I am using slack with all the exploit protection settings enabled on a pixel 8. It keeps crashing without showing any error roughly 1-2 minutes into app use (I can't find a pattern). The only thing that stops the crash is disabling memory tagging, but even when I have memory tagging enabled with error notifications I don't get any notifications during the crash. I also can't find anything that stands out in the app or system logs. Any help would be appreciated.

    • Dde0u

      • Post #2

      tremble1256 Which build of GrapheneOS? Settings, About phone.

      Which version of Slack? Obtained from where?

      Is this in the owner profile or a secondary profile?

          de0u
          Build: 2025021100
          Slack version: 25.02.20.0-90014065
          Profile: owner

          Slack settings:
          Permissions - network and notifications
          Battery - optimized
          Hardened malloc - enabled
          Memory tagging - enabled
          Native code debugging - blocked
          jit - disabled
          dcl via memory - restricted
          dcl via storage - restricted

            tremble1256 The only thing that stops the crash is disabling memory tagging, but even when I have memory tagging enabled with error notifications I don't get any notifications during the crash.

            It sounds like GrapheneOS' implementation of memory tagging is catching memory corruption bug(s). It doesn't always show a crash notification when it does. I'm not sure why; someone with the technical knowledge might be able to answer that. But as an example, this kind of behaviour occurred with previous versions of Mullvad VPN when being run with GrapheneOS' MTE usage, and stopped occurring in a future version which correlated with Mullvad making safety-related changes in the code.

            GrapheneOS' MTE usage is hardened compared to stock PixelOS' usage of MTE. You could test running the app with the latter, which you do by leaving memory tagging enabled for the app but disabling hardened memory allocator for it. But I suspect that Pixel OS' usage of MTE will not catch these bugs.

            GrapheneOS users can use the same implementation of MTE available via ADB in the stock OS by disabling the hardened allocator with MTE enabled for the app, which will use their implementation of it as part of the standard allocator instead.

                fid02 Seems like my problem is very similar to the Mullvad one where the app doesn't crash when hardened_malloc or MTE is disabled (crashes only happen with both enabled). After looking for patterns across 4 different crash logs, I found a common thread was this debugging message. I'll report this issue to the slack devs to see what they have to say.

                02-24 15:25:25.267 16574 16972 D CCodec  : [c2.android.mp3.decoder] buffers are bound to CCodec for this session
02-24 15:25:25.267 16574 16972 D CCodecConfig: no c2 equivalents for durationUs
02-24 15:25:25.267 16574 16972 D CCodecConfig: no c2 equivalents for track-id
02-24 15:25:25.267 16574 16972 D CCodecConfig: no c2 equivalents for encoder-delay
02-24 15:25:25.267 16574 16972 D CCodecConfig: no c2 equivalents for encoder-padding
02-24 15:25:25.267 16574 16972 D CCodecConfig: no c2 equivalents for flags
02-24 15:25:25.268 16574 16972 D CCodecConfig: c2 config diff is   c2::u32 raw.channel-count.value = 1
02-24 15:25:25.269 16574 16972 D CCodec  : encoding statistics level = 0
02-24 15:25:25.269 16574 16972 D CCodec  : setup formats input: AMessage(what = 0x00000000) = {
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t bitrate = 64000
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t channel-count = 1
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t max-input-size = 8192
02-24 15:25:25.269 16574 16972 D CCodec  :   string mime = "audio/mpeg"
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t sample-rate = 44100
02-24 15:25:25.269 16574 16972 D CCodec  : }
02-24 15:25:25.269 16574 16972 D CCodec  : setup formats output: AMessage(what = 0x00000000) = {
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t buffer-batch-max-output-size = 0
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t buffer-batch-threshold-output-size = 0
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t channel-count = 1
02-24 15:25:25.269 16574 16972 D CCodec  :   string mime = "audio/raw"
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t sample-rate = 44100
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t encoder-delay = 576
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t encoder-padding = 0
02-24 15:25:25.269 16574 16972 D CCodec  :   int32_t android._config-pcm-encoding = 2
02-24 15:25:25.269 16574 16972 D CCodec  : }
02-24 15:25:25.269 16574 16972 I CCodecConfig: query failed after returning 8 values (BAD_INDEX)
02-24 15:25:25.271 16574 16972 D CCodecBufferChannel: [c2.android.mp3.decoder#550] Created input block pool with allocatorID 16 => poolID 18 - OK (0)
02-24 15:25:25.273 16574 16972 I CCodecBufferChannel: [c2.android.mp3.decoder#550] Created output block pool with allocatorID 16 => poolID 877 - OK
02-24 15:25:25.273 16574 16972 D CCodecBufferChannel: [c2.android.mp3.decoder#550] Configured output block pool ids 877 => OK
02-24 15:25:25.280 16574 16972 W com.Slack: AIBinder_linkToDeath is being called with a non-null cookie and no onUnlink callback set. This might not be intended. AIBinder_DeathRecipient_setOnUnlinked should be called first.
02-24 15:25:25.305 16574 16972 D CCodecBufferChannel: [c2.android.mp3.decoder#550] MediaCodec discarded an unknown buffer
02-24 15:25:25.306 16574 16972 D CCodecBufferChannel: [c2.android.mp3.decoder#550] MediaCodec discarded an unknown buffer