Possibly a double free()?

backtrace from an older version, line 552 is now line 555:

backtrace:
  #00  pc 0x000000000004e574  /apex/com.android.runtime/lib64/bionic/libc.so (abort+180)
  #01  pc 0x00000000000429e0  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::die()+8)
  #02  pc 0x0000000000043088  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::ScopedErrorReport::~ScopedErrorReport()+32)
  #03  pc 0x00000000000432c4  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportInvalidChunkState(scudo::AllocatorAction, void*)+76)
  #04  pc 0x00000000000446fc  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+340)
  #05  pc 0x000000000002b8ac  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (rfbCloseClient+552)
  #06  pc 0x0000000000024ec4  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (rfbSendUpdateBuf+3898)
  #07  pc 0x0000000000043540  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+259)
  #08  pc 0x0000000000043bbc  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #09  pc 0x0000000000043bbc  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #10  pc 0x0000000000043bbc  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #11  pc 0x0000000000043bbc  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #12  pc 0x0000000000043bbc  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #13  pc 0x0000000000043bbc  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #14  pc 0x0000000000027654  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (rfbSendFramebufferUpdate+3544)
  #15  pc 0x0000000000022254  /data/app/~~WPnXdglyi3Zeyz-l8D4kZw==/net.christianbeier.droidvnc_ng-fxYZMVVxvX8mZAk7ko7kBQ==/split_config.arm64_v8a.apk!libvncserver.so (clientOutput+509)

another backtrace:

  #00  pc 0x000000000006e764  /apex/com.android.runtime/lib64/bionic/libc.so (je_large_dalloc+44)
  #01  pc 0x0000000000049900  /apex/com.android.runtime/lib64/bionic/libc.so (je_free+1696)
  #02  pc 0x000000000002cdfc  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (rfbCloseClient+552)
  #03  pc 0x0000000000026414  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (rfbSendUpdateBuf+3898)
  #04  pc 0x0000000000044a90  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+259)
  #05  pc 0x000000000004503c  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+380)
  #06  pc 0x00000000000450e4  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+403)
  #07  pc 0x000000000004510c  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #08  pc 0x000000000004510c  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #09  pc 0x000000000004510c  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #10  pc 0x000000000004510c  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #11  pc 0x000000000004510c  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #12  pc 0x000000000004510c  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (SendRectEncodingTight+407)
  #13  pc 0x0000000000028ba4  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (rfbSendFramebufferUpdate+3544)
  #14  pc 0x00000000000237a4  /data/app/net.christianbeier.droidvnc_ng-drlScXw6kuNYOOSSdJLUbQ==/split_config.arm64_v8a.apk!libvncserver.so (clientOutput+509)

resources

https://source.android.com/docs/security/test/scudo says "The chunk isn't in the expected state for a given operation, for example, it's not allocated when trying to free it, or it's not quarantined when trying to recycle it. A double free is the typical reason for this error."
https://github.com/LibVNC/libvncserver/blob/3ea549b672abcf8556cff11c392b0122c012805b/src/libvncserver/tightvnc-filetransfer/rfbtightserver.c#L450 checks for NULL, then free()s

LibVNC / libvncserver

Scudo ERROR: invalid chunk state when deallocating address 0x<sanitized> #585

resources