MTE crash

Question

MTE crash

Glimpse7551 opened this issue 4 months ago · comments

Glimpse7551 commented 4 months ago

Short description

App crashes randomly when typing due to a memory safety violation caught by MTE extension implementation on GOS

Steps to reproduce

Happens during normal usage, not able to reproduce.

Crash log

type: logcat
osVersion: google/husky/husky:14/UQ1A.240205.004/2024022800:user/release-keys
packageName: dev.patrickgold.florisboard:86
buffers: main,system,crash,events
level: error

--------- beginning of crash
1709322113.089 738 881 F libc : Fatal signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x200d71a06cd4d81 in tid 881 (DefaultDispatch), pid 738 (old.florisboard)
1709322113.601 4925 4925 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
1709322113.601 4925 4925 F DEBUG : Build fingerprint: 'google/husky/husky:14/UQ1A.240205.004/2024022800:user/release-keys'
1709322113.601 4925 4925 F DEBUG : Revision: 'MP1.0'
1709322113.601 4925 4925 F DEBUG : ABI: 'arm64'
1709322113.601 4925 4925 F DEBUG : Timestamp: 2024-03-01 20:41:53.319447181+0100
1709322113.601 4925 4925 F DEBUG : Process uptime: 463s
1709322113.601 4925 4925 F DEBUG : Cmdline: dev.patrickgold.florisboard
1709322113.601 4925 4925 F DEBUG : pid: 738, tid: 881, name: DefaultDispatch >>> dev.patrickgold.florisboard <<<
1709322113.601 4925 4925 F DEBUG : uid: 10220
1709322113.601 4925 4925 F DEBUG : tagged_addr_ctrl: 000000000007fff7 (PR_TAGGED_ADDR_ENABLE, PR_MTE_TCF_SYNC, PR_MTE_TCF_ASYNC, mask 0xfffe)
1709322113.601 4925 4925 F DEBUG : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
1709322113.601 4925 4925 F DEBUG : signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0200d71a06cd4d81
1709322113.601 4925 4925 F DEBUG : x0 0000000013b564d4 x1 0200d71a06cd4d81 x2 0000000000000004 x3 0000d5e8b96b2eff
1709322113.601 4925 4925 F DEBUG : x4 0200d71a06cd4d85 x5 0000000013b564d8 x6 0000d5e8b9ac5e70 x7 0000000000000020
1709322113.601 4925 4925 F DEBUG : x8 0000000013b564c8 x9 b90abe8c17110000 x10 0000000000000000 x11 fff7ffffffffffff
1709322113.601 4925 4925 F DEBUG : x12 ffffffffffffffff x13 0000d911180e0050 x14 0000d911180e0220 x15 7ff7ebef9ffefebe
1709322113.601 4925 4925 F DEBUG : x16 0000d5e8b9e12ac0 x17 0000d931114aa1c0 x18 0000d5e88874c000 x19 0000000000000004
1709322113.601 4925 4925 F DEBUG : x20 0000000000000000 x21 0200d71a06cd4d81 x22 0900d6affbffc500 x23 0000000013b564c8
1709322113.601 4925 4925 F DEBUG : x24 0900d7df70910400 x25 0000000000000004 x26 0000d5e88a384040 x27 0000000000000000
1709322113.601 4925 4925 F DEBUG : x28 0000000013b564a8 x29 0000d5e88a34e810
1709322113.601 4925 4925 F DEBUG : lr 0000d5e8b9ac6208 sp 0000d5e88a34e7b0 pc 0000d931114aa214 pst 0000000080001000
1709322113.601 4925 4925 F DEBUG : 14 total frames
1709322113.601 4925 4925 F DEBUG : backtrace:
1709322113.601 4925 4925 F DEBUG : #00 pc 000000000005b214 /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy_aarch64_simd+84) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322113.601 4925 4925 F DEBUG : #1 pc 00000000004c6204 /apex/com.android.art/lib64/libart.so (art::JNI::SetByteArrayRegion(_JNIEnv*, _jbyteArray*, int, int, signed char const*)+916) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322113.601 4925 4925 F DEBUG : #2 pc 0000000000012004 /system/framework/arm64/boot-core-libart.oat (art_jni_trampoline+116) (BuildId: 19cb8f187c5dc4d4df9c93a147b39758dd5a5a15)
1709322113.601 4925 4925 F DEBUG : #3 pc 000000000028f5ec /system/framework/arm64/boot.oat (java.nio.DirectByteBuffer.get+236) (BuildId: 9c4cc7d173dae018a21ac61c0b6963e0e8aee7df)
1709322113.601 4925 4925 F DEBUG : #4 pc 0000000000177fb4 /system/framework/arm64/boot.oat ([DEDUPED]+52) (BuildId: 9c4cc7d173dae018a21ac61c0b6963e0e8aee7df)
1709322113.601 4925 4925 F DEBUG : #5 pc 0000000000c84748 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (dev.patrickgold.florisboard.ime.spelling.SpellingService$spellAsync$$inlined$getOrGenerateAsync$1.invokeSuspend+3336)
1709322113.601 4925 4925 F DEBUG : #6 pc 00000000007ba63c /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith+156)
1709322113.601 4925 4925 F DEBUG : #7 pc 00000000007c2134 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlinx.coroutines.DispatchedTask.run+1220)
1709322113.601 4925 4925 F DEBUG : #8 pc 00000000005f6ed0 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run+2416)
1709322113.601 4925 4925 F DEBUG : #9 pc 00000000002109a4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322113.601 4925 4925 F DEBUG : #10 pc 0000000000253b3c /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+172) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322113.601 4925 4925 F DEBUG : #11 pc 000000000069abc8 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1416) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322113.601 4925 4925 F DEBUG : #12 pc 00000000000d006c /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322113.602 4925 4925 F DEBUG : #13 pc 0000000000064db0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322113.602 4925 4925 F DEBUG : Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
1709322195.092 4941 5012 F libc : Fatal signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x900bf167c1e1a01 in tid 5012 (DefaultDispatch), pid 4941 (old.florisboard)
1709322195.526 5365 5365 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
1709322195.526 5365 5365 F DEBUG : Build fingerprint: 'google/husky/husky:14/UQ1A.240205.004/2024022800:user/release-keys'
1709322195.526 5365 5365 F DEBUG : Revision: 'MP1.0'
1709322195.526 5365 5365 F DEBUG : ABI: 'arm64'
1709322195.526 5365 5365 F DEBUG : Timestamp: 2024-03-01 20:43:15.312665157+0100
1709322195.526 5365 5365 F DEBUG : Process uptime: 82s
1709322195.526 5365 5365 F DEBUG : Cmdline: dev.patrickgold.florisboard
1709322195.526 5365 5365 F DEBUG : pid: 4941, tid: 5012, name: DefaultDispatch >>> dev.patrickgold.florisboard <<<
1709322195.526 5365 5365 F DEBUG : uid: 10220
1709322195.526 5365 5365 F DEBUG : tagged_addr_ctrl: 000000000007fff7 (PR_TAGGED_ADDR_ENABLE, PR_MTE_TCF_SYNC, PR_MTE_TCF_ASYNC, mask 0xfffe)
1709322195.526 5365 5365 F DEBUG : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
1709322195.526 5365 5365 F DEBUG : signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0900bf167c1e1a01
1709322195.526 5365 5365 F DEBUG : x0 0000000012e5145c x1 0900bf167c1e1a01 x2 0000000000000008 x3 0000be25900b2eff
1709322195.526 5365 5365 F DEBUG : x4 0900bf167c1e1a09 x5 0000000012e51464 x6 0000be25904c5e70 x7 0000000000000020
1709322195.526 5365 5365 F DEBUG : x8 0000000012e51450 x9 3d8b3efe0f543700 x10 0000000000000000 x11 c77dd2ecf7c8e81b
1709322195.526 5365 5365 F DEBUG : x12 c77dd3ecf7c8e81b x13 0000c1450e4e7270 x14 0000000000000027 x15 c77d52ecf788e01b
1709322195.526 5365 5365 F DEBUG : x16 0000be2590812ac0 x17 0000c15fc74b51c0 x18 0000be253aaa2000 x19 0000000000000008
1709322195.526 5365 5365 F DEBUG : x20 0000000000000000 x21 0900bf167c1e1a01 x22 0f00bee740e43200 x23 0000000012e51450
1709322195.526 5365 5365 F DEBUG : x24 0f00c015d3bcac00 x25 0000000000000008 x26 0000be253b503040 x27 0000000000000000
1709322195.526 5365 5365 F DEBUG : x28 0000000012e51430 x29 0000be253b4b1760
1709322195.526 5365 5365 F DEBUG : lr 0000be25904c6208 sp 0000be253b4b1700 pc 0000c15fc74b51fc pst 0000000080001000
1709322195.526 5365 5365 F DEBUG : 14 total frames
1709322195.526 5365 5365 F DEBUG : backtrace:
1709322195.526 5365 5365 F DEBUG : #00 pc 000000000005b1fc /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy_aarch64_simd+60) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322195.526 5365 5365 F DEBUG : #1 pc 00000000004c6204 /apex/com.android.art/lib64/libart.so (art::JNI::SetByteArrayRegion(_JNIEnv*, _jbyteArray*, int, int, signed char const*)+916) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322195.526 5365 5365 F DEBUG : #2 pc 0000000000012004 /system/framework/arm64/boot-core-libart.oat (art_jni_trampoline+116) (BuildId: 19cb8f187c5dc4d4df9c93a147b39758dd5a5a15)
1709322195.526 5365 5365 F DEBUG : #3 pc 000000000028f5ec /system/framework/arm64/boot.oat (java.nio.DirectByteBuffer.get+236) (BuildId: 9c4cc7d173dae018a21ac61c0b6963e0e8aee7df)
1709322195.526 5365 5365 F DEBUG : #4 pc 0000000000177fb4 /system/framework/arm64/boot.oat ([DEDUPED]+52) (BuildId: 9c4cc7d173dae018a21ac61c0b6963e0e8aee7df)
1709322195.526 5365 5365 F DEBUG : #5 pc 0000000000c84748 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (dev.patrickgold.florisboard.ime.spelling.SpellingService$spellAsync$$inlined$getOrGenerateAsync$1.invokeSuspend+3336)
1709322195.526 5365 5365 F DEBUG : #6 pc 00000000007ba63c /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith+156)
1709322195.526 5365 5365 F DEBUG : #7 pc 00000000007c2134 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlinx.coroutines.DispatchedTask.run+1220)
1709322195.527 5365 5365 F DEBUG : #8 pc 00000000005f6ed0 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run+2416)
1709322195.527 5365 5365 F DEBUG : #9 pc 00000000002109a4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322195.527 5365 5365 F DEBUG : #10 pc 0000000000253b3c /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+172) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322195.527 5365 5365 F DEBUG : #11 pc 000000000069abc8 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1416) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322195.527 5365 5365 F DEBUG : #12 pc 00000000000d006c /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322195.527 5365 5365 F DEBUG : #13 pc 0000000000064db0 /apex/com.android.runtime/lib64/bionic/libc.so (_start_thread+64) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322195.527 5365 5365 F DEBUG : Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
--------- beginning of main
1709322379.964 5372 5980 E libsigchain: reverting to orig_action for MTE SEGV, si_code 9
--------- switch to crash
1709322379.964 5372 5980 F libc : Fatal signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x300c4f98d2e3c01 in tid 5980 (DefaultDispatch), pid 5372 (old.florisboard)
--------- switch to main
1709322380.078 7283 7283 E cutils-trace: Error opening trace file: No such file or directory (2)
1709322380.244 7285 7285 E cutils-trace: Error opening trace file: No such file or directory (2)
--------- switch to crash
1709322380.399 7285 7285 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
1709322380.399 7285 7285 F DEBUG : Build fingerprint: 'google/husky/husky:14/UQ1A.240205.004/2024022800:user/release-keys'
1709322380.399 7285 7285 F DEBUG : Revision: 'MP1.0'
1709322380.399 7285 7285 F DEBUG : ABI: 'arm64'
1709322380.399 7285 7285 F DEBUG : Timestamp: 2024-03-01 20:46:20.193715297+0100
1709322380.399 7285 7285 F DEBUG : Process uptime: 185s
1709322380.400 7285 7285 F DEBUG : Cmdline: dev.patrickgold.florisboard
1709322380.400 7285 7285 F DEBUG : pid: 5372, tid: 5980, name: DefaultDispatch >>> dev.patrickgold.florisboard <<<
1709322380.400 7285 7285 F DEBUG : uid: 10220
1709322380.400 7285 7285 F DEBUG : tagged_addr_ctrl: 000000000007fff7 (PR_TAGGED_ADDR_ENABLE, PR_MTE_TCF_SYNC, PR_MTE_TCF_ASYNC, mask 0xfffe)
1709322380.400 7285 7285 F DEBUG : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
1709322380.400 7285 7285 F DEBUG : signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0300c4f98d2e3c01
1709322380.400 7285 7285 F DEBUG : x0 00000000144339e4 x1 0300c4f98d2e3c01 x2 0000000000000001 x3 0000c3c719cb2eff
1709322380.400 7285 7285 F DEBUG : x4 0300c4f98d2e3c02 x5 00000000144339e5 x6 0000c3c71a0c5e70 x7 0000000000000020
1709322380.400 7285 7285 F DEBUG : x8 00000000144339d8 x9 ffaff3278afaac00 x10 0000000000000000 x11 ffffffffbfffefff
1709322380.400 7285 7285 F DEBUG : x12 ffffffffbfffffff x13 0000c6e46ec74e80 x14 0000000000000000 x15 ffff7f9dbbff6ffd
1709322380.400 7285 7285 F DEBUG : x16 0000c3c71a412ac0 x17 0000c6f965eb61c0 x18 0000c3c6d8710000 x19 0000000000000001
1709322380.400 7285 7285 F DEBUG : x20 0000000000000000 x21 0300c4f98d2e3c01 x22 0b00c48c009df000 x23 00000000144339d8
1709322380.400 7285 7285 F DEBUG : x24 0a00c5bc1e0db000 x25 0000000000000001 x26 0000c3c6e8f3f040 x27 0000000000000000
1709322380.400 7285 7285 F DEBUG : x28 00000000144339b8 x29 0000c3c6e8f00740
1709322380.400 7285 7285 F DEBUG : lr 0000c3c71a0c6208 sp 0000c3c6e8f006e0 pc 0000c6f965eb6230 pst 0000000080001000
1709322380.400 7285 7285 F DEBUG : 14 total frames
1709322380.400 7285 7285 F DEBUG : backtrace:
1709322380.400 7285 7285 F DEBUG : #00 pc 000000000005b230 /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy_aarch64_simd+112) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322380.400 7285 7285 F DEBUG : #1 pc 00000000004c6204 /apex/com.android.art/lib64/libart.so (art::JNI::SetByteArrayRegion(_JNIEnv*, _jbyteArray*, int, int, signed char const*)+916) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322380.400 7285 7285 F DEBUG : #2 pc 0000000000012004 /system/framework/arm64/boot-core-libart.oat (art_jni_trampoline+116) (BuildId: 19cb8f187c5dc4d4df9c93a147b39758dd5a5a15)
1709322380.400 7285 7285 F DEBUG : #3 pc 000000000028f5ec /system/framework/arm64/boot.oat (java.nio.DirectByteBuffer.get+236) (BuildId: 9c4cc7d173dae018a21ac61c0b6963e0e8aee7df)
1709322380.400 7285 7285 F DEBUG : #4 pc 0000000000177fb4 /system/framework/arm64/boot.oat ([DEDUPED]+52) (BuildId: 9c4cc7d173dae018a21ac61c0b6963e0e8aee7df)
1709322380.400 7285 7285 F DEBUG : #5 pc 0000000000c84748 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (dev.patrickgold.florisboard.ime.spelling.SpellingService$spellAsync$$inlined$getOrGenerateAsync$1.invokeSuspend+3336)
1709322380.400 7285 7285 F DEBUG : #6 pc 00000000007ba63c /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith+156)
1709322380.400 7285 7285 F DEBUG : #7 pc 00000000007c2134 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlinx.coroutines.DispatchedTask.run+1220)
1709322380.400 7285 7285 F DEBUG : #8 pc 00000000005f6ed0 /data/app/~~yepQ6D1EAfZLE7Ei6a8H5Q==/dev.patrickgold.florisboard-by2TUhG_s6FnM85Rgs0gLA==/oat/arm64/base.odex (kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run+2416)
1709322380.400 7285 7285 F DEBUG : #9 pc 00000000002109a4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322380.400 7285 7285 F DEBUG : #10 pc 0000000000253b3c /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+172) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322380.400 7285 7285 F DEBUG : #11 pc 000000000069abc8 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1416) (BuildId: c22b326e6096e83d4bf6a46306969e5e)
1709322380.400 7285 7285 F DEBUG : #12 pc 00000000000d006c /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322380.400 7285 7285 F DEBUG : #13 pc 0000000000064db0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 8eda3c267ce40f77e6ad30c7ab3ef9f5)
1709322380.400 7285 7285 F DEBUG : Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
--------- switch to main
1709322381.714 7298 7298 E cutils-trace: Error opening trace file: No such file or directory (2)
1709322381.847 7298 7298 E dev.patrickgold.florisboard: Unable to find pattern file or unable to map it for am
1709322382.261 7298 7372 E cutils-trace: Error opening trace file: No such file or directory (2)

Patrick Goldinger · Answer 1 · Sun Mar 03 2024 00:23:27 GMT+0800 (China Standard Time)

The crash log indicates you are running v0.3.16, can you reproduce this randomly with the latest alpha release v0.4.0-alpha06?

Glimpse7551 · Answer 2 · Mon Mar 04 2024 17:11:08 GMT+0800 (China Standard Time)

The crash log indicates you are running v0.3.16, can you reproduce this randomly with the latest alpha release v0.4.0-alpha06?

Appears to be working fine on the alpha release

Patrick Goldinger · Answer 3 · Sun May 05 2024 22:25:51 GMT+0800 (China Standard Time)

As this crash seems to be resolved on the latest alpha/beta versions I'll close this issue.