Random signal 4 (SIGILL), code 1 (ILL_ILLOPC) only on Samsung devices

crf141 · February 14, 2022, 10:29am

When we execute fstatat syscall manually using a machine code from allocated memory a random crash occurred in the native C++ application. After a long time analyzing of the problem, the reason is still unknown to me.
This happens randomly and only on Samsung devices which is running on android 11 version. (Android 10 and 12 works as expected, at least I can`t reproduce it using my devices)

I noticed that a small timeout after memory allocation can resolve issue.

void* addr = mmap(NULL, instr_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0);
copy_memory(addr, instr, instr_size); // Copy syscall instruction to allocated memory
// Looks like a small usleep(100); timeout here can resolve the issue

We execute the following machine code:

d28009e8    mov x8, #0x4f // #79
d4000001    svc #0x0
00000000
00000000
d65f03c0    ret

And as result a random crash occurred:

Build fingerprint: 'samsung/z3sxeea/z3s:11/RP1A.200720.012/G988BXXSCDUJ5:user/release-keys'
Revision: '23'
ABI: 'arm64'
Timestamp: 2021-12-28 14:06:11+0200
pid: 28557, tid: 31727, name: AsyncTask #3  >>> com.meapay.pos.test.app <<<
uid: 10805
signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x710ebfb000 (*pc=0xd28009e8)
    x0  00000000ffffff9c  x1  0000006e4e750c10  x2  0000006d8fdbfdf8  x3  0000000000000000
    x4  000000710ebfb000  x5  0000006d8fdbf6a0  x6  0000006e5e708c50  x7  0000006e5e708c50
    x8  000000710ebfb000  x9  0000000000000000  x10 95bad00e5839dd5b  x11 0000000000000001
    x12 0000000000000000  x13 719f9b5af5885aa6  x14 93a3ca420a3b335f  x15 6c5c3fffffffffff
    x16 0000006d990a2410  x17 000000710f39b580  x18 0000006d8b97a000  x19 0000006f8e7a7c90
    x20 0000000000000000  x21 0000006f8e7a7c90  x22 0000006d8fdc5000  x23 0000006f8e7a7d48
    x24 0000006e14ffaa00  x25 0000006d8fdc5000  x26 00000000000000d1  x27 0000000000000000
    x28 0000000000000000  x29 0000006d8fdbf860
    lr  0000006d98214b84  sp  0000006d8fdbf800  pc  000000710ebfb000  pst 0000000060000000

backtrace:
      #00 pc 0000000000001000  <anonymous:710ebfa000>

memory near x4:

    000000710ebfafe0 0000000000000000 0000000000000000  ................
    000000710ebfaff0 0000000000000000 0000000000000000  ................
    000000710ebfb000 d4000001d28009e8 00000000d65f03c0  .........._.....

Tombstone file:
tombstone_30.zip (60.8 KB)

Could anyone tell me what can be for reason of this? Or maybe official issue already registered for similar issue?

SNS_1205 · February 15, 2022, 10:58am

Hi,
As we can see this is an known issue over internet.
https://blog.karatos.in/a?ID=01600-8e265068-5136-4dfc-a9c7-71a5c890bae5

Maximum pages indicated that it happened due to return statement of function.
Please check the return functions of your program. If you think the issue is only occurring with Samsung devices, then you can reach the Samsung Developer Support team with more details.

Thanks.

crf141 · February 18, 2022, 12:29pm

Yeah, this happens only on Samsung devices, today I got one report also from android 12.