search

element-hq / element-android

A Matrix collaboration client for Android.
https://element.io/
Apache License 2.0
3.31k stars 702 forks source link

Occasional SIGSEGV caught by MTE in libjingle_peerconnection #8736

Open tucnak opened 7 months ago

tucnak commented 7 months ago

Steps to reproduce

type: crash
osVersion: google/shiba/shiba:14/UQ1A.240105.004/2024010400:user/release-keys
uid: 10142 (u:r:untrusted_app_32:s0:c142,c256,c512,c768)
cmdline: [im.vector.app](http://im.vector.app/)
processUptime: 32663s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr e00bdf6606e7600
threadName: pool-8-thread-1
MTE: enabled

backtrace:
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/lib/arm64/libjingle_peerconnection_[so.so](http://so.so/) (pc 7f503c)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/lib/arm64/libjingle_peerconnection_[so.so](http://so.so/) (Java_org_webrtc_PeerConnection_nativeClose+24, pc 7f05e8)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex (art_jni_trampoline+116, pc 1c282e4)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex (org.webrtc.PeerConnection.close+36, pc 86c9224)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex ([im.vector.app.features.call](http://im.vector.app.features.call/).webrtc.WebRtcCall.release+1356, pc 4920a3c)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex ([im.vector.app.features.call](http://im.vector.app.features.call/).webrtc.WebRtcCall$terminate$2.invokeSuspend+1696, pc 4eeb690)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex ([im.vector.app.features.call](http://im.vector.app.features.call/).webrtc.WebRtcCall$terminate$2.invoke+396, pc 4eeadfc)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex (kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn+328, pc 66d7e18)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex (kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext+2684, pc 665fdcc)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex ([im.vector.app.features.call](http://im.vector.app.features.call/).webrtc.WebRtcCall$onCallHangupReceived$1.invokeSuspend+612, pc 4eddac4)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex (kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith+204, pc 6c2d14c)
    /data/app/~~Zq8Hh5pCbqmFM9MOL2r0mA==/[im.vector.app](http://im.vector.app/)-pRF-MdxWpWoriwctRr-ORw==/oat/arm64/base.odex ([kotlinx.coroutines.DispatchedTask.run](http://kotlinx.coroutines.dispatchedtask.run/)+1784, pc 6c5d6c8)
    /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor.runWorker+796, pc 2b3d3c)
    /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor$[Worker.run](http://worker.run/)+64, pc 2b0e60)
    /system/framework/arm64/boot.oat ([java.lang.Thread.run](http://java.lang.thread.run/)+72, pc 15f828)
    /apex/[com.android.art/lib64/libart.so](http://com.android.art/lib64/libart.so) (art_quick_invoke_stub+612, pc 2109a4)
    /apex/[com.android.art/lib64/libart.so](http://com.android.art/lib64/libart.so) (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+172, pc 253b3c)
    /apex/[com.android.art/lib64/libart.so](http://com.android.art/lib64/libart.so) (art::Thread::CreateCallback(void*)+1416, pc 69abc8)
    /apex/[com.android](http://com.android/).runtime/lib64/bionic/[libc.so](http://libc.so/) (__pthread_start(void*)+204, pc d006c)
    /apex/[com.android](http://com.android/).runtime/lib64/bionic/[libc.so](http://libc.so/) (__start_thread+64, pc 64db0)

Outcome

https://outflux.net/blog/archives/2023/10/26/enable-mte-on-pixel-8/

Your phone model

Pixel 8

Operating system version

Android 14 (GrapheneOS with MTE enabled)

Application version and app store

1.6.10 [40106102] (F-493093c2)

Homeserver

synapse v1.99.0

Will you send logs?

No

Are you willing to provide a PR?

No

tucnak commented 6 months ago

This failure is more pervasive than I had originally thought.