1 Reply
      Latest reply on Dec 4, 2019 6:13 AM by _christhegreat
      _christhegreat Level 1 Level 1 (0 points)

        Sadly we could not fix the crash till today. Apple Staff told me to move this discussion over here.
        The crash seems to happen only at launch.
        See the original post below.

        Original post:

        =======================================================

         

        Since the release of iOS 13 we are getting 10-30 crash reports from Itunes Connect saying UIKitCore: -[UIResponder doesNotRecognizeSelector:].

         

        Can anyone help me understand the following crash report?

         

        Following https://developer.apple.com/library/archive/technotes/tn2151/_index.html -[NSObject(NSObject) doesNotRecognizeSelector:] occurs when a new object is allocated in the memory previously occupied by the deallocated object. Profiling the app with the Zombies instrument doesn't really help, I just can't reproduce the situation.

         

        Please understand that I had to **** out the actual app name.

         

        Incident Identifier: E2E4860B-2714-4CB8-9499-6228F48FC206
        CrashReporter Key:   87ee941f267b3bff9e4bde9c5977b1d1fc7f0d35
        Hardware Model:      iPhone10,4
        Process:             *********** [16655]
        Path:                /private/var/containers/Bundle/Application/45BB2B04-9950-4E2A-B63A-7328C23E33C3/***********.app/***********
        Identifier:          de.*************.mobile.connect
        Version:             1 (1.0.8)
        AppStoreTools:       11A1002b
        AppVariant:          1:iPhone10,4:13
        Code Type:           ARM-64 (Native)
        Role:                Non UI
        Parent Process:      launchd [1]
        Coalition:           de.**************.mobile.connect [2654]
        
        
        Date/Time:           2019-10-15 12:51:56.5319 +0200
        Launch Time:         2019-10-15 12:47:09.2979 +0200
        OS Version:          iPhone OS 13.1.2 (17A860)
        Release Type:        User
        Baseband Version:    3.01.01
        Report Version:      104
        
        
        Exception Type:  EXC_CRASH (SIGABRT)
        Exception Codes: 0x0000000000000000, 0x0000000000000000
        Exception Note:  EXC_CORPSE_NOTIFY
        Triggered by Thread:  0
        
        
        Last Exception Backtrace:
        0   CoreFoundation                0x1ae45498c __exceptionPreprocess + 220 (NSException.m:199)
        1   libobjc.A.dylib                0x1ae17d0a4 objc_exception_throw + 56 (objc-exception.mm:565)
        2   CoreFoundation                0x1ae35843c -[NSObject(NSObject) doesNotRecognizeSelector:] + 140 (NSObject.m:144)
        3   UIKitCore                      0x1b24902a8 -[UIResponder doesNotRecognizeSelector:] + 296 (UIResponder.m:659)
        4   CoreFoundation                0x1ae458e08 ___forwarding___ + 1324 (NSForwarding.m:3325)
        5   CoreFoundation                0x1ae45abec _CF_forwarding_prep_0 + 92
        6   UIKitCore                      0x1b2353040 -[UIUndoGestureInteraction didMoveToView:] + 108 (UIUndoGestureInteraction.m:725)
        7   UIKitCore                      0x1b28eb3c4 _setInteractionView + 84 (UIView.m:16421)
        8   UIKitCore                      0x1b28eb2a0 -[UIView(Dragging) addInteraction:] + 268 (UIView.m:16450)
        9   UIKitCore                      0x1b26cd2b8 -[UIEditingOverlayViewController _addInteractions] + 260 (UIEditingOverlayViewController.m:79)
        10  UIKitCore                      0x1b1e5b2ec -[UIViewController _setViewAppearState:isAnimating:] + 832 (UIViewController.m:4695)
        11  UIKitCore                      0x1b1e5b6fc __52-[UIViewController _setViewAppearState:isAnimating:]_block_invoke + 268 (UIViewController.m:4758)
        12  CoreFoundation                0x1ae42773c __NSARRAY_IS_CALLING_OUT_TO_A_BLOCK__ + 16 (NSArrayHelpers.m:9)
        13  CoreFoundation                0x1ae32b86c -[__NSArrayI enumerateObjectsWithOptions:usingBlock:] + 152 (NSArrayI.m:108)
        14  UIKitCore                      0x1b1e5b49c -[UIViewController _setViewAppearState:isAnimating:] + 1264 (UIViewController.m:4736)
        15  UIKitCore                      0x1b1e5d530 __64-[UIViewController viewDidMoveToWindow:shouldAppearOrDisappear:]_block_invoke + 44 (UIViewController.m:5272)
        16  UIKitCore                      0x1b1e5c32c -[UIViewController _executeAfterAppearanceBlock] + 88 (UIViewController.m:5050)
        17  UIKitCore                      0x1b246bca4 _runAfterCACommitDeferredBlocks + 584 (UIApplication.m:3027)
        18  UIKitCore                      0x1b245b7c0 _cleanUpAfterCAFlushAndRunDeferredBlocks + 232 (UIApplication.m:2986)
        19  UIKitCore                      0x1b248b594 _afterCACommitHandler + 76 (UIApplication.m:3048)
        20  CoreFoundation                0x1ae3d1c48 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 32 (CFRunLoop.c:1758)
        21  CoreFoundation                0x1ae3ccb34 __CFRunLoopDoObservers + 416 (CFRunLoop.c:1868)
        22  CoreFoundation                0x1ae3cd100 __CFRunLoopRun + 1308 (CFRunLoop.c:2910)
        23  CoreFoundation                0x1ae3cc8bc CFRunLoopRunSpecific + 464 (CFRunLoop.c:3192)
        24  GraphicsServices              0x1b8238328 GSEventRunModal + 104 (GSEvent.c:2246)
        25  UIKitCore                      0x1b24626d4 UIApplicationMain + 1936 (UIApplication.m:4753)
        26  ***********                    0x104684a60 main + 68 (APIInfoUser.swift:7)
        27  libdyld.dylib                  0x1ae257460 start + 4
        
        
        Thread 0 name:
        Thread 0 Crashed:
        0   libsystem_kernel.dylib        0x00000001ae24cebc __pthread_kill + 8
        1   libsystem_pthread.dylib        0x00000001ae16cc1c pthread_kill$VARIANT$armv81 + 192 (pthread.c:1456)
        2   libsystem_c.dylib              0x00000001ae0bc824 abort + 100 (abort.c:110)
        3   libc++abi.dylib                0x00000001ae2157d4 abort_message + 128 (abort_message.cpp:76)
        4   libc++abi.dylib                0x00000001ae2159c4 demangling_terminate_handler() + 296 (cxa_default_handlers.cpp:66)
        5   libobjc.A.dylib                0x00000001ae17d358 _objc_terminate() + 124 (objc-exception.mm:701)
        6   libc++abi.dylib                0x00000001ae222304 std::__terminate(void (*)()) + 16 (cxa_handlers.cpp:59)
        7   libc++abi.dylib                0x00000001ae221ed8 __cxa_rethrow + 144 (cxa_exception.cpp:618)
        8   libobjc.A.dylib                0x00000001ae17d258 objc_exception_rethrow + 40 (objc-exception.mm:604)
        9   CoreFoundation                0x00000001ae3cc92c CFRunLoopRunSpecific + 576 (CFRunLoop.c:3206)
        10  GraphicsServices              0x00000001b8238328 GSEventRunModal + 104 (GSEvent.c:2246)
        11  UIKitCore                      0x00000001b24626d4 UIApplicationMain + 1936 (UIApplication.m:4753)
        12  ***********                    0x0000000104684a60 main + 68 (APIInfoUser.swift:7)
        13  libdyld.dylib                  0x00000001ae257460 start + 4
        
        
        Thread 1:
        0   libsystem_pthread.dylib        0x00000001ae174ad8 start_wqthread + 0
        
        
        Thread 2:
        0   libsystem_pthread.dylib        0x00000001ae174ad8 start_wqthread + 0
        
        
        Thread 3 name:
        Thread 3:
        0   libdyld.dylib                  0x00000001ae260188 DyldSharedCache::inCache(void const*, unsigned long, bool&) const + 44 (DyldSharedCache.cpp:243)
        1   libdyld.dylib                  0x00000001ae262e8c dyld3::AllImages::immutableMemory(void const*, unsigned long) const + 56 (AllImages.cpp:784)
        2   libdispatch.dylib              0x00000001ae121578 _dispatch_strdup_if_mutable + 40 (init.c:1372)
        3   libdispatch.dylib              0x00000001ae0fe5f8 _dispatch_lane_create_with_target + 328 (queue.c:2740)
        4   CFNetwork                      0x00000001b1757c44 Tube* Tube::createNewTube5   CFNetwork                      0x00000001b17244bc TubeManager::_onqueue_enqueueRequestForProtocol(MetaConnectionCacheClient*, HTTPRequestMessage co... + 656 (TubeManager.cpp:461)
        6   CFNetwork                      0x00000001b168fc00 GlueTubeManager::enqueueRequestForProtocol(MetaConnectionCacheClient*, HTTPRequestMessage const*,... + 428 (TubeManager.cpp:168)
        7   CFNetwork                      0x00000001b166bb48 invocation function for block in XTubeManager::enqueueRequestForProtocol(MetaConnectionCacheClien... + 48 (LocalSession.mm:228)
        8   CFNetwork                      0x00000001b166bae0 XTubeManager::withTubeManager(CoreSchedulingSet const*, void (GlueTubeManager*) block_pointer) + 248 (LocalSession.mm:279)
        9   CFNetwork                      0x00000001b164ac80 -[__NSURLSessionLocal _withConnectionCache_enqueueRequest:forProtocol:scheduling:options:] + 128 (LocalSession.mm:227)
        10  CFNetwork                      0x00000001b1770850 HTTPProtocol::asynchronouslyCreateAndOpenStream_WithMessage_AfterCookiesAndAuthenticatorHeaders(_... + 3440 (HTTPProtocol.cpp:2990)
        11  CFNetwork                      0x00000001b176f838 HTTPProtocol::asynchronouslyAddAuthenticatorHeadersAndContinue(__CFHTTPMessage*) + 108 (HTTPProtocol.cpp:2793)
        12  CFNetwork                      0x00000001b177214c invocation function for block in HTTPProtocol::asynchronouslyAddCookiesAndContinue(__CFHTTPMessage*) + 28 (HTTPProtocol.cpp:3434)
        13  CFNetwork                      0x00000001b185f534 invocation function for block in QCoreSchedulingSet::performAsync(void () block_pointer) const + 52 (CoreSchedulingSet.mm:190)
        14  libdispatch.dylib              0x00000001ae121610 _dispatch_call_block_and_release + 24 (init.c:1408)
        15  libdispatch.dylib              0x00000001ae122184 _dispatch_client_callout + 16 (object.m:495)
        16  libdispatch.dylib              0x00000001ae0ff73c _dispatch_lane_serial_drain$VARIANT$armv81 + 564 (inline_internal.h:2487)
        17  libdispatch.dylib              0x00000001ae100188 _dispatch_lane_invoke$VARIANT$armv81 + 452 (queue.c:3820)
        18  libdispatch.dylib              0x00000001ae1012a8 _dispatch_workloop_invoke$VARIANT$armv81 + 1736 (inline_internal.h:2528)
        19  libdispatch.dylib              0x00000001ae10943c _dispatch_workloop_worker_thread + 576 (queue.c:6386)
        20  libsystem_pthread.dylib        0x00000001ae171fa4 _pthread_wqthread + 276 (pthread.c:2323)
        21  libsystem_pthread.dylib        0x00000001ae174ae0 start_wqthread + 8
        
        
        Thread 4 name:
        Thread 4:
        0   libsystem_kernel.dylib        0x00000001ae22b5f4 mach_msg_trap + 8
        1   libsystem_kernel.dylib        0x00000001ae22aa60 mach_msg + 72 (mach_msg.c:103)
        2   CoreFoundation                0x00000001ae3d2068 __CFRunLoopServiceMachPort + 216 (CFRunLoop.c:2575)
        3   CoreFoundation                0x00000001ae3cd188 __CFRunLoopRun + 1444 (CFRunLoop.c:2931)
        4   CoreFoundation                0x00000001ae3cc8bc CFRunLoopRunSpecific + 464 (CFRunLoop.c:3192)
        5   Foundation                    0x00000001ae70c994 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 228 (NSRunLoop.m:374)
        6   Foundation                    0x00000001ae70c874 -[NSRunLoop(NSRunLoop) runUntilDate:] + 88 (NSRunLoop.m:421)
        7   UIKitCore                      0x00000001b24fa49c -[UIEventFetcher threadMain] + 152 (UIEventFetcher.m:637)
        8   Foundation                    0x00000001ae83d0b0 __NSThread__start__ + 848 (NSThread.m:724)
        9   libsystem_pthread.dylib        0x00000001ae1711ec _pthread_start + 124 (pthread.c:895)
        10  libsystem_pthread.dylib        0x00000001ae174aec thread_start + 8
        
        
        Thread 5:
        0   libsystem_pthread.dylib        0x00000001ae174ad8 start_wqthread + 0
        
        
        Thread 6:
        0   libsystem_pthread.dylib        0x00000001ae174ad8 start_wqthread + 0
        
        
        Thread 7:
        0   libsystem_pthread.dylib        0x00000001ae174ad8 start_wqthread + 0
        
        
        Thread 0 crashed with ARM Thread State (64-bit):
            x0: 0x0000000000000000   x1: 0x0000000000000000   x2: 0x0000000000000000   x3: 0x0000000000000000
            x4: 0x00000001ae2255d8   x5: 0x000000016b77f430   x6: 0x000000000000006e   x7: 0x0000000000000700
            x8: 0x0000000104bb1800   x9: 0x00000001ae16cb5c  x10: 0x00000001ae168720  x11: 0x000000000000000b
           x12: 0x00000001e57af080  x13: 0x0000000000000030  x14: 0x0000000000000010  x15: 0x0000000000000000
           x16: 0x0000000000000148  x17: 0x0000000000000001  x18: 0x0000000000000000  x19: 0x0000000000000006
           x20: 0x0000000000000407  x21: 0x0000000104bb18e0  x22: 0x0000000282594270  x23: 0x00000001eafdb5e0
           x24: 0x0000000281c9c0d0  x25: 0x0000000000000000  x26: 0x0000000000000001  x27: 0x00000001047e4160
           x28: 0x000000016b77faf0   fp: 0x000000016b77f390   lr: 0x00000001ae16cc1c
            sp: 0x000000016b77f370   pc: 0x00000001ae24cebc cpsr: 0x40000000
           esr: 0x56000080  Address size fault
        • Re: UIResponder doesNotRecognizeSelector
          eskimo Apple Staff Apple Staff (12,425 points)

          The key thing to notice here is that frames 0 through 5 of this backtrace are just boilerplate associated with an unrecognised selector.  That is, frame 6 has called a method on an object, the object didn’t recognise that selector so it entered the Objective-C runtime forwarding infrastructure (frames 5 through 4).  That landed in UIResponder (frame 3) because UIResponder support some sort of generic message forwarding.  That message forwarding failed, so UIResponder called super (frame 2), which then threw the exception.

          So the real question is, what’s going on in frame 6.  To learn more about this, you can disassemble the code (-:

          (lldb) disas -n '-[UIUndoGestureInteraction didMoveToView:]'
          UIKitCore`-[UIUndoGestureInteraction didMoveToView:]:
              0x1bbe92fd4 <+0>:   stp    x22, x21, [sp, #-0x30]!
              0x1bbe92fd8 <+4>:   stp    x20, x19, [sp, #0x10]
              0x1bbe92fdc <+8>:   stp    x29, x30, [sp, #0x20]
              0x1bbe92fe0 <+12>:  add    x29, sp, #0x20    ; =0x20 
              0x1bbe92fe4 <+16>:  mov    x21, x2
              0x1bbe92fe8 <+20>:  mov    x19, x0
              0x1bbe92fec <+24>:  add    x20, x0, #0x10    ; =0x10 
              0x1bbe92ff0 <+28>:  mov    x0, x20
              0x1bbe92ff4 <+32>:  mov    x1, x2
              0x1bbe92ff8 <+36>:  bl     0x1b7cd71d8       ; objc_storeWeak
              0x1bbe92ffc <+40>:  cbz    x21, 0x1bbe930a8  ; <+212>
              0x1bbe93000 <+44>:  adrp   x8, 208464
              0x1bbe93004 <+48>:  add    x1, x8, #0x7b1    ; =0x7b1 
              0x1bbe93008 <+52>:  mov    x0, x19
              0x1bbe9300c <+56>:  bl     0x1b7cb9180       ; objc_msgSend
              0x1bbe93010 <+60>:  mov    x0, x20
              0x1bbe93014 <+64>:  bl     0x1b7cd7a80       ; objc_loadWeakRetained
              0x1bbe93018 <+68>:  mov    x20, x0
              0x1bbe9301c <+72>:  adrp   x8, 208304
              0x1bbe93020 <+76>:  add    x1, x8, #0xc04    ; =0xc04 
              0x1bbe93024 <+80>:  bl     0x1b7cb9180       ; objc_msgSend
              0x1bbe93028 <+84>:  mov    x29, x29
              0x1bbe9302c <+88>:  bl     0x1b7cd8864       ; objc_retainAutoreleasedReturnValue
              0x1bbe93030 <+92>:  mov    x21, x0
              0x1bbe93034 <+96>:  adrp   x8, 208502
              0x1bbe93038 <+100>: add    x1, x8, #0xbb7    ; =0xbb7 
              0x1bbe9303c <+104>: bl     0x1b7cb9180       ; objc_msgSend
              0x1bbe93040 <+108>: stp    d0, d1, [x19, #0x100]

          There’s a bunch of things you can learn here.  First, frame 6 in the backtrace has an offset of +108, so that actual call that failed is at +104.  An objc_msgSend, has two standard parameters, the target object and the selector.  On 64-bit Arm these map to x0 and x1, respectively.

          Let’s look at the selector first.  This is constructed by the two instructions at +96 and +100.  Those two instructions form a PC-relative address.  The adrp instruction (‘add relative to page’) takes the current PC (0x1bbe93034), clears the bottom 12 bits (0x1bbe93000, remember that the historical page size is 4096 [1]), and then takes the literal, shifts it left by 12 bits (208502 << 12), and then adds it in.  The add instruction is much simpler.  It takes the result from the previous calculation and adds 0xbb7 (note the switch from decimal to hex!).

          If you run this calculation in the debugger you’ll see this:

          (lldb) p (char*)( 0x1bbe93000+(208502<<12)+0xbb7)
          (char *) $1 = 0x00000001eed09bb7 "actualSceneBounds"

          So the selector is actualSceneBounds.  Cool.

          Now let’s look at the object.  At the time of the call (+104) this is expected to be in x0.  At +92 we see it copy x0 to x21, but this is just a distraction.  Actually x0 is the function result from objc_retainAutoreleasedReturnValue at +88.  That function takes and returns an object, so x0 is the value returned by the message send at +80.  Doing the same relative page trick we did earlier, we see that the selector for that call is -window.  But what object is that being called on?

          Working that out is… well… kinda complex because of the objc_storeWeak / objc_loadWeakRetained dance.  I believe it boils down to the value passed into this method via x2, that is, the third parameter.  Based on the method name, this is clearly a view (remember that, for Objective-C methods, the first two parameters, x0 and x1, hold the target and the selector, so x2 holds the first actual parameter).

          So, in summary:

          • It seems that this method has a view parameter.

          • It’s requested window.window.screenBounds.

          • The last property access has failed because the thing that’s meant to be a window doesn’t implement the -screenBounds getter.

          I don’t know enough about UIKit to explain the background to that.  I have a couple of suggestions here:

          1. Run the Standard Memory Debugging Tools, and specifically Zombies, to see if they turn up anything useful.  Make sure to exercise the undo gesture, based on the class name of the method we pulled apart.

          2. If that doesn’t pan out, bounce over to App Frameworks > Cocoa Touch to see if anyone there has any suggestions.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

          [1] On 64-bit Arm the actual page size is typically 64 KiB, but the adrp instruction uses the historical page size of 4096 because it matches the maximum literal size in the add instruction.