Memory tagging error on Android

[h2dden]

Running 4.4.6.0 on GrapheneOS on Pixel 8pro

type: crash
osVersion: google/husky/husky:14/UQ1A.231205.015/2023121200:user/release-keys
uid: 1410145 (u:r:untrusted_app_30:s0:c145,c256,c526,c768 )
cmdline: org.electrum.electrum
processUptime: 1s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 900c6a3e2568020
threadName: qtMainLoopThrea
MTE: enabled

backtrace:
    /data/app/~~7K3bOEqMo338LV8QmfDMig==/org.electrum.electrum-eock8EYnF2PzmC5eaPoSiQ==/lib/arm64/libpython3.8.so (pc 159610)

[SomberNight]

Looks like MTE is enabled by default on grapheneos for the pixel 8 - but earlier pixels do not have the required hardware for it. Can it be disabled on an app-by-app basis?

Any idea how to test this, without having a pixel 8?

[SomberNight]

When exactly does the crash happen? Is it right at launch?

• Could you test with Electrum 4.5.0b1, which uses qt6 instead of qt5,
• and also with Electrum 4.3.4, which does not use qt at all?

(On the website, on the download page, click "Previous releases" at the top. There you can manually download apks.)

[h2dden]

Can it be disabled on an app-by-app basis?

sure, but why would you?

[h2dden]

When exactly does the crash happen? Is it right at launch?

upon launch

[h2dden]

just tested: Electrum-4.5.0.0-arm64-v8a-release.apk upon launch:

type: crash
osVersion: google/husky/husky:14/UQ1A.231205.015/2023121200:user/release-keys
uid: 1110145 (u:r:untrusted_app_30:s0:c145,c256,c523,c768 )
cmdline: org.electrum.electrum
processUptime: 2s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 100d8ca59a92020
threadName: qtMainLoopThrea
MTE: enabled

backtrace:
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (pc 1801a0)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (pc 16a470)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (PyDict_SetDefault+500, pc 16cf98)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (PyUnicode_InternInPlace+116, pc 1a3b40)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (PyUnicode_InternFromString+60, pc 1c23a0)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (PyType_Ready+404, pc 18e6d0)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (_PyTypes_Init+24, pc 17ead8)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (Py_InitializeFromConfig+1000, pc 23bc88)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libpython3.8.so (Py_InitializeEx+128, pc 23bf98)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libmain.so (main+952, pc 3240)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/lib/arm64/libplugins_platforms_qtforandroid_arm64-v8a.so (pc 4c748)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/oat/arm64/base.odex (art_jni_trampoline+112, pc 27a150)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/oat/arm64/base.odex (org.qtproject.qt.android.QtNative$7.run+36, pc 277374)
    /data/app/~~T1x4tgyly0ys47PQOqPNlQ==/org.electrum.electrum-0DZpCrtWuehjdS6U2eNTqA==/oat/arm64/base.odex (org.qtproject.qt.android.QtThread$1.run+640, pc 281270)
    /system/framework/arm64/boot.oat (java.lang.Thread.run+72, pc 15f828)
    /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612, pc 2109a4)
    /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+172, pc 253b3c)
    /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1416, pc 69abc8)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cffec)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64d30)

[h2dden]

could not install 4.3.4 says package is not valid

[SomberNight]

Thanks for testing.

• Is this with default settings on grapheneos, or did you change some settings regarding MTE? (on second reading of the FAQ item, I am unsure if it is enabled by default)

Looking at the traceback, it might help if we updated the python interpreter.

Can it be disabled on an app-by-app basis?

sure, but why would you?

To be able to use the application, as a workaround. This might not get fixed until someone who has hardware for it decides to contribute.

[h2dden]

memory tagging is enabled by default: haven't changed anything. there is not much to be changed apart from disabling on an app by app case in the meanwhile, I am using the desktop/debian package: no time lost here

[accumulator]

Looking at the traceback, it might help if we updated the python interpreter.

Python has some stability issues on android. Here are a few crash reports from the play store:

[libpython3.8.so] Py_Exit

backtrace:
  #00  pc 0x000000000008cdb4  /apex/com.android.runtime/lib64/bionic/libc.so (abort+164)
  #01  pc 0x000000000008ec3c  /apex/com.android.runtime/lib64/bionic/libc.so (__fortify_fatal(char const*, ...)+124)
  #02  pc 0x00000000000fcdec  /apex/com.android.runtime/lib64/bionic/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+60)
  #03  pc 0x00000000000fcc80  /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+208)
  #04  pc 0x0000000000098b58  /system/lib64/libc++.so (std::__1::mutex::lock()+8)
  #05  pc 0x0000000000071db4  /system/lib64/libunwindstack.so (art_api::dex::TryLoadLibdexfile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)+60)
  #06  pc 0x000000000006ede0  /system/lib64/libunwindstack.so (unwindstack::CheckDexSupport()+48)
  #07  pc 0x000000000006ed50  /system/lib64/libunwindstack.so (unwindstack::DexFile::Create(unsigned long, unsigned long, unwindstack::Memory*, unwindstack::MapInfo*)+848)
  #08  pc 0x0000000000034480  /system/lib64/libunwindstack.so (unwindstack::GlobalDebugInterface<unwindstack::DexFile>::Load(unwindstack::Maps*, std::__1::shared_ptr<unwindstack::Memory>&, unsigned long, unsigned long, std::__1::shared_ptr<unwindstack::DexFile>&)+96)
  #09  pc 0x000000000003775c  /system/lib64/libunwindstack.so (unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::ReadNewEntries(unwindstack::Maps*, std::__1::map<unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::UID, std::__1::shared_ptr<unwindstack::DexFile>, std::__1::less<unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::UID>, std::__1::allocator<std::__1::pair<unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::UID const, std::__1::shared_ptr<unwindstack::DexFile> > > >*, bool*)+444)
  #10  pc 0x00000000000374c0  /system/lib64/libunwindstack.so (unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::ReadAllEntries(unwindstack::Maps*)+96)
  #11  pc 0x0000000000037388  /system/lib64/libunwindstack.so (bool unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::ForEachSymfile<unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::GetFunctionName(unwindstack::Maps*, unsigned long, unwindstack::SharedString*, unsigned long*)::'lambda'(unwindstack::DexFile*)>(unwindstack::Maps*, unsigned long, unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::GetFunctionName(unwindstack::Maps*, unsigned long, unwindstack::SharedString*, unsigned long*)::'lambda'(unwindstack::DexFile*))+312)
  #12  pc 0x0000000000036e48  /system/lib64/libunwindstack.so (unwindstack::GlobalDebugImpl<unwindstack::DexFile, unsigned long, unwindstack::Uint64_A>::GetFunctionName(unwindstack::Maps*, unsigned long, unwindstack::SharedString*, unsigned long*)+40)
  #13  pc 0x000000000006c7f8  /system/lib64/libunwindstack.so (unwindstack::Unwinder::FillInDexFrame()+360)
  #14  pc 0x000000000006d010  /system/lib64/libunwindstack.so (unwindstack::Unwinder::Unwind(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const*)+1376)
  #15  pc 0x000000000000d78c  /system/lib64/libbacktrace.so (Backtrace::Unwind(unwindstack::Regs*, BacktraceMap*, std::__1::vector<backtrace_frame_data_t, std::__1::allocator<backtrace_frame_data_t> >*, unsigned long, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >*, BacktraceUnwindError*)+380)
  #16  pc 0x000000000000e030  /system/lib64/libbacktrace.so (UnwindStackCurrent::UnwindFromContext(unsigned long, void*)+416)
  #17  pc 0x00000000000031b8  /system/lib64/libutilscallstack.so (android::CallStack::update(int, int)+88)
  #18  pc 0x000000000000f648  /system/lib64/libutils.so (android::RefBase::~RefBase()+232)
  #19  pc 0x00000000000ff758  /apex/com.android.runtime/lib64/bionic/libc.so (__cxa_finalize+280)
  #20  pc 0x00000000000f1b78  /apex/com.android.runtime/lib64/bionic/libc.so (exit+24)
  #21  pc 0x0000000000238f30  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/lib/arm64/libpython3.8.so (Py_Exit+32)
  #22  pc 0x000000000023d904  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/lib/arm64/libpython3.8.so
  #23  pc 0x000000000023c800  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/lib/arm64/libpython3.8.so (PyRun_SimpleFileExFlags+916)
  #24  pc 0x0000000000003504  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/lib/arm64/libmain.so (main+1660) (BuildId: 2456957600b98972201cb0a426d8840eced8ed89)
  #25  pc 0x000000000004a948  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/lib/arm64/libplugins_platforms_qtforandroid_arm64-v8a.so (BuildId: e21296e0c1f74bcd73146316c6a027f85d392568)
  #26  pc 0x0000000000006990  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/oat/arm64/base.odex (art_jni_trampoline+112)
  #27  pc 0x00000000005b9798  /apex/com.android.art/lib64/libart.so (nterp_helper+152)
  #28  pc 0x000000000012606c  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/oat/arm64/base.vdex (org.qtproject.qt.android.QtNative$7.run)
  #29  pc 0x00000000005bb474  /apex/com.android.art/lib64/libart.so (nterp_helper+7540)
  #30  pc 0x00000000001282fa  /data/app/~~UFhZHQrj9Mu0CCtfutTIHQ==/org.electrum.electrum-bGDn5xYE-6B7yM1He6ZP3A==/oat/arm64/base.vdex (org.qtproject.qt.android.QtThread$1.run+146)
  #31  pc 0x000000000050eb98  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.lang.Thread.run+72)
  #32  pc 0x000000000033eda4  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612)
  #33  pc 0x0000000000239d54  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+144)
  #34  pc 0x000000000053a1b0  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1600)
  #35  pc 0x00000000000fba4c  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204)
  #36  pc 0x000000000008e5f0  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)

[libpython3.8.so] Py_InitializeFromConfig

backtrace:
  #00  pc 0x00000000000705ac  /apex/com.android.runtime/lib64/bionic/libc.so (abort+160)
  #01  pc 0x00000000000500fc  /system/lib64/libc++.so (abort_message+232)
  #02  pc 0x0000000000050218  /system/lib64/libc++.so (demangling_terminate_handler()+44)
  #03  pc 0x00000000000646c4  /system/lib64/libc++.so (std::__terminate(void (*)())+12)
  #04  pc 0x000000000006466c  /system/lib64/libc++.so (std::terminate()+52)
  #05  pc 0x00000000000bb150  /system/lib64/libc++.so (std::__1::thread::~thread()+20)
  #06  pc 0x00000000000d24b8  /apex/com.android.runtime/lib64/bionic/libc.so (__cxa_finalize+212)
  #07  pc 0x00000000000cdea0  /apex/com.android.runtime/lib64/bionic/libc.so (exit+24)
  #08  pc 0x0000000000237f30  /data/app/org.electrum.electrum-vwpMtzXVicq9rkl3abx6-g==/lib/arm64/libpython3.8.so (Py_InitializeFromConfig+1008)
  #09  pc 0x000000000023c904  /data/app/org.electrum.electrum-vwpMtzXVicq9rkl3abx6-g==/lib/arm64/libpython3.8.so (PyRun_SimpleFileExFlags+1176)
  #10  pc 0x000000000023b800  /data/app/org.electrum.electrum-vwpMtzXVicq9rkl3abx6-g==/lib/arm64/libpython3.8.so (PyGILState_Release+28)
  #11  pc 0x0000000000002504  /data/app/org.electrum.electrum-vwpMtzXVicq9rkl3abx6-g==/lib/arm64/libmain.so (BuildId: 2456957600b98972201cb0a426d8840eced8ed89)

[libpython3.8.so] PyVectorcall_Call

backtrace:
  #00  pc 0x000000000000cef8  /data/data/org.electrum.electrum/files/app/_python_bundle/site-packages/PyQt6/sip.so
  #01  pc 0x0000000000287020  /data/data/org.electrum.electrum/files/app/_python_bundle/site-packages/PyQt6/QtCore.so
  #02  pc 0x0000000000010788  /data/data/org.electrum.electrum/files/app/_python_bundle/site-packages/PyQt6/sip.so
  #03  pc 0x0000000000286b9c  /data/data/org.electrum.electrum/files/app/_python_bundle/site-packages/PyQt6/QtCore.so
  #04  pc 0x000000000017582c  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libpython3.8.so
  #05  pc 0x0000000000135f1c  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libpython3.8.so (PyVectorcall_Call+100)
  #06  pc 0x000000000028e560  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libpython3.8.so
  #07  pc 0x0000000000238328  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libpython3.8.so (Py_FinalizeEx+64)
  #08  pc 0x0000000000238f20  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libpython3.8.so (Py_Exit+16)
  #09  pc 0x000000000023d904  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libpython3.8.so
  #10  pc 0x000000000023c800  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libpython3.8.so (PyRun_SimpleFileExFlags+916)
  #11  pc 0x0000000000003504  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libmain.so (main+1660) (BuildId: 2456957600b98972201cb0a426d8840eced8ed89)
  #12  pc 0x000000000004a948  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/lib/arm64/libplugins_platforms_qtforandroid_arm64-v8a.so (BuildId: e21296e0c1f74bcd73146316c6a027f85d392568)
  #13  pc 0x0000000000355630  /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+144)
  #14  pc 0x00000000005ba818  /apex/com.android.art/lib64/libart.so (nterp_helper+152)
  #15  pc 0x000000000012606c  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/oat/arm64/base.vdex (org.qtproject.qt.android.QtNative$7.run)
  #16  pc 0x00000000005bc4f4  /apex/com.android.art/lib64/libart.so (nterp_helper+7540)
  #17  pc 0x00000000001282fa  /data/app/~~7eZQH-4Hvi7NyzGEtjGR3g==/org.electrum.electrum-BPzmfCUbU7g1toYkM-h6yA==/oat/arm64/base.vdex (org.qtproject.qt.android.QtThread$1.run+146)
  #18  pc 0x000000000041dd68  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.lang.Thread.run+72)
  #19  pc 0x000000000033eba4  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612)
  #20  pc 0x000000000023a9ac  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+144)
  #21  pc 0x000000000053b96c  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1600)
  #22  pc 0x00000000000f5298  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208)
  #23  pc 0x000000000008ebdc  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68)

[libpython3.8.so] Py_InitializeFromConfig

backtrace:
  #00  pc 0x000000000001da7e  /system/lib/libc.so (abort+58)
  #01  pc 0x0000000000032b3f  /system/lib/libc++.so (abort_message+86)
  #02  pc 0x0000000000032c27  /system/lib/libc++.so (demangling_terminate_handler()+26)
  #03  pc 0x000000000004197b  /system/lib/libc++.so (std::__terminate(void (*)())+2)
  #04  pc 0x00000000000419fd  /system/lib/libc++.so (std::terminate()+72)
  #05  pc 0x000000000007ecb5  /system/lib/libc++.so (std::__1::thread::~thread()+8)
  #06  pc 0x0000000000066f01  /system/lib/libc.so (__cxa_finalize+132)
  #07  pc 0x00000000000183db  /system/lib/libc.so (exit+10)
  #08  pc 0x0000000000203a1c  /data/app/org.electrum.electrum-yJ7UrVbPoNNkWwTPfZNxdQ==/lib/arm/libpython3.8.so (Py_InitializeFromConfig+1552)