app halts by malloc OSAtomicDequeue

I find my app occasionally halts an then a crash terminated by SpringBoard

for Termination Reason: Namespace SPRINGBOARD, Code 0x8badf00d

the key crash message is


Exception Type: EXC_BAD_ACCESS (SIGKILL)

Exception Subtype: KERN_INVALID_ADDRESS at 0x8000000000000008

VM Region Info: 0x8000000000000008 is not in any region. Bytes after previous region: 9223372028765011977

REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL

Stack 00000001e2278000-00000001e2300000 [ 544K] rw-/rwx SM=COW thread 137

--->

UNUSED SPACE AT END

Termination Reason: Namespace SPRINGBOARD, Code 0x8badf00d

Termination Description: SPRINGBOARD, scene-update watchdog transgression: com.xiaoyike exhausted real (wall clock) time allowance of 10.00 seconds | | ProcessVisibility: Foreground | ProcessState: Running | WatchdogEvent: scene-update | WatchdogVisibility: Foreground | WatchdogCPUStatistics: ( | "Elapsed total CPU time (seconds): 20.000 (user 20.000, system 0.000), 100% CPU", | "Elapsed application CPU time (seconds): 12.059, 60% CPU" | )

Triggered by Thread: 0

Application Specific Information:

abort() called

Filtered syslog:

None found

Thread 0 name: Dispatch queue: com.apple.main-thread

Thread 0 Crashed:

0 libsystem_platform.dylib 0x000000018246a904 OSAtomicDequeue$VARIANT$mp + 12

1 libsystem_malloc.dylib 0x00000001823a3c14 _nano_malloc_check_clear + 152

2 libsystem_malloc.dylib 0x00000001823a2c5c nano_malloc + 44

3 libsystem_malloc.dylib 0x0000000182391b88 malloc_zone_malloc + 172

4 CoreFoundation 0x000000018287b180 __CFBasicHashRehash + 296

5 CoreFoundation 0x000000018274b9b0 CFDictionaryCreate + 244

6 CoreFoundation 0x000000018276679c CFErrorCreateWithUserInfoKeysAndValues + 148

7 CoreServicesInternal 0x00000001a4522d34 _FSURLCreateStandardError + 476


Other threads mostly block at libsystem_platform.dylib OSAtomicDequeue

Can someone give some ideas?

Up vote post of xiaoyike Down vote post of xiaoyike
1.7k views
Posted by
xiaoyike
Reply
Add a Comment

Replies

app halts by malloc OSAtomicDequeue

Please post a full crash report for this crash.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I have same crash issue. Interesting point is two threads accessing at same point "OSAtomicDequeue$VARIANT$mp" and one thread crash.

Could some one investigate what happens?


I also 30+ crash report on _nano_malloc_check_clear.


Hardware Model: iPad7,3

Version: 1 (1.0)

Code Type: ARM-64 (Native)

Role: Foreground

OS Version: iPhone OS 11.2.6 (15D100)

Baseband Version: n/a

Report Version: 104


Exception Type: EXC_BAD_ACCESS (SIGSEGV)

Exception Subtype: KERN_INVALID_ADDRESS at 0x0000001900000008

VM Region Info: 0x1900000008 is not in any region. Bytes after previous region: 99321118729

REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL

MALLOC_NANO (reserved) 00000001d8000000-00000001e0000000 [128.0M] rw-/rwx SM=NUL ...(unallocated)

--->

UNUSED SPACE AT END


Termination Signal: Segmentation fault: 11

Termination Reason: Namespace SIGNAL, Code 0xb

Terminating Process: exc handler [0]

Triggered by Thread: 7


Thread 0 name: Dispatch queue: com.apple.main-thread

Thread 0:

0 CoreFoundation 0x00000001834eb020 __CFArrayReleaseValues + 0

1 CoreFoundation 0x0000000183451cb8 _CFArrayReplaceValues + 424

2 CoreFoundation 0x0000000183457838 CFRunLoopRemoveTimer + 252

3 Foundation 0x0000000183f73d40 __NSFireDelayedPerform + 388

4 CoreFoundation 0x0000000183537dc0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28

5 CoreFoundation 0x0000000183537ae4 __CFRunLoopDoTimer + 864

6 CoreFoundation 0x00000001835372e4 __CFRunLoopDoTimers + 248

7 CoreFoundation 0x0000000183534ecc __CFRunLoopRun + 1928

8 CoreFoundation 0x0000000183454c58 CFRunLoopRunSpecific + 436

9 GraphicsServices 0x0000000185300f84 GSEventRunModal + 100

10 UIKit 0x000000018cbad5c4 UIApplicationMain + 236

11 libxpc.dylib 0x0000000183200e38 _xpc_objc_main + 556

12 libxpc.dylib 0x0000000183202efc xpc_main + 180

13 Foundation 0x00000001840b5bb4 service_connection_handler + 0

14 PlugInKit 0x0000000188a75d48 -[PKService run] + 752

15 PlugInKit 0x0000000188a7590c +[PKService main] + 56

16 PlugInKit 0x0000000188a75d6c +[PKService _defaultRun:arguments:] + 20

17 Foundation 0x0000000184096cf0 NSExtensionMain + 64

18 libdyld.dylib 0x0000000182f7456c start + 4


Thread 1:

0 libsystem_kernel.dylib 0x00000001830a4d80 __workq_kernreturn + 8

1 libsystem_pthread.dylib 0x00000001831b6eec _pthread_wqthread + 884

2 libsystem_pthread.dylib 0x00000001831b6b6c start_wqthread + 4


Thread 2:

0 libsystem_kernel.dylib 0x00000001830a4d80 __workq_kernreturn + 8

1 libsystem_pthread.dylib 0x00000001831b6eec _pthread_wqthread + 884

2 libsystem_pthread.dylib 0x00000001831b6b6c start_wqthread + 4


Thread 3:

0 libsystem_pthread.dylib 0x00000001831b6b68 start_wqthread + 0


Thread 4:

0 libsystem_pthread.dylib 0x00000001831b6b68 start_wqthread + 0


Thread 5 name: Dispatch queue: com.apple.NSXPCConnection.user.endpoint

Thread 5:

0 libsystem_platform.dylib 0x00000001831b2904 OSAtomicDequeue$VARIANT$mp + 12

1 libsystem_malloc.dylib 0x00000001830ebc14 _nano_malloc_check_clear + 152

2 libsystem_malloc.dylib 0x00000001830eac5c nano_malloc + 44

3 libsystem_malloc.dylib 0x00000001830d9b88 malloc_zone_malloc + 172

4 libsystem_malloc.dylib 0x00000001830dc540 malloc + 32

5 libsystem_c.dylib 0x0000000182fb1274 strdup + 36

6 libxpc.dylib 0x00000001831eeac8 xpc_string_create + 16

7 libxpc.dylib 0x00000001831eea90 xpc_dictionary_set_string + 32

8 libsystem_trace.dylib 0x00000001831d49a8 _os_activity_stream_entry_encode + 1028

9 libsystem_trace.dylib 0x00000001831d447c _os_activity_stream_reflect + 304

10 libsystem_trace.dylib 0x00000001831e0f14 _os_log_impl_stream + 260

11 libsystem_trace.dylib 0x00000001831dfd58 _os_log_impl_flatten_and_send + 2808

12 libsystem_trace.dylib 0x00000001831e16a4 _os_log_with_args_impl + 388

13 CoreFoundation 0x000000018357bd7c _CFLogvEx3 + 188

14 Foundation 0x0000000183f6adb8 _NSLogv + 128

15 Foundation 0x0000000183e8ef44 NSLog + 32

16 MyAppEx 0x00000001026b225c 0x1026a0000 + 74332

17 MyAppEx 0x00000001026aeee0 0x1026a0000 + 61152

18 ReplayKit 0x000000019e3cfc1c -[RPBroadcastSampleHandler _processPayload:] + 560

19 ReplayKit 0x000000019e3d04e8 -[RPBroadcastSampleHandler processPayload:completion:] + 76

20 Foundation 0x00000001840afddc __NSXPCCONNECTION_IS_CALLING_OUT_TO_EXPORTED_OBJECT_S2__ + 20

21 Foundation 0x00000001840ae528 -[NSXPCConnection _decodeAndInvokeMessageWithEvent:flags:] + 2584

22 Foundation 0x0000000183e846e0 message_handler + 240

23 libxpc.dylib 0x00000001831f2634 _xpc_connection_call_event_handler + 68

24 libxpc.dylib 0x00000001831effc8 _xpc_connection_mach_event + 984

25 libdispatch.dylib 0x0000000182f0eae4 _dispatch_client_callout4 + 16

26 libdispatch.dylib 0x0000000182f25454 _dispatch_mach_msg_invoke$VARIANT$mp + 356

27 libdispatch.dylib 0x0000000182f18824 _dispatch_queue_serial_drain$VARIANT$mp + 200

28 libdispatch.dylib 0x0000000182f260d0 _dispatch_mach_invoke$VARIANT$mp + 952

29 libdispatch.dylib 0x0000000182f18824 _dispatch_queue_serial_drain$VARIANT$mp + 200

30 libdispatch.dylib 0x0000000182f192fc _dispatch_queue_invoke$VARIANT$mp + 340

31 libdispatch.dylib 0x0000000182f19d20 _dispatch_root_queue_drain_deferred_wlh$VARIANT$mp + 404

32 libdispatch.dylib 0x0000000182f2203c _dispatch_workloop_worker_thread$VARIANT$mp + 644

33 libsystem_pthread.dylib 0x00000001831b6f1c _pthread_wqthread + 932

34 libsystem_pthread.dylib 0x00000001831b6b6c start_wqthread + 4


Thread 6 name: com.apple.uikit.eventfetch-thread

Thread 6:

0 libsystem_kernel.dylib 0x0000000183083568 mach_msg_trap + 8

1 libsystem_kernel.dylib 0x00000001830833e0 mach_msg + 72

2 CoreFoundation 0x0000000183537108 __CFRunLoopServiceMachPort + 196

3 CoreFoundation 0x0000000183534cd4 __CFRunLoopRun + 1424

4 CoreFoundation 0x0000000183454c58 CFRunLoopRunSpecific + 436

5 Foundation 0x0000000183e89594 -[NSRunLoop+ 50580 (NSRunLoop) runMode:beforeDate:] + 304

6 Foundation 0x0000000183ea89ac -[NSRunLoop+ 178604 (NSRunLoop) runUntilDate:] + 96

7 UIKit 0x000000018d7177a8 -[UIEventFetcher threadMain] + 136

8 Foundation 0x0000000183f8b0f4 __NSThread__start__ + 996

9 libsystem_pthread.dylib 0x00000001831b82b4 _pthread_body + 308

10 libsystem_pthread.dylib 0x00000001831b8180 _pthread_body + 0

11 libsystem_pthread.dylib 0x00000001831b6b74 thread_start + 4


Thread 7 name: com.apple.CFSocket.private

Thread 7 Crashed:

0 libsystem_platform.dylib 0x00000001831b2904 OSAtomicDequeue$VARIANT$mp + 12

1 libsystem_malloc.dylib 0x00000001830ebc14 _nano_malloc_check_clear + 152

2 libsystem_malloc.dylib 0x00000001830eac5c nano_malloc + 44

3 libsystem_malloc.dylib 0x00000001830d9b88 malloc_zone_malloc + 172

4 libsystem_malloc.dylib 0x00000001830dc540 malloc + 32

5 CoreFoundation 0x00000001834c3d0c -[__NSArrayM setObject:atIndex:] + 292

6 CoreFoundation 0x000000018353fab8 __CFSocketManager + 1788

7 libsystem_pthread.dylib 0x00000001831b82b4 _pthread_body + 308

8 libsystem_pthread.dylib 0x00000001831b8180 _pthread_body + 0

9 libsystem_pthread.dylib 0x00000001831b6b74 thread_start + 4


Thread 7 crashed with ARM Thread State (64-bit):

x0: 0x0000001900000000 x1: 0x0000000000000008 x2: 0x0000000000000000 x3: 0x0000000000000000

x4: 0x0000000000000000 x5: 0x0000000000000000 x6: 0x0000000000000000 x7: 0x0000000000000000

x8: 0x00000001026fc000 x9: 0x0000000000000000 x10: 0x0027cb010027cb80 x11: 0x000000000027cb01

x12: 0x000000000027ca00 x13: 0x0000000000000001 x14: 0x0000000000000000 x15: 0x0027cb010027cbc0

x16: 0x00000001831b28f8 x17: 0x00000001834c3be8 x18: 0xfffffff010cdd260 x19: 0x0000000000000000

x20: 0x0000000000000010 x21: 0x0000000000000000 x22: 0x00000001026f8000 x23: 0x00000001b2a54000

x24: 0x0000000000000000 x25: 0x00000001026f8000 x26: 0x0000000000000000 x27: 0x0000000000000000

x28: 0x0000000000000001 fp: 0x000000016db269f0 lr: 0x00000001830ebc14

sp: 0x000000016db26960 pc: 0x00000001831b2904 cpsr: 0x20000000

Posted by
actiontec
Up vote reply of actiontec Down vote reply of actiontec
Add a Comment

I have same crash issue.

While this crash looks similar, it’s not the same thing. In xiaoyike’s case the app is being killed by the watchdog because its main thread has been blocked too long. You can tell this because the exception code is 0x8badf00d, or “ate bad food”.

In your case the app is crashing because it’s accessing an invalid memory address (indicated by the 

EXC_BAD_ACCESS
exception type). Given that the crashing thread is within 
malloc
, this is most likely caused by some sort of memory corruption within your app. I recommend that you investigate this with the standard memory debugging tools.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment