Specific crash only on iOS 13.2.0 when foregrounding

Since the launch of iOS 13.2, we've been seeing a steadily rising level of a specific crash, as described below in the stack-trace. This crash seems to be completely inside UIKit, although some action in our app is obviously "triggering" it.


From the trace and logs, we can definitely assume some things:

- The crash is specifically on iOS 13.2.0, no other versions.

- It's not a regression in our app, since it's started appearing on versions which have been out for a month or so.

- It seems to occur across various iPhone models (this an iPhone-only app)

- It occurs when, as part of foregrounding, the OS issues a foreground notification to UIKit


(Additionally, the stack trace suggests that the issue is keyboard-related, although how and why isn't clear at the moment.)


Our priority at this point is not to fix iOS 13.2 but to identify what behaviour could lead UIKit to break like this. Any advice or input on this would be greatly appreciated.


This is a good representative stack trace of the issue:


----


Exception Type: EXC_BAD_ACCESS (SIGSEGV)

Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000010

VM Region Info: 0x10 is not in any region. Bytes before following region: 4333502448

REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL

UNUSED SPACE AT START

--->

__TEXT 00000001024c0000-00000001024c4000 [ 16K] r-x/r-x SM=COW ...ut.app/[Redacted App Name]


Termination Signal: Segmentation fault: 11

Termination Reason: Namespace SIGNAL, Code 0xb

Terminating Process: exc handler [1772]

Triggered by Thread: 0


Thread 0 name:

Thread 0 Crashed:

0 libobjc.A.dylib 0x0000000199ec0fb0 objc_msgSend + 16

1 UIKitCore 0x000000019e73ce10 -[UIView(Internal) _addSubview:positioned:relativeTo:] + 540 (UIView.m:15405)

2 UIKitCore 0x000000019e07779c -[UIInputWindowController changeToInputViewSet:] + 1656 (UIInputWindowController.m:2590)

3 UIKitCore 0x000000019e078254 __43-[UIInputWindowController setInputViewSet:]_block_invoke + 64 (UIInputWindowController.m:2683)

4 UIKitCore 0x000000019e736230 +[UIView(Animation) performWithoutAnimation:] + 104 (UIView.m:13662)

5 UIKitCore 0x000000019e077f58 -[UIInputWindowController setInputViewSet:] + 732 (UIInputWindowController.m:2681)

6 UIKitCore 0x000000019e0724d8 -[UIInputWindowController performOperations:withAnimationStyle:] + 60 (UIInputWindowController.m:1675)

7 UIKitCore 0x000000019dd8e890 -[UIInputResponderController setKeyWindowSceneInputViews:animationStyle:] + 2184 (UIInputResponderController.m:1053)

8 UIKitCore 0x000000019dd8dfe0 -[UIInputResponderController setInputViews:animationStyle:] + 216 (UIInputResponderController.m:0)

9 UIKitCore 0x000000019dd90680 -[UIInputResponderController forceOrderOutAutomaticExceptAccessoryView] + 484 (UIInputResponderController.m:1312)

10 UIKitCore 0x000000019e659e50 -[UIKeyboardAutomatic willResume:] + 732 (UIKeyboardAutomatic.m:193)

11 Foundation 0x000000019a57607c __57-[NSNotificationCenter addObserver:selector:name:object:]_block_invoke_2 + 28 (NSNotification.m:519)

12 CoreFoundation 0x000000019a103ae0 __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 28 (CFNotificationCenter.c:787)

13 CoreFoundation 0x000000019a103b30 ___CFXRegistrationPost1_block_invoke + 68 (CFNotificationCenter.c:175)

14 CoreFoundation 0x000000019a102e28 _CFXRegistrationPost1 + 396 (CFNotificationCenter.c:198)

15 CoreFoundation 0x000000019a102ac0 ___CFXNotificationPost_block_invoke + 108 (CFNotificationCenter.c:1371)

16 CoreFoundation 0x000000019a07ba58 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1424 (CFXNotificationRegistrarOld.m:168)

17 CoreFoundation 0x000000019a1023f0 _CFXNotificationPost + 1268 (CFNotificationCenter.c:1359)

18 Foundation 0x000000019a464c1c -[NSNotificationCenter postNotificationName:object:userInfo:] + 64 (NSNotification.m:576)

19 UIKitCore 0x000000019e2a7da0 -[UIApplication _sendWillEnterForegroundCallbacks] + 284 (UIApplication.m:10499)

20 UIKitCore 0x000000019da2a910 __101-[_UISceneLifecycleMultiplexer _evalTransitionToSettings:fromSettings:forceExit:withTransiti... + 1828 (_UISceneLifecycleMultiplexer.m:571)

21 UIKitCore 0x000000019ded9e08 _UIScenePerformActionsWithLifecycleActionMask + 112 (_UISceneLifecycleState.m:109)

22 UIKitCore 0x000000019da2a150 __101-[_UISceneLifecycleMultiplexer _evalTransitionToSettings:fromSettings:forceExit:withTransiti... + 212 (_UISceneLifecycleMultiplexer.m:500)

23 UIKitCore 0x000000019da29b80 -[_UISceneLifecycleMultiplexer _performBlock:withApplicationOfDeactivationReasons:fromReasons:] + 304 (_UISceneLifecycleMultiplexer.m:449)

24 UIKitCore 0x000000019da29f6c -[_UISceneLifecycleMultiplexer _evalTransitionToSettings:fromSettings:forceExit:withTransitionSto... + 752 (_UISceneLifecycleMultiplexer.m:499)

25 UIKitCore 0x000000019da297f0 -[_UISceneLifecycleMultiplexer uiScene:transitionedFromState:withTransitionContext:] + 340 (_UISceneLifecycleMultiplexer.m:405)

26 UIKitCore 0x000000019da2dfa0 __186-[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsFo... + 196 (_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction.m:102)

27 UIKitCore 0x000000019def3c8c ___UISceneSettingsDiffActionPerformChangesWithTransitionContext_block_invoke + 28 (_UISceneSettingsDiffAction.m:45)

28 UIKitCore 0x000000019de06f44 +[BSAnimationSettings(UIKit) tryAnimatingWithSettings:actions:completion:] + 868 (BSAnimationSettings+UIKit.m:50)

29 UIKitCore 0x000000019def3c44 _UISceneSettingsDiffActionPerformChangesWithTransitionContext + 260 (_UISceneSettingsDiffAction.m:43)

30 UIKitCore 0x000000019da2dcb8 __186-[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsFo... + 152 (_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction.m:87)

31 UIKitCore 0x000000019def3b2c _UISceneSettingsDiffActionPerformActionsWithDelayForTransitionContext + 108 (_UISceneSettingsDiffAction.m:35)

32 UIKitCore 0x000000019da2db14 -[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsForUISc... + 392 (_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction.m:85)

33 UIKitCore 0x000000019d895c38 __64-[UIScene scene:didUpdateWithDiff:transitionContext:completion:]_block_invoke + 640 (UIScene.m:1338)

34 UIKitCore 0x000000019d8946fc -[UIScene _emitSceneSettingsUpdateResponseForCompletion:afterSceneUpdateWork:] + 256 (UIScene.m:1071)

35 UIKitCore 0x000000019d895968 -[UIScene scene:didUpdateWithDiff:transitionContext:completion:] + 236 (UIScene.m:1315)

36 UIKitCore 0x000000019e28d808 -[UIApplication workspace:didCreateScene:withTransitionContext:completion:] + 564 (UIApplication.m:3764)

37 UIKitCore 0x000000019de28e44 -[UIApplicationSceneClientAgent scene:didInitializeWithEvent:completion:] + 376 (UIApplicationSceneClientAgent.m:45)

38 FrontBoardServices 0x000000019f375ec0 -[FBSSceneImpl _callOutQueue_agent_didCreateWithTransitionContext:completion:] + 452 (FBSSceneImpl.m:431)

39 FrontBoardServices 0x000000019f39cb50 __86-[FBSWorkspaceScenesClient sceneID:createWithParameters:transitionContext:completion:]_block_... + 116 (FBSWorkspaceScenesClient.m:318)

40 FrontBoardServices 0x000000019f380fa4 -[FBSWorkspace _calloutQueue_executeCalloutFromSource:withBlock:] + 240 (FBSWorkspace.m:357)

41 FrontBoardServices 0x000000019f39c7e4 __86-[FBSWorkspaceScenesClient sceneID:createWithParameters:transitionContext:completion:]_block_... + 344 (FBSWorkspaceScenesClient.m:317)

42 libdispatch.dylib 0x0000000199e51fd8 _dispatch_client_callout + 20 (object.m:495)

43 libdispatch.dylib 0x0000000199e54d1c _dispatch_block_invoke_direct + 264 (queue.c:466)

44 FrontBoardServices 0x000000019f3c3304 __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 48 (FBSSerialQueue.m:173)

45 FrontBoardServices 0x000000019f3c2fb0 -[FBSSerialQueue _queue_performNextIfPossible] + 432 (FBSSerialQueue.m:216)

46 FrontBoardServices 0x000000019f3c351c -[FBSSerialQueue _performNextFromRunLoopSource] + 32 (FBSSerialQueue.m:247)

47 CoreFoundation 0x000000019a12724c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1922)

48 CoreFoundation 0x000000019a1271a0 __CFRunLoopDoSource0 + 84 (CFRunLoop.c:1956)

49 CoreFoundation 0x000000019a12690c __CFRunLoopDoSources0 + 184 (CFRunLoop.c:1992)

50 CoreFoundation 0x000000019a1217d8 __CFRunLoopRun + 1068 (CFRunLoop.c:2882)

51 CoreFoundation 0x000000019a121084 CFRunLoopRunSpecific + 480 (CFRunLoop.c:3192)

52 GraphicsServices 0x00000001a436f534 GSEventRunModal + 108 (GSEvent.c:2246)

53 UIKitCore 0x000000019e291698 UIApplicationMain + 1940 (UIApplication.m:4758)

54 [Redacted App Name] 0x00000001024c6828 main + 68 (AppDelegate.swift:24)

55 libdyld.dylib 0x0000000199fa0e18 start + 4

Hello,

I'm facing same issue. can anyone help to solve out it ?

This has not been fixed in the newer point releases of iOS 13.2. It may be related to this issue as well, which seems to also occuring only during foregrounding: https://forums.developer.apple.com/thread/123798#

We have exactly the same issue. I have no clue yet...


Now it starts happening on iOS 13.3 too

Indeed, I can confirm it's still happening on 13.3 as well 😟

This has become our #1 crashing issue in beta. This seems only to occur for our members in IOS 13.3, on iPhone X and newer

Definitely our #1 crash too, by a large margin. Impossible to reproduce using any Xcode tools. We did get in on iOS 13.2 as well, although all recent reports seem to be on iOS 13.3 as you describe, possibly because users on the latest iOS versions have updated.

Have filed radar FB7562386 in case it also catched someone's eye on a tech team.

We have the same problems in our project.

I guess it's because we used 'inputAccessoryView' wrong way.

I used it by method override. In that method, I checked some cconditions for returning inputAccessoryView.

Depends on the condition, it returned inputAccessoryView or nil.


Another VC that uses inputAccessoryView in our app is not making the crash.


If you want to reproduce that crash, just tap textview or textfield that shown with inputAccessoryView, and then change iPhone status to multi-tasking mode and slide up your app for terminating.


I could reproduce that crashes on my phone.


We'll change the usage of this way to fix the crash.

I hope this will be helpful.

I think we found a way to work around the issue, and your input was definitely helpful, thanks!.


In our case, like in yours, it was related to an input accessory view. In our case, we were adding a property observer to the input accessory's superview in "viewWillMoveToSuperview". Moving this handling to "viewDidMoveToSuperview" instead seemed to fix the crash.


We can only assume that since iOS 13.2 something changed in UIKit and some temporary superview was being allocated, assigned the input accessory causing a call to "viewWillMoveToSuperview", but then the input accessory was never added, and the temporary view deallocated, which left a dangling observer, I'm guessing? In any case, once the observer was set in "viewDidMoveToSuperview" instead, where it was sure the input accessory was added to that view, the crashes seem to have gone away.


I hope this helps anyone else with this issue!

Thanks for the hint! I can confirm that moving a property observer setup from the `willMove(toSuperview:)` to `didMoveToSuperview()` fixed the problem in the Chatto project (#PR648).

Specific crash only on iOS 13.2.0 when foregrounding
 
 
Q