App suddenly crashing at [[_NSCGSWindowBuffer colorSpace] retain] on macOS Sierra

Question

After upgrading to macOS Sierra, a growing number of my app’s users see crashes at [[_NSCGSWindowBuffer colorSpace] retain] with Segmentation fault: 11 / EXC_BAD_ACCESS.I’m somewhat at a loss here, because the app works fine on my machine, but I keep getting more and more crash reports each day.The stack trace is always the same, no sign of my app’s code in the stack trace so I have no idea where to start.Some users claim that the app was in full screen mode while it crashed. Not sure if it is related to that…I scanned my app for the use of NSColorSpace and everything looks good to me. The app uses automatic reference counting so I don’t call retain/release myself.Did anybody run into a problem like this or has any suggestion how to debug an issue like this?Sample crash log:System Integrity Protection: enabledCrashed Thread:        0  Dispatch queue: com.apple.main-threadException Type:        EXC_BAD_ACCESS (SIGSEGV)Exception Codes:       KERN_INVALID_ADDRESS at 0x0000161d3a58bec0Exception Note:        EXC_CORPSE_NOTIFYTermination Signal:    Segmentation fault: 11Termination Reason:    Namespace SIGNAL, Code 0xbTerminating Process:   exc handler [0]VM Regions Near 0x161d3a58bec0:    CoreAnimation          0000000119200000-0000000119642000 [ 4360K] rw-/rwx SM=PRV --&gt;    JS JIT generated code  0000463b1ca00000-0000463b1ca01000 [    4K] ---/rwx SM=NUL Application Specific Information:objc_msgSend() selector name: retainThread 0 Crashed:: Dispatch queue: com.apple.main-thread0   libobjc.A.dylib                   0x00007fffb9f71b5d objc_msgSend + 291   com.apple.AppKit                  0x00007fffa35caa35 -[_NSCGSWindowBuffer colorSpace] + 332   com.apple.AppKit                  0x00007fffa359ed11 __NSCGSWindowBackingStoreMark__block_invoke + 9973   com.apple.AppKit                  0x00007fffa35624ec NSCGSTransactionRunPreCommitActionsForOrder_ + 2894   com.apple.AppKit                  0x00007fffa35623b8 NSCGSTransactionRunPreCommitActions_ + 315   com.apple.AppKit                  0x00007fffa356238d __39+[_NSCGSTransaction currentTransaction]_block_invoke + 346   com.apple.QuartzCore              0x00007fffab2c6a4a CA::Transaction::run_commit_handlers(CATransactionPhase) + 467   com.apple.QuartzCore              0x00007fffab3ce58f CA::Context::commit_transaction(CA::Transaction*) + 9598   com.apple.QuartzCore              0x00007fffab2c55e5 CA::Transaction::commit() + 4759   com.apple.AppKit                  0x00007fffa38441cd __37+[NSDisplayCycle currentDisplayCycle]_block_invoke.31 + 32310  com.apple.CoreFoundation          0x00007fffa57a8f87 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 2311  com.apple.CoreFoundation          0x00007fffa57a8ef7 __CFRunLoopDoObservers + 39112  com.apple.CoreFoundation          0x00007fffa5789e39 __CFRunLoopRun + 87313  com.apple.CoreFoundation          0x00007fffa5789874 CFRunLoopRunSpecific + 42014  com.apple.HIToolbox               0x00007fffa4d29f6c RunCurrentEventLoopInMode + 24015  com.apple.HIToolbox               0x00007fffa4d29ca9 ReceiveNextEventCommon + 18416  com.apple.HIToolbox               0x00007fffa4d29bd6 _BlockUntilNextEventMatchingListInModeWithFilter + 7117  com.apple.AppKit                  0x00007fffa34205f5 _DPSNextEvent + 109318  com.apple.AppKit                  0x00007fffa3b308eb -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 163719  com.apple.AppKit                  0x00007fffa3414fbd -[NSApplication run] + 92620  com.apple.AppKit                  0x00007fffa33dfa8a NSApplicationMain + 123721  libdyld.dylib                     0x00007fffba85b255 start + 1

schosch · Answer

Hi Rico,I have exactly the same behaviour. It happens to me when a webview that has an embedded PDF is edited. It happens after a few events. If the PDF is replaced by a PNG, the error does not happen.Do you have any fix for this?Best regards, Schosch

_Rico · Answer

Hi Schosch,Can you reproduce this problem on your machine?I don’t have a solution for this yet, but I’m glad to hear that I’m not the only one running into this. Let’s compare notes, if you don’t mind. Hopefully we can spot a pattern somewhere to track this down.What I have so far:- I can’t reproduce this myself, but my app is crashing for a number of users (&amp;gt;10 got in touch)- My app also uses an embedded WebView to display HTML and images (png + jpg, no PDF)- Crashes only seem to happen after upgrading to macOS Sierra 10.12 or 10.12.1 (crashes on both versions)- The app works fine on Mac OS X 10.11 and older- Crashes seem to happen at random times, for some users the app crashes right away each time, for other it works fine for an hour before it crashes- All crash logs show the same cause:    Application Specific Information:   objc_msgSend() selector name: retain    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread    0   libobjc.A.dylib                   0x00007fffb9f71b5d objc_msgSend + 29    1   com.apple.AppKit                  0x00007fffa35caa35 -[_NSCGSWindowBuffer colorSpace] + 33    …- Stack traces never show any of my code, but plenty of “com.apple.JavaScriptCore”- I use lots of JavaScript and the Objective-C to JavaScript bridge- Some users reported that the app was running in full screen or split view mode, not sure if that’s related- I use an NSToolbarItem with some custom drawing (a badge overlay)WebKit may be a candidate here, because all crash logs show that other threads are running some JavaScript related code:Thread 5:: JIT Worklist Worker Thread0   libsystem_kernel.dylib            0x00007fffda5a0c8a __psynch_cvwait + 101   libsystem_pthread.dylib           0x00007fffda68997a _pthread_cond_wait + 7122   libc++.1.dylib                    0x00007fffd901758d std::__1::condition_variable::wait(std::__1::unique_lock&amp;lt;std::__1::mutex&amp;gt;&amp;amp;) + 473   com.apple.JavaScriptCore          0x00007fffc82747de ***::ParkingLot::parkConditionallyImpl(void const*, ***::ScopedLambda&amp;lt;bool ()&amp;gt; const&amp;amp;, ***::ScopedLambda&amp;lt;void ()&amp;gt; const&amp;amp;, std::__1::chrono::time_point&amp;lt;std::__1::chrono::steady_clock, std::__1::chrono::duration&amp;lt;long long, std::__1::ratio&amp;lt;1l, 1000000000l&amp;gt; &amp;gt; &amp;gt;) + 24944   com.apple.JavaScriptCore          0x00007fffc802a8ea JSC::JITWorklist::runThread() + 2345   com.apple.JavaScriptCore          0x00007fffc802ad7d std::__1::__function::__func&amp;lt;JSC::JITWorklist::JITWorklist()::$_0, std::__1::allocator&amp;lt;JSC::JITWorklist::JITWorklist()::$_0&amp;gt;, void ()&amp;gt;::operator()() + 136   com.apple.JavaScriptCore          0x00007fffc7872072 ***::threadEntryPoint(void*) + 1787   com.apple.JavaScriptCore          0x00007fffc7871f9f ***::wtfThreadEntryPoint(void*) + 158   libsystem_pthread.dylib           0x00007fffda688abb _pthread_body + 1809   libsystem_pthread.dylib           0x00007fffda688a07 _pthread_start + 28610  libsystem_pthread.dylib           0x00007fffda688231 thread_start + 13What to do next?I’ll update my radar bug report with the new findings (WebKit) and reference this thread. How about if you file a bug report against WebKit yourself so that Apple see that this is not a one time thing?Please keep me posted!Cheers,Rico

_Rico · Answer

Hi Schosch,No solution yet, but I also use an embedded WebView. I added a reply with more details that is currently awaiting approval by a moderator. It should appear soon (I hope).-Rico

App suddenly crashing at [[_NSCGSWindowBuffer colorSpace] retain] on macOS Sierra

Replies