Crashes "[RenderBox] RB::Animation::size(RB::Animation::TermOrArg const*, unsigned long) EXC_BAD_ACCESS" on iOS 17

UI Frameworks SwiftUI
mini_ios OP
Created Jul ’23
Replies 8
Boosts 1
Views 1.9k
Participants 9

Recently, we got crash reports on "[RenderBox] RB::Animation::size(RB::Animation::TermOrArg const*, unsigned long) EXC_BAD_ACCESS" on iOS 17 only.

Is this an iOS 17 beta issue?

This is the crash log.

=========
Incident Identifier: F64495FD-BD28-4C35-9AA6-B9CCFFE46689
Hardware Model:      iPhone13,4
Process:             ourapp [774]
Path:                /private/var/containers/Bundle/Application/88384E91-49B7-4AD3-ABB7-29569372166F/ourapp.app/ourapp
Identifier:          com.ourcompany.ourapp
Version:             2.1.11 (4111)
AppStoreTools:       14E221
AppVariant:          1:iPhone13,4:15
Code Type:           ARM-64 (Native)
Role:                Foreground
Parent Process:      launchd [1]
Coalition:           com.ourcompany.ourapp [891]

Date/Time:           2023-07-10 20:39:42.0369 +0900
Launch Time:         2023-07-10 20:39:37.5495 +0900
OS Version:          iPhone OS 17.0 (21A5277h)
Release Type:        Beta
Baseband Version:    4.02.00
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000235686558
Exception Codes: 0x0000000000000001, 0x0000000235686558
VM Region Info: 0x235686558 is not in any region.  Bytes after previous region: 19621209  Bytes before following region: 13933224
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT            23437adb8-2343d0000 [  341K] r--/rw- SM=COW  ...ed lib __TEXT
--->  GAP OF 0x2000000 BYTES
      unused __TEXT            2363d0000-2363e4000 [   80K] r--/r-- SM=COW  ...ed lib __TEXT
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [774]

Triggered by Thread:  0


Kernel Triage:
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter


Thread 0 name:
Thread 0 Crashed:
0   RenderBox                     	0x00000001f56047bc 0x1f5588000 + 509884
1   RenderBox                     	0x00000001f561af9c 0x1f5588000 + 602012
2   RenderBox                     	0x00000001f55c3e38 0x1f5588000 + 245304
3   RenderBox                     	0x00000001f55c3c78 0x1f5588000 + 244856
4   SwiftUI                       	0x000000018c71f860 0x18bb78000 + 12220512
5   SwiftUI                       	0x000000018c71e7b8 0x18bb78000 + 12216248
6   SwiftUI                       	0x000000018cf003a4 0x18bb78000 + 20480932
7   SwiftUI                       	0x000000018c71d3dc 0x18bb78000 + 12211164
8   SwiftUI                       	0x000000018c71cbe0 0x18bb78000 + 12209120
9   SwiftUI                       	0x000000018bee7fa8 0x18bb78000 + 3604392
10  SwiftUI                       	0x000000018c167020 0x18bb78000 + 6221856
11  AttributeGraph                	0x00000001b0027d10 0x1b0024000 + 15632
12  AttributeGraph                	0x00000001b0027674 0x1b0024000 + 13940
13  AttributeGraph                	0x00000001b00269cc 0x1b0024000 + 10700
14  SwiftUI                       	0x000000018bb96078 0x18bb78000 + 123000
15  SwiftUI                       	0x000000018d3926dc 0x18bb78000 + 25274076
16  SwiftUI                       	0x000000018bb8af20 0x18bb78000 + 77600
17  SwiftUI                       	0x000000018bb936e4 0x18bb78000 + 112356
18  SwiftUI                       	0x000000018bb8e0a4 0x18bb78000 + 90276
19  SwiftUI                       	0x000000018bb88ad4 0x18bb78000 + 68308
20  SwiftUI                       	0x000000018d3926a4 0x18bb78000 + 25274020
21  SwiftUI                       	0x000000018d392590 0x18bb78000 + 25273744
22  SwiftUI                       	0x000000018bc3a620 0x18bb78000 + 796192
23  SwiftUI                       	0x000000018c387328 0x18bb78000 + 8450856
24  SwiftUI                       	0x000000018c3873d4 0x18bb78000 + 8451028
25  UIKitCore                     	0x000000018a7edec8 0x18a106000 + 7241416
26  UIKitCore                     	0x000000018aee1438 0x18a106000 + 14529592
27  UIKitCore                     	0x000000018aee0990 0x18a106000 + 14526864
28  CoreFoundation                	0x0000000187ff8800 0x187f27000 + 858112
29  CoreFoundation                	0x0000000188003930 0x187f27000 + 903472
30  CoreFoundation                	0x0000000187f9168c 0x187f27000 + 435852
31  CoreFoundation                	0x0000000187fa3a24 0x187f27000 + 510500
32  CoreFoundation                	0x0000000187fa86c0 0x187f27000 + 530112
33  GraphicsServices              	0x00000001ca02a224 0x1ca029000 + 4644
34  UIKitCore                     	0x000000018a494d08 0x18a106000 + 3730696
35  UIKitCore                     	0x000000018a49496c 0x18a106000 + 3729772
36  ourapp                     	0x000000010406af94 main + 68 (AppDelegate.swift:20)
37  dyld                          	0x00000001aad404f8 0x1aad2b000 + 87288
=========

Thanks.

Replies  8
Boosts  1
Views  1.9k
Participants  9
harryblam OP
Jul ’23

I'm seeing a similar error on my side also. Only for iOS 17 users.

0
thatvirtualboy OP
Jul ’23

Found similar behaviors when using .animation() on iOS 17. Anyone find a workaround or experience similar findings?

0
kimifromtaiwan OP
Aug ’23

Not quite the same but there are many mach_vm_allocate_kernel failed within call to vm_map_enter in my crash report too.

OS Version:          iPhone OS 17.0 (21A5291j)
Release Type:        Beta
Baseband Version:    2.06.01
Report Version:      104

Exception Type:  EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Termination Reason: RUNNINGBOARD 0xd00d2bad 

Triggered by Thread:  0


Kernel Triage:
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter


Thread 0 name:
Thread 0 Crashed:
0   UIKitCore                     	0x00000001a3314d28 -[UIKBInputDelegateManager setAttributedMarkedText:selectedRange:] + 0 (UIKBInputDelegateManager.m:533)
1   UIKitCore                     	0x00000001a35eb124 -[UIKeyboardImpl _setAttributedMarkedText:selectedRange:inputString:lastInputString:searchString:compareAttributes:] + 720 (UIKeyboardImpl.m:11050)
2   UIKitCore                     	0x00000001a35ea920 -[UIKeyboardImpl setMarkedText:selectedRange:inputString:lastInputString:searchString:candidateOffset:liveConversionSegments:highlighSegmentIndex:] + 552 (UIKeyboardImpl.m:10958)
3   UIKitCore                     	0x00000001a3609558 -[UIKeyboardImpl assertIntermediateText:] + 280 (UIKeyboardImpl.m:18680)
4   UIKitCore                     	0x00000001a35edc80 -[UIKeyboardImpl syncKeyboardToConfiguration:] + 116 (UIKeyboardImpl.m:11718)
5   UIKitCore                     	0x00000001a35eeab0 __55-[UIKeyboardImpl handleKeyboardInput:executionContext:]_block_invoke_2 + 932 (UIKeyboardImpl.m:11871)
6   UIKitCore                     	0x00000001a2cfc8f8 -[UIKeyboardTaskEntry execute:] + 208 (UIKeyboardTaskQueue.m:869)
7   UIKitCore                     	0x00000001a2cfc7dc -[UIKeyboardTaskQueue continueExecutionOnMainThread] + 324 (UIKeyboardTaskQueue.m:447)
8   Foundation                    	0x000000019f86a47c __NSThreadPerformPerform + 264 (NSThread.m:1074)
9   CoreFoundation                	0x00000001a08066cc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1957)
10  CoreFoundation                	0x00000001a0805960 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2001)
11  CoreFoundation                	0x00000001a0804124 __CFRunLoopDoSources0 + 244 (CFRunLoop.c:2038)
12  CoreFoundation                	0x00000001a0802e60 __CFRunLoopRun + 828 (CFRunLoop.c:2955)
13  CoreFoundation                	0x00000001a0802a40 CFRunLoopRunSpecific + 600 (CFRunLoop.c:3420)
14  GraphicsServices              	0x00000001e2d4b5ec GSEventRunModal + 164 (GSEvent.c:2196)
15  UIKitCore                     	0x00000001a2c19ba0 -[UIApplication _run] + 888 (UIApplication.m:3669)
16  UIKitCore                     	0x00000001a2c191dc UIApplicationMain + 340 (UIApplication.m:5255)
17  myappname                          	0x0000000102c4beb0 main + 68 (AppDelegate.swift:51)
18  dyld                          	0x00000001c38a4d44 start + 2104 (dyldMain.cpp:1269)

Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x00000002816d7d80   x1: 0x000000019ac213fc   x2: 0x0000000280acf7a0   x3: 0x0000000000000004
    x4: 0x0000000000000000   x5: 0x0000000000003120   x6: 0x3127310a311f3107   x7: 0x0000000000000000
    x8: 0x00000001f2014de0   x9: 0x0000000000000042  x10: 0x00000001fe88b380  x11: 0x000000000000007f
   x12: 0x0000000000426b00  x13: 0x00000000000007fd  x14: 0x02000001f208464d  x15: 0x00000001f2084648
   x16: 0x00000001f2084648  x17: 0x00000001a3314d28  x18: 0x0000000000000000  x19: 0x0000000000000004
   x20: 0x00000002816d7d80  x21: 0x00000000000002a2  x22: 0x00000002817c6d40  x23: 0x000000010a10fa00
   x24: 0x00000002800f7b40  x25: 0x0000000280acf7a0  x26: 0x0000000280ada100  x27: 0x0000000000000000
   x28: 0x0000000280ada100   fp: 0x000000016d1ba520   lr: 0x00000001a35eb124
    sp: 0x000000016d1ba460   pc: 0x00000001a3314d28 cpsr: 0x60001400
   esr: 0x56000080  Address size fault
0
baraupp OP
Aug ’23

A user of my app had a similar crash, but now in NSURLSession::dataTaskWithRequest, also on 17.0 (21A5291j). It has the same vm_map_enter failed

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Termination Reason: SIGNAL 6 Abort trap: 6

VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
0
p1ng-it OP
Sep ’23

Are there any solutions out? Having same problems on vue.js Applications in Safari on iPad OS 17, many Devices.

0
davidmoe4280 OP
Jan ’24

Enabling Extended Virtual Addressing Entitlement seems to be helping with this issue. Still need to test more. Could anyone else confirm?

0
simonfromhelix OP
May ’24

I'm still seeing a lot of these crashes in devices running iOS 17 including 17.4 & 17.5. There doesn't seem to be any problems with users on iOS 16.

OS Version:          iPhone OS 17.4.1 (21E236)

Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
VM Region Info: 0 is not in any region.  Bytes before following region: 4373921792
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   104b4c000-104c88000 [ 1264K] r-x/r-x SM=COW  /var/containers/Bundle/Application/89D41909-EA37-4C14-87A4-D7CB78F7E83E/<App_Name>.app/<App_Name>
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [606]

Triggered by Thread:  0


Thread 0 name:
Thread 0 Crashed:
0   RenderBox                     	0x000000020450ff64 RB::Heap::alloc_slow(unsigned long, unsigned long) + 252 (heap.cc:123)
1   RenderBox                     	0x0000000204523088 RB::Coverage::Glyphs::Glyphs(RB::Heap&, CGFont*, unsigned int, unsigned short const*, float vector[2] const*, unsigned int, float vector[2], unsigned int) + 252 (coverage-glyphs.mm:82)
2   RenderBox                     	0x00000002045230d8 RB::Coverage::Glyphs::Glyphs(RB::Coverage::Glyphs const&, RB::Heap&) + 52 (coverage-glyphs.mm:95)
3   RenderBox                     	0x000000020455a7dc RB::DisplayList::GenericItem1<RB::Coverage::Glyphs, RB::Fill::Color>::GenericItem1(RB::Heap&, RB::Coverage::Glyphs const&, RB::Fill::Color const&, RB::AffineTransform const*, float, RB::BlendMode, ... + 112 (display-list.h:1081)
4   RenderBox                     	0x000000020455b438 RB::DisplayList::GenericItem<RB::Coverage::Glyphs, RB::Fill::Color>* RB::Heap::emplace<RB::DisplayList::GenericItem<RB::Coverage::Glyphs, RB::Fill::Color>, RB::Heap&, RB::Coverage::Glyphs const&, R... + 116 (heap.h:33)
5   RenderBox                     	0x000000020455a86c RB::DisplayList::GenericItem<RB::Coverage::Glyphs, RB::Fill::Color>::copy(RB::DisplayList&, unsigned int) const + 76 (display-list.h:2235)
6   RenderBox                     	0x00000002045ae7fc RB::DisplayList::draw(RB::DisplayList::Contents const&, RB::DisplayList::State&, float, RB::DisplayListPredicate::Invertible const*, void*) + 800 (display-list.mm:1822)
7   RenderBox                     	0x0000000204545478 -[RBDisplayListPredicate filteringDisplayList:] + 104 (RBDisplayList.mm:2205)
8   SwiftUI                       	0x00000001954a4fcc ResolvedStyledText.layers(for:renderer:deviceScale:) + 132 (Text+View.swift:1413)
9   SwiftUI                       	0x000000019554ba28 _ShapeStyle_RenderedShape.renderKeyedText(_:style:name:layers:) + 304 (ShapeStyleRendering.swift:730)
10  SwiftUI                       	0x0000000195546ec8 _ShapeStyle_RenderedShape.renderItem(name:styles:layers:) + 404 (ShapeStyleRendering.swift:95)
11  SwiftUI                       	0x0000000194fd0428 specialized ShapeStyledDisplayList.updateValue() + 916 (ShapeStyledLeafView.swift:210)
12  SwiftUI                       	0x00000001951043d4 specialized implicit closure #1 in closure #1 in closure #1 in Attribute.init<A>(_:) + 24 (<compiler-generated>:0)
13  AttributeGraph                	0x00000001b9834240 AG::Graph::UpdateStack::update() + 512 (ag-graph-update.cc:578)
14  AttributeGraph                	0x00000001b982af38 AG::Graph::update_attribute(AG::data::ptr<AG::Node>, unsigned int) + 424 (ag-graph-update.cc:719)
15  AttributeGraph                	0x00000001b9832538 AG::Graph::value_ref(AG::AttributeID, unsigned int, AGSwiftMetadata const*, unsigned char&) + 288 (ag-graph.cc:1201)
16  AttributeGraph                	0x00000001b9835470 AGGraphGetWeakValue + 388 (AGGraph.mm:735)
17  SwiftUI                       	0x000000019580dfb8 ViewGraph.displayList() + 44 (ViewGraph.swift:766)
18  SwiftUI                       	0x00000001962c3a4c closure #2 in closure #1 in ViewRendererHost.render(interval:updateDisplayList:) + 2252 (ViewRendererHost.swift:259)
19  SwiftUI                       	0x00000001962c3028 closure #1 in ViewRendererHost.render(interval:updateDisplayList:) + 660 (ViewRendererHost.swift:235)
20  SwiftUI                       	0x00000001962c1170 ViewRendererHost.render(interval:updateDisplayList:) + 408 (<compiler-generated>:0)
21  SwiftUI                       	0x0000000196331164 _UIHostingView.layoutSubviews() + 332 (UIHostingView.swift:1127)
22  SwiftUI                       	0x00000001963311c4 @objc _UIHostingView.layoutSubviews() + 36 (<compiler-generated>:0)
23  UIKitCore                     	0x00000001930050f8 -[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1528 (UIView.m:20041)
24  QuartzCore                    	0x000000019242fe30 CA::Layer::layout_if_needed(CA::Transaction*) + 504 (CALayer.mm:10816)
25  QuartzCore                    	0x000000019242f9b4 CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 148 (CALayer.mm:2598)
26  QuartzCore                    	0x0000000192435bb4 CA::Context::commit_transaction(CA::Transaction*, double, double*) + 464 (CAContextInternal.mm:2760)
27  QuartzCore                    	0x000000019242f1bc CA::Transaction::commit() + 648 (CATransactionInternal.mm:432)
28  QuartzCore                    	0x000000019242ee64 CA::Transaction::flush_as_runloop_observer(bool) + 88 (CATransactionInternal.mm:942)
29  UIKitCore                     	0x000000019307d260 _UIApplicationFlushCATransaction + 52 (UIApplication.m:3160)
30  UIKitCore                     	0x000000019307cd78 _UIUpdateSequenceRun + 84 (_UIUpdateSequence.mm:119)
31  UIKitCore                     	0x000000019307c468 schedulerStepScheduledMainSection + 144 (_UIUpdateScheduler.m:1037)
32  UIKitCore                     	0x000000019307c524 runloopSourceCallback + 92 (_UIUpdateScheduler.m:1186)
33  CoreFoundation                	0x0000000190d8d62c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1957)
34  CoreFoundation                	0x0000000190d8c8a8 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2001)
35  CoreFoundation                	0x0000000190d8b058 __CFRunLoopDoSources0 + 244 (CFRunLoop.c:2038)
36  CoreFoundation                	0x0000000190d89d88 __CFRunLoopRun + 828 (CFRunLoop.c:2955)
37  CoreFoundation                	0x0000000190d89968 CFRunLoopRunSpecific + 608 (CFRunLoop.c:3420)
38  GraphicsServices              	0x00000001d507f4e0 GSEventRunModal + 164 (GSEvent.c:2196)
39  UIKitCore                     	0x00000001931fcedc -[UIApplication _run] + 888 (UIApplication.m:3692)
40  UIKitCore                     	0x00000001931fc518 UIApplicationMain + 340 (UIApplication.m:5282)
41  SwiftUI                       	0x0000000195bc3860 closure #1 in KitRendererCommon(_:) + 168 (UIKitApp.swift:51)
42  SwiftUI                       	0x0000000195bc36a8 runApp<A>(_:) + 152 (UIKitApp.swift:14)

*Last four lines removed due to text length limits.

0
simonfromhelix OP
1d

Further to my previous post in May providing the crash log and following a WWDC24 discussion with a DTS Engineer, I've since determined the crash I see on iOS 17.4 & 17.5 is unrelated to others in this post.

We've determined my issue is likely an iOS/SwiftUI issue/bug rather than something I am able to fix.

I've submitted a feedback FB13904299

0
Crashes "[RenderBox] RB::Animation::size(RB::Animation::TermOrArg const*, unsigned long) EXC_BAD_ACCESS" on iOS 17
First post date Last post date
 
 
Q