We are seeing a strange crash in our map based iOS app that I cannot figure out. Basically as some point the following lines of code repeat over and over, more than 100 times in crash log:
6 VectorKit 0x000000019050c6f8 __86-[VKMapCameraController _animateToPosition:pitch:yaw:duration:timingCurve:completion:]_block_invoke347 + 40
7 VectorKit 0x0000000190485a30 -[VKAnimation _stopAnimation:] + 140
8 VectorKit 0x0000000190488b20 -[VKMapCameraController setYaw:animated:] + 100
9 MapKit 0x000000018540263c -[MKMapView snapToNorth:] + 148
before finally calling:
0 CoreFoundation 0x0000000183251e38 _CFArrayReplaceValues + 152
1 CoreFoundation 0x000000018332876c __CFRepositionTimerInMode + 108
2 CoreFoundation 0x000000018332876c __CFRepositionTimerInMode + 108
3 CoreFoundation 0x0000000183272630 CFRunLoopTimerSetNextFireDate + 580
4 MapKit 0x00000001853e8588 -[MKMapView _didChangeRegionMidstream:] + 196
5 MapKit 0x0000000185404e90 -[MKMapView mapLayer:didChangeRegionAnimated:] + 60
where _CGArrayReplaceValues crashes with a EXC_BAD_ACCESS KERN_PROTECTION_FAILURE at 0x000000016fccbef0 error.
I'd like to point out we never directly call any of the methods in this crash report, in fact VectorKit is completely private Apple framework. The only thing we ever do in the app remotely related is call basic setRegion:animated: methods, usually after a user taps an annotation to center on said annotation. It is also worth pointing out this only happens on iOS 8. Not a single iOS 7 crash has been reported.
Here is a link for full crash report: http://crashes.to/s/f09eb96c753
Any help is appreciated. Thank you.
Try enabling NSZombieEnabled. Once enabled, when an object reaches a retain count of 0, instead of being deallocated it'll morph itself into an NSZombie instance. When a zombie receives a message it will log a warning rather than crashing or behaving in an unpredictable way.
To be quite honest i'm not really sure why this is only crashing on iOS 8 and not iOS 7 but a EXC_BAD_ACCESS signal is the result of passing an invalid pointer to a system call, so you might be dereferencing a null pointer somewhere.
If the above NSZombieEnabled doesn't uncover the issue then try using the Static Analyzer.
Related
I have an iOS app that randomly seems to crash on a screen that has a UIWebView. It looks like the crash happens mostly on iPhone 5C devices (74% of the time) and 100% of the time on iOS 10.X.
The exception message is:
EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000028
From that low memory address it makes me think something was nil.
Here's the backtrace (this is not the main thread):
0 WebCore WebCore::FrameTree::top() + 0
1 WebCore WebCore::ContentSecurityPolicy::allowFrameAncestors() + 33
2 WebCore WebCore::DocumentLoader::responseReceived() + 413
3 WebCore WebCore::DocumentLoader::handleSubstituteDataLoadNow() + 203
4 WebCore WebCore::ThreadTimers::sharedTimerFiredInternal() + 149
5 WebCore WebCore::timerFired() + 23
6 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 15
7 CoreFoundation __CFRunLoopDoTimer + 833
8 CoreFoundation __CFRunLoopDoTimers + 189
9 CoreFoundation __CFRunLoopRun + 781
10 CoreFoundation CFRunLoopRunSpecific + 471
11 CoreFoundation CFRunLoopRunInMode + 105
12 WebCore RunWebThread() + 427
13 libsystem_pthread.dylib _pthread_body + 217
14 libsystem_pthread.dylib _pthread_start + 235
I can't reproduce this crash myself.
Since WebKit is open source, I found the code where it crashes: WebCore::FrameTree::top. From looking at that code, I'm guessing m_thisFrame->tree() is NULL, but I'm not sure how to explain it. I'm not sure exactly what "frames" and "trees" are in that context.
From the backtrace it looks like there is some timer that's being fired, possibly after the View Controller or the Web View is already deallocated? Is that timer due to a JavaScript setTimeout call?
Also I notice every time this crash happens, I get a call to [UIWebViewDelegate webView:didFailLoadWithError:] right before the crash. The most common errors returned in that delegate method are:
Frame load interrupted
too many HTTP redirects
The request timed out
But I don't have analytics in place to correlate the error message with the crash, so I'm not sure which (if any) would explain it. When that delegate method fires, I show the user an error message in a modal. Could this be related to the crash? I tried reproducing the "Frame load interrupted" and "too many HTTP redirects" errors but neither causes the crash for me in simulator.
I already follow the advice in this answer (mostly) and call [webview stopLoading] in viewWillDisappear and I call self.webView.delegate = nil in dealloc of the containing View Controller but it didn't help.
This isn't really an answer, but this crash seems to be related to when content filtering (parent controls) are enabled. If you add whatever domain your app is loading in the UIWebView to the iOS parent controls blocklist, you should see this error in the application logs (coming internally from WebKit's WebFilter). It seems to invalidate the UIWebView in some way, so when you interact with it again, it crashes your whole app. You can probably avoid the crash by switching to WKWebView.
WF: WebFilterEvaluator:addData: https://some-blocked-url.com is restricted: blacklisted
With the release of iOS 9, we are seeing several crash reports for what appears to be a bug from Apple's side of things in iOS 9. This is happening across device types (iPhone, iPad and iPod). I am looking to find out why this may be happening and if there is anything I can do to work around it. This stack is being reported through our crash reporting system (Crashlytics) so unfortunately I don't have reproducible steps or code, but I will try and answer any questions as best as I can. The stack is as follows:
Thread : Crashed: com.apple.main-thread
0 libobjc.A.dylib 0x34a27ad6 objc_msgSend + 21
1 CoreFoundation 0x230d3db9 -[__NSArrayM dealloc] + 148
2 libobjc.A.dylib 0x34a34f67 objc_object::sidetable_release(bool) + 150
3 libobjc.A.dylib 0x34a353a9 (anonymous namespace)::AutoreleasePoolPage::pop(void*) + 388
4 CoreFoundation 0x230cbfa9 _CFAutoreleasePoolPop + 16
5 UIKit 0x27523cd9 _prepareForCAFlush + 312
6 UIKit 0x2752886b _beforeCACommitHandler + 10
7 CoreFoundation 0x2317a509 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 20
8 CoreFoundation 0x2317880d __CFRunLoopDoObservers + 280
9 CoreFoundation 0x23178c3f __CFRunLoopRun + 958
10 CoreFoundation 0x230cc249 CFRunLoopRunSpecific + 520
11 CoreFoundation 0x230cc035 CFRunLoopRunInMode + 108
12 GraphicsServices 0x2c182ad1 GSEventRunModal + 160
13 UIKit 0x272e18a9 UIApplicationMain + 144
14 APPNAMEHERE 0x000ec967 main (main.m:14)
For me the problem was that I was showing and dismissing the keyboard when the application was minimized.
[self.textView becomeFirstResponder];
[self.textView resignFirstResponder];
I performed the above code on the applicationWillResignActive event.
removing this code fixed the crash.
We encountered the a crash with a similar stack trace, and after a long investigation we found out that it was related to an other crash; fixing that also fixed this, however I'm still unsure how the two crashes are related.
Here are the details about the other crash:
We had a function call in one of our methods like
AudioServicesAddSystemSoundCompletion(self.soundID,
[[NSRunLoop currentRunLoop] getCFRunLoop],
kCFRunLoopDefaultMode,
AudioServicesSystemSoundCompletion,
(void *)CFBridgingRetain(self));
where AudioServicesSystemSoundCompletion looked like
void AudioServicesSystemSoundCompletion(SystemSoundID ssID, void *clientData) {
AudioServicesRemoveSystemSoundCompletion(ssID);
CFRelease(clientData);
}
Executing that function call two or more times simultaneously caused the app to crash. We fixed this by passing NULL instead of (void *)CFBridgingRetain(self) and removing the CFRelease(clientData); line.
Since this fix we no longer see the '_prepareForCAFlush' crash anymore.
Also note that according to Crashlytics the device had very high memory usage each time the crash has reproduced.
Hope this helps!
I'm also facing this issue and I think that I found what might be causing it.
Are you guys by any chance using SDWebImage?
Because that's the only place where I found that CFRunLoopRun() is being called and also other people complained on:
Dead thread ticket -> App Crash
Seems to be only affecting devices with 32-bit processors A5 and A6 - iPod 5th Gen, iPhone 4S/5/5C, iPad 2/Mini).
No repro on our side either.
These crashes started and ramped up with iOS 9 release and adoption.
iOS v9.0.1 does not seem to fix it.
I'm running corona SDK with a chartboost plugin, and I'm experiencing crashes about 20% of the time at startup, when I try to initialize the plugin (which I can't edit, I don't have the source).
Here's the symbolicated crash report: http://pastebin.com/id1AsjmN
I've been reading up a little on how to make sense of these crash reports, and from what I understand, these two frames in the main thread:
9 CoreFoundation 0x295d9008 +[NSException raise:format:arguments:] + 100
10 Foundation 0x2a2d8bc4 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 88
Are the most critical to understanding my problem. How can I understand what these lines mean? The "object:file:lineNumber:description:" and "raise:format:arguments:" business seems almost cruel, because I feel like those should be filled in with information that would help me -- what class, and line number we're talking about. Am I right? Are these placeholders in the error message? What am I not grokking here? Is there ANY way of knowing where this error came from?
It's not symbolicated crash log. To be more precise, partially symbolicated.
9 CoreFoundation 0x295d9008 +[NSException raise:format:arguments:] + 100
10 Foundation 0x2a2d8bc4 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 88
11 UIKit 0x2d00946e -[UINib initWithNibName:directory:bundle:] + 158
12 UIKit 0x2d00955c +[UINib nibWithNibName:bundle:] + 56
13 splashboardd 0x000bee8c 0xbc000 + 11916
Somewhere in your splashboard code something is called (0x000bee8c 0xbc000 + 11916 - not symbolicated). This calls +[UINib nibWithName:bundle:], which calls -[UINib initWithNibName:directory:bundle:], which causes your crash.
Google for How to symbolicate crash log and when you'll succeed, 0xbc000 + 11916 will be replaced with class name, method name, line number, ... That's the place where the problem is. Also that's the reason why you should keep debug symbols for your app as well. To be able to symbolicate it.
Also sometimes there's useful info in console as well. Additional messages, which can help you with debugging.
I'm searching for 5 days ago about this crash, but I can find why my app crash sometimes.
I'm using the Crittercism library to log my crash. The dSYM file is correctly uploaded on the Crittercism website. Here the crash log from Crittercism:
0 libobjc.A.dylib 0x38540626 objc_msgSend + 6
1 UIKit 0x307baaf7 -[_UIModalItemsCoordinator _notifyDelegateModalItem:tappedButtonAtIndex:] + 95
2 UIKit 0x307ba96d -[_UIModalItemAlertContentView tableView:didSelectRowAtIndexPath:] + 749
3 UIKit 0x306c205f -[UITableView _selectRowAtIndexPath:animated:scrollPosition:notifyDelegate:] + 1079
4 UIKit 0x30774377 -[UITableView _userSelectRowAtPendingSelectionIndexPath:] + 215
5 UIKit 0x306236f5 _applyBlockToCFArrayCopiedToStack + 317
6 UIKit 0x3059c55b _afterCACommitHandler + 431
7 CoreFoundation 0x2dd532a5 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 21
8 CoreFoundation 0x2dd50c49 __CFRunLoopDoObservers + 285
9 CoreFoundation 0x2dd50f8b __CFRunLoopRun + 731
10 CoreFoundation 0x2dcbbf0f CFRunLoopRunSpecific + 523
11 CoreFoundation 0x2dcbbcf3 CFRunLoopRunInMode + 107
12 GraphicsServices 0x32bc0663 GSEventRunModal + 139
13 UIKit 0x3060716d UIApplicationMain + 1137
14 myApp 0x000c3357 main (main.m:16)
15 libdyld.dylib 0x38a43ab7 start + 3
The thing is: I have many UITableView in my app. But I can't find which one it is.
How do I have to process to debug this crash ? I didn't find some useful information on Apple Developer Center. I try to use the atos command to symbolicate the file, but no useful information. It's exactly the same info than on the Crittercism website.
Here the command I used: atos -arch armv7 -o myApp (to enter interactif mode, then, enter each memory address like : 0x307baaf7)
I have only the myApp.app.dSYM archive, and to use this command (above), I used the file the archive at path: Contents/Resources/DWARF/myApp
I'm really lost. Any idea ? Suggestions ? Thank you so much for your help.
EDIT 1:
I've checked all my UIAletView and delegate of UIAlertView: all is ok.
I see the crash log on Crittercism, (around 120 crashes for 63 users on iOS 7 only, iPhone and iPad).
I can't reproduced it ! I really don't understand.
Frame 14 already shows the correct symbol, which is main.m line 16. Using atos with the address as written in the stackframe like you did is wrong, see this stackoverflow explanation. As such it is not possible for a crash report to tell you which table view is causing such a memory issue.
Based upon the above you may not be able to get the exact table view from the stack trace itself, but with Crittercism there are additional features (such as Breadcrumbs) that allow for capturing a trail beyond just the stack.
My recommendation is to add a breadcrumb in the viewDidLoad of the TableViewController and grab/define the name of the table view there. That way you can step through the breadcrumbs and know that leading up to the crash you were in this tableview.
That should help you for better capturing this scenario in the future.
As for this particular stack trace. You can potentially use the techniques described in this post to help you better understand the true origins of the objc_msgSend.
* See the Kerni's response below in the comments *
I've been getting some low level crashes lately, and this one in particular is hard to determine the origin / state of the app. Has anyone seen this or know the problem? Thanks!
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x3dcccccd
Crashed Thread: 0
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x3dcccccd
Crashed Thread: 0
Thread 0 Crashed:
0 libobjc.A.dylib 0x000025fa objc_msgSend + 18
1 UIKit 0x00162d1c -[UIAlertView(Private) _performPopup:] + 12
2 UIKit 0x001628de -[UIAlertView(Private) _repopup] + 10
3 UIKit 0x0016d196 -[UIAlertView(Private) _removeAlertWindowOrShowAnOldAlert] + 70
4 UIKit 0x00162afa -[UIAlertView(Private) _popoutAnimationDidStop:finished:] + 502
5 UIKit 0x00050ae4 -[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 184
6 UIKit 0x000509ee -[UIViewAnimationState animationDidStop:finished:] + 34
7 QuartzCore 0x0002ee8c run_animation_callbacks(double, void*) + 284
8 QuartzCore 0x0002ed2c CA::timer_callback(__CFRunLoopTimer*, void*) + 96
9 CoreFoundation 0x00022d1c CFRunLoopRunSpecific + 2092
10 CoreFoundation 0x000224da CFRunLoopRunInMode + 42
11 GraphicsServices 0x000030d4 GSEventRunModal + 108
12 GraphicsServices 0x00003180 GSEventRun + 56
13 UIKit 0x0000342a -[UIApplication _run] + 374
14 UIKit 0x00001954 UIApplicationMain + 636
15 iPadDrinkHub.1.0.7 0x00002f24 0x1000 + 7972
16 iPadDrinkHub.1.0.7 0x00002ed8 0x1000 + 7896
Weird crashes are sometimes a symptom of memory corruption and/or mismanagement. I just found and fixed a difficult-to-find bug in one of my apps a few days ago. The app had been working flawlessly for 6 months on iOS 3.2, but would crash instantly on iOS 4.2. The crash was happening while adding the main view to the window during applicationDidFinishLaunching. The stack trace showed 100% iOS code; there wasn't a single function of mine in there anywhere (except for applicationDidFinishLaunching). It turned out I was over-releasing a UIImage in code that had been called earlier while views were getting loaded. (I was mistakenly calling release on an autoreleased UIImage).
I haven't seen the specific crash that you're seeing, but here are a few things you can try that may shed some light:
(1) Run the app with NSZombieEnabled. This is an environment variable you set via Xcode that will often identify places where you may be referencing objects that have already been freed (e.g., like the over-release example I mentioned earlier). Additional details are here:
http://www.cocoadev.com/index.pl?NSZombieEnabled
(2) You can turn on logging that will log all messages sent to all objects. The log is a written to a text file in the tmp folder. If you inspect the log file leading up to the crash, you may gain some insight into what's happening right before the crash. This is actually the technique I used to solve my bug. You can either modify your code to enable/disable logging:
instrumentObjcMessageSends(YES);
// Do stuff...
instrumentObjcMessageSends(NO);
Or, you can call the function directly from the debugger. For example, set a breakpoint right before the crash, then drop into the debugger console and do this:
(gdb) call (void)instrumentObjcMessageSends(YES)
Additional details are here:
http://www.dribin.org/dave/blog/archives/2006/04/22/tracing_objc/