Crash in background

Hi,


My app is getting background crash starting from iOS 11.2. I have provided crashed thread below. Could you please suggest any solution to this crash? It happens randomly. I am not able to reproduce this by myself.


This report is from Apple:

Hardware Model: iPhone10,2

Code Type: ARM-64 (Native)

Role: Non UI

Parent Process: launchd [1]


Date/Time: 2018-06-14 11:19:44.5231 -0500

Launch Time: 2018-06-14 11:19:02.4926 -0500

OS Version: iPhone OS 11.4.1 (15G5063b)


Exception Type: EXC_BAD_ACCESS (SIGBUS)

Exception Subtype: EXC_ARM_DA_ALIGN at 0x0000000184e0d601

VM Region Info: 0x184e0d601 is in 0x184d0a000-0x185003000; bytes after start: 1062401 bytes before end: 2054654

REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL

__TEXT 000000018495b000-0000000184d0a000 [ 3772K] r-x/r-x SM=COW ...ork/CFNetwork

---> __TEXT 0000000184d0a000-0000000185003000 [ 3044K] r-x/r-x SM=COW ...rk/Foundation

__TEXT 0000000185003000-0000000185104000 [ 1028K] r-x/r-x SM=COW ...work/Security


Termination Signal: Bus error: 10

Termination Reason: Namespace SIGNAL, Code 0xa

Terminating Process: exc handler [0]

Triggered by Thread: 0


Thread 0 name:

Thread 0 Crashed:

0 Foundation 0x0000000184e0d601 __NSDescribeDelayedPerformCallout + 229 (NSRunLoop.m:643)

1 CoreFoundation 0x00000001842a10b8 CFRunLoopTimerInvalidate + 680 (CFRunLoop.c:4560)

2 CoreFoundation 0x000000018437f7a4 __CFRunLoopDoTimer + 920 (CFRunLoop.c:2420)

3 CoreFoundation 0x000000018437f010 __CFRunLoopDoTimers + 248 (CFRunLoop.c:2562)

4 CoreFoundation 0x000000018437cb60 __CFRunLoopRun + 2168 (CFRunLoop.c:0)

5 CoreFoundation 0x000000018429cda8 CFRunLoopRunSpecific + 552 (CFRunLoop.c:3245)

6 GraphicsServices 0x0000000186282020 GSEventRunModal + 100 (GSEvent.c:2245)

7 UIKit 0x000000018e2bb9c8 UIApplicationMain + 236 (UIApplication.m:3965)

8 HearMeOut 0x0000000104fdc9c4 main + 88 (main.m:17)

9 libdyld.dylib 0x0000000183d2dfc0 start + 4


Thread 1:

0 libsystem_kernel.dylib 0x0000000183e5dd78 __workq_kernreturn + 8

1 libsystem_pthread.dylib 0x0000000183ffbeb4 _pthread_wqthread + 928 (pthread.c:0)

2 libsystem_pthread.dylib 0x0000000183ffbb08 start_wqthread + 4


Thread 2 name:

Thread 2:

0 libsystem_kernel.dylib 0x0000000183e3bde8 mach_msg_trap + 8

1 libsystem_kernel.dylib 0x0000000183e3bc60 mach_msg + 72 (mach_msg.c:103)

2 CoreFoundation 0x000000018437ee40 __CFRunLoopServiceMachPort + 196 (CFRunLoop.c:2613)

3 CoreFoundation 0x000000018437c908 __CFRunLoopRun + 1568 (CFRunLoop.c:2969)

4 CoreFoundation 0x000000018429cda8 CFRunLoopRunSpecific + 552 (CFRunLoop.c:3245)

5 Foundation 0x0000000184d12674 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (NSRunLoop.m:367)

6 Foundation 0x0000000184d1251c -[NSRunLoop(NSRunLoop) runUntilDate:] + 148 (NSRunLoop.m:411)

7 UIKit 0x000000018dfa09d8 -[UIEventFetcher threadMain] + 136 (UIEventFetcher.m:437)

8 Foundation 0x0000000184e22efc __NSThread__start__ + 1040 (NSThread.m:1181)

9 libsystem_pthread.dylib 0x0000000183ffd220 _pthread_body + 272 (pthread.c:740)

10 libsystem_pthread.dylib 0x0000000183ffd110 _pthread_start + 292 (pthread.c:799)

11 libsystem_pthread.dylib 0x0000000183ffbb10 thread_start + 4



This report is from Crashlytics:

#0. Crashed: com.apple.main-thread

0 Foundation 0x183a5c601 __NSDescribeDelayedPerformCallout + 229

1 CoreFoundation 0x182fcf7a4 __CFRunLoopDoTimer + 920

2 CoreFoundation 0x182fcf010 __CFRunLoopDoTimers + 248

3 CoreFoundation 0x182fccb60 __CFRunLoopRun + 2168

4 CoreFoundation 0x182eecda8 CFRunLoopRunSpecific + 552

5 GraphicsServices 0x184ed1020 GSEventRunModal + 100

6 UIKit 0x18cf09758 UIApplicationMain + 236

7 HearMeOut 0x1043149c4 main (main.m:17)

8 libdyld.dylib 0x18297dfc0 start + 4


--

#0. Crashed: com.apple.main-thread

0 Foundation 0x183a5c601 __NSDescribeDelayedPerformCallout + 229

1 CoreFoundation 0x182fcf7a4 __CFRunLoopDoTimer + 920

2 CoreFoundation 0x182fcf010 __CFRunLoopDoTimers + 248

3 CoreFoundation 0x182fccb60 __CFRunLoopRun + 2168

4 CoreFoundation 0x182eecda8 CFRunLoopRunSpecific + 552

5 GraphicsServices 0x184ed1020 GSEventRunModal + 100

6 UIKit 0x18cf09758 UIApplicationMain + 236

7 HearMeOut 0x1043149c4 main (main.m:17)

8 libdyld.dylib 0x18297dfc0 start + 4


#1. com.apple.uikit.eventfetch-thread

0 libsystem_kernel.dylib 0x182a8be08 mach_msg_trap + 8

1 libsystem_kernel.dylib 0x182a8bc80 mach_msg + 72

2 CoreFoundation 0x182fcee40 __CFRunLoopServiceMachPort + 196

3 CoreFoundation 0x182fcc908 __CFRunLoopRun + 1568

4 CoreFoundation 0x182eecda8 CFRunLoopRunSpecific + 552

5 Foundation 0x183961674 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304

6 Foundation 0x1839614dc -[NSRunLoop(NSRunLoop) runUntilDate:] + 84

7 UIKit 0x18cbee768 -[UIEventFetcher threadMain] + 136

8 Foundation 0x183a71efc __NSThread__start__ + 1040

9 libsystem_pthread.dylib 0x182c4d220 _pthread_body + 272

10 libsystem_pthread.dylib 0x182c4d110 _pthread_body + 290

11 libsystem_pthread.dylib 0x182c4bb10 thread_start + 4


#2. Thread

0 libsystem_pthread.dylib 0x182c4bb04 start_wqthread + 122



Thank you.

Up vote post of mal.inka Down vote post of mal.inka
4.0k views
Posted by
mal.inka
Reply
Add a Comment

Replies

Please post the complete crash report (the report you posted is missing the Thread State and Binary Images sections from the end, which are both critical to any analysis).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Here's a full crashlog: https://gist.github.com/inna4209/3c39832211b3454bcd0b755c6778a53c

Posted by
mal.inka
Up vote reply of mal.inka Down vote reply of mal.inka
Add a Comment

Here's a full crashlog

Thanks!

I ran that crash report through some tools here and it seems to be unique to your app, which means it’s very likely to be something in your code rather than a bug in the system.

Consider this snippet from your crash report:

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Subtype: EXC_ARM_DA_ALIGN at 0x0000000184e0d601

The address being accessed that triggered the crash is 0x0000000184e0d601. Now look at the register state:

Thread 0 crashed with ARM Thread State (64-bit):
    …
    x8: 0x0000000184e0d601   x9: 0x0000000300002e88 …
    …
   x28: 0x0000000000000000   fp: 0x000000016ae25a90   lr: 0x00000001842a10b8
    sp: 0x000000016ae25a30   pc: 0x0000000184e0d601 …

The only place that address shows up is in 

x8
and the PC. I just happened to have the same build of iOS installed on a test device here, so I disassembled the code: 
(lldb) disas -n __NSDescribeDelayedPerformCallout
…
0x186549600 <+228>: ldp    x29, x30, [sp, #0x70]
…

The crashing instruction does not use 

x8
, so it seems likely that the PC is the problem. Specifically, it seems like you’ve jumped to 0x0000000184e0d601, which isn’t a valid instruction.

Going one level up the backtrace I see this:

(lldb) disas -n CFRunLoopTimerInvalidate
…
0x1859dd088 <+632>: bl     0x1859db90c      ; CFRunLoopRemoveTimer
0x1859dd08c <+636>: mov    x0, x25
0x1859dd090 <+640>: bl     0x185b73cf8      ; …
0x1859dd094 <+644>: mov    x0, x22
0x1859dd098 <+648>: bl     0x1859d51e8      ; CFRelease
0x1859dd09c <+652>: mov    x0, x20
0x1859dd0a0 <+656>: bl     0x185b73ce0      ; …
0x1859dd0a4 <+660>: mov    sp, x26
0x1859dd0a8 <+664>: ldr    x8, [x19, #0xb0]
0x1859dd0ac <+668>: cbz    x8, 0x1859dd0b8  ; <+680>
0x1859dd0b0 <+672>: mov    x0, x21
0x1859dd0b4 <+676>: blr    x8
0x1859dd0b8 <+680>: mov    x0, x20

Note how 

lr
points to +680 and the instruction at +676 is a branch linked to 
x8
. It seems that the crash is directly caused by this; there’s no weirdo tail call elimination going on. Thus 
__NSDescribeDelayedPerformCallout
is not involved in this at all, which is good because it’s hard to see how it could be. Rather, something has caused 
CFRunLoopTimerInvalidate
to jump off to never never land.

Fortunately the code for 

CFRunLoopTimerInvalidate
is available via the Swift open source (see here). Here’s the relevant snippet: 
4295             CFRunLoopRemoveTimer(rl, rlt, kCFRunLoopCommonModes);
4296             __CFRunLoopUnlock(rl);
4297             for (CFIndex idx = 0; idx < cnt; idx++) {
4298                 CFRelease(modes[idx]);
4299             }
4300             CFRelease(rl);
4301             __CFRunLoopTimerLock(rlt);
4302         }
4303         if (NULL != rlt->_context.release) {
4304             rlt->_context.release(info);    /* CALLOUT */
4305         }

Note You might observe that the line numbers here don’t match the line number in frame 1 of your backtrace. That’s because the CF open source doesn’t exactly match the CF source code used to build the OS. However, we know we’re in the right place because of the relative position of the call to 

CFRunLoopRemoveTimer
at +632.

Line 4304 is CF releasing the 

info
pointer associated with a run loop timer. Specifically, it seems that the 
release
function pointer has either been set incorrectly or corrupted after the fact.

It’s hard to say how this relates to your code but the first place I’d look is any use of timers, and specifically low-level CF run loop timers. Also, make sure you’ve run you app through the standard memory debugging tools, as they are good at catching this sort of thing early.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thank you very much for your explanation. You really helped me. I will search in code, where is problem.

Posted by
mal.inka
Up vote reply of mal.inka Down vote reply of mal.inka
Add a Comment