWhenResumed]
06-20 16:59:09.592 20778 20778 I auditd  : avc=type=1400 audit(0.0:6948): avc:  denied  { read } for  comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:09.604 20778 20778 I auditd  : avc=type=1400 audit(0.0:6949): avc:  denied  { read } for  comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:09.604 20778 20778 I auditd  : avc=type=1400 audit(0.0:6950): avc:  denied  { read } for  comm="se.hkrpgoversea" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=373 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:09.608 20778 20778 I auditd  : avc=type=1400 audit(0.0:6951): avc:  denied  { read } for  comm="se.hkrpgoversea" name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=284 scontext=u:r:untrusted_app_32:s0:c147,c256,c512,c768 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0 app=com.HoYoverse.hkrpgoversea
06-20 16:59:09.608 20778 20778 I auditd  : avc=type=1400 audit(0.0:6952): avc:  denied  { read } for  comm="se.hkrpgo

[colleirose]

I don't know if I made a mistake when pasting the full log so here's the complete upload:

[thestinger]

You need to report memory corruption bugs like this in apps to the developers of the app. We can't fix their bugs.