search

guardianproject / orbot

The Github home of Orbot: Tor on Android (Also available on gitlab!)
https://gitlab.com/guardianproject/orbot
Other
1.98k stars 325 forks source link

[BUG] Crash with MTE enabled #1081

Open jvoisin opened 3 months ago

jvoisin commented 3 months ago

Describe the Bug ORBot crashes right after successfully connecting to tor

To Reproduce Steps to reproduce the behavior:

  1. Get an Android device with MTE enabled
  2. Launch ORBot, tick VPN mode
  3. Connect to tor
  4. Get a crash

Expected Behavior No crash

What Custom Configuration Do You Use? Nothing funky, except MTE on my device and VPN mode

Screenshots

Smartphone (please complete the following information):

Crash Logs (Advanced)

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/shiba/shiba:14/UQ1A.240105.004/2024012600:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2024-02-03 21:01:47.816427396+0100
Process uptime: 13s
Cmdline: org.torproject.android
pid: 18059, tid: 18115, name: Thread-4  >>> org.torproject.android <<<
uid: 10173
tagged_addr_ctrl: 000000000007fff7 (PR_TAGGED_ADDR_ENABLE, PR_MTE_TCF_SYNC, PR_MTE_TCF_ASYNC, mask 0xfffe)
pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0500c15fa2a57de0
    x0  00000040000a6000  x1  0000c149f6ae35dc  x2  00000040000a5aa0  x3  000000400028e1a0
    x4  0000000000000560  x5  0000004000102a50  x6  0000c149f6fde582  x7  0000000000000001
    x8  0500c15fa2a57de0  x9  00000040000a5b28  x10 0000000000000002  x11 ffffffff7fffffff
    x12 ffffffffffffffff  x13 0000c149c2bd5d50  x14 0000c4642646bd50  x15 29b5251614cb1e30
    x16 00000040000a43a0  x17 00000040000a5b20  x18 0000c149c1696000  x19 00000040000a5b28
    x20 00000040000a6000  x21 00000040000a5d60  x22 00000000000046c1  x23 000000000000468b
    x24 0000c149c2fc9000  x25 0000c149c2bd5fc0  x26 00000040000a5c80  x27 0000000000000010
    x28 000000400028e1a0  x29 0000c149c2bd5d20
    lr  0000c149f6ae35f4  sp  0000c149c2bd5d20  pc  0000c149f6ae35fc  pst 0000000080001000

2 total frames
backtrace:
      #00 pc 000000000072a5fc  /data/app/~~cKI_mvvEMqZeoq0GGAtB9w==/org.torproject.android-dUBbG5fgHHNNUktBXqHUPg==/lib/arm64/libgojni.so (_cgo_6669f3000c98_Cfunc_get_conn_key_val+32)
      #01 pc 0000000000285468  /data/app/~~cKI_mvvEMqZeoq0GGAtB9w==/org.torproject.android-dUBbG5fgHHNNUktBXqHUPg==/lib/arm64/libgojni.so
n8fr8 commented 3 months ago

crash seems to be in the gotun2socks or related code for the VPN.

moving to the Leaf go library here, or in the long run the new OnionMasq may be a solution.