Crash in AVFAudio's HandleRouteChange method

We've got a bunch of crashes from our users in AVFAudio HandleRouteChange method, the whole stack trace doesn't have our code at all. Our code is 100% written in Swift, so I believe that there should be no dangling pointers in the app.


Our setup is that we use AVPlayer to play an audio file from memory, and we use KVO to observe "status" on AVPlayer, and AVPlayerItem objects, and we remove observers in deinit


This crash happens on the background thread, and I have no idea what AVFAudio is. We don't listen to any audio route change other than just observing

AVAudioSessionRouteChangeNotification on an NSNotificationCenter.


Here's the stack trace.

Thread 6 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x5c69beb8]
0x00000001861b2f70 (libobjc.A.dylib + 0x0001af70 )  objc_msgSend
0x00000001a12ecfe0  (AVFAudio + 0x0007efe0 )  (anonymous namespace)::HandleRouteChange(unsigned int, NSDictionary*)
0x00000001a12ec48c  (AVFAudio + 0x0007e48c )  AVAudioSessionPropertyListener(void*, unsigned int, unsigned int, void const*)
0x000000018a676768  (AudioToolbox + 0x00123768 )  AudioSessionPropertyListeners::CallPropertyListenersImp(AudioSessionPropertyListeners const&, unsigned int, unsigned int, void const*)
0x000000018a74c828  (AudioToolbox + 0x001f9828 )  AudioSessionPropertyListeners::CallPropertyListeners(unsigned int, unsigned int, void const*)
0x000000018a7846e0  (AudioToolbox + 0x002316e0 )  HandleCFPropertyListChange(unsigned int, unsigned int, unsigned long, unsigned char*, unsigned int)
0x000000018a7890e8  (AudioToolbox + 0x002360e8 )  HandleAudioSessionCFTypePropertyChangedMessage(unsigned int, unsigned int, void*, unsigned int)
0x000000018a788940  (AudioToolbox + 0x00235940 )  ProcessDeferredMessage(unsigned int, __CFData const*, unsigned int, unsigned int)
0x000000018a787b0c  (AudioToolbox + 0x00234b0c )  ASCallbackReceiver_AudioSessionPingMessage
0x000000018a66a348  (AudioToolbox + 0x00117348 )  _XAudioSessionPingMessage
0x000000018a8e1ba0  (AudioToolbox + 0x0038eba0 )  mshMIGPerform
0x0000000187717214  (CoreFoundation + 0x000de214 )  __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__
0x00000001877169c8  (CoreFoundation + 0x000dd9c8 )  __CFRunLoopDoSource1
0x00000001877144ac  (CoreFoundation + 0x000db4ac )  __CFRunLoopRun
0x00000001876422b4  (CoreFoundation + 0x000092b4 )  CFRunLoopRunSpecific
0x00000001a12e3d20  (AVFAudio + 0x00075d20 )  GenericRunLoopThread::Entry(void*)
0x00000001a1309d98  (AVFAudio + 0x0009bd98 )  CAPThread::Entry(CAPThread*)
0x00000001867fd84c  (libsystem_pthread.dylib + 0x0000384c )  _pthread_body
0x00000001867fd75c  (libsystem_pthread.dylib + 0x0000375c )  _pthread_start
0x00000001867fad90  (libsystem_pthread.dylib + 0x00000d90 )  thread_start


Any ideas how this crash could happen?

Thanks!

Up vote post of frank153 Down vote post of frank153
3.6k views
Posted by
frank153
Reply
Add a Comment

Replies

AVFAudio is the AVFoundation Audio Framework. We have seen a number of crashes that look similar, but don't have any good leads to the underlying source yet. You can see from the trace it's happening during the handling of a route change in AVAudioSession and a objc_msgSend crasher is generally caused when attempting to send a message to a bad object, zombie, address that's been stepped etc.


If you file a bug report with some steps to reproduce, iOS/device info. and especially if you have a test project that produces the crash, it would be very helpful.

Posted by
theanalogkid
Up vote reply of theanalogkid Down vote reply of theanalogkid
Add a Comment

A single occurrence of a similar crash in our client was recently reported - shortly after answering a VoIP call:


Hardware Model: iPhone7,1
Process: Avaya Equinox [550]
Path: /var/containers/Bundle/Application/9185429D-E8FD-4B13-A568-DDB1AAB3BB0A/Avaya Equinox.app/Avaya Equinox
Identifier: com.avaya.AvayaCommunicator
Version:
Code Type: ARM-64
Parent Process: ??? [1]

Date/Time: 2017-02-16 15:23:59 +0000
OS Version: iPhone OS 10.2.1 (14D27)
Report Version: 104
Exception Type: SIGABRT
Exception Codes: #0 at 0x186127014
Crashed Thread: 6
Application Specific Information:
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[__NSSingleObjectArrayI inputs]: unrecognized selector sent to instance 0x174218950'

Last Exception Backtrace:
0 CoreFoundation 0x00000001871591b8 __exceptionPreprocess + 124 
1 libobjc.A.dylib 0x0000000185b9055c objc_exception_throw + 56 
2 CoreFoundation 0x0000000187160268 -[NSObject(NSObject) doesNotRecognizeSelector:] + 140 
3 CoreFoundation 0x000000018715d270 ___forwarding___ + 916 
4 CoreFoundation 0x000000018705680c _CF_forwarding_prep_0 + 92 
5 AVFAudio 0x00000001a0cdcfe4 (anonymous namespace)::HandleRouteChange(unsigned int, NSDictionary*) + 1340 
6 AVFAudio 0x00000001a0cdc490 AVAudioSessionPropertyListener(void*, unsigned int, unsigned int, void const*) + 1936
7 AudioToolbox 0x000000018a06676c AudioSessionPropertyListeners::CallPropertyListenersImp(AudioSessionPropertyListeners const&, unsigned int, unsigned int, void const*) + 536
8 AudioToolbox 0x000000018a13c82c AudioSessionPropertyListeners::CallPropertyListeners(unsigned int, unsigned int, void const*) + 268 
9 AudioToolbox 0x000000018a1746e4 HandleCFPropertyListChange(unsigned int, unsigned int, unsigned long, unsigned char*, unsigned int) + 728 
10 AudioToolbox 0x000000018a1790ec HandleAudioSessionCFTypePropertyChangedMessage(unsigned int, unsigned int, void*, unsigned int) + 524 
11 AudioToolbox 0x000000018a178944 ProcessDeferredMessage(unsigned int, __CFData const*, unsigned int, unsigned int) + 2432 
12 AudioToolbox 0x000000018a177b10 ASCallbackReceiver_AudioSessionPingMessage + 624 
13 AudioToolbox 0x000000018a05a34c _XAudioSessionPingMessage + 52 
14 AudioToolbox 0x000000018a2d1ba4 mshMIGPerform + 244 
15 CoreFoundation 0x0000000187107218 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 56 
16 CoreFoundation 0x00000001871069cc __CFRunLoopDoSource1 + 436 
17 CoreFoundation 0x00000001871044b0 __CFRunLoopRun + 1840 
18 CoreFoundation 0x00000001870322b8 CFRunLoopRunSpecific + 444
19 AVFAudio 0x00000001a0cd3d24 GenericRunLoopThread::Entry(void*) + 164 
20 AVFAudio 0x00000001a0cf9d9c CAPThread::Entry(CAPThread*) + 84 
21 libsystem_pthread.dylib 0x00000001861ed850 _pthread_body + 240 
22 libsystem_pthread.dylib 0x00000001861ed760 _pthread_start + 284 
23 libsystem_pthread.dylib 0x00000001861ead94 thread_start + 4



I will file a bug report if/when it re-occurs and I can hopefully get more details.

Posted by
larrybrunet
Up vote reply of larrybrunet Down vote reply of larrybrunet
Add a Comment

Hi Isn't this problem related with permission flags ?
I saw that now in docs there is warning information that app can be killed by system when app doesn't have permission for action which is restricted.

Posted by
rkz
Up vote reply of rkz Down vote reply of rkz
Add a Comment

Hi, farnk153,


Is there any further information about this crash?


I have same problem of this.

Posted by
biosli
Up vote reply of biosli Down vote reply of biosli
Add a Comment

Hi frank153,


Is there any further information about this crash?


I am facing similar crash.

Posted by
venkatesh0112
Up vote reply of venkatesh0112 Down vote reply of venkatesh0112
Add a Comment