Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash on iOS when using multiple engines spawned from FlutterEngineGroup #79335

Closed
sroddy opened this issue Mar 30, 2021 · 29 comments · Fixed by flutter/engine#25506
Closed

Crash on iOS when using multiple engines spawned from FlutterEngineGroup #79335

sroddy opened this issue Mar 30, 2021 · 29 comments · Fixed by flutter/engine#25506
Labels
a: existing-apps Integration with existing apps via the add-to-app flow c: crash Stack traces logged to the console c: fatal crash Crashes that terminate the process dependency: dart Dart team may need to help us engine flutter/engine repository. See also e: labels. found in release: 2.0 Found to occur in 2.0 has reproducible steps The issue has been confirmed reproducible and is ready to work on P1 High-priority issues at the top of the work list platform-ios iOS applications specifically

Comments

@sroddy
Copy link
Contributor

sroddy commented Mar 30, 2021

Steps to Reproduce

  1. Use the multiple_flutter sample
  2. Update the main.dart file, by adding this code inside the _MyHomePageState initState:
    Timer.periodic(const Duration(milliseconds: 50), (timer) {
      _incrementCounter();
    });
  1. Run in release mode
  2. tap next until you see the double flutter view controllers (3 times)
  3. go back and forth a couple of times.
  4. the app will crash
Logs 
multiple-flutters.1.1.ui (9)#0	0x0000000105c48e88 in dart::Thread::top_exit_frame_info() const [inlined] at /opt/s/w/ir/cache/builder/src/third_party/dart/runtime/vm/thread.h:522
#1	0x0000000105c48e88 in dart::IsolateGroup::IncreaseMutatorCount(dart::Isolate*) [inlined] at /opt/s/w/ir/cache/builder/src/third_party/dart/runtime/vm/isolate.cc:683
#2	0x0000000105c48e80 in dart::Isolate::ScheduleThread(bool, bool) at /opt/s/w/ir/cache/builder/src/third_party/dart/runtime/vm/isolate.cc:3594
#3	0x0000000105d09d1c in dart::Thread::EnterIsolate(dart::Isolate*) [inlined] at /opt/s/w/ir/cache/builder/src/third_party/dart/runtime/vm/thread.cc:277
#4	0x0000000105d09d0c in ::Dart_EnterIsolate(Dart_Isolate) at /opt/s/w/ir/cache/builder/src/third_party/dart/runtime/vm/dart_api_impl.cc:1531
#5	0x0000000105a797fc in tonic::DartIsolateScope::DartIsolateScope(_Dart_Isolate*) [inlined] at /opt/s/w/ir/cache/builder/src/flutter/third_party/tonic/scopes/dart_isolate_scope.cc:16
#6	0x0000000105a797b4 in tonic::DartIsolateScope::DartIsolateScope(_Dart_Isolate*) at /opt/s/w/ir/cache/builder/src/flutter/third_party/tonic/scopes/dart_isolate_scope.cc:9
#7	0x0000000105a76f6c in tonic::DartPersistentValue::Clear() at /opt/s/w/ir/cache/builder/src/flutter/third_party/tonic/dart_persistent_value.cc:49
#8	0x0000000105a01d94 in std::__1::__function::__value_func<void ()>::operator()() const [inlined] at /opt/s/w/ir/cache/osx_sdk/XCode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1860
#9	0x0000000105a01d88 in std::__1::function<void ()>::operator()() const [inlined] at /opt/s/w/ir/cache/osx_sdk/XCode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:2419
#10	0x0000000105a01d88 in fml::MessageLoopImpl::FlushTasks(fml::FlushType) at /opt/s/w/ir/cache/builder/src/flutter/fml/message_loop_impl.cc:130
#11	0x0000000105a03bf4 in fml::MessageLoopImpl::RunExpiredTasksNow() [inlined] at /opt/s/w/ir/cache/builder/src/flutter/fml/message_loop_impl.cc:143
#12	0x0000000105a03bec in fml::MessageLoopDarwin::OnTimerFire(__CFRunLoopTimer*, fml::MessageLoopDarwin*) at /opt/s/w/ir/cache/builder/src/flutter/fml/platform/darwin/message_loop_darwin.mm:75
#13	0x000000018044dfa0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ ()
#14	0x000000018044dba0 in __CFRunLoopDoTimer ()
#15	0x000000018044cffc in __CFRunLoopDoTimers ()
#16	0x0000000180446ee4 in __CFRunLoopRun ()
#17	0x000000018044621c in CFRunLoopRunSpecific ()
#18	0x0000000105a03ad0 in fml::MessageLoopDarwin::Run() at /opt/s/w/ir/cache/builder/src/flutter/fml/platform/darwin/message_loop_darwin.mm:46
#19	0x0000000105a034d4 in fml::MessageLoopImpl::DoRun() [inlined] at /opt/s/w/ir/cache/builder/src/flutter/fml/message_loop_impl.cc:96
#20	0x0000000105a034b8 in fml::MessageLoop::Run() [inlined] at /opt/s/w/ir/cache/builder/src/flutter/fml/message_loop.cc:49
#21	0x0000000105a034b4 in fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0::operator()() const [inlined] at /opt/s/w/ir/cache/builder/src/flutter/fml/thread.cc:35
#22	0x0000000105a03444 in decltype(std::__1::forward<fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0>(fp)()) std::__1::__invoke<fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0>(fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0&&) [inlined] at /opt/s/w/ir/cache/osx_sdk/XCode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/type_traits:4425
#23	0x0000000105a03444 in void std::__1::__thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0>(std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0>&, std::__1::__tuple_indices<>) [inlined] at /opt/s/w/ir/cache/osx_sdk/XCode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/thread:341
#24	0x0000000105a03444 in void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0> >(void*) at /opt/s/w/ir/cache/osx_sdk/XCode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/thread:351
#25	0x00000001cbf7fcb0 in _pthread_start ()

Tested on current stable and current dev builds

Doctor summary (to see all details, run flutter doctor -v):
[✓] Flutter (Channel unknown, 2.0.3, on macOS 11.2.3 20D91 darwin-arm, locale it)
[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
[✓] Xcode - develop for iOS and macOS
[✓] Chrome - develop for the web
[✓] Android Studio (version 4.1)
[✓] IntelliJ IDEA Community Edition (version 2020.3.3)
[✓] VS Code (version 1.54.3)
[✓] Connected device (3 available)

• No issues found!
@sroddy sroddy changed the title Crash when using multiple engines spawned from FlutterEngineGroup Crash on iOS when using multiple engines spawned from FlutterEngineGroup Mar 30, 2021
@sroddy
Copy link
Contributor Author

sroddy commented Mar 30, 2021

cc @gaaclarke @xster

@xster xster added a: existing-apps Integration with existing apps via the add-to-app flow dependency: dart Dart team may need to help us engine flutter/engine repository. See also e: labels. platform-ios iOS applications specifically c: crash Stack traces logged to the console labels Mar 30, 2021
@xster
Copy link
Member

xster commented Mar 30, 2021

@flutter-symbolizer-bot

@flutter-symbolizer-bot
Copy link

@xster No crash reports found. I used the following overrides
when looking for reports

SymbolizationOverrides(engineHash: null, flutterVersion: null, arch: null, mode: null, force: false, format: null, os: null)

Note that I can only find native Android and iOS crash reports automatically,
you need to explicitly point me to crash reports in other supported formats.

If the crash report is embedded into a log and prefixed with additional
information I might not be able to automatically strip those prefixes.
Currently I only support flutter run -v, adb logcat and device lab logs.

See my documentation for more details on how to do that.

@xster
Copy link
Member

xster commented Mar 30, 2021

@flutter-symbolizer-bot #79335 (comment)

@flutter-symbolizer-bot
Copy link

@xster No crash reports found. I used the following overrides
when looking for reports

SymbolizationOverrides(engineHash: null, flutterVersion: null, arch: null, mode: null, force: false, format: null, os: null)

Note that I can only find native Android and iOS crash reports automatically,
you need to explicitly point me to crash reports in other supported formats.

If the crash report is embedded into a log and prefixed with additional
information I might not be able to automatically strip those prefixes.
Currently I only support flutter run -v, adb logcat and device lab logs.

See my documentation for more details on how to do that.

@sroddy
Copy link
Contributor Author

sroddy commented Mar 30, 2021
edited by TahaTesser

@xster here is a complete crash log taken from the device

crash logs 
Incident Identifier: 34348749-186D-4C8F-90D9-76E1DFC7A6D7
CrashReporter Key:   7cbc066d8c84425f584eba72de0e3b2f21e6ffe1
Hardware Model:      iPhone13,1
Process:             MultipleFluttersIos [1168]
Path:                /private/var/containers/Bundle/Application/84290715-B4F7-4C72-A841-CB9134A30B1F/MultipleFluttersIos.app/MultipleFluttersIos
Identifier:          dev.flutter.MultipleFluttersIos.frank
Version:             1 (1.0)
Code Type:           ARM-64 (Native)
Role:                Foreground
Parent Process:      launchd [1]
Coalition:           dev.flutter.MultipleFluttersIos.frank [1511]


Date/Time:           2021-03-30 05:08:57.1740 +0200
Launch Time:         2021-03-30 05:08:49.5806 +0200
OS Version:          iPhone OS 14.4 (18D52)
Release Type:        User
Baseband Version:    1.42.03
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000123
VM Region Info: 0x123 is not in any region.  Bytes before following region: 4338122461
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   102928000-102934000 [   48K] r-x/r-x SM=COW  ...leFluttersIos

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [1168]
Triggered by Thread:  7

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0:
0   UIKitCore                     	0x00000001832e1980 -[UIView+ 16923008 (AdditionalLayoutSupport) _is_setNeedsLayout] + 0
1   UIKitCore                     	0x00000001833bf350 -[UIView+ 17830736 (Hierarchy) setNeedsLayout] + 372
2   UIKitCore                     	0x0000000183312118 -[UILabel _invalidateTextSize] + 148
3   UIKitCore                     	0x0000000183311ac0 -[UILabel _setContent:adjustingFontForAccessibilityTraits:checkingForDifferences:] + 548
4   UIKitCore                     	0x00000001833179b8 -[UILabel _setText:] + 156
5   MultipleFluttersIos           	0x000000010292e59c HostViewController.onCountUpdate(newCount:) + 26012 (<compiler-generated>:0)
6   MultipleFluttersIos           	0x000000010292fb38 closure #1 in SingleFlutterViewController.viewDidLoad() + 31544 (<compiler-generated>:0)
7   MultipleFluttersIos           	0x000000010292fcf8 thunk for @escaping @callee_guaranteed (@guaranteed FlutterMethodCall, @guaranteed @escaping @callee_guaranteed (@in_guaranteed Any?) -> ()) -> () + 31992 (<compiler-generated>:0)
8   Flutter                       	0x00000001039f8e60 __45-[FlutterMethodChannel setMethodCallHandler:]_block_invoke + 6032992 (FlutterChannels.mm:252)
9   Flutter                       	0x00000001034700d8 flutter::PlatformViewIOS::HandlePlatformMessage(fml::RefPtr<flutter::PlatformMessage>) + 229592 (platform_view_ios.mm:76)
10  Flutter                       	0x000000010376cf8c std::__1::__function::__func<flutter::Shell::OnEngineHandlePlatformMessage(fml::RefPtr<flutter::PlatformMessage>)::$_36, std::__1::allocator<flutter::Shell::OnEngineHandlePlatformMessage(fml::RefPtr<flutter::PlatformMessage>)::$_36>, void ()>::operator()() + 3362700 (functional:1707)
11  Flutter                       	0x000000010370dd94 fml::MessageLoopImpl::FlushTasks(fml::FlushType) + 2973076 (message_loop_impl.cc:132)
12  Flutter                       	0x000000010370fbf4 fml::MessageLoopDarwin::OnTimerFire(__CFRunLoopTimer*, fml::MessageLoopDarwin*) + 2980852 (message_loop_darwin.mm:76)
13  CoreFoundation                	0x000000018044dfa0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32
14  CoreFoundation                	0x000000018044dba0 __CFRunLoopDoTimer + 1064
15  CoreFoundation                	0x000000018044cffc __CFRunLoopDoTimers + 328
16  CoreFoundation                	0x0000000180446ee4 __CFRunLoopRun + 1936
17  CoreFoundation                	0x000000018044621c CFRunLoopRunSpecific + 600
18  GraphicsServices              	0x0000000198012784 GSEventRunModal + 164
19  UIKitCore                     	0x0000000182e86ee8 -[UIApplication _run] + 1072
20  UIKitCore                     	0x0000000182e8c75c UIApplicationMain + 168
21  libswiftUIKit.dylib           	0x00000001947ad2e4 UIApplicationMain+ 94948 (_:_:_:_:) + 104
22  MultipleFluttersIos           	0x000000010292dbe4 main + 23524 (DoubleFlutterViewController.swift:0)
23  libdyld.dylib                 	0x00000001801066b0 start + 4

Thread 1:
0   libsystem_pthread.dylib       	0x00000001cbf88764 start_wqthread + 0

Thread 2:
0   libsystem_pthread.dylib       	0x00000001cbf88764 start_wqthread + 0

Thread 3:
0   libsystem_pthread.dylib       	0x00000001cbf88764 start_wqthread + 0

Thread 4:
0   libsystem_pthread.dylib       	0x00000001cbf88764 start_wqthread + 0

Thread 5 name:  com.apple.uikit.eventfetch-thread
Thread 5:
0   libsystem_kernel.dylib        	0x00000001ae4022d0 mach_msg_trap + 8
1   libsystem_kernel.dylib        	0x00000001ae401660 mach_msg + 76
2   CoreFoundation                	0x000000018044cc30 __CFRunLoopServiceMachPort + 380
3   CoreFoundation                	0x0000000180446c14 __CFRunLoopRun + 1216
4   CoreFoundation                	0x000000018044621c CFRunLoopRunSpecific + 600
5   Foundation                    	0x00000001816f5df0 -[NSRunLoop+ 36336 (NSRunLoop) runMode:beforeDate:] + 232
6   Foundation                    	0x00000001816f5cbc -[NSRunLoop+ 36028 (NSRunLoop) runUntilDate:] + 92
7   UIKitCore                     	0x0000000182f3ac48 -[UIEventFetcher threadMain] + 516
8   Foundation                    	0x0000000181867a34 __NSThread__start__ + 864
9   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
10  libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 6:
0   libsystem_pthread.dylib       	0x00000001cbf88764 start_wqthread + 0

Thread 7 name:  multiple-flutters.1.1.ui
Thread 7 Crashed:
0   Flutter                       	0x0000000103954e88 dart::Isolate::ScheduleThread(bool, bool) + 5361288 (isolate.cc:3594)
1   Flutter                       	0x0000000103a15d1c Dart_EnterIsolate + 6151452 (dart_api_impl.cc:1531)
2   Flutter                       	0x0000000103a15d1c Dart_EnterIsolate + 6151452 (dart_api_impl.cc:1531)
3   Flutter                       	0x00000001037857fc tonic::DartIsolateScope::DartIsolateScope(_Dart_Isolate*) + 3463164 (dart_isolate_scope.cc:17)
4   Flutter                       	0x0000000103782f6c tonic::DartPersistentValue::Clear() + 3452780 (dart_persistent_value.cc:50)
5   Flutter                       	0x000000010370dd94 fml::MessageLoopImpl::FlushTasks(fml::FlushType) + 2973076 (message_loop_impl.cc:132)
6   Flutter                       	0x000000010370fbf4 fml::MessageLoopDarwin::OnTimerFire(__CFRunLoopTimer*, fml::MessageLoopDarwin*) + 2980852 (message_loop_darwin.mm:76)
7   CoreFoundation                	0x000000018044dfa0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32
8   CoreFoundation                	0x000000018044dba0 __CFRunLoopDoTimer + 1064
9   CoreFoundation                	0x000000018044cffc __CFRunLoopDoTimers + 328
10  CoreFoundation                	0x0000000180446ee4 __CFRunLoopRun + 1936
11  CoreFoundation                	0x000000018044621c CFRunLoopRunSpecific + 600
12  Flutter                       	0x000000010370fad0 fml::MessageLoopDarwin::Run() + 2980560 (message_loop_darwin.mm:47)
13  Flutter                       	0x000000010370f4d4 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0> >(void*) + 2979028 (thread:351)
14  libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
15  libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 8 name:  multiple-flutters.1.1.raster
Thread 8:
0   libsystem_kernel.dylib        	0x00000001ae4022d0 mach_msg_trap + 8
1   libsystem_kernel.dylib        	0x00000001ae401660 mach_msg + 76
2   CoreFoundation                	0x000000018044cc30 __CFRunLoopServiceMachPort + 380
3   CoreFoundation                	0x0000000180446c14 __CFRunLoopRun + 1216
4   CoreFoundation                	0x000000018044621c CFRunLoopRunSpecific + 600
5   Flutter                       	0x000000010370fad0 fml::MessageLoopDarwin::Run() + 2980560 (message_loop_darwin.mm:47)
6   Flutter                       	0x000000010370f4d4 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0> >(void*) + 2979028 (thread:351)
7   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
8   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 9 name:  multiple-flutters.1.1.io
Thread 9:
0   libsystem_kernel.dylib        	0x00000001ae4022d0 mach_msg_trap + 8
1   libsystem_kernel.dylib        	0x00000001ae401660 mach_msg + 76
2   CoreFoundation                	0x000000018044cc30 __CFRunLoopServiceMachPort + 380
3   CoreFoundation                	0x0000000180446c14 __CFRunLoopRun + 1216
4   CoreFoundation                	0x000000018044621c CFRunLoopRunSpecific + 600
5   Flutter                       	0x000000010370fad0 fml::MessageLoopDarwin::Run() + 2980560 (message_loop_darwin.mm:47)
6   Flutter                       	0x000000010370f4d4 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_0> >(void*) + 2979028 (thread:351)
7   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
8   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 10 name:  io.flutter.worker.1
Thread 10:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83468 _pthread_cond_wait + 1192
2   libc++.1.dylib                	0x000000019558d328 std::__1::condition_variable::wait+ 54056 (std::__1::unique_lock<std::__1::mutex>&) + 28
3   Flutter                       	0x000000010370abdc void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::ConcurrentMessageLoop::ConcurrentMessageLoop(unsigned long)::$_0> >(void*) + 2960348 (thread:351)
4   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
5   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 11 name:  io.flutter.worker.2
Thread 11:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83468 _pthread_cond_wait + 1192
2   libc++.1.dylib                	0x000000019558d328 std::__1::condition_variable::wait+ 54056 (std::__1::unique_lock<std::__1::mutex>&) + 28
3   Flutter                       	0x000000010370abdc void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::ConcurrentMessageLoop::ConcurrentMessageLoop(unsigned long)::$_0> >(void*) + 2960348 (thread:351)
4   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
5   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 12 name:  io.flutter.worker.3
Thread 12:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83468 _pthread_cond_wait + 1192
2   libc++.1.dylib                	0x000000019558d328 std::__1::condition_variable::wait+ 54056 (std::__1::unique_lock<std::__1::mutex>&) + 28
3   Flutter                       	0x000000010370abdc void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::ConcurrentMessageLoop::ConcurrentMessageLoop(unsigned long)::$_0> >(void*) + 2960348 (thread:351)
4   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
5   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 13 name:  io.flutter.worker.4
Thread 13:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83468 _pthread_cond_wait + 1192
2   libc++.1.dylib                	0x000000019558d328 std::__1::condition_variable::wait+ 54056 (std::__1::unique_lock<std::__1::mutex>&) + 28
3   Flutter                       	0x000000010370abdc void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::ConcurrentMessageLoop::ConcurrentMessageLoop(unsigned long)::$_0> >(void*) + 2960348 (thread:351)
4   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
5   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 14 name:  io.flutter.worker.5
Thread 14:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83468 _pthread_cond_wait + 1192
2   libc++.1.dylib                	0x000000019558d328 std::__1::condition_variable::wait+ 54056 (std::__1::unique_lock<std::__1::mutex>&) + 28
3   Flutter                       	0x000000010370abdc void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::ConcurrentMessageLoop::ConcurrentMessageLoop(unsigned long)::$_0> >(void*) + 2960348 (thread:351)
4   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
5   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 15 name:  io.flutter.worker.6
Thread 15:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83468 _pthread_cond_wait + 1192
2   libc++.1.dylib                	0x000000019558d328 std::__1::condition_variable::wait+ 54056 (std::__1::unique_lock<std::__1::mutex>&) + 28
3   Flutter                       	0x000000010370abdc void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, fml::ConcurrentMessageLoop::ConcurrentMessageLoop(unsigned long)::$_0> >(void*) + 2960348 (thread:351)
4   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
5   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 16 name:  dart:io EventHandler
Thread 16:
0   libsystem_kernel.dylib        	0x00000001ae428230 kevent + 8
1   Flutter                       	0x0000000103845e88 dart::bin::EventHandlerImplementation::EventHandlerEntry(unsigned long) + 4251272 (eventhandler_macos.cc:451)
2   Flutter                       	0x0000000103872e1c dart::bin::ThreadStart(void*) + 4435484 (thread_macos.cc:89)
3   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
4   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 17 name:  DartWorker
Thread 17:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83494 _pthread_cond_wait + 1236
2   Flutter                       	0x0000000103994628 dart::Monitor::WaitMicros(long long) + 5621288 (os_thread_macos.cc:432)
3   Flutter                       	0x00000001039dc960 dart::ThreadPool::Worker::Main(unsigned long) + 5917024 (thread_pool.cc:323)
4   Flutter                       	0x0000000103993f50 dart::ThreadStart(void*) + 5619536 (os_thread_macos.cc:132)
5   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
6   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 18 name:  DartWorker
Thread 18:
0   libsystem_kernel.dylib        	0x00000001ae4261ac __psynch_cvwait + 8
1   libsystem_pthread.dylib       	0x00000001cbf83494 _pthread_cond_wait + 1236
2   Flutter                       	0x0000000103994628 dart::Monitor::WaitMicros(long long) + 5621288 (os_thread_macos.cc:432)
3   Flutter                       	0x00000001039dc960 dart::ThreadPool::Worker::Main(unsigned long) + 5917024 (thread_pool.cc:323)
4   Flutter                       	0x0000000103993f50 dart::ThreadStart(void*) + 5619536 (os_thread_macos.cc:132)
5   libsystem_pthread.dylib       	0x00000001cbf7fcb0 _pthread_start + 320
6   libsystem_pthread.dylib       	0x00000001cbf88778 thread_start + 8

Thread 7 crashed with ARM Thread State (64-bit):
    x0: 0x000000011205ce00   x1: 0x0000000000000001   x2: 0x0000000000000000   x3: 0x00000001902cccdc
    x4: 0x00000000000062dc   x5: 0x00000000ffffffff   x6: 0x0000000283954540   x7: 0x00000002837509c0
    x8: 0x0000000000000093   x9: 0x0000000000000000  x10: 0x0000000000000001  x11: 0x0000000280c12d88
   x12: 0x0000000000000055  x13: 0x00000000b834f14d  x14: 0x00000000b854f800  x15: 0x000000000000029f
   x16: 0x00000001cbf87b64  x17: 0x00000001e04e0460  x18: 0x0000000000000000  x19: 0x000000011205ce00
   x20: 0x0000000000000000  x21: 0x0000000000000001  x22: 0x0000000000000001  x23: 0x000000011203f460
   x24: 0x0000000115809a00  x25: 0x0000000280e44e40  x26: 0x00000bf90011e5be  x27: 0x000000016d9bcf00
   x28: 0x0000000103ba3000   fp: 0x000000016d9bcda0   lr: 0x0000000103a15d1c
    sp: 0x000000016d9bc910   pc: 0x0000000103954e88 cpsr: 0x80001000
   esr: 0x92000006 (Data Abort) byte read Translation fault

Binary Images:
0x102928000 - 0x102933fff MultipleFluttersIos arm64  <c3b1761f0fa1315984640418267fc932> /var/containers/Bundle/Application/84290715-B4F7-4C72-A841-CB9134A30B1F/MultipleFluttersIos.app/MultipleFluttersIos
0x102a24000 - 0x102a2ffff libobjc-trampolines.dylib arm64e  <0be796322ebd3748ac5506ab8b4fc60d> /usr/lib/libobjc-trampolines.dylib
0x102be0000 - 0x102c4ffff dyld arm64e  <1f4d7499ee603c5d9d542cd29e4e537c> /usr/lib/dyld
0x102cd0000 - 0x102feffff App arm64  <ba37926d3093324bbd3de420ca349731> /var/containers/Bundle/Application/84290715-B4F7-4C72-A841-CB9134A30B1F/MultipleFluttersIos.app/Frameworks/App.framework/App
0x103438000 - 0x103b3bfff Flutter arm64  <b2dcbf1903df35bcb01bf4dbeb975cbc> /var/containers/Bundle/Application/84290715-B4F7-4C72-A841-CB9134A30B1F/MultipleFluttersIos.app/Frameworks/Flutter.framework/Flutter
0x1800c2000 - 0x180104fff libdispatch.dylib arm64e  <b92757b104343e9ba3acb6da6b81945c> /usr/lib/system/libdispatch.dylib
0x180105000 - 0x18013ffff libdyld.dylib arm64e  <21b19919133438bcb233896e929945e0> /usr/lib/system/libdyld.dylib
0x180140000 - 0x1803abfff libicucore.A.dylib arm64e  <cb72d6a6ceef313b88e7842da8de15cc> /usr/lib/libicucore.A.dylib
0x1803ac000 - 0x180765fff CoreFoundation arm64e  <727f2644eb4e3d57bc2ee6803ba92366> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
0x180766000 - 0x180911fff CoreServices arm64e  <c46f42d698c9323b8cee8e04f50bce45> /System/Library/Frameworks/CoreServices.framework/CoreServices
0x18095b000 - 0x1809d7fff SystemConfiguration arm64e  <97ad4485538f3f389fcdb3fb4df441c3> /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration
0x1809d8000 - 0x180acffff CoreTelephony arm64e  <810c9ed7d97438e19ca18fac779bab84> /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony
0x180ad0000 - 0x180f67fff CFNetwork arm64e  <0ebb3119a8ce35da96245b5528802fc8> /System/Library/Frameworks/CFNetwork.framework/CFNetwork
0x180f68000 - 0x181675fff libnetwork.dylib arm64e  <39506b46189e3e828f32ab8326fcc2c7> /usr/lib/libnetwork.dylib
0x181676000 - 0x1816ecfff Accounts arm64e  <8cc93a19e5983eeb8afb506477688616> /System/Library/Frameworks/Accounts.framework/Accounts
0x1816ed000 - 0x1819a8fff Foundation arm64e  <7698bf3e0cf631c085e9562714f01276> /System/Library/Frameworks/Foundation.framework/Foundation
0x1819a9000 - 0x181d0bfff ImageIO arm64e  <9fc48c6739e1399bb4ad52db3b37f607> /System/Library/Frameworks/ImageIO.framework/ImageIO
0x181d0c000 - 0x181d24fff libCGInterfaces.dylib arm64e  <febafe4bdfe43604b11cd7567f36c825> /System/Library/Frameworks/Accelerate.framework/Frameworks/vImage.framework/Libraries/libCGInterfaces.dylib
0x181d25000 - 0x1822bdfff CoreGraphics arm64e  <f5b44b3793af3d1fb053789a8626498a> /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics
0x1822be000 - 0x18376bfff UIKitCore arm64e  <8518eae3832b3ff09fa59dbe3041f26c> /System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore
0x18376c000 - 0x18378efff libAccessibility.dylib arm64e  <f62ac3057abf36c3a35156d384047c97> /usr/lib/libAccessibility.dylib
0x18378f000 - 0x183a15fff QuartzCore arm64e  <8510f13908243686a9aa3e198539a021> /System/Library/Frameworks/QuartzCore.framework/QuartzCore
0x183a16000 - 0x183a81fff BackBoardServices arm64e  <7f77d33c3c1f3cca979ae1332798a25f> /System/Library/PrivateFrameworks/BackBoardServices.framework/BackBoardServices
0x183a82000 - 0x183b0ffff TextInput arm64e  <61a52060d5843d1ca4f1864b5fb5617c> /System/Library/PrivateFrameworks/TextInput.framework/TextInput
0x183f48000 - 0x1840c4fff libswiftFoundation.dylib arm64e  <e1d532c2354331b2830a611eecc21277> /usr/lib/swift/libswiftFoundation.dylib
0x1840c5000 - 0x1844f6fff libswiftCore.dylib arm64e  <de79398bb4423166b6ca1650b7155d82> /usr/lib/swift/libswiftCore.dylib
0x1844f7000 - 0x18450ffff UIKitServices arm64e  <513a8906528a35739a45c91ea1817430> /System/Library/PrivateFrameworks/UIKitServices.framework/UIKitServices
0x184892000 - 0x184a49fff CoreText arm64e  <58b7adf717bf3fb093fd084cb70cba54> /System/Library/Frameworks/CoreText.framework/CoreText
0x184a4a000 - 0x184a64fff ExtensionKit arm64e  <ab582630eb713eaa93594d139804e0cb> /System/Library/PrivateFrameworks/ExtensionKit.framework/ExtensionKit
0x184a7a000 - 0x184afefff BaseBoard arm64e  <d0fa26f104f73d73aaa6337d19ac0677> /System/Library/PrivateFrameworks/BaseBoard.framework/BaseBoard
0x18662d000 - 0x1869abfff CoreData arm64e  <e4983c77f15e3012bf00a3fc6f2eb012> /System/Library/Frameworks/CoreData.framework/CoreData
0x187718000 - 0x187722fff libswiftCoreGraphics.dylib arm64e  <05d0f019b7a430f5b754bd60ea5b8559> /usr/lib/swift/libswiftCoreGraphics.dylib
0x187723000 - 0x187762fff AppSupport arm64e  <c9ca542cc2653802be879628070dc0a4> /System/Library/PrivateFrameworks/AppSupport.framework/AppSupport
0x187763000 - 0x18788cfff ManagedConfiguration arm64e  <73f74ef2dd093981b1d0834e9906ea6e> /System/Library/PrivateFrameworks/ManagedConfiguration.framework/ManagedConfiguration
0x187a10000 - 0x187b5dfff Security arm64e  <248431aabfe8399dad0ea942783d0e4b> /System/Library/Frameworks/Security.framework/Security
0x188738000 - 0x188a51fff CoreImage arm64e  <bbd5ff0b4792336fb8482f5c0c6c692c> /System/Library/Frameworks/CoreImage.framework/CoreImage
0x188a52000 - 0x188b0ffff ColorSync arm64e  <cc269c1b128030d29443c45d8cb5addb> /System/Library/PrivateFrameworks/ColorSync.framework/ColorSync
0x188b10000 - 0x188b4bfff CoreVideo arm64e  <a41932f1812e3928b8188feef048018d> /System/Library/Frameworks/CoreVideo.framework/CoreVideo
0x189339000 - 0x189439fff CoreMedia arm64e  <063231877fe13d2d9c430fdad845e776> /System/Library/Frameworks/CoreMedia.framework/CoreMedia
0x18943a000 - 0x1896a5fff AudioToolbox arm64e  <62b836837f2237f89cd6aed24461df2c> /System/Library/Frameworks/AudioToolbox.framework/AudioToolbox
0x189758000 - 0x189862fff UIFoundation arm64e  <9b241bd011ab38c2a1ac19f09ec6e1b1> /System/Library/PrivateFrameworks/UIFoundation.framework/UIFoundation
0x189863000 - 0x189888fff libsystem_info.dylib arm64e  <4141392213e530b7907d6662a1eab27e> /usr/lib/system/libsystem_info.dylib
0x189889000 - 0x189907fff libsystem_c.dylib arm64e  <961a8fb0de8a3567b4375d99cd549fae> /usr/lib/system/libsystem_c.dylib
0x189908000 - 0x189953fff RunningBoardServices arm64e  <697a1a06cadc3e7fa852a474d80108cb> /System/Library/PrivateFrameworks/RunningBoardServices.framework/RunningBoardServices
0x189954000 - 0x18aa8efff JavaScriptCore arm64e  <1b9a9eccfde13d02abe735d29542d02a> /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore
0x18b46f000 - 0x18b51afff IOKit arm64e  <92c9b0a3c0473a55b17b4c81f6b4f054> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x18b51b000 - 0x18b52bfff DataMigration arm64e  <051256fd02fd3d5381c55bef2910a0af> /System/Library/PrivateFrameworks/DataMigration.framework/DataMigration
0x18b52c000 - 0x18b589fff SpringBoardServices arm64e  <c150acc3bd2a3fa181fa7e4d4deb9175> /System/Library/PrivateFrameworks/SpringBoardServices.framework/SpringBoardServices
0x18c151000 - 0x18c2f9fff CoreUtils arm64e  <a95e26b7bc623727aebd37b8ade7dda9> /System/Library/PrivateFrameworks/CoreUtils.framework/CoreUtils
0x18c94f000 - 0x18ca15fff CoreUI arm64e  <da638c18e6ee36a3ba87a6cecb3189eb> /System/Library/PrivateFrameworks/CoreUI.framework/CoreUI
0x18d45c000 - 0x18fdc3fff WebCore arm64e  <a9759e560e3f3dddb7d3f88a3250823e> /System/Library/PrivateFrameworks/WebCore.framework/WebCore
0x18fdc4000 - 0x18fe23fff libMobileGestalt.dylib arm64e  <48e77331a983378c8eb4b7cc854f4a89> /usr/lib/libMobileGestalt.dylib
0x18fe24000 - 0x18fe40fff CommonUtilities arm64e  <58bd77e1ead836a181a6f1f736d9bec1> /System/Library/PrivateFrameworks/CommonUtilities.framework/CommonUtilities
0x1901fe000 - 0x190231fff UserNotifications arm64e  <afe58449cf0234a4bc234ded3712a3d5> /System/Library/Frameworks/UserNotifications.framework/UserNotifications
0x190232000 - 0x1902befff FrontBoardServices arm64e  <a15e664c54bb3ac39d7f0bba7f43ebfe> /System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices
0x1902bf000 - 0x1902e2fff libsystem_malloc.dylib arm64e  <bbade3853af53399b1d6180c6d33df9c> /usr/lib/system/libsystem_malloc.dylib
0x190fbb000 - 0x191226fff AudioToolboxCore arm64e  <d1cb61efad603bd3b0d2006e7f6c5476> /System/Library/PrivateFrameworks/AudioToolboxCore.framework/AudioToolboxCore
0x1916ba000 - 0x191761fff ShareSheet arm64e  <5c25c6ab8f5535958e684ab408e3aec9> /System/Library/PrivateFrameworks/ShareSheet.framework/ShareSheet
0x192334000 - 0x192348fff MSUDataAccessor arm64e  <9140891644fe38208059c1cae5afb001> /System/Library/PrivateFrameworks/MSUDataAccessor.framework/MSUDataAccessor
0x192349000 - 0x19236ffff MobileAsset arm64e  <ef35474d2eb63dff9d0e5760ee7bac37> /System/Library/PrivateFrameworks/MobileAsset.framework/MobileAsset
0x192370000 - 0x19237ffff libsystem_networkextension.dylib arm64e  <72e9b04cefb3311398130faa22fd28af> /usr/lib/system/libsystem_networkextension.dylib
0x19315c000 - 0x193259fff VideoToolbox arm64e  <a291cd84788c36a095d8a7e53275e4cd> /System/Library/Frameworks/VideoToolbox.framework/VideoToolbox
0x1933a5000 - 0x1933b6fff AXCoreUtilities arm64e  <85b866951b613087b7b25211a67e69ae> /System/Library/PrivateFrameworks/AXCoreUtilities.framework/AXCoreUtilities
0x194539000 - 0x194541fff InternationalSupport arm64e  <05ea5f19fb0b33a5b9f3ceea6808df34> /System/Library/PrivateFrameworks/InternationalSupport.framework/InternationalSupport
0x194796000 - 0x1947d8fff libswiftUIKit.dylib arm64e  <6918464affe03199b2614026e35cd5cf> /usr/lib/swift/libswiftUIKit.dylib
0x194ace000 - 0x194bf2fff Combine arm64e  <15b9213c595936be871f3f582776b8c4> /System/Library/Frameworks/Combine.framework/Combine
0x194c81000 - 0x194c92fff UniformTypeIdentifiers arm64e  <15720249377a3189b5acde89ce28022a> /System/Library/Frameworks/UniformTypeIdentifiers.framework/UniformTypeIdentifiers
0x1954e6000 - 0x19551cfff libobjc.A.dylib arm64e  <fea23cff02cf34268a4f893396ce92ff> /usr/lib/libobjc.A.dylib
0x19551d000 - 0x19557ffff LoggingSupport arm64e  <0877d599d2bd33008d700d1f8abca399> /System/Library/PrivateFrameworks/LoggingSupport.framework/LoggingSupport
0x195580000 - 0x1955defff libc++.1.dylib arm64e  <4a0b48d835483ad794c55e54ab10b6fa> /usr/lib/libc++.1.dylib
0x1955df000 - 0x1955f8fff libc++abi.dylib arm64e  <2c28dce19a893752bcfc907e99183a63> /usr/lib/libc++abi.dylib
0x195788000 - 0x1957cbfff CoreAutoLayout arm64e  <942d516f2be635879821a450f305f686> /System/Library/PrivateFrameworks/CoreAutoLayout.framework/CoreAutoLayout
0x1957cc000 - 0x19592afff Network arm64e  <9d7e4a86670f3742b6c188f150e74705> /System/Library/Frameworks/Network.framework/Network
0x19592b000 - 0x195961fff MobileKeyBag arm64e  <d1d35c92ad763198947c7c3c37dd1e3e> /System/Library/PrivateFrameworks/MobileKeyBag.framework/MobileKeyBag
0x195bba000 - 0x195c6cfff libvDSP.dylib arm64e  <981103e3468c336db8c5a574394ff73e> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvDSP.dylib
0x195c6d000 - 0x195ca0fff libAudioToolboxUtility.dylib arm64e  <c901706dd96638d78a98e632d0103d36> /usr/lib/libAudioToolboxUtility.dylib
0x195f0b000 - 0x196025fff FileProvider arm64e  <d9607b48e828313d88733480c22fbc28> /System/Library/Frameworks/FileProvider.framework/FileProvider
0x196037000 - 0x19604ffff libswiftDispatch.dylib arm64e  <b6f59dfcf9bb31f8b0d5836177ba9668> /usr/lib/swift/libswiftDispatch.dylib
0x196087000 - 0x196117fff Symbolication arm64e  <c15bd42b1d303aaf8b543d64f2433b5c> /System/Library/PrivateFrameworks/Symbolication.framework/Symbolication
0x196118000 - 0x196135fff CrashReporterSupport arm64e  <3f0cb4bfb6f3385db83720e08fba9808> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/CrashReporterSupport
0x1962a1000 - 0x19648ffff MPSNeuralNetwork arm64e  <333d91ab35473c47a5edf7be06a3deae> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSNeuralNetwork.framework/MPSNeuralNetwork
0x196490000 - 0x1964e6fff MPSCore arm64e  <b24eee3857a23fef906e34cc3a5a5386> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSCore.framework/MPSCore
0x19693b000 - 0x196952fff ProtocolBuffer arm64e  <b53be2dce7853a81a741712c7219bd9b> /System/Library/PrivateFrameworks/ProtocolBuffer.framework/ProtocolBuffer
0x196bd4000 - 0x196be3fff AssertionServices arm64e  <6c4a8e5fe94534898cc33f75e1215b11> /System/Library/PrivateFrameworks/AssertionServices.framework/AssertionServices
0x196c60000 - 0x196d40fff Metal arm64e  <b19644ec655d330fb5022316136a7b66> /System/Library/Frameworks/Metal.framework/Metal
0x196d41000 - 0x196e95fff MediaExperience arm64e  <4cae8c9c6156321788986d02541aaf56> /System/Library/PrivateFrameworks/MediaExperience.framework/MediaExperience
0x1972a3000 - 0x1972b9fff libsystem_trace.dylib arm64e  <3520924c65a7351dadbea07268a9bca7> /usr/lib/system/libsystem_trace.dylib
0x1972ba000 - 0x1972ebfff CoreServicesInternal arm64e  <5770501d3ece333d98d56da4d48fd9a5> /System/Library/PrivateFrameworks/CoreServicesInternal.framework/CoreServicesInternal
0x19800f000 - 0x198017fff GraphicsServices arm64e  <1959c615fa0830de8461884a5bbc8037> /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices
0x1981ed000 - 0x198202fff PowerLog arm64e  <e78464dca9813a359e5e19e567103906> /System/Library/PrivateFrameworks/PowerLog.framework/PowerLog
0x199f00000 - 0x199f29fff BoardServices arm64e  <66c745c0795a341aa2c9b01043957b83> /System/Library/PrivateFrameworks/BoardServices.framework/BoardServices
0x19a0c9000 - 0x19a118fff OSAnalytics arm64e  <b1704e43a44338febb79d6e81b51a2d2> /System/Library/PrivateFrameworks/OSAnalytics.framework/OSAnalytics
0x19a3a9000 - 0x19a3defff MobileInstallation arm64e  <35568a91b3b536acbdefa885f098b7d0> /System/Library/PrivateFrameworks/MobileInstallation.framework/MobileInstallation
0x19a3df000 - 0x19a46dfff libTelephonyUtilDynamic.dylib arm64e  <e604b2167dae34e5892b42791848d0f3> /usr/lib/libTelephonyUtilDynamic.dylib
0x19a5c2000 - 0x19a5e0fff CoreMaterial arm64e  <58b98f6de8df3813bb3416c568c45f9c> /System/Library/PrivateFrameworks/CoreMaterial.framework/CoreMaterial
0x19a657000 - 0x19a7e0fff libsqlite3.dylib arm64e  <2963f7ee43003bb69529587d5302a657> /usr/lib/libsqlite3.dylib
0x19b40a000 - 0x19b414fff libsystem_notify.dylib arm64e  <cb00557eecb73b8ebee94de4a0b862aa> /usr/lib/system/libsystem_notify.dylib
0x19b4c8000 - 0x19b53cfff libcorecrypto.dylib arm64e  <7282f135d28937129081a2b32fdb3622> /usr/lib/system/libcorecrypto.dylib
0x19b53d000 - 0x19b561fff UserManagement arm64e  <01f1ad278171339aa98d91876ef213d0> /System/Library/PrivateFrameworks/UserManagement.framework/UserManagement
0x19b63e000 - 0x19b654fff libsystem_asl.dylib arm64e  <6861da31b33a393eadeaa36da03ba670> /usr/lib/system/libsystem_asl.dylib
0x19b917000 - 0x19b94efff CoreServicesStore arm64e  <7f13794ebc913959a201e01a396aa228> /System/Library/PrivateFrameworks/CoreServicesStore.framework/CoreServicesStore
0x19b94f000 - 0x19b974fff CoreAnalytics arm64e  <0e3b705972c939ad9a5ca9b487f5c475> /System/Library/PrivateFrameworks/CoreAnalytics.framework/CoreAnalytics
0x19c3ba000 - 0x19c3e6fff IconServices arm64e  <d947a9247e9e309fa9eff038d7918f52> /System/Library/PrivateFrameworks/IconServices.framework/IconServices
0x19cebe000 - 0x19d185fff vImage arm64e  <235be66e7bb831bba92d486371ffc572> /System/Library/Frameworks/Accelerate.framework/Frameworks/vImage.framework/vImage
0x19e183000 - 0x19e1dcfff ktrace arm64e  <0fd4ace25e6c3e0ca5e18b2aa5f4457f> /System/Library/PrivateFrameworks/ktrace.framework/ktrace
0x19e600000 - 0x19e788fff WebKitLegacy arm64e  <e2e6d532c92535a88a195438ec912e29> /System/Library/PrivateFrameworks/WebKitLegacy.framework/WebKitLegacy
0x19f81a000 - 0x19f824fff IOMobileFramebuffer arm64e  <75b827a40b7e31278af975faf62e320b> /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer
0x19feb9000 - 0x19fed9fff PrototypeTools arm64e  <ca03807ff927380f9d8798ff437319c6> /System/Library/PrivateFrameworks/PrototypeTools.framework/PrototypeTools
0x19feda000 - 0x19ff07fff PersistentConnection arm64e  <2c14c002f3ea300f8b45706af2444601> /System/Library/PrivateFrameworks/PersistentConnection.framework/PersistentConnection
0x1a0eaa000 - 0x1a0ed5fff CoreAccessories arm64e  <aef72f8cdcd030ffbe2664c6c524f066> /System/Library/PrivateFrameworks/CoreAccessories.framework/CoreAccessories
0x1a11e7000 - 0x1a11e9fff OSAServicesClient arm64e  <dec50288c55c378bb424658704258c77> /System/Library/PrivateFrameworks/OSAServicesClient.framework/OSAServicesClient
0x1a1dc0000 - 0x1a1e75fff CoreSymbolication arm64e  <4a497d5f199b3a17b912d711e97154d7> /System/Library/PrivateFrameworks/CoreSymbolication.framework/CoreSymbolication
0x1a265d000 - 0x1a266ffff IOSurface arm64e  <2bb4143452ee3bd7822950b3840218b6> /System/Library/Frameworks/IOSurface.framework/IOSurface
0x1a2670000 - 0x1a26d2fff MobileWiFi arm64e  <cb04e63128a23661a0c5ab073cf2dbf4> /System/Library/PrivateFrameworks/MobileWiFi.framework/MobileWiFi
0x1a2cc6000 - 0x1a2d01fff libGLImage.dylib arm64e  <5e1452bc1b723ea9bbee08acd20195f3> /System/Library/Frameworks/OpenGLES.framework/libGLImage.dylib
0x1a2d02000 - 0x1a2d09fff libsystem_symptoms.dylib arm64e  <ee0315ac9aab3bd4ab86ede010db097a> /usr/lib/system/libsystem_symptoms.dylib
0x1a2d51000 - 0x1a32b2fff CoreAudio arm64e  <35f706386c053b64b34f60e273b2a83c> /System/Library/Frameworks/CoreAudio.framework/CoreAudio
0x1a688f000 - 0x1a6898fff ContextKitExtraction arm64e  <3b1d92e5f4ac37e8887e97798a3bee96> /System/Library/PrivateFrameworks/ContextKitExtraction.framework/ContextKitExtraction
0x1a6976000 - 0x1a6978fff libswiftObjectiveC.dylib arm64e  <6d0b9153875939f48ebfc48dfdc4d77c> /usr/lib/swift/libswiftObjectiveC.dylib
0x1a8205000 - 0x1a8214fff MobileIcons arm64e  <e8c4f97c59483d7f9f59b26835929137> /System/Library/PrivateFrameworks/MobileIcons.framework/MobileIcons
0x1a9946000 - 0x1a9950fff MallocStackLogging arm64e  <66bfc8d3c6f335519ce3f213ab98480e> /System/Library/PrivateFrameworks/MallocStackLogging.framework/MallocStackLogging
0x1aa59f000 - 0x1aa5d1fff Bom arm64e  <68852959ebe03756837b46f2c1f767ec> /System/Library/PrivateFrameworks/Bom.framework/Bom
0x1aa607000 - 0x1aa60efff PushKit arm64e  <ea9b2ff9825f30a29dc38fe3e70fd6de> /System/Library/Frameworks/PushKit.framework/PushKit
0x1aa8a6000 - 0x1aa8aefff StudyLog arm64e  <15e63b6cec933fa882889d0cefd8a9ef> /System/Library/PrivateFrameworks/StudyLog.framework/StudyLog
0x1adb48000 - 0x1adb4efff IOAccelerator arm64e  <a52c34191fec367088c065bfff85305d> /System/Library/PrivateFrameworks/IOAccelerator.framework/IOAccelerator
0x1ae3fe000 - 0x1ae42ffff libsystem_kernel.dylib arm64e  <b373b97b671e301ca6b7c9f92e17dca0> /usr/lib/system/libsystem_kernel.dylib
0x1aee00000 - 0x1aee0dfff FontServices arm64e  <b081806bbcba335480622196cb0c05dd> /System/Library/PrivateFrameworks/FontServices.framework/FontServices
0x1aefc3000 - 0x1aefcffff MediaAccessibility arm64e  <babd3b53c8f63359aa5a98e3bfec3f34> /System/Library/Frameworks/MediaAccessibility.framework/MediaAccessibility
0x1b0973000 - 0x1b0983fff libdscsym.dylib arm64e  <1fc227cb8893384b8453555702030bb5> /usr/lib/libdscsym.dylib
0x1b0984000 - 0x1b0995fff HangTracer arm64e  <148caf8207a83d1a87b0a476cc755f35> /System/Library/PrivateFrameworks/HangTracer.framework/HangTracer
0x1b0b53000 - 0x1b0c11fff SampleAnalysis arm64e  <38e052d99e2032ce84bfa5e7d96c12aa> /System/Library/PrivateFrameworks/SampleAnalysis.framework/SampleAnalysis
0x1b0c12000 - 0x1b0c42fff PlugInKit arm64e  <1b06f4b4a9c33af8875c49f515e38d78> /System/Library/PrivateFrameworks/PlugInKit.framework/PlugInKit
0x1b0cf2000 - 0x1b0cf3fff libSystem.B.dylib arm64e  <7d42c8382a04372e9fccdc7a95ef88f4> /usr/lib/libSystem.B.dylib
0x1b1167000 - 0x1b11d7fff libarchive.2.dylib arm64e  <d766b73088553bd28ba75b2d926ffbea> /usr/lib/libarchive.2.dylib
0x1b11d8000 - 0x1b11fcfff libtailspin.dylib arm64e  <98055fb0cc033819bc074fb958f6e656> /usr/lib/libtailspin.dylib
0x1b11fd000 - 0x1b16b2fff libBNNS.dylib arm64e  <13ec7750493a31bcad11234e3950686d> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBNNS.dylib
0x1b1d14000 - 0x1b1d14fff Accelerate arm64e  <b2f811f636d9398b9e2a080408efed72> /System/Library/Frameworks/Accelerate.framework/Accelerate
0x1b1d15000 - 0x1b1f6ffff libBLAS.dylib arm64e  <effe16b216183f3aa06ce58527e217f3> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBLAS.dylib
0x1b1f70000 - 0x1b241afff libLAPACK.dylib arm64e  <6eea1e2a662630508a2e8b690016e7e0> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLAPACK.dylib
0x1b241b000 - 0x1b242ffff libLinearAlgebra.dylib arm64e  <64203c23bfb735adb6823d4fd877c7d6> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLinearAlgebra.dylib
0x1b2430000 - 0x1b2434fff libQuadrature.dylib arm64e  <ffc2799051a93d79b60ccf610debaaf4> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libQuadrature.dylib
0x1b2435000 - 0x1b2497fff libSparse.dylib arm64e  <7244ae07ad933247aa101be5ba810cd7> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libSparse.dylib
0x1b2498000 - 0x1b24a9fff libSparseBLAS.dylib arm64e  <2351d0bc0e6b33068c41c4e1be339920> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libSparseBLAS.dylib
0x1b24aa000 - 0x1b2502fff libvMisc.dylib arm64e  <d7f6e639d9e33e0eb5c653903f95ebac> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvMisc.dylib
0x1b2503000 - 0x1b2503fff vecLib arm64e  <6cec3ecd6c1a3f2f97ae525ff2046274> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/vecLib
0x1b30a1000 - 0x1b3127fff MPSImage arm64e  <dddc7ccf8dc635b991a65062b979b2a2> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSImage.framework/MPSImage
0x1b3128000 - 0x1b314efff MPSMatrix arm64e  <19c8ce40ea28340eb5e61151589d9a5b> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSMatrix.framework/MPSMatrix
0x1b314f000 - 0x1b318dfff MPSNDArray arm64e  <33d53f36a2aa3e39a9cb6f7ac2723edc> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSNDArray.framework/MPSNDArray
0x1b318e000 - 0x1b31d6fff MPSRayIntersector arm64e  <826f7ecb42153845b6c81434e31d05b8> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSRayIntersector.framework/MPSRayIntersector
0x1b31d7000 - 0x1b31d7fff MetalPerformanceShaders arm64e  <c3e2c89e6c6b35a79c4acc3c0c8f817a> /System/Library/Frameworks/MetalPerformanceShaders.framework/MetalPerformanceShaders
0x1b3574000 - 0x1b3574fff MobileCoreServices arm64e  <013cab54d0ec301a82151c17a2a44899> /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices
0x1b4172000 - 0x1b417afff OpenGLES arm64e  <fa5413d895ef3dada5eed752ca32bb1f> /System/Library/Frameworks/OpenGLES.framework/OpenGLES
0x1b417b000 - 0x1b417cfff libCVMSPluginSupport.dylib arm64e  <1ca789cb22ac36e1858b241da4c8dcb7> /System/Library/Frameworks/OpenGLES.framework/libCVMSPluginSupport.dylib
0x1b417d000 - 0x1b4183fff libCoreFSCache.dylib arm64e  <2411f21fea7c3656a0990c3ae36e88e8> /System/Library/Frameworks/OpenGLES.framework/libCoreFSCache.dylib
0x1b4184000 - 0x1b4189fff libCoreVMClient.dylib arm64e  <04bd5aee36673163b188185a5d4f02a3> /System/Library/Frameworks/OpenGLES.framework/libCoreVMClient.dylib
0x1b418a000 - 0x1b4193fff libGFXShared.dylib arm64e  <59b568645cb53655a427478652ed8e27> /System/Library/Frameworks/OpenGLES.framework/libGFXShared.dylib
0x1b4db7000 - 0x1b4db7fff UIKit arm64e  <d6833c925bf638189ede3bb4092a0919> /System/Library/Frameworks/UIKit.framework/UIKit
0x1b5fca000 - 0x1b5fcdfff AFKUser arm64e  <3f4d68e133773dd2ba45c82c59125f30> /System/Library/PrivateFrameworks/AFKUser.framework/AFKUser
0x1b6333000 - 0x1b63f1fff APFS arm64e  <7edafa643f783bd2a5e33a4a561da182> /System/Library/PrivateFrameworks/APFS.framework/APFS
0x1b63f2000 - 0x1b63f8fff ASEProcessing arm64e  <a9a265754d843c00bf34f91021d26ab0> /System/Library/PrivateFrameworks/ASEProcessing.framework/ASEProcessing
0x1b6c2c000 - 0x1b6c31fff AggregateDictionary arm64e  <abc24f86a76c3527b95a42e60388a17c> /System/Library/PrivateFrameworks/AggregateDictionary.framework/AggregateDictionary
0x1b86ca000 - 0x1b86d9fff AppleFSCompression arm64e  <34598412dc53349892b4f249fa996350> /System/Library/PrivateFrameworks/AppleFSCompression.framework/AppleFSCompression
0x1b870b000 - 0x1b8750fff AppleJPEG arm64e  <5fa8e99c227f39879149a9fa5275b651> /System/Library/PrivateFrameworks/AppleJPEG.framework/AppleJPEG
0x1b87fc000 - 0x1b8820fff AppleSauce arm64e  <5c480b789dfb3fe5ba264691c1f88a8d> /System/Library/PrivateFrameworks/AppleSauce.framework/AppleSauce
0x1b9093000 - 0x1b909dfff CMCaptureCore arm64e  <203549efeb873319bfec7749818fb59b> /System/Library/PrivateFrameworks/CMCaptureCore.framework/CMCaptureCore
0x1b90b8000 - 0x1b90c7fff CPMS arm64e  <2a9d048276f339afa95beb6ab9557604> /System/Library/PrivateFrameworks/CPMS.framework/CPMS
0x1b93ee000 - 0x1b93f9fff CaptiveNetwork arm64e  <438ae3c09d773cd6b3fc8172b7e68a28> /System/Library/PrivateFrameworks/CaptiveNetwork.framework/CaptiveNetwork
0x1b95d5000 - 0x1b9625fff ChunkingLibrary arm64e  <c9e1f078a60b391bbd5f740c04a1cc10> /System/Library/PrivateFrameworks/ChunkingLibrary.framework/ChunkingLibrary
0x1b9b32000 - 0x1b9b35fff ConstantClasses arm64e  <b49b804354873a78b69c730673ae8755> /System/Library/PrivateFrameworks/ConstantClasses.framework/ConstantClasses
0x1b9d8a000 - 0x1b9e81fff CoreBrightness arm64e  <8779d983de8d39a898b05f1357369de9> /System/Library/PrivateFrameworks/CoreBrightness.framework/CoreBrightness
0x1ba618000 - 0x1ba620fff CorePhoneNumbers arm64e  <a099b15f9ea132f190e6436e5686ee79> /System/Library/PrivateFrameworks/CorePhoneNumbers.framework/CorePhoneNumbers
0x1bb04c000 - 0x1bb076fff CoreSVG arm64e  <012037e7a6183373b8097fa32264a57e> /System/Library/PrivateFrameworks/CoreSVG.framework/CoreSVG
0x1bb5ef000 - 0x1bb62bfff DocumentManager arm64e  <c54186de7fa437358a07880d6d4e6d64> /System/Library/PrivateFrameworks/DocumentManager.framework/DocumentManager
0x1bb62c000 - 0x1bb64cfff DocumentManagerCore arm64e  <8081d2b7b5643eb3bc63c7f910bca3c6> /System/Library/PrivateFrameworks/DocumentManagerCore.framework/DocumentManagerCore
0x1bb6d7000 - 0x1bb6d9fff DragUI arm64e  <886c83486d80388ca9ae580581ff1e3d> /System/Library/PrivateFrameworks/DragUI.framework/DragUI
0x1bb709000 - 0x1bb73afff EAP8021X arm64e  <930411b09df032d98d485232739c903e> /System/Library/PrivateFrameworks/EAP8021X.framework/EAP8021X
0x1bb8c0000 - 0x1bb8c7fff ExtensionFoundation arm64e  <bcb6582e13123c20bb8c2ebbfe35e2ee> /System/Library/PrivateFrameworks/ExtensionFoundation.framework/ExtensionFoundation
0x1bba88000 - 0x1bbe9cfff FaceCore arm64e  <d3dd1092cc2e3b13b40f94917908b67d> /System/Library/PrivateFrameworks/FaceCore.framework/FaceCore
0x1bc056000 - 0x1bc198fff libFontParser.dylib arm64e  <bada6320e5c73542bc4d538145eb0761> /System/Library/PrivateFrameworks/FontServices.framework/libFontParser.dylib
0x1bc199000 - 0x1bc1a1fff libGSFont.dylib arm64e  <b44455d72bd63b3e81afc92bdc0734e9> /System/Library/PrivateFrameworks/FontServices.framework/libGSFont.dylib
0x1bc1a2000 - 0x1bc1dffff libGSFontCache.dylib arm64e  <8971ad0fd4d53bc59dc550cf1f2b5eeb> /System/Library/PrivateFrameworks/FontServices.framework/libGSFontCache.dylib
0x1bc245000 - 0x1bc252fff libhvf.dylib arm64e  <b0db005b204e337988d25394ba7bbed9> /System/Library/PrivateFrameworks/FontServices.framework/libhvf.dylib
0x1bce31000 - 0x1bce31fff libmetal_timestamp.dylib arm64e  <fe39c5cab41a3c828937020f615235a2> /System/Library/PrivateFrameworks/GPUCompiler.framework/Libraries/libmetal_timestamp.dylib
0x1bcf14000 - 0x1bcf33fff GenerationalStorage arm64e  <7fd0e4a64ec0376094fa7fc92b8c6ae3> /System/Library/PrivateFrameworks/GenerationalStorage.framework/GenerationalStorage
0x1bcf34000 - 0x1bcf41fff GraphVisualizer arm64e  <f930b8e63f773432bb078bbc15423bd2> /System/Library/PrivateFrameworks/GraphVisualizer.framework/GraphVisualizer
0x1bcf6e000 - 0x1bcf7afff HID arm64e  <997e4d59f29c3718ae5900013b2f93c5> /System/Library/PrivateFrameworks/HID.framework/HID
0x1bd9fe000 - 0x1bda1dfff IOGPU arm64e  <3d3aed8398f9389ba41bec7a5ea77a83> /System/Library/PrivateFrameworks/IOGPU.framework/IOGPU
0x1bda29000 - 0x1bda2bfff IOSurfaceAccelerator arm64e  <bf23e49eebad3a078d4df3a00a4c179b> /System/Library/PrivateFrameworks/IOSurfaceAccelerator.framework/IOSurfaceAccelerator
0x1bda56000 - 0x1bda5dfff IdleTimerServices arm64e  <7c3d6a90eef83db9b955f7bb61ead2f8> /System/Library/PrivateFrameworks/IdleTimerServices.framework/IdleTimerServices
0x1beac2000 - 0x1beb94fff MetalTools arm64e  <f44fdf455af739738fe6f0c24b8964f2> /System/Library/PrivateFrameworks/MetalTools.framework/MetalTools
0x1becbc000 - 0x1becc2fff MobileSystemServices arm64e  <6ba8ebc692dd38d180f292d4269cd1f1> /System/Library/PrivateFrameworks/MobileSystemServices.framework/MobileSystemServices
0x1bf23a000 - 0x1bf27bfff OTSVG arm64e  <00d86fb69cf635faab22b8b6fa7cda34> /System/Library/PrivateFrameworks/OTSVG.framework/OTSVG
0x1bf8d0000 - 0x1bf8fcfff Pasteboard arm64e  <fff33f3abde4393ea6fb3f392c166b49> /System/Library/PrivateFrameworks/Pasteboard.framework/Pasteboard
0x1bfb92000 - 0x1bfbdefff PhysicsKit arm64e  <e22fdd58fdd6302b9f66a17729fd3061> /System/Library/PrivateFrameworks/PhysicsKit.framework/PhysicsKit
0x1bfc9f000 - 0x1bfcaafff PointerUIServices arm64e  <c71697e82d1d30779cab7c42e76e82f1> /System/Library/PrivateFrameworks/PointerUIServices.framework/PointerUIServices
0x1c3076000 - 0x1c3080fff SignpostCollection arm64e  <0e1a2eef68dd3fe5aeaa1d3759c46362> /System/Library/PrivateFrameworks/SignpostCollection.framework/SignpostCollection
0x1c3081000 - 0x1c3081fff SignpostMetrics arm64e  <81374dd6fb9c3fb8b64db78fc1ddd1bc> /System/Library/PrivateFrameworks/SignpostMetrics.framework/SignpostMetrics
0x1c3083000 - 0x1c30c4fff SignpostSupport arm64e  <62f534a6875435c5b919c1ff754031a8> /System/Library/PrivateFrameworks/SignpostSupport.framework/SignpostSupport
0x1c3bf5000 - 0x1c3bf5fff SoftLinking arm64e  <2039e1311e783ef6b012310bc4de4222> /System/Library/PrivateFrameworks/SoftLinking.framework/SoftLinking
0x1c40f6000 - 0x1c4134fff StreamingZip arm64e  <2aeb745662cf308d9074f0a44f0680fd> /System/Library/PrivateFrameworks/StreamingZip.framework/StreamingZip
0x1c413c000 - 0x1c4146fff SymptomDiagnosticReporter arm64e  <77f539309c7931b389d6e7d4f9203187> /System/Library/PrivateFrameworks/SymptomDiagnosticReporter.framework/SymptomDiagnosticReporter
0x1c41d4000 - 0x1c41e4fff TCC arm64e  <5eb3e57592fe366093d4ee98625696e1> /System/Library/PrivateFrameworks/TCC.framework/TCC
0x1c4aeb000 - 0x1c4b9ffff TextureIO arm64e  <39b83f8ef7013ac99b77e9994ec66025> /System/Library/PrivateFrameworks/TextureIO.framework/TextureIO
0x1c4dcd000 - 0x1c4dd4fff URLFormatting arm64e  <359aa25a10a2333290b93cb58f491102> /System/Library/PrivateFrameworks/URLFormatting.framework/URLFormatting
0x1c60c3000 - 0x1c60c4fff WatchdogClient arm64e  <d2e9111e5dc83579be818f4c8b9dde30> /System/Library/PrivateFrameworks/WatchdogClient.framework/WatchdogClient
0x1c63a9000 - 0x1c6ae5fff libwebrtc.dylib arm64e  <aa754ea82e973bb382d20b9728efcd8e> /System/Library/PrivateFrameworks/WebCore.framework/Frameworks/libwebrtc.dylib
0x1c70c1000 - 0x1c70c4fff XCTTargetBootstrap arm64e  <81e7f051ea293b32aa8db6b31043c1b1> /System/Library/PrivateFrameworks/XCTTargetBootstrap.framework/XCTTargetBootstrap
0x1c714a000 - 0x1c7169fff caulk arm64e  <b170cf9d18cf360cb6783d1fa8545de0> /System/Library/PrivateFrameworks/caulk.framework/caulk
0x1c96de000 - 0x1c96e3fff kperf arm64e  <00833ee7334a357397d803fc54a7e96a> /System/Library/PrivateFrameworks/kperf.framework/kperf
0x1c96e4000 - 0x1c96ecfff kperfdata arm64e  <5fd952a747393327b7a964c9c3bfa46d> /System/Library/PrivateFrameworks/kperfdata.framework/kperfdata
0x1c96ed000 - 0x1c9703fff libEDR arm64e  <36804b020c1c3bab8fed5f225920287a> /System/Library/PrivateFrameworks/libEDR.framework/libEDR
0x1c971c000 - 0x1c972dfff perfdata arm64e  <c692a64284a03d519388df48cde59922> /System/Library/PrivateFrameworks/perfdata.framework/perfdata
0x1ca609000 - 0x1ca618fff libAudioStatistics.dylib arm64e  <d43dc9402a6c3daa9994658116e61065> /usr/lib/libAudioStatistics.dylib
0x1ca7be000 - 0x1ca7f1fff libCRFSuite.dylib arm64e  <2ae9058b25ce31468ab4f02615f16d47> /usr/lib/libCRFSuite.dylib
0x1ca7f2000 - 0x1ca7f3fff libCTGreenTeaLogger.dylib arm64e  <216ec5a25c553a51abc186cfb4a0b607> /usr/lib/libCTGreenTeaLogger.dylib
0x1caab5000 - 0x1caabcfff libIOReport.dylib arm64e  <4da98ad919f939e4b6d7db4d956aba56> /usr/lib/libIOReport.dylib
0x1caed3000 - 0x1caed5fff libapp_launch_measurement.dylib arm64e  <c9185c8b5e8c3dcc87f4d4e8211bfcc9> /usr/lib/libapp_launch_measurement.dylib
0x1caed6000 - 0x1caeecfff libapple_nghttp2.dylib arm64e  <aa7df81a69c13795a30386bf158fdd61> /usr/lib/libapple_nghttp2.dylib
0x1caeed000 - 0x1caf7efff libate.dylib arm64e  <191d61e4155c3b16a602d59611c1653e> /usr/lib/libate.dylib
0x1cb010000 - 0x1cb020fff libbsm.0.dylib arm64e  <67259e0c8b2a3ff3a21be629e0f686ac> /usr/lib/libbsm.0.dylib
0x1cb021000 - 0x1cb02dfff libbz2.1.0.dylib arm64e  <1ece9cb83cd633c79f28a480997339dc> /usr/lib/libbz2.1.0.dylib
0x1cb02e000 - 0x1cb02efff libcharset.1.dylib arm64e  <b28f9d663d723a4198566fd8d095045a> /usr/lib/libcharset.1.dylib
0x1cb041000 - 0x1cb058fff libcompression.dylib arm64e  <0f27f2f9302f37978c084cd6cec38432> /usr/lib/libcompression.dylib
0x1cb059000 - 0x1cb06ffff libcoretls.dylib arm64e  <82b845672c153d149c2e5f7d52829fcc> /usr/lib/libcoretls.dylib
0x1cb070000 - 0x1cb071fff libcoretls_cfhelpers.dylib arm64e  <2fc084f0e6cb38ccb3441c80ad1393d7> /usr/lib/libcoretls_cfhelpers.dylib
0x1cb095000 - 0x1cb09cfff libcupolicy.dylib arm64e  <7b39fce102fa3f45892ffdb80f422f4f> /usr/lib/libcupolicy.dylib
0x1cb09d000 - 0x1cb0a4fff libdns_services.dylib arm64e  <4cac384f00653034afbbcf8288b0bfd1> /usr/lib/libdns_services.dylib
0x1cb0c3000 - 0x1cb0c3fff libenergytrace.dylib arm64e  <cbea27377f49368ab116286ed2f32786> /usr/lib/libenergytrace.dylib
0x1cb0c4000 - 0x1cb0ddfff libexpat.1.dylib arm64e  <db63f6bc6fda397792284f85556f7818> /usr/lib/libexpat.1.dylib
0x1cb112000 - 0x1cb207fff libiconv.2.dylib arm64e  <03e7a7e4dde835508741edd69270af5f> /usr/lib/libiconv.2.dylib
0x1cb226000 - 0x1cb227fff liblangid.dylib arm64e  <1255de5ea4983685bb6973604d732267> /usr/lib/liblangid.dylib
0x1cb228000 - 0x1cb233fff liblockdown.dylib arm64e  <23c07c0fc5093e37bfd7a0e276ea3d98> /usr/lib/liblockdown.dylib
0x1cb234000 - 0x1cb24cfff liblzma.5.dylib arm64e  <9046f47632bb38bba83c47f76e71d306> /usr/lib/liblzma.5.dylib
0x1cb509000 - 0x1cb51cfff libmis.dylib arm64e  <b5dd4a39682634028ad0a01b9c3fa881> /usr/lib/libmis.dylib
0x1cb8dd000 - 0x1cb917fff libpcap.A.dylib arm64e  <989fc8a318983af69064be81e007c38d> /usr/lib/libpcap.A.dylib
0x1cb918000 - 0x1cb926fff libperfcheck.dylib arm64e  <f03916c9f26d3073ad528e15e1a2d7f6> /usr/lib/libperfcheck.dylib
0x1cb92e000 - 0x1cb940fff libprequelite.dylib arm64e  <1849a2dc033a3aaa8d60fcf4b10b499c> /usr/lib/libprequelite.dylib
0x1cba7c000 - 0x1cba7ffff libutil.dylib arm64e  <d77e2807eed438349e164bb8d9e1edcc> /usr/lib/libutil.dylib
0x1cba80000 - 0x1cbb6bfff libxml2.2.dylib arm64e  <55df15ddfd323d458d67b61f9d0f9463> /usr/lib/libxml2.2.dylib
0x1cbb9a000 - 0x1cbbabfff libz.1.dylib arm64e  <9e35153333503f8bb9b567ec5881c5ef> /usr/lib/libz.1.dylib
0x1cbc90000 - 0x1cbc98fff libswiftCoreAudio.dylib arm64e  <78e58bf78d5534518c05a0e700f82207> /usr/lib/swift/libswiftCoreAudio.dylib
0x1cbc9e000 - 0x1cbc9efff libswiftCoreFoundation.dylib arm64e  <8eb23177992d3ae683a427f98761d366> /usr/lib/swift/libswiftCoreFoundation.dylib
0x1cbc9f000 - 0x1cbc9ffff libswiftCoreImage.dylib arm64e  <2c10a28b00333e82b2cb5dae5ee94b14> /usr/lib/swift/libswiftCoreImage.dylib
0x1cbcb1000 - 0x1cbcebfff libswiftCoreMedia.dylib arm64e  <73bc3d9ed67b37a08967474be3a185b8> /usr/lib/swift/libswiftCoreMedia.dylib
0x1cbcf8000 - 0x1cbd01fff libswiftDarwin.dylib arm64e  <53a5784711cb3c77a42392362dfa2dbb> /usr/lib/swift/libswiftDarwin.dylib
0x1cbd20000 - 0x1cbd24fff libswiftMetal.dylib arm64e  <e086d5a31279331888f7a487f3d0e96a> /usr/lib/swift/libswiftMetal.dylib
0x1cbd98000 - 0x1cbd99fff libswiftQuartzCore.dylib arm64e  <f2ac15a75270309796527276d0e70cd5> /usr/lib/swift/libswiftQuartzCore.dylib
0x1cbe01000 - 0x1cbe06fff libcache.dylib arm64e  <7567dfaa324e306aa66fc2dda88b033b> /usr/lib/system/libcache.dylib
0x1cbe07000 - 0x1cbe14fff libcommonCrypto.dylib arm64e  <25abfbdfed4431f7a628bd742e231f31> /usr/lib/system/libcommonCrypto.dylib
0x1cbe15000 - 0x1cbe18fff libcompiler_rt.dylib arm64e  <d33e74102bae373585edeb219279aa43> /usr/lib/system/libcompiler_rt.dylib
0x1cbe19000 - 0x1cbe21fff libcopyfile.dylib arm64e  <fae70da0ebad33f293ac496dcbe46fea> /usr/lib/system/libcopyfile.dylib
0x1cbf09000 - 0x1cbf09fff liblaunch.dylib arm64e  <2484228087bc30c68b69739b80187b10> /usr/lib/system/liblaunch.dylib
0x1cbf0a000 - 0x1cbf0ffff libmacho.dylib arm64e  <4228e603576133778acefc84d49a4d2f> /usr/lib/system/libmacho.dylib
0x1cbf10000 - 0x1cbf12fff libremovefile.dylib arm64e  <904853f042653abe93730a3ecdf39678> /usr/lib/system/libremovefile.dylib
0x1cbf13000 - 0x1cbf14fff libsystem_blocks.dylib arm64e  <f285e167aaa73ab7a092085ca4d1a0c5> /usr/lib/system/libsystem_blocks.dylib
0x1cbf15000 - 0x1cbf17fff libsystem_collections.dylib arm64e  <ea85747378323fa18286e5b16bc56a4e> /usr/lib/system/libsystem_collections.dylib
0x1cbf18000 - 0x1cbf1cfff libsystem_configuration.dylib arm64e  <230a7783b6ac3c7fba6991bdfa91823d> /usr/lib/system/libsystem_configuration.dylib
0x1cbf1d000 - 0x1cbf2ffff libsystem_containermanager.dylib arm64e  <01ba22f7abce3319860fb76d10a0d6d9> /usr/lib/system/libsystem_containermanager.dylib
0x1cbf30000 - 0x1cbf31fff libsystem_coreservices.dylib arm64e  <f83a3238b8303072ab9113587ed26129> /usr/lib/system/libsystem_coreservices.dylib
0x1cbf32000 - 0x1cbf3bfff libsystem_darwin.dylib arm64e  <63485fa6fe9235b783a00554e0194eba> /usr/lib/system/libsystem_darwin.dylib
0x1cbf3c000 - 0x1cbf44fff libsystem_dnssd.dylib arm64e  <591126c3ffdb3df8afb3cb5f5c3e79a0> /usr/lib/system/libsystem_dnssd.dylib
0x1cbf45000 - 0x1cbf47fff libsystem_featureflags.dylib arm64e  <a5ca1f870aef3eee876e0c077d7638ee> /usr/lib/system/libsystem_featureflags.dylib
0x1cbf48000 - 0x1cbf75fff libsystem_m.dylib arm64e  <c9e29eee8f90377795c625952802e491> /usr/lib/system/libsystem_m.dylib
0x1cbf76000 - 0x1cbf7cfff libsystem_platform.dylib arm64e  <88fa2f54074d32c49f4879eb67e67b7b> /usr/lib/system/libsystem_platform.dylib
0x1cbf7d000 - 0x1cbf7dfff libsystem_product_info_filter.dylib arm64e  <563ac8a6230f305bbada77870fec6204> /usr/lib/system/libsystem_product_info_filter.dylib
0x1cbf7e000 - 0x1cbf89fff libsystem_pthread.dylib arm64e  <c939a2abd3b13b0a83c57ce2f4f339a9> /usr/lib/system/libsystem_pthread.dylib
0x1cbf8a000 - 0x1cbf8dfff libsystem_sandbox.dylib arm64e  <d7ea594452b73c8882c4726694052a14> /usr/lib/system/libsystem_sandbox.dylib
0x1cbf8e000 - 0x1cbf98fff libunwind.dylib arm64e  <d08ac1cff13c37cf93066cc664058cf0> /usr/lib/system/libunwind.dylib
0x1cbf99000 - 0x1cbfcffff libxpc.dylib arm64e  <cc048c8e1cad36c88a9615966103bd3a> /usr/lib/system/libxpc.dylib
0x1cd058000 - 0x1cd51ffff AGXMetalA14 arm64e  <032d8a8a79eb394aab424ea855d07fdd> /System/Library/Extensions/AGXMetalA14.bundle/AGXMetalA14

EOF

MultipleFluttersIos 30-03-21, 05-08.crash.zip

@TahaTesser TahaTesser added the in triage Presently being triaged by the triage team label Mar 30, 2021
@TahaTesser
Copy link
Member

Hi @sroddy
Thanks for filing the issue, i can reproduce the crash on XR in profile mode from Xcode

flutter doctor -v 
[✓] Flutter (Channel stable, 2.0.3, on macOS 11.2.3 20D91 darwin-x64, locale
    en-GB)
    • Flutter version 2.0.3 at /Users/tahatesser/Code/flutter_stable
    • Framework revision 4d7946a68d (11 days ago), 2021-03-18 17:24:33 -0700
    • Engine revision 3459eb2436
    • Dart version 2.12.2

[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
    • Android SDK at /Volumes/Extreme/SDK
    • Platform android-30, build-tools 30.0.3
    • ANDROID_HOME = /Volumes/Extreme/SDK
    • Java binary at: /Applications/Android
      Studio.app/Contents/jre/jdk/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build
      1.8.0_242-release-1644-b3-6915495)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS
    • Xcode at /Volumes/Extreme/Xcode.app/Contents/Developer
    • Xcode 12.4, Build version 12D4e
    • CocoaPods version 1.10.1

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 4.1)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build
      1.8.0_242-release-1644-b3-6915495)

[✓] VS Code (version 1.54.3)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension version 3.20.0

[✓] Connected device (4 available)
    • Taha’s iPhone (mobile) • 00008020-001059882212002E            • ios
      • iOS 14.4.1
    • iPhone 12 (mobile)     • 83060656-28E7-44CD-801E-B11EC3EC89BA • ios
      • com.apple.CoreSimulator.SimRuntime.iOS-14-4 (simulator)
    • macOS (desktop)        • macos                                • darwin-x64
      • macOS 11.2.3 20D91 darwin-x64
    • Chrome (web)           • chrome                               •
      web-javascript • Google Chrome 89.0.4389.90

• No issues found!

@TahaTesser TahaTesser added found in release: 2.0 Found to occur in 2.0 has reproducible steps The issue has been confirmed reproducible and is ready to work on c: fatal crash Crashes that terminate the process and removed in triage Presently being triaged by the triage team labels Mar 30, 2021
@xster
Copy link
Member

xster commented Mar 30, 2021

@mkustermann could you take a look at this one? Seems like a crash in the new lightweight isolate path. I couldn't get the bot to symbolicate but the version data should be there.

@sroddy
Copy link
Contributor Author

sroddy commented Apr 1, 2021

@xster @mkustermann I don't want to sound pessimistic but I've made a rough estimate and I calculated that this bug alone, considering an app that has on an average run about 5 to 10 FlutterViewController dismissal, would account for about 2% to 10% of the global crash rate of that given app (assuming that every possible mitigation path has been taken by the dev, otherwise it would be pretty easy to even deterministically crash almost 100% of the times).
If you are not up to trying to solve this issue ASAP (and cherry-pick to stable), I would strongly suggest to fix the docs and advise against using lightweight engines until a version that fixes this bug is released.

@chinmaygarde chinmaygarde added the P2 Important issues not at the top of the work list label Apr 5, 2021
@sroddy sroddy mentioned this issue Apr 5, 2021
Closed
@mkustermann
Copy link
Member

Was OOO during easter. Will take a look at this.

@mkustermann mkustermann self-assigned this Apr 6, 2021
@mkustermann
Copy link
Member

Have taken a look at it. The machine code causing the segfault looks like this:

dart::Isolate::ScheduleThread(this, bool, bool)
  000000000051ce3c	a9ba6ffc	stp	x28, x27, [sp, #-0x60]!
  000000000051ce40	a90167fa	stp	x26, x25, [sp, #0x10]
  000000000051ce44	a9025ff8	stp	x24, x23, [sp, #0x20]
  000000000051ce48	a90357f6	stp	x22, x21, [sp, #0x30]
  000000000051ce4c	a9044ff4	stp	x20, x19, [sp, #0x40]
  000000000051ce50	a9057bfd	stp	x29, x30, [sp, #0x50]
  000000000051ce54	910143fd	add	x29, sp, #0x50
  000000000051ce58	d11103ff	sub	sp, sp, #0x440
  000000000051ce5c	aa0203f4	mov	x20, x2
  000000000051ce60	aa0103f5	mov	x21, x1
  000000000051ce64	aa0003f3	mov	x19, x0             ### x19 = isolate
  000000000051ce68	90000f48	adrp	x8, 488 ; 0x704000
  000000000051ce6c	f9418508	ldr	x8, [x8, #0x308]
  000000000051ce70	f9400108	ldr	x8, [x8]
  000000000051ce74	f81a83a8	stur	x8, [x29, #-0x58]
  000000000051ce78	34000801	cbz	w1, 0x51cf78
  000000000051ce7c	f9403678	ldr	x24, [x19, #0x68]   ### x24 = isolate->isolate_group_
  000000000051ce80	f9400668	ldr	x8, [x19, #0x8]     ###  x8 = isolate->mutator_thread_
  000000000051ce84	b4000428	cbz	x8, 0x51cf08
  000000000051ce88	f9404908	ldr	x8, [x8, #0x90]     ###  x8 = mutator_thread->top_exit_frame_info_
                                        ^^^ Causes SEGV due to trying to load from address 0x123

The crashing C code is runtime/vm/isolate.cc:

void IsolateGroup::IncreaseMutatorCount(Isolate* mutator) {
  ASSERT(mutator->group() == this);

  // If the mutator was temporarily blocked on a worker thread, we have to
  // unblock the worker thread again.
  Thread* mutator_thread = mutator->mutator_thread();
  if (mutator_thread != nullptr && mutator_thread->top_exit_frame_info() != 0) {
    thread_pool()->MarkCurrentWorkerAsUnBlocked();
  }

The isolate->mutator_thread_ pointer has an invalid address (0x93).

This indicates that the isolate pointer passed by the flutter engine to Dart_EnterIsolate is invalid - because the isolate->mutator_thread_ is either NULL or it points to a valid Thread object until the isolate dies.

(Since the stable branch this code has been modified a little in - but that is not really relevant to this bug I believe.)

Now looking at the stack more closely, we can see this gets indirectly called by a lambda that calls tonic::DartPersistentValue::Clear().

#7	0x0000000105a76f6c in tonic::DartPersistentValue::Clear() at /opt/s/w/ir/cache/builder/src/flutter/third_party/tonic/dart_persistent_value.cc:49
#8	0x0000000105a01d94 in std::__1::__function::__value_func<void ()>::operator()() const [inlined] at /opt/s/w/ir/cache/osx_sdk/XCode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:1860
#9	0x0000000105a01d88 in std::__1::function<void ()>::operator()() const [inlined] at /opt/s/w/ir/cache/osx_sdk/XCode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/functional:2419
#10	0x0000000105a01d88 in fml::MessageLoopImpl::FlushTasks(fml::FlushType) at /opt/s/w/ir/cache/builder/src/flutter/fml/message_loop_impl.cc:130
#11	0x0000000105a03bf4 in fml::MessageLoopImpl::RunExpiredTasksNow() [inlined] at /opt/s/w/ir/cache/builder/src/flutter/fml/message_loop_impl.cc:143
#12	0x0000000105a03bec in fml::MessageLoopDarwin::OnTimerFire(__CFRunLoopTimer*, fml::MessageLoopDarwin*) at /opt/s/w/ir/cache/builder/src/flutter/fml/platform/darwin/message_loop_darwin.mm:75
#13	0x000000018044dfa0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ ()
#14	0x000000018044dba0 in __CFRunLoopDoTimer ()
#15	0x000000018044cffc in __CFRunLoopDoTimers ()
#16	0x0000000180446ee4 in __CFRunLoopRun ()

What I suspect is that the engine doesn't correctly handle the isolate's lifecycle: Once an isolate has died its resources are freed and one cannot use the Dart_Isolate anymore. The implementation of Clear() looks like this:

void DartPersistentValue::Clear() {
  if (!value_) {
    return;
  }

  auto dart_state = dart_state_.lock();
  if (!dart_state) {
    return;
  }

  if (Dart_CurrentIsolateGroup()) {
    Dart_DeletePersistentHandle(value_);
  } else {
    DartIsolateScope scope(dart_state->isolate());
    Dart_DeletePersistentHandle(value_);
  }
  dart_state_.reset();
  value_ = nullptr;
}

So it will enter an isolate and then delete the weak persistent handle. My suspicion is that the dart_state->isolate() has already died by the time this lambda gets executed, making this effectively trigger a use-after-free in the VM.

There's two places where this is called from afaik:

Due to lack of deep flutter engine implementation details, I don't know how the isolate lifecycle is managed.

@xster @gaaclarke Do you think the findings above make sense? Could this be caused by incorrect isolate lifecycle in the engine?

@mkustermann mkustermann removed their assignment Apr 7, 2021
@mkustermann
Copy link
Member

Maybe as a side note: I've tried to reproduce this on the reported version on my Android/iOS devices and simulators, but so far not succeeded. The issue is very likely to be timing dependent.

@sroddy
Copy link
Contributor Author

sroddy commented Apr 7, 2021
edited

Hi @mkustermann, make sure you are running either in profile or release mode and make sure that you have pushed at least 2 ViewControllers that use a single engine group before popping them (i.e. if you pop the first flutterviewcontroller it doesn't work, you need to push three times the next button).
If you follow my reproduction steps on a real iOS device (you cannot run in profile/release mode on simulators) you will hit it >90% of the times.

I also tried to debug this a bit and I've noticed that when using a single engine the dart_state_.lock() call always returns something falsy (I think a nullptr), so that the if (!dart_state) on the next line always returns before executing other code.

On the other hand, when using lightweight engines the dart_state_.lock() call returns an object which is in a Shutdown phase but still exists, thus making the if (!dart_state) check pass

@mkustermann
Copy link
Member

@sroddy Ah, yes. I tried release on my Android but when switching to iOS I forgot to change the setting to release. It's easy to reproduce!

@TahaTesser
Copy link
Member

@mkustermann
I was just working a few min overtime after work hours to provide you all the exact steps from the beginning, now you can reproduce it, I can log off for today 😄

@gaaclarke
Copy link
Member

@mkustermann Thanks for the thorough investigation, that sounds reasonable. I'll investigate further.

@gaaclarke
Copy link
Member

I've verified that:

It seems that RuntimeController is destroying the isolate but there are still some outstanding instances of PlatformMessageResponseDart. When ~PlatformMessageResponseDart is called it tries to clear out its value, which involves entering the stored isolate on the DartPersistentValue, but of course that isolate has already been shut down.

This isn't a problem caused by the FlutterEngineGroup and should have always been present, we are just seeing it now from the new usage.

@gaaclarke
Copy link
Member

@sroddy was correct that if you execute p ((flutter::DartIsolate *)dart_state.__ptr_)->GetPhase() in the following frame of the crash, it will report Shutdown. Unfortunately the phase isn't within the purview of tonic::DartState, which is what we have here:

void DartPersistentValue::Clear() {
  if (!value_) {
    return;
  }

  auto dart_state = dart_state_.lock();
  if (!dart_state) {
    return;
  }

  if (Dart_CurrentIsolateGroup()) {
    Dart_DeletePersistentHandle(value_);
  } else {
    printf("phase: %d\n", ((flutter::DartIsolate*)dart_state.get())->GetPhase());
    DartIsolateScope scope(dart_state->isolate());
    Dart_DeletePersistentHandle(value_);
  }
  dart_state_.reset();
  value_ = nullptr;
}

I drew up this image previously that shows the relationship between everything the Flutter. The PlatformMessageResponseDart is holding onto a DartState, the phase information only lives on the DartIsolate:
dart_flutter

@sroddy
Copy link
Contributor Author

sroddy commented Apr 7, 2021

I think I've also found a IsShuttingDown() boolean on that dart_state in tonic that, for some reasons, when the crash occours is still true even if the phase has already been mutated.

@gaaclarke
Copy link
Member

@sroddy Yea, i saw that too. That looks like it's suppose to be blocking this, but it isn't. I'm looking into it. I'll have to be careful when editing this to not break other platforms =T

@gaaclarke
Copy link
Member

@mkustermann I don't think we are getting shutdown callbacks for isolates in isolate groups.

Here is where we specify the callback: https://github.com/gaaclarke/engine/blob/e0d515369fac81e34c2d48f39c6ca766096add54/runtime/dart_vm.cc#L413

Here is where we call shutdown:
https://github.com/gaaclarke/engine/blob/e0d515369fac81e34c2d48f39c6ca766096add54/runtime/dart_isolate.cc#L565

I can verify that Dart_ShutdownIsolate() is gettin called on the isolate that has the problem, but DartIsolate::DartIsolateShutdownCallback isn't getting called.

DartIsolate::DartIsolateShutdownCallback is the one responsible for setting IsShuttingDown() on the DartState. When that is set properly we can make sure we don't try to clean up values on isolates that have already been shutdown.

The DartWeakPersistentValue appears to already be doing that, not the DartPersistentValue for some reason:

void DartWeakPersistentValue::Clear() {
  if (!handle_) {
    return;
  }

  auto dart_state = dart_state_.lock();
  if (!dart_state) {
    // The DartVM that the handle used to belong to has been shut down and that
    // handle has already been deleted.
    handle_ = nullptr;
    return;
  }

  // The DartVM frees the handles during shutdown and calls the finalizers.
  // Freeing handles during shutdown would fail.
  if (!dart_state->IsShuttingDown()) {
    if (Dart_CurrentIsolateGroup()) {
      Dart_DeleteWeakPersistentHandle(handle_);
    } else {
      // If we are not on the mutator thread, this will fail. The caller must
      // ensure to be on the mutator thread.
      DartIsolateScope scope(dart_state->isolate());
      Dart_DeleteWeakPersistentHandle(handle_);
    }
  }
  // If it's shutting down, the handle will be deleted already.

  dart_state_.reset();
  handle_ = nullptr;
}

@mkustermann
Copy link
Member

mkustermann commented Apr 7, 2021
edited

@mkustermann I don't think we are getting shutdown callbacks for isolates in isolate groups.

That might be due to this code in the engine runtime/dart_isolate.cc:

      return Dart_CreateIsolateInGroup(
          /*group_member=*/spawning_isolate->isolate(),
          /*name=*/(*isolate_group_data)->GetAdvisoryScriptEntrypoint().c_str(),
          /*shutdown_callback=*/nullptr,
          /*cleanup_callback=*/nullptr,
          /*child_isolate_data=*/isolate_data,
          /*error=*/error);

which explicitly passes nullptr for those callbacks. (This new API avoids using Dart_InitializeParams callbacks which are global to the Dart VM in the process (which was a design mistake). Instead it allows having different callbacks for different isolates and allows therefore more fine-grained control.)

The DartWeakPersistentValue appears to already be doing that, not the DartPersistentValue for some reason:

We have to be careful here, third_party/tonic/dart_weak_persistent_value.cc:

  // The DartVM frees the handles during shutdown and calls the finalizers.
  // Freeing handles during shutdown would fail.
  if (!dart_state->IsShuttingDown()) {
    if (Dart_CurrentIsolateGroup()) {
      Dart_DeleteWeakPersistentHandle(handle_);
    } else {
      // If we are not on the mutator thread, this will fail. The caller must
      // ensure to be on the mutator thread.
      DartIsolateScope scope(dart_state->isolate());
      Dart_DeleteWeakPersistentHandle(handle_);
    }
  }
  // If it's shutting down, the handle will be deleted already.

The comment says that the handles will be freed by DartVM during shutdown. That is true for the shutdown of the isolate group - which happens implicitly when the last isolate within a group dies (which destroys the isolate group's managed heap, persistent handles, ...) - but not on shutdown of an individual isolate.

Those persistent handles are not associated with an isolate, but rather with the isolate group (which owns the heap).

There's probably two paths here:

  • If flutter engine keeps a "root" isolate from which new engine's isolates will be created via Dart_CreateIsolateInGroup, then the deletion of persistent handles can use this root isolate (if it knows the root isolate is still alive)
  • We could change Dart VM to associate those persistent handles with individual isolates - though we'd need to think more about whether this is a good idea

@gaaclarke
Copy link
Member

Yea, it seems like we need some sort of notification to existing DartPersistentValue's that the isolate is being shutdown. Since the memory is associated with the IsolateGroup we can't just ignore calling Dart_DeletePersistentHandle like we previously did. That would cause a leak until the last isolate is shutdown. Once the isolate is deleted there is no way to safely remove that memory.

I'm not necessarily advocating for it, but if we had an API that allowed us to bind the IsolateGroup like so, we could wouldn't have to worry about deleting the memory after the isolate is gone:

if (Dart_EnterDartIsolateGroup(isolate_group_)){
  Dart_DeletePersistentHandle(value_);
  Dart_ExitDartIsolateGroup();
}

@mkustermann
Copy link
Member

I'm not necessarily advocating for it, but if we had an API that allowed us to bind the IsolateGroup like so, we could wouldn't
have to worry about deleting the memory after the isolate is gone:

  if (Dart_EnterDartIsolateGroup(isolate_group_)){
     Dart_DeletePersistentHandle(value_);
     Dart_ExitDartIsolateGroup();
  }

It does seem appealing, I understand.

Though there are of course a reasons why we haven't done that. It would put the responsibility of managing the isolate group lifecycle to every embedder, which is a complex task. Embedders also don't manage isolates spawned from Dart'sIsolate.spawn() API. It would also allow having an isolate group (possibly consuming many resources) without having any isolates in it, ...

Instead, we let the embedder use our existing API and thereby require it to "proof" the isolate group is still alive (the "proof" being an entered isolate). The good thing is that isolates are becoming very lightweight, so an embedder can always have an otherwise unused "root" isolate to do this.

@gaaclarke
Copy link
Member

gaaclarke commented Apr 8, 2021
edited

Another option for solving this is to drain and block the ui task runner before shutting down an isolate. The risk there is that the ui task runner is shared across multiple engines now so it could create a significant delay when shutting down the isolate.

@gaaclarke gaaclarke mentioned this issue Apr 9, 2021
Merged
9 tasks
@gaaclarke
Copy link
Member

I've added a draft that removes the crash but leaves the sloppy memory management. I've put some thought into fixing the memory management and it's going to be a big effort that may face some big hurdles since it will may affect the runtime performance of all Flutter usage. I think we should fix the crash and open another issue describing the memory management issue.

@sroddy
Copy link
Contributor Author

sroddy commented Apr 9, 2021

@gaaclarke thank you so much for the effort in fixing this!
I'm soon going to measure the potential memory leaks of this approach but, given that we are talking about a very small amount of pending platform message callbacks that might race during shutdown, the size of the leaks should be, I would say, barely noticeable even with this imperfect approach.

@mkustermann
Copy link
Member

Another option for solving this is to drain and block the ui task runner before shutting down an isolate. The risk there is that the
ui task runner is shared across multiple engines now so it could create a significant delay when shutting down the isolate.

That would be the ideal - avoiding "dangling" callbacks by ensuring all outstanding work is done before shutting down.

@gaaclarke gaaclarke mentioned this issue Apr 10, 2021
Open
@xster xster added P1 High-priority issues at the top of the work list and removed P2 Important issues not at the top of the work list labels Apr 12, 2021
@christopherfujino christopherfujino mentioned this issue Apr 14, 2021
Merged
@kf6gpe kf6gpe mentioned this issue Apr 16, 2021
Merged
@deepak786 deepak786 mentioned this issue Apr 16, 2021
Closed
@github-actions
Copy link

github-actions bot commented Aug 3, 2021

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
a: existing-apps Integration with existing apps via the add-to-app flow c: crash Stack traces logged to the console c: fatal crash Crashes that terminate the process dependency: dart Dart team may need to help us engine flutter/engine repository. See also e: labels. found in release: 2.0 Found to occur in 2.0 has reproducible steps The issue has been confirmed reproducible and is ready to work on P1 High-priority issues at the top of the work list platform-ios iOS applications specifically
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Made sure not to delete handles of dart objects if the isolate has been deleted gaaclarke/engine
8 participants
@chinmaygarde @xster @sroddy @kf6gpe @mkustermann @gaaclarke @TahaTesser @flutter-symbolizer-bot