Found a crash in NXP's android automotive 12.1, but I can't found similar bugs in Google's issue tracker.
I this issue is related to NXP's version of linux kernel 5.15.52 which contains Speculative page fault code https://vulners.com/zdt/1337DAY-ID-38248
soc:imx8qm mek board
linux: 5.15.52
Also I can't update the linux kernel to the official 5.15.147 which also contains android necessary code, but they are very different.
5.15.147 doesn't contain such speculating code.
keys'
Revision: '0'
ABI: 'arm64'
Timestamp: 2023-09-30 23:11:47.683850875+0300
Process uptime: 1954s
Cmdline: com.siriusxm.aaos.coreapp
pid: 32038, tid: 32169, name: LINEAR_TUNER_SC >>> com.siriusxm.aaos.coreapp <<<
uid: 1010089
tagged_addr_ctrl: 0000000000000001
signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: 'stack corruption detected (-fstack-protector)'
x0 0000000000000000 x1 0000000000007da9 x2 0000000000000006 x3 0000e22a045112c0
x4 0000000000808080 x5 0000000000808080 x6 0000000000808080 x7 8080808080808080
x8 00000000000000f0 x9 0000e22cd97b80b0 x10 ffffff00fffffbdf x11 0000000000000001
x12 0101010101010101 x13 000000007fffffff x14 000000000130d226 x15 0000000000000030
x16 0000e22cd9858050 x17 0000e22cd9834600 x18 0000e22a035a0000 x19 00000000000000ac
x20 0000000000007d26 x21 00000000000000b2 x22 0000000000007da9 x23 00000000ffffffff
x24 00000000705d1e78 x25 0000e22a04513000 x26 0000e22a00080401 x27 00000000132c0000
x28 0000e22a43bcdf00 x29 0000e22a04511340
lr 0000e22cd97e5dfc sp 0000e22a045112a0 pc 0000e22cd97e5e2c pst 0000000000000000
backtrace:
#00 pc 000000000004fe2c /apex/com.android.runtime/lib64/bionic/libc.so (abort+180) (BuildId: 3e4fc6e0e3a1107f79585e6a0d01cd6e)
#01 pc 0000000000064c0c /apex/com.android.runtime/lib64/bionic/libc.so (__stack_chk_fail+20) (BuildId: 3e4fc6e0e3a1107f79585e6a0d01cd6e)
#02 pc 0000000000299184 /apex/com.android.art/lib64/libart.so (art::ArtMethod* art::ClassLinker::ResolveMethod<(art::ClassLinker::ResolveMode)1>(art::Thread*, unsigned int, art::ArtMethod*, art::InvokeType)+1708) (BuildId: a58418848f7810dec1091c887082176d)
#03 pc 0000000000757974 /apex/com.android.art/lib64/libart.so (MterpInvokeVirtual+380) (BuildId: a58418848f7810dec1091c887082176d)
#04 pc 0000000000203814 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: a58418848f7810dec1091c887082176d)
#05 pc 000000000007e728 /product/priv-app/SXM_AAOS_DEBUG/SXM_AAOS_DEBUG.apk (com.siriusxm.aaos.coreapp.model.impl.SXMCoreModelBase.updateArg+12)
#06 pc 00000000003d98e0 /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool)+304) (BuildId: a58418848f7810dec1091c887082176d)
#07 pc 00000000003e1254 /apex/com.android.art/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+204) (BuildId: a58418848f7810dec1091c887082176d)
#08 pc 00000000003e26ac /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<false, true>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+1676) (BuildId: a58418848f7810dec1091c887082176d)
#09 pc 0000000000758058 /apex/com.android.art/lib64/libart.so (MterpInvokeVirtual+2144) (BuildId: a58418848f7810dec1091c887082176d)
#10 pc 0000000000203814 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: a58418848f7810dec1091c887082176d)
#11 pc 000000000007e8cc /product/priv-app/SXM_AAOS_DEBUG/SXM_AAOS_DEBUG.apk (com.siriusxm.aaos.coreapp.model.impl.SXMCoreModelBase.updateArg+48)
#12 pc 00000000003d98e0 /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool)+304) (BuildId: a58418848f7810dec1091c887082176d)
#13 pc 000000000074649c /apex/com.android.art/lib64/libart.so (artQuickToInterpreterBridge+780) (BuildId: a58418848f7810dec1091c887082176d)
#14 pc 0000000000222378 /apex/com.android.art/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: a58418848f7810dec1091c887082176d)
#15 pc 00000000025133f4 /memfd:jit-cache (deleted) (com.siriusxm.aaos.coreapp.model.impl.SXMCoreModelImageTextBase.setText+244)
#16 pc 000000000243bb8c /memfd:jit-cache (deleted) (com.siriusxm.aaos.coreapp.data.items.ImageTextItemBase.loadModel+748)
#17 pc 000000000245d798 /memfd:jit-cache (deleted) (com.siriusxm.aaos.coreapp.data.containers.DataContainerBase.loadModel+216)
#18 pc 000000000225f750 /memfd:jit-cache (deleted) (com.siriusxm.aaos.coreapp.data.processor.DataContainerHelper.updateModel+672)
#19 pc 00000000026630a0 /memfd:jit-cache (deleted) (com.siriusxm.aaos.coreapp.data.processor.DataContainerHelper.lambda$updateModel$1$com-siriusxm-aaos-coreapp-data-processor-DataContainerHelper+80)
#20 pc 0000000002662fec /memfd:jit-cache (deleted) (com.siriusxm.aaos.coreapp.data.processor.DataContainerHelper$$ExternalSyntheticLambda1.run+76)
#21 pc 0000000002662ae0 /memfd:jit-cache (deleted) (io.reactivex.rxjava3.core.Scheduler$DisposeTask.run+144)
#22 pc 0000000002557358 /memfd:jit-cache (deleted) (io.reactivex.rxjava3.internal.schedulers.ExecutorScheduler$ExecutorWorker$InterruptibleRunnable.run+296)
#23 pc 000000000234cef4 /memfd:jit-cache (deleted) (io.reactivex.rxjava3.internal.schedulers.ExecutorScheduler$ExecutorWorker.runEager+228)
#24 pc 0000000002556fb0 /memfd:jit-cache (deleted) (io.reactivex.rxjava3.internal.schedulers.ExecutorScheduler$ExecutorWorker.run+80)
#25 pc 0000000002239ac4 /memfd:jit-cache (deleted) (java.util.concurrent.ThreadPoolExecutor.runWorker+436)
#26 pc 0000000000218c7c /apex/com.android.art/lib64/libart.so (art_quick_osr_stub+60) (BuildId: a58418848f7810dec1091c887082176d)
#27 pc 000000000040bee0 /apex/com.android.art/lib64/libart.so (art::jit::Jit::MaybeDoOnStackReplacement(art::Thread*, art::ArtMethod*, unsigned int, int, art::JValue*)+344) (BuildId: a58418848f7810dec1091c887082176d)
#28 pc 0000000000769ca8 /apex/com.android.art/lib64/libart.so (MterpMaybeDoOnStackReplacement+208) (BuildId: a58418848f7810dec1091c887082176d)
#29 pc 0000000000208350 /apex/com.android.art/lib64/libart.so (MterpHelpers+240) (BuildId: a58418848f7810dec1091c887082176d)
#30 pc 000000000020d3ce /apex/com.android.art/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor.runWorker+190)
#31 pc 00000000007583d4 /apex/com.android.art/lib64/libart.so (MterpInvokeVirtual+3036) (BuildId: a58418848f7810dec1091c887082176d)
#32 pc 0000000000203814 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: a58418848f7810dec1091c887082176d)
#33 pc 000000000020c164 /apex/com.android.art/javalib/core-oj.jar (java.util.concurrent.ThreadPoolExecutor$Worker.run+4)
#34 pc 000000000075e530 /apex/com.android.art/lib64/libart.so (MterpInvokeInterface+3152) (BuildId: a58418848f7810dec1091c887082176d)
#35 pc 0000000000203a14 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: a58418848f7810dec1091c887082176d)
#36 pc 00000000000eda70 /apex/com.android.art/javalib/core-oj.jar (java.lang.Thread.run+8)
#37 pc 00000000003d98e0 /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool)+304) (BuildId: a58418848f7810dec1091c887082176d)
#38 pc 000000000074649c /apex/com.android.art/lib64/libart.so (artQuickToInterpreterBridge+780) (BuildId: a58418848f7810dec1091c887082176d)
#39 pc 0000000000222378 /apex/com.android.art/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: a58418848f7810dec1091c887082176d)
#40 pc 0000000000218964 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: a58418848f7810dec1091c887082176d)
#41 pc 00000000002851f0 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+184) (BuildId: a58418848f7810dec1091c887082176d)
#42 pc 0000000000628a0c /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+460) (BuildId: a58418848f7810dec1091c887082176d)
#43 pc 0000000000678470 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1184) (BuildId: a58418848f7810dec1091c887082176d)
#44 pc 00000000000b3338 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264) (BuildId: 3e4fc6e0e3a1107f79585e6a0d01cd6e)
#45 pc 00000000000516c8 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 3e4fc6e0e3a1107f79585e6a0d01cd6e)
Hello,
The official NXP kernel 5.15.52 but if you want to upgrade we have the 5.10.72v, the version 5.14.147 has not support from NXP.
regards