Canvas.drawVertices() with valid input crashes OpenGL ES driver on Google Pixel 6 Pro

This issue has been created since 2022-11-23.

Steps to Reproduce

  1. Clone this minimal reproduction project: https://github.com/badlogic/flutter-mali-crash
  2. Run it in any mode (debug, release, profile) on a Google Pixel 6 Pro. Both Android 12, build SQ3A.220705.004 and Android 13, build TP1A.220624.0.21 are affected. Might also happen on other phone models with the same SoC/GPU driver.

Expected results:
The repro app should display 12 instances of a simple textured triangle mesh. Desktop output:

Screenshot 2022-11-23 at 13 42 04

Actual results:
The app crashes on a Google Pixel 6 Pro with the follwing stack trace:

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/raven/raven:13/TP1A.220624.021/8877034:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2022-11-23 19:29:37.310413491+0100
Process uptime: 66s
Cmdline: com.example.flutter_mali_crash
pid: 5391, tid: 5440, name: 1.raster  >>> com.example.flutter_mali_crash <<<
uid: 10298
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xb400007045e52000
    x0  0000005eff8fb000  x1  b400007045e51fc0  x2  0000000000000004  x3  0000005eff90b280
    x4  b400007045e52014  x5  0000005eff90b2d4  x6  430600084449c001  x7  4533d77a4409f8d1
    x8  4449c001ffffffff  x9  4416e44a42b9fff8  x10 ffffffff45334388  x11 42b9fff844533ffb
    x12 440c7fd443060008  x13 ffffffff45375f85  x14 000000000000000c  x15 b400006e98cc5188
    x16 0000006d67ecbb38  x17 000000702d8f1e20  x18 0000006d006e0000  x19 0000000000000000
    x20 0000000000000000  x21 b400006ee8c4a570  x22 0000005eff8fb000  x23 00000000000102d4
    x24 0000000000000000  x25 b400006ee8c4a570  x26 b400006ee8c4a570  x27 0000000000000cf1
    x28 0000000000000028  x29 b400006ce5910ff0
    lr  0000006d65ffb65c  sp  0000006d0093a790  pc  000000702d8f1ddc  pst 0000000020001000
backtrace:
      #00 pc 000000000004eddc  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+300) (BuildId: cbc4c62a9b269839456f1d7728d8411e)
      #01 pc 00000000007f6658  /vendor/lib64/egl/libGLES_mali.so (gles_vertexp_copy_client_buffers+120) (BuildId: ae75a6e293b6843d)
      #02 pc 0000000000822530  /vendor/lib64/egl/libGLES_mali.so (gles_vertex_prepare_nx+1200) (BuildId: ae75a6e293b6843d)
      #03 pc 00000000007fef90  /vendor/lib64/egl/libGLES_mali.so (gles_drawp_draw_common+1136) (BuildId: ae75a6e293b6843d)
      #04 pc 0000000000795380  /vendor/lib64/egl/libGLES_mali.so (gles2_draw_draw_range_elements+80) (BuildId: ae75a6e293b6843d)
      #05 pc 00000000017f6938  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #06 pc 000000000185dd88  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #07 pc 000000000185dc64  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #08 pc 00000000017ec6c8  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #09 pc 00000000017ec440  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #10 pc 00000000017ec9fc  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #11 pc 00000000016c4bec  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #12 pc 0000000001a12f60  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #13 pc 00000000018ed4f4  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #14 pc 00000000018ed490  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #15 pc 00000000019046cc  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #16 pc 0000000001903d88  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #17 pc 0000000001904b7c  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #18 pc 00000000019035c4  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #19 pc 0000000001903334  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #20 pc 0000000001910300  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #21 pc 00000000015e598c  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #22 pc 00000000015eb244  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #23 pc 0000000000011178  /system/lib64/libutils.so (android::Looper::pollOnce(int, int*, int*, void**)+808) (BuildId: 0b4a793fa8045c04066d988c68bac8bb)
      #24 pc 00000000000185e4  /system/lib64/libandroid.so (ALooper_pollOnce+100) (BuildId: 40e037fa2f0ad3b9aa4d871265e2bb7e)
      #25 pc 00000000015eb1cc  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #26 pc 00000000015e58e8  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #27 pc 00000000015e9844  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #28 pc 00000000000c14dc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: cbc4c62a9b269839456f1d7728d8411e)
      #29 pc 0000000000054930  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: cbc4c62a9b269839456f1d7728d8411e)

I did some digging based on the symbolicated stack trace (see below) and have a theory what's going on.

The repro app constructs a single Vertices instance from a bunch of typed arrays with native backing. I've traced the construction of the instance through native code.

Vertices.raw() calls into Vertices::init() in vertices.cc, which builds a DlVertices instances via the DlVertices::Builder class. All the atttribute arrays like positions, uvs, etc. are actually deep copied, so it's unlikely to be GC issues.

The native side vertices are eventually handed to the OpenGL ES driver through gles2_draw_draw_range_elements(), which crashes in memcpy().

I assume the Flutter engine is batching Vertices instances that have the same Paint and vertex attributes. memcpy() on AARCH64 is notorious for being really picky about memory alignement. My guess is that somewhere in the batching process, the alignement goes bad, the batched vertices/indices are passed to the OpenGL ES driver through gles2_draw_draw_range_elements() and memcpy() says "no can do".

This is somewhat supported by the fact, that the crash does not happen if the dart side Vertices are rendered less than 12 times. On the other hand, the same alignement would likely happen on my other Android devices, so either their memcpy() version is more lenient, or my theory is wrong :)

Code sample A minimal reproduction sample can be found here: https://github.com/badlogic/flutter-mali-crash

The sample loads mesh data from a text file and converts it to a Vertices instance. It also loads an image and constructs an ImageShader based Paint from it. It then proceeds to render the vertices instance 12 times at random locations on the screen via Canvas.drawVertices().

The app uses Flame to minimize the LOC count. Flame itself does not interfere with the rendering in any meaningful way other than setting a transform on the Canvas instance used for rendering.

import 'dart:convert';
import 'dart:math';
import 'dart:typed_data';
import 'dart:ui' as ui;

import 'package:flame/game.dart';
import 'package:flutter/services.dart';
import 'package:flutter/material.dart';
import 'package:flutter/painting.dart' as painting;

void main() {
  runApp(const MyApp());
}

class MaliCrash extends FlameGame {
  late ui.Image _texture;
  late Paint _paint;
  late ui.Vertices _vertices;
  late List<Vector2> _positions = [];

  Future<void> _loadPaint() async {
    final imageData = (await rootBundle.load("assets/spineboy.png")).buffer.asUint8List();
    final codec = await ui.instantiateImageCodec(imageData);
    final frameInfo = await codec.getNextFrame();
    _texture = frameInfo.image;
    _paint = Paint()
      ..shader = ImageShader(_texture, TileMode.clamp, TileMode.clamp, Matrix4.identity().storage, filterQuality: FilterQuality.high)
      ..isAntiAlias = true;
  }

  Future<void> _loadVertices() async {
    final lines = LineSplitter().convert(await rootBundle.loadString("assets/spineboy.mesh"));
    final numVertices = int.parse(lines[0]);
    final numIndices = int.parse(lines[1]);
    final positions = Float32List(numVertices * 2);
    final uvs = Float32List(numVertices * 2);
    final colors = Int32List(numVertices);
    final indices = Uint16List(numIndices);
    int idx = 2;
    for (int i = 0; i < numVertices * 2; i++) {
      positions[i] = double.parse(lines[idx++]) * 0.2;
    }
    for (int i = 0; i < numVertices * 2; i++) {
      uvs[i] = double.parse(lines[idx++]) * (i % 2 == 0 ? _texture.width : _texture.height);
    }
    for (int i = 0; i < numVertices; i++) {
      colors[i] = int.parse(lines[idx++]);
    }
    for (int i = 0; i < numIndices; i++) {
      indices[i] = int.parse(lines[idx++]);
    }

    _vertices = ui.Vertices.raw(VertexMode.triangles, positions, textureCoordinates: uvs, colors: colors, indices: indices);
  }

  @override
  Future<void> onLoad() async {
    await _loadPaint();
    await _loadVertices();
    final rng = Random();
    for (int i = 0; i < 12; i++) {
      _positions.add(Vector2(rng.nextDouble() * size.x, rng.nextDouble() * size.y));
    }
  }

  @override
  void render(Canvas canvas) {
    for (var position in _positions) {
      canvas.save();
      canvas.translate(position.x, position.y);
      canvas.drawVertices(_vertices, painting.BlendMode.modulate, _paint);
      canvas.restore();
    }
  }
}

class MyApp extends StatelessWidget {
  const MyApp({super.key});

  @override
  Widget build(BuildContext context) {
    return MaterialApp(
      title: 'Mali Crash',
      home: GameWidget(game: MaliCrash())
    );
  }
}
Logs

Relevant portion from flutter run --verbose -d <google-pixel-6-pro-device-id>

 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/raven/raven:13/TP1A.220624.021/8877034:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2022-11-23 19:29:37.310413491+0100
Process uptime: 66s
Cmdline: com.example.flutter_mali_crash
pid: 5391, tid: 5440, name: 1.raster  >>> com.example.flutter_mali_crash <<<
uid: 10298
tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xb400007045e52000
    x0  0000005eff8fb000  x1  b400007045e51fc0  x2  0000000000000004  x3  0000005eff90b280
    x4  b400007045e52014  x5  0000005eff90b2d4  x6  430600084449c001  x7  4533d77a4409f8d1
    x8  4449c001ffffffff  x9  4416e44a42b9fff8  x10 ffffffff45334388  x11 42b9fff844533ffb
    x12 440c7fd443060008  x13 ffffffff45375f85  x14 000000000000000c  x15 b400006e98cc5188
    x16 0000006d67ecbb38  x17 000000702d8f1e20  x18 0000006d006e0000  x19 0000000000000000
    x20 0000000000000000  x21 b400006ee8c4a570  x22 0000005eff8fb000  x23 00000000000102d4
    x24 0000000000000000  x25 b400006ee8c4a570  x26 b400006ee8c4a570  x27 0000000000000cf1
    x28 0000000000000028  x29 b400006ce5910ff0
    lr  0000006d65ffb65c  sp  0000006d0093a790  pc  000000702d8f1ddc  pst 0000000020001000
backtrace:
      #00 pc 000000000004eddc  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+300) (BuildId: cbc4c62a9b269839456f1d7728d8411e)
      #01 pc 00000000007f6658  /vendor/lib64/egl/libGLES_mali.so (gles_vertexp_copy_client_buffers+120) (BuildId: ae75a6e293b6843d)
      #02 pc 0000000000822530  /vendor/lib64/egl/libGLES_mali.so (gles_vertex_prepare_nx+1200) (BuildId: ae75a6e293b6843d)
      #03 pc 00000000007fef90  /vendor/lib64/egl/libGLES_mali.so (gles_drawp_draw_common+1136) (BuildId: ae75a6e293b6843d)
      #04 pc 0000000000795380  /vendor/lib64/egl/libGLES_mali.so (gles2_draw_draw_range_elements+80) (BuildId: ae75a6e293b6843d)
      #05 pc 00000000017f6938  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #06 pc 000000000185dd88  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #07 pc 000000000185dc64  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #08 pc 00000000017ec6c8  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #09 pc 00000000017ec440  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #10 pc 00000000017ec9fc  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #11 pc 00000000016c4bec  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #12 pc 0000000001a12f60  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #13 pc 00000000018ed4f4  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #14 pc 00000000018ed490  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #15 pc 00000000019046cc  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #16 pc 0000000001903d88  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #17 pc 0000000001904b7c  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #18 pc 00000000019035c4  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #19 pc 0000000001903334  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #20 pc 0000000001910300  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #21 pc 00000000015e598c  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #22 pc 00000000015eb244  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #23 pc 0000000000011178  /system/lib64/libutils.so (android::Looper::pollOnce(int, int*, int*, void**)+808) (BuildId: 0b4a793fa8045c04066d988c68bac8bb)
      #24 pc 00000000000185e4  /system/lib64/libandroid.so (ALooper_pollOnce+100) (BuildId: 40e037fa2f0ad3b9aa4d871265e2bb7e)
      #25 pc 00000000015eb1cc  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #26 pc 00000000015e58e8  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #27 pc 00000000015e9844  /data/app/~~pVyNdgPC-QI25691CUZIKQ==/com.example.flutter_mali_crash-g69PXgOHXhc12huBtR7sEg==/lib/arm64/libflutter.so (BuildId: d4ff4e896acecea4c25f81864600185cb1f37fb7)
      #28 pc 00000000000c14dc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: cbc4c62a9b269839456f1d7728d8411e)
      #29 pc 0000000000054930  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: cbc4c62a9b269839456f1d7728d8411e)

Symbolicated stack entries for libflutter.so:

➜  flutter-mali-crash git:(main) ✗ ~/Library/Android/sdk/ndk/21.1.6352462/toolchains/llvm/prebuilt/darwin-x86_64/bin/aarch64-linux-android-addr2line -e ~/Downloads/libflutter.so
0x00000000017f6938
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/src/gpu/ganesh/GrOpFlushState.cpp:236
0x000000000185dd88
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/src/gpu/ganesh/ops/GrOp.h:193
0x000000000185dc64
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/src/gpu/ganesh/ops/OpsTask.cpp:645
0x00000000017ec6c8
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/src/gpu/ganesh/GrRenderTask.h:38
0x00000000017ec440
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:205
0x00000000017ec9fc
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:484
0x00000000017ec9fc
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/src/gpu/ganesh/GrDrawingManager.cpp:484
0x00000000016c4bec
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/skia/include/gpu/GrDirectContext.h:357
0x0000000001a12f60
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/shell/gpu/gpu_surface_gl_skia.cc:266
0x00000000018ed4f4
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/libcxx/include/functional:2419
0x00000000018ed490
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/flow/surface_frame.cc:40
0x00000000019046cc
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/shell/common/rasterizer.cc:704
0x0000000001903d88
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/shell/common/rasterizer.cc:484
0x0000000001904b7c
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/shell/common/rasterizer.cc:191
0x00000000019035c4
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/libcxx/include/functional:2419
0x0000000001903334
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/shell/common/rasterizer.cc:195
0x0000000001910300
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/shell/common/shell.cc:1167
0x00000000015e598c
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../third_party/libcxx/include/functional:2419
0x00000000015eb244
/b/s/w/ir/cache/builder/src/out/android_debug_arm64/../../flutter/fml/platform/android/message_loop_android.cc:42

Output offlutter doctor -v

[✓] Flutter (Channel stable, 3.3.8, on macOS 13.0 22A380 darwin-arm, locale en-AT)
    • Flutter version 3.3.8 on channel stable at /Users/badlogic/workspaces/flutter
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision 52b3dc25f6 (2 weeks ago), 2022-11-09 12:09:26 +0800
    • Engine revision 857bd6b74c
    • Dart version 2.18.4
    • DevTools version 2.15.0

[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0)
    • Android SDK at /Users/badlogic/Library/Android/sdk
    • Platform android-33, build-tools 33.0.0
    • Java binary at: /Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 14.1)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • Build 14B47b
    • CocoaPods version 1.11.3

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 2021.2)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)

[✓] IntelliJ IDEA Community Edition (version 2022.1.3)
    • IntelliJ at /Applications/IntelliJ IDEA CE.app
    • Flutter plugin version 70.0.4
    • Dart plugin version 221.5921.27

[✓] VS Code (version 1.73.1)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension can be installed from:
      🔨 https://marketplace.visualstudio.com/items?itemName=Dart-Code.flutter

[✓] Connected device (3 available)
    • Pixel 6 Pro (mobile) • 19131FDEE006RE • android-arm64  • Android 12 (API 32)
    • macOS (desktop)      • macos          • darwin-arm64   • macOS 13.0 22A380 darwin-arm
    • Chrome (web)         • chrome         • web-javascript • Google Chrome 107.0.5304.110

[✓] HTTP Host Availability
    • All required HTTP hosts are available

• No issues found!
jonahwilliams wrote this answer on 2022-11-23
badlogic wrote this answer on 2022-11-23

@jonahwilliams apologies, this was a debug build, so the bot can't symbolicate. I've added symbolicated info in the Logs section?

chinmaygarde wrote this answer on 2022-11-28

I am not sure if this is due to alignment or OOB access. Either way, I'll try to reproduce and bring it to the attention of the Skia folks.

More Details About Repo
Owner Name flutter
Repo Name flutter
Full Name flutter/flutter
Language Dart
Created Date 2015-03-06
Updated Date 2022-12-10
Star Count 147243
Watcher Count 3561
Fork Count 23950
Issue Count 11325

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
Add support for partial evaluation/currying? 0 2022-10-28 2022-11-27
Will zongji support MariaDB? 4 2018-02-19 2022-11-10
Example for a layout function 1 2022-09-30 2022-10-05
[CONTENT] Add short explanation to highscores page 0 2022-06-27 2022-11-03
Latest GYB and QueriesPerMinutePerUser rate limits not caught 7 2021-03-22 2022-12-05
Digital Signature related tool(s) 1 2022-01-31 2022-10-15
title里嵌套<a>或表格标签产生的问题 0 2018-11-13 2022-12-09
uninstall enhancd completely from my system 2 2019-08-26 2022-11-06
Not possible to fill password when web components are used 2 2021-05-13 2022-11-24
Build fails on Arch Linux 1 2021-08-10 2022-10-02
Potential stripe error when creating customers 1 2022-03-06 2022-10-31
Update Patreon figures 0 2022-03-06 2022-10-30
Question: How to add a categories / tags page 1 2020-09-04 2022-11-22
Feature request: asm highlight not supported 1 2019-09-09 2022-10-26
Feature request: Pinned posts and a theme toggle 0 2020-10-01 2022-10-18
actions/[email protected] is failing with Cannot read property 'get' of undefined 1 2021-10-08 2022-12-04
No __url__ when resampled=True 1 2022-09-02 2022-11-19
How to best subsample a dataset? 1 2022-08-03 2022-11-19
Add Feature Edit Post 11 2021-05-16 2022-10-06
[Feature Request]: Catalog Permissions / extension of the catalog_filter 12 2021-08-16 2022-10-08
When calling 'CreateCoreWebView2Controller' in Webview2, it takes about 3 seconds, but I want to reduce it to 1 second. I wonder if there is a better way 1 2022-06-28 2022-10-07
Not possible to debug: Exception in BarBuffer.addBar (BarBuffer.java) 0 2022-01-28 2022-12-03
Expose sentry dsn through environment variable for dashboard 1 2022-02-26 2022-10-02
(CaseClauseError) no case clause matching: nil in `Ecto.Adapters.Postgres.Connection` 2 2022-04-29 2022-11-20
[MU4 Issue] The staff preview in the drum-map editor should have the same amount of staff-lines as the actual staff 0 2022-09-17 2022-09-17
How to override the FilterType to make sure a date range is provided? 1 2022-03-03 2022-11-20
How to pass classNames to `Menu` 3 2022-07-30 2022-11-27
0.16.2 compilation errors 2 2021-04-19 2022-08-19
"Your server isn't responding to some requests" can't be dismissed 0 2022-03-04 2022-08-26
Any roadmap for HTTP/3 ? 2 2022-10-23 2022-12-02
Examples in documentation needed 12 2019-08-17 2022-12-09
Dr. Racket does not combine "Combining Macron Below" with previous character when rendering unicode 7 2022-04-26 2022-11-24
[refactoring] usb.c: Can we remove some unused code? 2 2022-01-06 2022-11-25
How can I receive a file of buffer instead of downloading it? 0 2021-04-12 2022-12-04
Transformprocessor: runtime error: invalid memory address or nil pointer dereference 1 2022-09-15 2022-09-19
[Feature] Consider performer aliases when searching 0 2021-08-24 2022-12-10
Problem with accessing website 3 2022-08-21 2022-11-13
Filter exceptions are shown as unblocked by user rules 1 2022-08-27 2022-11-20
There is no write speed during file copying 1 2022-07-01 2022-11-19
The type or namespace name 'Thrift' does not exist in the namespace 'Jaeger.Senders' 7 2021-06-14 2022-11-19
[request] libuv + lws websocket client example 1 2021-07-09 2022-11-13
OpenZeppelin Truffle Upgrades plugin doesn't work 3 2021-11-12 2022-11-16
Unable to disable auto-sync 8 2020-07-03 2022-11-18
Same ID for differnt jobs[CLI] 1 2021-10-26 2022-07-13
Test notebook edit api 1 2022-09-26 2022-12-04
Installation disallowed long file names 16 2021-10-29 2022-10-15
`TestSemaphoreContention` flakiness 0 2022-06-16 2022-08-13
Does not work with macFuse 4.x (formerly known as OSXFUSE) 9 2021-01-19 2022-10-04
AWS me-central-1 region not supported in cluster-autoscaler-1.25.0 1 2022-11-12 2022-12-04
[ENHANCEMENT] Migration to tokio 1.0 6 2020-10-19 2022-11-21