When running the Spotify application with ARMv8.5 memory tagging enabled, it will open, begin playing and then within 1-3 seconds, crash, with the below error. You will only be able to reproduce this currently on a Google Pixel 8 or Google Pixel 8 Pro device, running GrapheneOS with memory tagging enabled for Spotify.
NOTICE: This is NOT a bug with GrapheneOS, it is a memory corruption bug which is exposed by GrapheneOS, which is in the Spotify app. Android will be eventually deploying memory tagging by default, so this needs to be resolved, it cannot be ignored. This issue only began to appear in the last ~24 hours as of posting this. An engineer with good understanding of debugging native code need to deal with this.
```
type: crash
osVersion: google/husky/husky:14/UQ1A.240205.004/2024022400:user/release-keys
uid: 10178 (u:r:untrusted_app:s0:c178,c256,c512,c768)
cmdline: com.spotify.music
processUptime: 7s
signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 200c0ce174d80e0
threadName: Core Thread
MTE: enabled
backtrace:
/apex/com.android.runtime/lib64/bionic/libc.so (__strlen_aarch64_mte+8, pc 5bf08)
/apex/com.android.runtime/lib64/bionic/libc.so (__strlen_chk+16, pc 91c60)
/apex/com.android.runtime/lib64/bionic/libc.so (__vfprintf+6084, pc abf64)
/apex/com.android.runtime/lib64/bionic/libc.so (vsnprintf+192, pc ca3f0)
/apex/com.android.runtime/lib64/bionic/libc.so (__vsnprintf_chk+60, pc 91f9c)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc fe5208)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc fe540c)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc fe1950)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc e8b88c)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc e86b20)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 831c78)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 85f5b8)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc eea504)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 831c78)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 831c78)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc a46b70)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc d1e280)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc d369c8)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 8d4dc8)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc eea4f4)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 831c78)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc d37a3c)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc d364e8)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/oat/arm64/base.odex (art_jni_trampoline+116, pc 3953f84)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/oat/arm64/base.odex (com.spotify.cosmos.cosmosimpl.NativeRunnable.run+36, pc 5770364)
/apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612, pc 2109a4)
/apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+172, pc 253b3c)
/apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+460, pc 64417c)
/apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+92, pc 64440c)
/apex/com.android.art/lib64/libart.so (art::JNI<false>::CallVoidMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+660, pc 484e14)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 8d25f4)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc ccbec4)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 8d4dc8)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc ed40b0)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc ed5844)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc ed5bfc)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc 8063e0)
/data/app/~~TOws-Wy_DU1F-S974F3_SA==/com.spotify.music-IUUAhfAWB5-iAuvvUWKICw==/lib/arm64/liborbit-jni-spotify.so (pc ed5ac8)
/apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc d006c)
/apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64db0)
```