How to report AppKit bug I can't reproduce but have dozens of reports (NSControlTrackMouse)

Since macOS Catalina I started to get report I can't reproduce but I know where is it crashing.

Register rsi has following selector in memory:

_controlStopTracking:at:inView:mouseIsUp:


SEGV_MAPERR has address 0x000059b575cd55f8 which is a result of 0x000059b575cd55e0+0x18


AppKit where it crashes:

if (*(int8_t *)(var_90 + 0x18) != 0x0) {
                            [r14 _controlStopTracking:r15 at:sign_extend_64(*(int8_t *)(var_70 + 0x18)) inView:r8 mouseIsUp:r9];
                    }

https://imgur.com/a/pXro4QF


Reports are coming from multiple systems/languages and I can't simulate the crash.

How to report this or what can I do more (debugging)?


Exception Type:  SIGSEGV
Exception Codes: SEGV_MAPERR at 0x59b575cd55f8
Crashed Thread:  0


Thread 0 Crashed:
0   libobjc.A.dylib                      0x00007fff64e2501d objc_msgSend + 29
1   AppKit                               0x00007fff2c098af0 NSControlTrackMouse + 1491
2   AppKit                               0x00007fff2c0984f4 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 129
3   AppKit                               0x00007fff2c5d92b5 -[NSStepperCell trackMouse:inRect:ofView:untilMouseUp:] + 161
4   AppKit                               0x00007fff2c3c86c4 -[NSDatePickerCell(NSTextFieldWithStepperDatePickerInternal) _textFieldWithStepperTrackMouse:inRect:ofView:untilMouseUp:] + 391
5   AppKit                               0x00007fff2c097733 -[NSControl mouseDown:] + 747
6   AppKit                               0x00007fff2c095b0d -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 4906
7   AppKit                               0x00007fff2bfffc5c -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 2611
8   AppKit                               0x00007fff2bfff005 -[NSWindow(NSEventRouting) sendEvent:] + 348
9   AppKit                               0x00007fff2bffd37c -[NSApplication(NSEvent) sendEvent:] + 351
10  AppKit                               0x00007fff2be490cf -[NSApplication run] + 706
11  AppKit                               0x00007fff2be1b465 NSApplicationMain + 776
12  Dynaper                              0x00000001071d9199 main (receigen.h:5142)
13  libdyld.dylib                        0x00007fff6619f7fd start + 0
Thread 0 crashed with x86_64 Thread State:
rflags: 0x0000000000010202    rax: 0x00007ffee8a765e8    rdi: 0x00006000018e55e0    r14: 0x00006000018e55e0
   rsi: 0x00007fff2cadb39d     r8: 0x0000000000000091    rdx: 0x00007f9e6cd39f10    r10: 0x000059b575cd55e0
    cs: 0x000000000000002b     fs: 0x0000000000000000     r9: 0x00000000000007fb    r15: 0x00007f9e6cd39f10
   rbx: 0x0000000000000000    r11: 0x00007fff2cadb39d    rip: 0x00007fff64e2501d    rbp: 0x00007ffee8a766b0
    gs: 0x0000000000000000    rsp: 0x00007ffee8a76468    r12: 0x000060000088dd40    rcx: 0x0000000000000000
   r13: 0x00006000018e45b0
Up vote post of xhruso00 Down vote post of xhruso00
999 views
Posted by
xhruso00
Reply
Add a Comment

Replies

I don't have an answer for you but I do have a comment. I was getting a crash that, from my memory, looks very similar to your crash. The thing that stands out for me is the stepper cell. I eventually figured out a work-around that isn't elegant but stopped the crash.


Edit to add this: I should clarify, it wasn't the stepper cell that was the culprit, that is what caught my eye in your post. I replaced the stepper cell with another method of changing the value and the crash still existed until I did my hack.


Another edit 2/29/2020

Did you ever find a solution? As I mentioned, I had a hack I used to get around the crash. It involved putting a small portion of code in a perform selector with delay. I didn't like that but it worked. I have since found a slightly better solution:


dispatch_async (dispatch_get_main_queue(),^{
    // do stuff
});


Some background on the code in question. A document based app with multiple pages of text. A dropdown sheet has a bunch of buttons to click for changing margins, etc. Every time a margin is changed, then the main document is updated. The crash always happened when it was updating the size of the textContainer. My original hack involved putting the container size update in the delay. I suppose this gave the app time to wander through the thread once before it updated the container. Anyway, putting the code to update the document and container in the code above seems to have solved my problem. While not a "bug fix," this might be something for you to explore.

Posted by
janabanana
Up vote reply of janabanana Down vote reply of janabanana
Add a Comment
I wouldn't say as solution but I finally found what is causing it. On Big Sur I have slightly better crash report. I found out that there is a strong reference to a block + NSStepper. I was changing first responder somewhere in app (resign first responder and hide stepper). The fact that and there is a delayed mouseDown event delivered which is causing the crash. Still trying to dig more.

Application Specific Information:

objcmsgSend() selector name: sendActionsForEvents:view:

0   libobjc.A.dylib                   0x00007fff201b0d1d objcmsgSend + 29
1   com.apple.AppKit                  0x00007fff232bb0da NSControlTrackMouseblockinvoke.55 + 701
2   com.apple.AppKit                  0x00007fff22e3c922 -[NSDragEventTracker trackEvent:usingHandler:] + 1155
3   com.apple.AppKit                  0x00007fff22e3bdb5 NSControlTrackMouse + 1397
4   com.apple.AppKit                  0x00007fff22e3b818 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 130
5   com.apple.AppKit                  0x00007fff2338cd23 -[NSStepperCell trackMouse:inRect:ofView:untilMouseUp:] + 162
6   com.apple.AppKit                  0x00007fff231667d5 -[NSDatePickerCell(NSTextFieldWithStepperDatePickerInternal) textFieldWithStepperTrackMouse:inRect:ofView:untilMouseUp:] + 390
7   com.apple.AppKit                  0x00007fff22e3aa18 -[NSControl mouseDown:] + 722
8   com.apple.AppKit                  0x00007fff23160fcc -[NSDatePicker mouseDown:] + 47
9   com.apple.AppKit                  0x00007fff22e38e98 -[NSWindow(NSEventRouting) handleMouseDownEvent:isDelayedEvent:] + 4956
10  com.apple.AppKit                  0x00007fff22da7848 -[NSWindow(NSEventRouting) reallySendEvent:isDelayedEvent:] + 2594
11  com.apple.AppKit                  0x00007fff22da6c0a -[NSWindow(NSEventRouting) sendEvent:] + 347
12  com.apple.AppKit                  0x00007fff22da4ff0 -[NSApplication(NSEvent) sendEvent:] + 352
13  com.apple.AppKit                  0x00007fff2307dd16 -[NSApplication _handleEvent:] + 65
14  com.apple.AppKit                  0x00007fff22c0d983 -[NSApplication run] + 623

Posted by
xhruso00
Up vote reply of xhruso00 Down vote reply of xhruso00
Add a Comment