Multiple "Something went wrong while getting root views" exception leads to a crash "Fatal signal 6 (SIGABRT)"

[gmatyszczak]

Steps to Reproduce the Problem

In our app we have a screen with custom view, in which we do quite a lot of operations on bitmaps and drawing them on canvas. Depending on user interaction, we can change the state of that custom view and replace all drawn bitmaps with different ones. It seems that Instabug can't handle this case when there's a lot of bitmaps drawn and we change the state of that view quickly.

Expected Behavior

No crashes.

Actual Behavior

This error occurs in Logcat multiple times:

Something went wrong while getting root views
java.lang.IndexOutOfBoundsException: Index: 1, Size: 0
    at java.util.ArrayList.get(ArrayList.java:437)
    at android.view.ViewGroup.getAndVerifyPreorderedView(ViewGroup.java:3766)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4288)
    at androidx.constraintlayout.widget.ConstraintLayout.dispatchDraw(ConstraintLayout.java:1994)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at androidx.coordinatorlayout.widget.CoordinatorLayout.drawChild(CoordinatorLayout.java:1277)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23198)
    at android.view.View.draw(View.java:23068)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at androidx.coordinatorlayout.widget.CoordinatorLayout.drawChild(CoordinatorLayout.java:1277)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23066)
    at android.view.ViewGroup.drawChild(ViewGroup.java:4529)
    at android.view.ViewGroup.dispatchDraw(ViewGroup.java:4290)
    at android.view.View.draw(View.java:23198)
    at com.android.internal.policy.DecorView.draw(DecorView.java:819)
    at com.instabug.library.instacapture.screenshot.pixelcopy.a.a(SourceFile:32)
    at com.instabug.library.instacapture.screenshot.pixelcopy.a.a(SourceFile:11)
    at com.instabug.library.instacapture.screenshot.pixelcopy.h.b(SourceFile:12)
    at com.instabug.library.instacapture.screenshot.pixelcopy.h.a(SourceFile:1)
    at com.instabug.library.instacapture.screenshot.pixelcopy.c.onPixelCopyFinished(SourceFile:1)
    at android.view.PixelCopy$1.run(PixelCopy.java:191)
    at android.os.Handler.handleCallback(Handler.java:942)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loopOnce(Looper.java:201)
    at android.os.Looper.loop(Looper.java:288)
    at android.os.HandlerThread.run(HandlerThread.java:67)

Eventually it leads to a crash:

09:36:33.704  A  Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 17263 ###, pid 17263 ###
09:36:34.650  E  The RippleDrawable.STYLE_PATTERNED animation is not supported for a non-hardware accelerated Canvas. Skipping animation.
09:36:34.651  E  The RippleDrawable.STYLE_PATTERNED animation is not supported for a non-hardware accelerated Canvas. Skipping animation.
09:36:35.301  E  The RippleDrawable.STYLE_PATTERNED animation is not supported for a non-hardware accelerated Canvas. Skipping animation.
09:36:35.301  E  The RippleDrawable.STYLE_PATTERNED animation is not supported for a non-hardware accelerated Canvas. Skipping animation.
09:36:35.514  A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09:36:35.515  A  Build fingerprint: 'google/sunfish/sunfish:13/TP1A.220905.004/8927612:user/release-keys'
09:36:35.515  A  Revision: 'MP1.0'
09:36:35.515  A  ABI: 'arm64'
09:36:35.515  A  Timestamp: 2022-09-20 09:36:34.179448997+0200
09:36:35.515  A  Process uptime: 157s
09:36:35.515  A  Cmdline: ###
09:36:35.515  A  pid: 17263, tid: 17263, name: ###  >>> ### <<<
09:36:35.515  A  uid: 10059
09:36:35.515  A  signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
09:36:35.515  A  Abort message: 'Scudo ERROR: race on chunk header at address 0x2000072c1ec1030'
09:36:35.515  A      x0  0000000000000000  x1  000000000000436f  x2  0000000000000006  x3  0000007fda0f6b00
09:36:35.515  A      x4  0000000000000080  x5  0000000000000080  x6  0000000000000080  x7  8080808080808080
09:36:35.515  A      x8  00000000000000f0  x9  0000007563a3ea00  x10 0000000000000001  x11 0000007563a7cce4
09:36:35.515  A      x12 0101010101010101  x13 000005d7e27d7af2  x14 002981084e305c38  x15 0000000000000040
09:36:35.515  A      x16 0000007563ae1d60  x17 0000007563abeb70  x18 000000756e8bc000  x19 000000000000436f
09:36:35.515  A      x20 000000000000436f  x21 00000000ffffffff  x22 0000000000000051  x23 02000072c1ec1030
09:36:35.515  A      x24 00000072c1ec103d  x25 af38000000006101  x26 0000000000000006  x27 0000000000000001
09:36:35.515  A      x28 00000072c1ec1040  x29 0000007fda0f6b80
09:36:35.515  A      lr  0000007563a6e868  sp  0000007fda0f6ae0  pc  0000007563a6e894  pst 0000000000000000
09:36:35.515  A  backtrace:
09:36:35.515  A        #00 pc 0000000000051894  /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
09:36:35.515  A        #01 pc 0000000000041714  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::die()+8) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
09:36:35.515  A        #02 pc 0000000000041dc0  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::ScopedErrorReport::~ScopedErrorReport()+32) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
09:36:35.515  A        #03 pc 0000000000041f5c  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportHeaderRace(void*)+96) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
09:36:35.515  A        #04 pc 0000000000043f98  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::reallocate(void*, unsigned long, unsigned long)+560) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
09:36:35.515  A        #05 pc 0000000000043d00  /apex/com.android.runtime/lib64/bionic/libc.so (scudo_realloc+40) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
09:36:35.515  A        #06 pc 000000000003e300  /apex/com.android.runtime/lib64/bionic/libc.so (realloc+84) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
09:36:35.515  A        #07 pc 0000000000411f58  /system/lib64/libhwui.so (SkPath::lineTo(float, float)+1108) (BuildId: 31b5b473e5c68e0d0aef2c20a1aa8daa)
09:36:35.515  A        #08 pc 00000000002cc854  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+116)
09:36:35.515  A        #09 pc 00000000021e26bc  /memfd:jit-cache (deleted) (android.graphics.Path.lineTo+92)
09:36:35.515  A        #10 pc 00000000021c1b4c  /memfd:jit-cache (deleted) (###)
09:36:35.515  A        #11 pc 000000000217894c  /memfd:jit-cache (deleted) (###)
09:36:35.515  A        #12 pc 0000000002162c78  /memfd:jit-cache (deleted) (###)
09:36:35.515  A        #13 pc 000000000212a7d4  /memfd:jit-cache (deleted) (###)
09:36:35.515  A        #14 pc 000000000213ee34  /memfd:jit-cache (deleted) (###)
09:36:35.515  A        #15 pc 0000000002155574  /memfd:jit-cache (deleted) (###)
09:36:35.515  A        #16 pc 000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.515  A        #17 pc 000000000002855e  [anon:dalvik-classes27.dex extracted in memory from /data/app/###/base.apk!classes27.dex] (###)
09:36:35.515  A        #18 pc 000000000020b074  /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.515  A        #19 pc 0000000000055a6e  [anon:dalvik-classes26.dex extracted in memory from /data/app/###/base.apk!classes26.dex] (###)
09:36:35.515  A        #20 pc 000000000020a254  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.515  A        #21 pc 000000000002b320  [anon:dalvik-classes21.dex extracted in memory from /data/app/###/base.apk!classes21.dex] (###)
09:36:35.515  A        #22 pc 000000000204f9e4  /memfd:jit-cache (deleted) (###)
09:36:35.515  A        #23 pc 000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.515  A        #24 pc 000000000002cebc  [anon:dalvik-classes21.dex extracted in memory from /data/app/###/base.apk!classes21.dex] (###)
09:36:35.515  A        #25 pc 0000000002112130  /memfd:jit-cache (deleted) (android.view.View.draw+272)
09:36:35.515  A        #26 pc 00000000020d0e0c  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1580)
09:36:35.515  A        #27 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #28 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #29 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #30 pc 000000000020a9d8  /apex/com.android.art/lib64/libart.so (nterp_helper+5848) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.515  A        #31 pc 00000000004a6de2  [anon:dalvik-classes.dex extracted in memory from /data/app/###/base.apk] (androidx.constraintlayout.widget.ConstraintLayout.dispatchDraw+58)
09:36:35.515  A        #32 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #33 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #34 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #35 pc 0000000002002a24  /memfd:jit-cache (deleted) (androidx.coordinatorlayout.widget.CoordinatorLayout.drawChild+1716)
09:36:35.515  A        #36 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #37 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #38 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #39 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #40 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #41 pc 0000000002112168  /memfd:jit-cache (deleted) (android.view.View.draw+328)
09:36:35.515  A        #42 pc 00000000020d0e0c  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1580)
09:36:35.515  A        #43 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #44 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #45 pc 0000000002002a24  /memfd:jit-cache (deleted) (androidx.coordinatorlayout.widget.CoordinatorLayout.drawChild+1716)
09:36:35.515  A        #46 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #47 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #48 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #49 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #50 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #51 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #52 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #53 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #54 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #55 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #56 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #57 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #58 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #59 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #60 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #61 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #62 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #63 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #64 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #65 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #66 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #67 pc 00000000020d0ca8  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1224)
09:36:35.515  A        #68 pc 00000000020b02a8  /memfd:jit-cache (deleted) (android.view.View.draw+1880)
09:36:35.515  A        #69 pc 0000000002185a9c  /memfd:jit-cache (deleted) (android.view.ViewGroup.drawChild+156)
09:36:35.515  A        #70 pc 00000000020eb39c  /memfd:jit-cache (deleted) (android.view.ViewGroup.dispatchDraw+2156)
09:36:35.515  A        #71 pc 0000000002112168  /memfd:jit-cache (deleted) (android.view.View.draw+328)
09:36:35.515  A        #72 pc 000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.515  A        #73 pc 0000000000403284  /system/framework/framework.jar (com.android.internal.policy.DecorView.draw+0)
09:36:35.515  A        #74 pc 00000000020d0e0c  /memfd:jit-cache (deleted) (android.view.View.updateDisplayListIfDirty+1580)
09:36:35.515  A        #75 pc 00000000021d4018  /memfd:jit-cache (deleted) (android.view.ThreadedRenderer.updateViewTreeDisplayList+200)
09:36:35.515  A        #76 pc 00000000021cd9d8  /memfd:jit-cache (deleted) (android.view.ThreadedRenderer.updateRootDisplayList+152)
09:36:35.515  A        #77 pc 00000000021cecbc  /memfd:jit-cache (deleted) (android.view.ThreadedRenderer.draw+204)
09:36:35.515  A        #78 pc 000000000206cc30  /memfd:jit-cache (deleted) (android.view.ViewRootImpl.draw+3104)
09:36:35.515  A        #79 pc 0000000002165dcc  /memfd:jit-cache (deleted) (android.view.ViewRootImpl.performDraw+572)
09:36:35.515  A        #80 pc 00000000020b6768  /memfd:jit-cache (deleted) (android.view.ViewRootImpl.performTraversals+20280)
09:36:35.515  A        #81 pc 000000000219f020  /memfd:jit-cache (deleted) (android.view.ViewRootImpl.doTraversal+320)
09:36:35.515  A        #82 pc 000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.515  A        #83 pc 00000000003d18ec  /system/framework/framework.jar (android.view.ViewRootImpl$TraversalRunnable.run+4)
09:36:35.515  A        #84 pc 0000000002161590  /memfd:jit-cache (deleted) (android.view.Choreographer$CallbackRecord.run+368)
09:36:35.515  A        #85 pc 00000000021687ec  /memfd:jit-cache (deleted) (android.view.Choreographer$CallbackRecord.run+364)
09:36:35.515  A        #86 pc 0000000002116bd8  /memfd:jit-cache (deleted) (android.view.Choreographer.doCallbacks+760)
09:36:35.515  A        #87 pc 000000000204c8bc  /memfd:jit-cache (deleted) (android.view.Choreographer.doFrame+2812)
09:36:35.515  A        #88 pc 0000000002163148  /memfd:jit-cache (deleted) (android.view.Choreographer$FrameDisplayEventReceiver.run+184)
09:36:35.515  A        #89 pc 000000000217bfd8  /memfd:jit-cache (deleted) (android.os.Handler.handleCallback+152)
09:36:35.515  A        #90 pc 000000000216e764  /memfd:jit-cache (deleted) (android.os.Handler.dispatchMessage+116)
09:36:35.516  A        #91 pc 00000000020f7ea4  /memfd:jit-cache (deleted) (android.os.Looper.loopOnce+1444)
09:36:35.516  A        #92 pc 0000000000209a9c  /apex/com.android.art/lib64/libart.so (nterp_helper+1948) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #93 pc 0000000000497886  /system/framework/framework.jar (android.os.Looper.loop+162)
09:36:35.516  A        #94 pc 0000000000209334  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #95 pc 00000000001bb65e  /system/framework/framework.jar (android.app.ActivityThread.main+202)
09:36:35.516  A        #96 pc 0000000000436e00  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+576) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #97 pc 0000000000469534  /apex/com.android.art/lib64/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1960) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #98 pc 0000000000468d64  /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+48) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #99 pc 00000000002d1148  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (art_jni_trampoline+120)
09:36:35.516  A        #100 pc 000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #101 pc 00000000003f71de  /system/framework/framework.jar (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22)
09:36:35.516  A        #102 pc 0000000000d4ab08  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (com.android.internal.os.ZygoteInit.main+3464)
09:36:35.516  A        #103 pc 0000000000436e00  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+576) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #104 pc 0000000000582e28  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+900) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #105 pc 00000000005f5f48  /apex/com.android.art/lib64/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+160) (BuildId: 56e704c544e6c624201be2ab4933e853)
09:36:35.516  A        #106 pc 00000000000bcad0  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+120) (BuildId: 652257cd0faef901accde2659193d1c3)
09:36:35.516  A        #107 pc 00000000000c85c4  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+840) (BuildId: 652257cd0faef901accde2659193d1c3)
09:36:35.516  A        #108 pc 0000000000002554  /system/bin/app_process64 (main+1280) (BuildId: a1ab812b262121cb66f7cbe228dc9674)
09:36:35.516  A        #109 pc 000000000004a0f4  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+96) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)

Instabug integration code

SDK Version

11.5.0

Android Version

13 (API 33)

Device Model

Google Pixel 4a

[mhashim6]

Thanks for reporting this @gmatyszczak Could you provide us with a sample code/app to reproduce this so we're able to investigate it further?

[gmazzotta-wise]

We are experiencing similar crashes with one of our apps. Scudo is reporting race on chunk header at address 0x... and the backtraces all point to some memory corruption in PixelCopy. Even for us the crashes seem to happen when stuff is being drawn (by Lottie, to be more specific).

Version 10.4.3 is the last known version that does not cause this memory corruption, while I know that both version 10.9.0 and 10.11.0 can crash the app. Unfortunately I'm unable to reproduce the issue reliably and I have no minimal sample to share.

Looking deeper at this I noticed that in version 10.4.3 everything involving PixelCopy (PixelCopyDelegate) is done on the main thread, whereas the other two perform some operations from some background thread. Maybe this what makes the race conditions possible.

Also, interacting with Views from a background thread is generally not safe. If I'm not mistaken, that's what onPixelCopyFinished is currently doing. This could explain the IndexOutOfBoundsException that @gmatyszczak is seeing.

[gmazzotta-wise]

I have verified that onPixelCopyFinished is calling DecorView.draw() from a background thread. This is causing race conditions which ultimately crash the app.

Can you please fix this? This has been broken for a long time.

@MohamedHefny I'm sorry to ping you, but you are the last active Instabug member I saw on here and I feel like this issue is not getting any attention. Do you know if anyone is looking at this?

[gmatyszczak]

@mhashim6 Unfortunately I'm not able to provide a reliable sample to reproduce this issue. However @gmazzotta-wise did already great job with investigating the problem more deeply, so hopefully this will be enough to get that fixed!

[kareem-waleed]

@gmazzotta-wise @gmatyszczak Thank you for pointing that out, We'll be looking into it and get back to you as soon as possible 🙏

[gmazzotta-wise]

@kareem-waleed thanks.

If the problem is indeed the fact that you are accessing the View hierarchy from a background thread and you are going to release a fixed version, would it be possible to also have a patch release that is based on v11.6.0?

Version v11.7.0 and newer require updating the Google Play Core Libraries and, sadly, I am unable to do that in the short term due to some transitive dependencies I cannot update, so it would be great to have the fix backported.

[kareem-waleed]

@gmazzotta-wise Hello, The issue is fixed and will be released in our next official release. Also, as per your request, we've backported the fix to v11.6.0. You can use the snapshot 11.6.0.5092153-SNAPSHOT. To use a snapshot, you'll need to add our snapshots repository to your dependencies

maven {
            url "https://oss.sonatype.org/content/repositories/snapshots"
        }

Nevertheless, we totally recommend upgrading to the latest SDK version to be up-to-date with all our features and enhancements 🙏

[kareem-waleed]

@gmatyszczak @gmazzotta-wise I'll close the issue now, please feel free to reopen it for further inquiries 🙏