instruction: 0.720
runtime: 0.146
syscall: 0.134



MTE reports false positive for "str" instruction with the SP as the base register.
Description of problem:
When PE executes "sp"-based store instruction with offset I got tag check fault exception. But according to arm spec. load or store that uses "sp" register should generate Tag Unchecked access.
Steps to reproduce:
Clang version: clang version 12.0.1. 
I compiled my code using "-target aarch64-linux -march=armv8+memtag -fsanitize=memtag" for Clang. Clang generates following code:
```
0000000000000c14 <test_func>:
     c14:       a9bc7bfd        stp     x29, x30, [sp, #-64]!
     c18:       f9000bf7        str     x23, [sp, #16]
     ...
```
Whole stack was mapped in translation tables as Tagged memory."SCTLR" register was configured to trigger synchronous exception on tag mismatch.
When cpu executes firs instruction "stp     x29, x30, [sp, #-64]!" I got tag check fault exception: "0b010001 When FEAT_MTE is implemented Synchronous Tag Check Fault":
ESR_EL1=0x96000051.

According to ARM specification load or store that uses "sp" register should generate Tag Unchecked access:
```
A Tag Unchecked access will be generated for a load or store that uses either of the following:
• A base register only, with the SP as the base register.
• A base register plus immediate offset addressing form, with the SP as the base register.
```
Looks like qemu erroneously generates tag mismatch exceptions for SP-based loads and stores with immediate offset.
Additional information: