signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) - crash with armeabi-v7a (ARM 32-bit) #106510

doc-rj-ebay · 2022-06-23T18:08:05Z

Steps to Reproduce

App crashes during launch on some devices with armeabi-v7a (ARM 32-bit) only. This crash started happening after upgrading to Flutter 3.

Crash Traces

Firebase Crashlytics does not pick up this crash, and the Play console's output is limited, but here it is:

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> com.ebay.motorsapp <<<

backtrace:
  #00  pc 0000000000a7409c  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000dced20  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000dcec98  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000001618b3c  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000ab563c  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000ab6df0  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000ab70a8  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000ab73f8  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000001101530  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000001100c24  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000ab60c4  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000ab68b8  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000ab6998  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 000000000161de9c  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000001622c8c  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 000000000161dbf0  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 00000000010f7e88  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 00000000010f7d80  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 00000000010f7d50  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000a75c54  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libapp.so (offset 0x1000)
  #00  pc 0000000000468279  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libflutter.so (offset 0x16aa000)
  #00  pc 000000000017abfd  /data/app/com.ebay.motorsapp-fD3CyntEkOFjDXfKSJWsBg==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libflutter.so (offset 0x16aa000)

Here's another example of a crash after reproducing in Firebase Test Lab -- we believe it's a similar (or same) crash as above:

06-22 11:07:01.115: A/libc(18851): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x36 in tid 18927 (1.ui)
06-22 11:07:01.170: A/DEBUG(316): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-22 11:07:01.171: A/DEBUG(316): Build fingerprint: 'motorola/harpia/harpia:6.0.1/MPIS24.241-2.50-16/16:user/release-keys'
06-22 11:07:01.171: A/DEBUG(316): Revision: 'p1b0'
06-22 11:07:01.171: A/DEBUG(316): ABI: 'arm'
06-22 11:07:01.171: A/DEBUG(316): pid: 18851, tid: 18927, name: 1.ui  >>> com.ebay.motorsapp <<<
06-22 11:07:01.171: A/DEBUG(316): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x36
06-22 11:07:01.194: A/DEBUG(316):     r0 9a366639  r1 a0e09eb4  r2 0000037a  r3 9a366644
06-22 11:07:01.195: A/DEBUG(316):     r4 00000002  r5 9ce0bee9  r6 9eb8e3d9  r7 9de89004
06-22 11:07:01.195: A/DEBUG(316):     r8 00000037  r9 a142efb9  sl b897ea70  fp a0e09e08
06-22 11:07:01.195: A/DEBUG(316):     ip 0000000a  sp a0e09df4  lr 00000004  pc 9fe6909c  cpsr 200d0010
06-22 11:07:01.196: A/DEBUG(316): backtrace:
06-22 11:07:01.196: A/DEBUG(316):     #00 pc 0000009c  /data/app/com.ebay.motorsapp-1/split_config.armeabi_v7a.apk (offset 0xa75000)
06-22 11:07:01.196: A/DEBUG(316):     #01 pc 00000000  <unknown>

We cannot provide a minimal reproducible sample as we don't know how to reproduce the crash code-wise, it happens immediately during app launch, and it appears to be a low level issue.

summary:

Flutter 3.0.1 • channel stable • https://github.com/flutter/flutter.git
Framework • revision fb57da5f94 (3 weeks ago) • 2022-05-19 15:50:29 -0700
Engine • revision caaafc5604
Tools • Dart 2.17.1 • DevTools 2.12.2

flutter doctor -v:

The output below is a close match to the CI env, the only difference being the Android toolchain SDK version was actually 29.0.3 not 30.0.3.

[✓] Flutter (Channel stable, 3.0.1, on macOS 11.6.5 20G527 darwin-x64, locale en-US)
    • Flutter version 3.0.1 at /Users/<redacted>/Library/code/flutter
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision fb57da5f94 (5 weeks ago), 2022-05-19 15:50:29 -0700
    • Engine revision caaafc5604
    • Dart version 2.17.1
    • DevTools version 2.12.2

[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
    • Android SDK at /Users/<redacted>/Library/Android/sdk/
    • Platform android-31, build-tools 30.0.3
    • ANDROID_SDK_ROOT = /Users/<redacted>/Library/Android/sdk/
    • Java binary at: /Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 11.0.10+0-b96-7281165)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 13.2.1)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • CocoaPods version 1.11.2

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 2020.3)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 11.0.10+0-b96-7281165)

[✓] VS Code (version 1.68.1)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension version 3.42.0

[✓] Connected device (3 available)
    • iPhone 13 Pro Max (mobile) • B4223F7B-0519-4337-859A-D188D3F8034B • ios            •
      com.apple.CoreSimulator.SimRuntime.iOS-15-2 (simulator)
    • macOS (desktop)            • macos                                • darwin-x64     • macOS 11.6.5 20G527 darwin-x64
    • Chrome (web)               • chrome                               • web-javascript • Google Chrome 102.0.5005.115

[✓] HTTP Host Availability
    • All required HTTP hosts are available

• No issues found!

The text was updated successfully, but these errors were encountered:

mraleph · 2022-06-23T23:01:18Z

Are you able to reproduce this?

It would help to get some disassembly around the location of the crash for a few top frames.

If possible it would help to get libapp.so which is crashing. (Alternatively if you tell me exact app version I should be able to download the APK from the Store and get libapp.so this way).

/cc @mkustermann @alexmarkov

iarredondocastro · 2022-06-24T02:29:08Z

The exact app version is eBay Motors 2.37.0 (45869). We've pushed a couple of hot fixes for that version in hopes to suppress this via other approaches (e.g. split apk's and fat apk's), so if not readily accessible, pls let us know and we can find a way to provide the original aab.

doc-rj-ebay · 2022-06-24T03:33:28Z

We can also reproduce the issue at will if needed. However, as @iarredondocastro said, version 2.37.0 (45869) is the version to try to grab from the Store (though it's not the latest). That version was published in Android App Bundle format. Note that the same crash also happened when using split APK's with app version 2.37.1, and apparently also with the fat APK in app version 2.37.2.

doc-rj-ebay · 2022-06-24T03:39:54Z

I forgot to mention previously -- the crash doesn't happen in debug mode, only in release builds.

doc-rj-ebay · 2022-06-27T03:38:02Z

@mraleph I reproduced the crash and used llvm-objdump to attempt some disassembly around the top few frames. Please let me know if you need something else.

The trace was like this:

Build fingerprint: 'google/sunfish/sunfish:12/SP2A.220505.002/8353555:user/release-keys'
#00 0x00a7409c /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
                                                                                                                   _kDartVmSnapshotInstructions
                                                                                                                   ??:0:0
#01 0x00dcec08 /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
                                                                                                                   _kDartIsolateSnapshotInstructions
                                                                                                                   ??:0:0
#02 0x00dceb80 /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
                                                                                                                   _kDartIsolateSnapshotInstructions
                                                                                                                   ??:0:0

And the llvm-objdump disassembly:

$ llvm-objdump --disassemble --start-address=0xa74080 --stop-address=0xa740b0 symbols/armeabi-v7a/libapp.so

symbols/armeabi-v7a/libapp.so:	file format elf32-littlearm

Disassembly of section .text:

00a74000 <_kDartVmSnapshotInstructions>:
  a74080: 0b 30 80 e2 0f 00 00 ea         .0......
  a74088: 04 80 b1 e5 82 80 83 e7         ........
  a74090: 01 00 18 e3 0b 00 00 0a         ........
  a74098: 01 c0 50 e5 01 e0 58 e5         ..P...X.
  a740a0: 2c c1 0e e0 20 e0 9a e5         ,... ...
  a740a8: 0e 00 1c e1 05 00 00 0a         ........

$ llvm-objdump --disassemble --start-address=0xdcec00 --stop-address=0xdcec20 symbols/armeabi-v7a/libapp.so

symbols/armeabi-v7a/libapp.so:	file format elf32-littlearm

Disassembly of section .text:

00a77b60 <_kDartIsolateSnapshotInstructions>:
  dcec00: 09 9a 85 e2 fb 99 99 e5         ........
  dcec08: 3e ff 2f e1 04 d0 8d e2         >./.....
  dcec10: 00 20 a0 e1 50 10 1b e5         . ..P...
  dcec18: 0b 00 81 e5 01 00 10 e3         ........

$ llvm-objdump --disassemble --start-address=0xdceb70 --stop-address=0xdceb90 symbols/armeabi-v7a/libapp.so

symbols/armeabi-v7a/libapp.so:	file format elf32-littlearm

Disassembly of section .text:

00a77b60 <_kDartIsolateSnapshotInstructions>:
  dceb70: 70 90 9a e5 00 42 2d e9         p....B-.
  dceb78: 47 40 95 e5 1b 20 90 e5         G@... ..
  dceb80: 32 ff 2f e1 0c d0 8d e2         2./.....
  dceb88: 04 10 1b e5 74 c0 9a e5         ....t...

mraleph · 2022-06-27T13:59:14Z

@doc-rj-ebay Thanks! I have started to look at this (managed to download version 45869).

Do you happen to have original symbols or DWARF debug information for lib/armeabi-v7a/libapp.so? It would be nice to know which function the crash PC (0xa7409c) falls into as well as other functions in the stack (0000000000dced20, 0000000000dcec98). (e.g. is this some function in Flutter framework, your function, Dart core, etc). That would help us to identify potential ways to this.

What kind of devices does this reproduce on? Any non-ARM64 device?

What I can gather from looking at the disassembly and the crash dump from the first comment is that we hit noSuchMethod (or more specifically we hit NoSuchMethodDispatcher stub) which attempts to collect all invocation arguments into an array but crashes because it hits an untagged integer (which it is not supposed to hit, value in R8) - and the reason it hits bogus value on the stack is due to number of arguments being bogus (value in R2) - it is unrealistically large (the caller is doing a dynamic call with 1 argument (receiver)).

doc-rj-ebay · 2022-06-27T14:45:31Z

Thank you @mraleph! It's only reproducible with the armeabi-v7a variant. This last one (with llvm-objdump) was on my Pixel 4a after installing like this:

adb install --abi armeabi-v7a app-release.apk

I'll send to your email what I believe to be the so with symbols for the same trace. It was taken from: build/app/intermediates/merged_native_libs/release/out/lib/armeabi-v7a/

Note that these symbols may not match the trace in the original comment, as I rebuilt locally after enabling ndk symbols in build.gradle.

doc-rj-ebay · 2022-06-27T17:20:01Z

Also, if it helps, this was the fuller logcat dump from the crash mentioned in this comment.

06-26 13:34:28.429 14173 14173 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-26 13:34:28.429 14173 14173 F DEBUG   : Build fingerprint: 'google/sunfish/sunfish:12/SP2A.220505.002/8353555:user/release-keys'
06-26 13:34:28.429 14173 14173 F DEBUG   : Revision: 'MP1.0'
06-26 13:34:28.429 14173 14173 F DEBUG   : ABI: 'arm'
06-26 13:34:28.429 14173 14173 F DEBUG   : Timestamp: 2022-06-26 13:34:28.124270133-0500
06-26 13:34:28.429 14173 14173 F DEBUG   : Process uptime: 0s
06-26 13:34:28.429 14173 14173 F DEBUG   : Cmdline: com.ebay.motorsapp
06-26 13:34:28.429 14173 14173 F DEBUG   : pid: 14064, tid: 14113, name: 1.ui  >>> com.ebay.motorsapp <<<
06-26 13:34:28.430 14173 14173 F DEBUG   : uid: 10639
06-26 13:34:28.430 14173 14173 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x36
06-26 13:34:28.430 14173 14173 F DEBUG   : Cause: null pointer dereference
06-26 13:34:28.430 14173 14173 F DEBUG   :     r0  be0f5fb9  r1  c479873c  r2  00000013  r3  be0f5fc4
06-26 13:34:28.430 14173 14173 F DEBUG   :     r4  00000002  r5  c058bee9  r6  c1f0e3d9  r7  c1412afc
06-26 13:34:28.430 14173 14173 F DEBUG   :     r8  00000037  r9  c4edffb9  r10 f38c8b80  r11 c4798698
06-26 13:34:28.430 14173 14173 F DEBUG   :     ip  0000000a  sp  c4798684  lr  00000004  pc  c358a09c
06-26 13:34:28.430 14173 14173 F DEBUG   : backtrace:
06-26 13:34:28.430 14173 14173 F DEBUG   :       #00 pc 00a7409c  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #01 pc 00dcec08  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #02 pc 00dceb80  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #03 pc 01614114  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #04 pc 00ab553c  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #05 pc 00ab6cf0  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #06 pc 00ab6fa8  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #07 pc 00ab72f8  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #08 pc 01101464  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #09 pc 01100b58  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #10 pc 00ab5fc4  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #11 pc 00ab67b8  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #12 pc 00ab6898  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #13 pc 0161c424  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #14 pc 016215c0  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #15 pc 0161bda0  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #16 pc 010f7dbc  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #17 pc 010f7cb4  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #18 pc 010f7c84  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #19 pc 00a75c54  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libapp.so (BuildId: dc6f1de00a2236cf2bfa29fa186d12de)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #20 pc 00469279  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libflutter.so (BuildId: 6d5c0c17f622313c6a81b6a87bcf76d169c28282)
06-26 13:34:28.430 14173 14173 F DEBUG   :       #21 pc 0017bbfd  /data/app/~~aJJNfx47f71b3c65GSgDQg==/com.ebay.motorsapp-PeBwFcjYmVRrOSMaZ39WIw==/lib/arm/libflutter.so (BuildId: 6d5c0c17f622313c6a81b6a87bcf76d169c28282)
06-26 13:34:28.451   864   864 E tombstoned: Tombstone written to: tombstone_08

mraleph · 2022-06-28T12:17:08Z

I think I know what is going on. Stub AllocateArray is expected to preserve its input registers, but there is an uncommon path inside that stub which clobbers these registers. I am gonna make a fix.

coreysprague · 2022-06-29T22:56:19Z

We were able to track down the particular code that triggered this scenario and were able to work around it. In particular... invoking an asynchronous write in the flutter_localstorage package during the first build cycle of the Widget tree seemed to trigger this. If we added artificial delays to this write, the crash did not occur. We ended up workin around it a different way, but sharing in case it is helpful.

We wondered if it had something to do with this in particular: https://github.com/lesnitsky/flutter_localstorage/blob/master/lib/src/directory/directory.dart

mraleph · 2022-06-30T06:38:41Z

@coreysprague this is just a coincidence. You need to hit noSuchMethod on some object in a very specific moment of time for this crash to manifest.

It was calling EnsureIsNewOrRemembered on the slow path which was forgetting to preserve registers around a runtime call. Fixes flutter/flutter#106510 TEST=vm/dart{,_2}/flutter_regress_106510 Cq-Include-Trybots: luci.dart.try:vm-kernel-linux-release-simarm-try,vm-kernel-precomp-linux-release-simarm-try Change-Id: I621e392304fcd1fd643c009fbcde3f88b6f19b7f Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/250168 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Slava Egorov <vegorov@google.com>

mraleph · 2022-07-05T12:20:38Z

The fix has landed upstream and I have filed cherry-pick request for it.

This is a patch release that fixes: - Improve code completion for Flutter (issue [#49054][]). - Fix crash on ARM (issue [#106510][]). - Fix compiler crash with Finalizable parameters (issue [#49402][]). [#49054]: #49054 [#106510]: flutter/flutter#106510 [#49402]: #49402 Change-Id: I9a814603d9793b75b764fd0f384e89017e773c50 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/251109 Reviewed-by: Alexander Thomas <athom@google.com> Commit-Queue: William Hesse <whesse@google.com>

It was calling EnsureIsNewOrRemembered on the slow path which was forgetting to preserve registers around a runtime call. Fixes flutter/flutter#106510 TEST=vm/dart{,_2}/flutter_regress_106510 Cq-Include-Trybots: luci.dart.try:vm-kernel-linux-release-simarm-try,vm-kernel-precomp-linux-release-simarm-try Change-Id: I621e392304fcd1fd643c009fbcde3f88b6f19b7f Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/250168 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Slava Egorov <vegorov@google.com>

This is a patch release that fixes: - Improve code completion for Flutter (issue [#49054][]). - Fix crash on ARM (issue [#106510][]). - Fix compiler crash with Finalizable parameters (issue [#49402][]). [#49054]: #49054 [#106510]: flutter/flutter#106510 [#49402]: #49402 Change-Id: I9a814603d9793b75b764fd0f384e89017e773c50 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/251109 Reviewed-by: Alexander Thomas <athom@google.com> Commit-Queue: William Hesse <whesse@google.com>

absar · 2022-07-14T21:16:25Z

Receiving this on Flutter stable 3.0.5, can it be related?
Devices on which it is occurring:
Pixel 2 (virtual), Android 9 (SDK 28) armeabi
Samsung Galaxy J7 Neo, Android 9 (SDK 28), armeabi-v7a

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'generic/gce_x86_phone/gce_x86:9/PGR1.190916.001/5877764:userdebug/test-keys'
Revision: '0'
ABI: 'x86'
pid: 8418, tid: 9354, name: 1.raster  >>> com.CHANGED.ABC <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'vendor/unbundled_google/libs/ndk_translation/ndk_translation/ir/include/ndk_translation/ir/ir.h:685: CHECK failed: IsAligned(offset, GetFormatSize(format))'
    eax 00000000  ebx 000020e2  ecx 0000248a  edx 00000006
    edi 000020e2  esi c50bab5c
    ebp c50bab28  esp c50baab8  eip ebce8be9
backtrace:
    #00 pc 00000be9  [vdso:ebce8000] (__kernel_vsyscall+9)
    #01 pc 0001fdf8  /system/lib/libc.so (syscall+40)
    #02 pc 00022e73  /system/lib/libc.so (abort+115)
    #03 pc 00006c84  /system/lib/liblog.so (__android_log_assert+292)
    #04 pc 0009f2b4  /system/lib/libndk_translation.so (ndk_translation::GetInsn::GetInsn(ndk_translation::IR*, ndk_translation::Format, unsigned int)+276)
    #05 pc 0009f100  /system/lib/libndk_translation.so (ndk_translation::IRBuilder::Get(ndk_translation::Format, unsigned int)+144)
    #06 pc 0009dd2e  /system/lib/libndk_translation.so (ndk_translation::(anonymous namespace)::InsnBuilder::Get(ndk_translation::Format, unsigned int)+46)
    #07 pc 000d0b4b  /system/lib/libndk_translation.so (ndk_translation::SemanticsDecoder::VTBL(ndk_translation::VTBL_Args const&)+363)
    #08 pc 00100568  /system/lib/libndk_translation.so (ndk_translation::ArmDecoder::TranslateThumbInsn(unsigned short const*)+86104)
    #09 pc 0009c2b6  /system/lib/libndk_translation.so (ndk_translation::(anonymous namespace)::GenerateIRHelper(ndk_translation::CompilerHooks*, unsigned int, unsigned int, ndk_translation::IR*)+1142)
    #10 pc 0009be1f  /system/lib/libndk_translation.so (ndk_translation::GenerateIR(ndk_translation::CompilerHooks*, unsigned int, ndk_translation::IR*, unsigned int*)+47)
    #11 pc 0009bbdf  /system/lib/libndk_translation.so (ndk_translation::Compile(ndk_translation::CompilerHooks*, unsigned int, ndk_translation::GuestCodeEntry*, unsigned int*, ndk_translation::MachineCode*)+143)
    #12 pc 0007a0da  /system/lib/libndk_translation.so (ndk_translation::(anonymous namespace)::Translate(ndk_translation::TranslationCache*, unsigned int, ndk_translation::GuestCodeEntry*)+378)
    #13 pc 00079f1c  /system/lib/libndk_translation.so (ndk_translation_HandleNotTranslated+300)
    #14 pc 0018db57  /system/lib/libndk_translation.so

github-actions · 2022-07-28T22:00:56Z

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.

mraleph mentioned this issue Jul 5, 2022

[CP] Avoid clobbering array length in AllocateArray stub on ARM dart-lang/sdk#49398

Closed

mraleph closed this as completed Jul 5, 2022

github-actions bot locked as resolved and limited conversation to collaborators Jul 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) - crash with armeabi-v7a (ARM 32-bit) #106510

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) - crash with armeabi-v7a (ARM 32-bit) #106510

doc-rj-ebay commented Jun 23, 2022 •

edited

mraleph commented Jun 23, 2022

iarredondocastro commented Jun 24, 2022

doc-rj-ebay commented Jun 24, 2022

doc-rj-ebay commented Jun 24, 2022

doc-rj-ebay commented Jun 27, 2022

mraleph commented Jun 27, 2022

doc-rj-ebay commented Jun 27, 2022

doc-rj-ebay commented Jun 27, 2022

mraleph commented Jun 28, 2022

coreysprague commented Jun 29, 2022

mraleph commented Jun 30, 2022

mraleph commented Jul 5, 2022

absar commented Jul 14, 2022

github-actions bot commented Jul 28, 2022

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) - crash with armeabi-v7a (ARM 32-bit) #106510

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) - crash with armeabi-v7a (ARM 32-bit) #106510

Comments

doc-rj-ebay commented Jun 23, 2022 • edited

Steps to Reproduce

Crash Traces

mraleph commented Jun 23, 2022

iarredondocastro commented Jun 24, 2022

doc-rj-ebay commented Jun 24, 2022

doc-rj-ebay commented Jun 24, 2022

doc-rj-ebay commented Jun 27, 2022

mraleph commented Jun 27, 2022

doc-rj-ebay commented Jun 27, 2022

doc-rj-ebay commented Jun 27, 2022

mraleph commented Jun 28, 2022

coreysprague commented Jun 29, 2022

mraleph commented Jun 30, 2022

mraleph commented Jul 5, 2022

absar commented Jul 14, 2022

github-actions bot commented Jul 28, 2022

doc-rj-ebay commented Jun 23, 2022 •

edited