objc_msgSend crash

Developer Tools & Services Xcode
MattGApa OP
Created Nov ’24
Replies 4
Boosts 2
Views 550
Participants 2

My app experiencing a rare crash that I am unable to reproduce and am struggling to make progress with:

Thread 0 name:
Thread 0 Crashed:
0   libobjc.A.dylib               	0x00000001926c3c20 objc_msgSend + 32 (:-1)
1   Foundation                    	0x00000001997357b4 __NSThreadPerformPerform + 264 (NSThread.m:1084)
2   CoreFoundation                	0x000000019a82b834 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1957)
3   CoreFoundation                	0x000000019a82b7c8 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2001)
4   CoreFoundation                	0x000000019a8292f8 __CFRunLoopDoSources0 + 340 (CFRunLoop.c:2046)
5   CoreFoundation                	0x000000019a828484 __CFRunLoopRun + 828 (CFRunLoop.c:2955)
6   CoreFoundation                	0x000000019a827cd8 CFRunLoopRunSpecific + 608 (CFRunLoop.c:3420)
7   GraphicsServices              	0x00000001df2751a8 GSEventRunModal + 164 (GSEvent.c:2196)
8   UIKitCore                     	0x000000019ce61ae8 -[UIApplication _run] + 888 (UIApplication.m:3713)
9   UIKitCore                     	0x000000019cf15d98 UIApplicationMain + 340 (UIApplication.m:5303)
10  <redacted>                     	0x000000010287af04 main + 64 (AppDelegate.swift:15)
11  dyld                          	0x00000001bdfff154 start + 2356 (dyldMain.cpp:1298)

I have done a fair amount of digging, looking at other similar crashes and at this: https://developer.apple.com/forums/thread/92102 but being unable to reproduce is quite limiting.

I found this very similar issue with useful info on finding which function was being called: https://forums.developer.apple.com/forums/thread/67763

But in my case, the x1 (and x2) register values seem to point to an area outside of the ranges in the "Binary Images" section..

I've attached an example of a full crash report (with the app name redacted): 

Incident Identifier: 32764EDA-B9AC-46BF-B26F-DDD66E37CCB8
Distributor ID:      com.apple.AppStore
Hardware Model:      iPhone15,5
Process:             
Path:                
Identifier:          
Version:             
AppStoreTools:       16A242d
AppVariant:          1:iPhone15,5:17
Code Type:           ARM-64 (Native)
Role:                Foreground
Parent Process:      launchd [1]
Coalition:           

Date/Time:           2024-10-30 20:44:26.7576 +0000
Launch Time:         2024-10-30 04:41:25.5841 +0000
OS Version:          iPhone OS 17.6.1 (21G93)
Release Type:        User
Baseband Version:    1.70.02
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x00003f485b8a33b0
Exception Codes: 0x0000000000000001, 0x00003f485b8a33b0
VM Region Info: 0x3f485b8a33b0 is not in any region.  Bytes after previous region: 69098969641905  
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      commpage (reserved)     1000000000-7000000000 [384.0G] ---/--- SM=NUL  reserved VM address space (unallocated)
--->  
      UNUSED SPACE AT END
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [856]

Triggered by Thread:  0


Kernel Triage:
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter
VM - (arg = 0x3) mach_vm_allocate_kernel failed within call to vm_map_enter


Thread 0 name:
Thread 0 Crashed:
0   libobjc.A.dylib               	0x00000001926c3c20 objc_msgSend + 32 (:-1)
1   Foundation                    	0x00000001997357b4 __NSThreadPerformPerform + 264 (NSThread.m:1084)
2   CoreFoundation                	0x000000019a82b834 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1957)
3   CoreFoundation                	0x000000019a82b7c8 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2001)
4   CoreFoundation                	0x000000019a8292f8 __CFRunLoopDoSources0 + 340 (CFRunLoop.c:2046)
5   CoreFoundation                	0x000000019a828484 __CFRunLoopRun + 828 (CFRunLoop.c:2955)
6   CoreFoundation                	0x000000019a827cd8 CFRunLoopRunSpecific + 608 (CFRunLoop.c:3420)
7   GraphicsServices              	0x00000001df2751a8 GSEventRunModal + 164 (GSEvent.c:2196)
8   UIKitCore                     	0x000000019ce61ae8 -[UIApplication _run] + 888 (UIApplication.m:3713)
9   UIKitCore                     	0x000000019cf15d98 UIApplicationMain + 340 (UIApplication.m:5303)
10                       	0x000000010287af04 main + 64 (AppDelegate.swift:15)
11  dyld                          	0x00000001bdfff154 start + 2356 (dyldMain.cpp:1298)

Thread 1 name:
Thread 1:
0   libsystem_kernel.dylib        	0x00000001e34ad6c8 mach_msg2_trap + 8 (:-1)
1   libsystem_kernel.dylib        	0x00000001e34b0ec8 mach_msg2_internal + 80 (mach_msg.c:201)
2   libsystem_kernel.dylib        	0x00000001e34b0de0 mach_msg_overwrite + 436 (mach_msg.c:0)
3   libsystem_kernel.dylib        	0x00000001e34b0c20 mach_msg + 24 (mach_msg.c:323)
4   CoreFoundation                	0x000000019a828f5c __CFRunLoopServiceMachPort + 160 (CFRunLoop.c:2624)
5   CoreFoundation                	0x000000019a828600 __CFRunLoopRun + 1208 (CFRunLoop.c:3007)
6   CoreFoundation                	0x000000019a827cd8 CFRunLoopRunSpecific + 608 (CFRunLoop.c:3420)
7   Foundation                    	0x0000000199748b5c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 (NSRunLoop.m:373)
8   Foundation                    	0x00000001997489ac -[NSRunLoop(NSRunLoop) runUntilDate:] + 64 (NSRunLoop.m:420)
9   UIKitCore                     	0x000000019ce7581c -[UIEventFetcher threadMain] + 420 (UIEventFetcher.m:1207)
10  Foundation                    	0x000000019975f428 __NSThread__start__ + 732 (NSThread.m:991)
11  libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
12  libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 2 name:
Thread 2:
0   libsystem_kernel.dylib        	0x00000001e34b308c __psynch_cvwait + 8 (:-1)
1   libsystem_pthread.dylib       	0x00000001f72a76e4 _pthread_cond_wait + 1228 (pthread_cond.c:862)
2   libc++.1.dylib                	0x00000001aac15598 std::__1::condition_variable::__do_timed_wait(std::__1::unique_lock&, std::__1::chrono::time_point                      0x0000000103a2a92c void kotlin::RepeatedTimer::Run::GCSchedulerDataAdaptive(kotlin::gcScheduler::GCSchedulerConfig&, ... + 260
4                         0x0000000103a2abb4 void* std::__1::__thread_proxy>, void (*)(kotlin::ScopedThread::attributes, void ... + 112
5   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
6   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 3 name:
Thread 3:
0   libsystem_kernel.dylib        	0x00000001e34b308c __psynch_cvwait + 8 (:-1)
1   libsystem_pthread.dylib       	0x00000001f72a76e4 _pthread_cond_wait + 1228 (pthread_cond.c:862)
2   libc++.1.dylib                	0x00000001aac15504 std::__1::condition_variable::wait(std::__1::unique_lock&) + 28 (condition_variable.cpp:45)
3                         0x0000000103a2527c std::__1::invoke_result::type kotlin::S... + 112
4                         0x0000000103a2535c void* std::__1::__thread_proxy>, void (*)(kotlin::ScopedThread::attributes, kotli... + 104
5   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
6   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 4:
0   libsystem_kernel.dylib        	0x00000001e34b308c __psynch_cvwait + 8 (:-1)
1   libsystem_pthread.dylib       	0x00000001f72a76e4 _pthread_cond_wait + 1228 (pthread_cond.c:862)
2                          	0x0000000103a34b0c (anonymous namespace)::waitInNativeState(_opaque_pthread_cond_t*, _opaque_pthread_mutex_t*) + 68
3                          	0x0000000103a33bf4 Worker::processQueueElement(bool) + 752
4                          	0x0000000103a33860 (anonymous namespace)::workerRoutine(void*) + 104
5   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
6   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 5 name:
Thread 5:
0   libsystem_kernel.dylib        	0x00000001e34b1d1c write + 8 (:-1)
1   FirebaseCrashlytics           	0x0000000104e99cf4 FIRCLSSDKFileLog + 316 (FIRCLSInternalLogging.c:0)
2   FirebaseCrashlytics           	0x0000000104e9b924 FIRCLSMachExceptionReply + 128 (FIRCLSMachException.c:269)
3   FirebaseCrashlytics           	0x0000000104e9b924 FIRCLSMachExceptionServer + 968 (FIRCLSMachException.c:180)
4   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
5   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 6:
0   libsystem_kernel.dylib        	0x00000001e34b308c __psynch_cvwait + 8 (:-1)
1   libsystem_pthread.dylib       	0x00000001f72a76e4 _pthread_cond_wait + 1228 (pthread_cond.c:862)
2   libc++.1.dylib                	0x00000001aac15504 std::__1::condition_variable::wait(std::__1::unique_lock&) + 28 (condition_variable.cpp:45)
3   NewRelic                      	0x000000010572cc38 NewRelic::WorkQueue::task_thread() + 144
4   NewRelic                      	0x000000010572d618 std::__1::__async_assoc_state>::__execute() + 48
5   NewRelic                      	0x000000010572d788 void* std::__1::__thread_proxy[abi:v15006]>, void (std::__1::__async_assoc_state<... + 72
6   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
7   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 7:
0   libsystem_kernel.dylib        	0x00000001e34b308c __psynch_cvwait + 8 (:-1)
1   libsystem_pthread.dylib       	0x00000001f72a76e4 _pthread_cond_wait + 1228 (pthread_cond.c:862)
2   libc++.1.dylib                	0x00000001aac15504 std::__1::condition_variable::wait(std::__1::unique_lock&) + 28 (condition_variable.cpp:45)
3   NewRelic                      	0x000000010572cc38 NewRelic::WorkQueue::task_thread() + 144
4   NewRelic                      	0x000000010572d618 std::__1::__async_assoc_state>::__execute() + 48
5   NewRelic                      	0x000000010572d788 void* std::__1::__thread_proxy[abi:v15006]>, void (std::__1::__async_assoc_state<... + 72
6   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
7   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 8 name:
Thread 8:
0   libsystem_kernel.dylib        	0x00000001e34ad6c8 mach_msg2_trap + 8 (:-1)
1   libsystem_kernel.dylib        	0x00000001e34b0ec8 mach_msg2_internal + 80 (mach_msg.c:201)
2   libsystem_kernel.dylib        	0x00000001e34b0de0 mach_msg_overwrite + 436 (mach_msg.c:0)
3   libsystem_kernel.dylib        	0x00000001e34b0c20 mach_msg + 24 (mach_msg.c:323)
4   CoreFoundation                	0x000000019a828f5c __CFRunLoopServiceMachPort + 160 (CFRunLoop.c:2624)
5   CoreFoundation                	0x000000019a828600 __CFRunLoopRun + 1208 (CFRunLoop.c:3007)
6   CoreFoundation                	0x000000019a827cd8 CFRunLoopRunSpecific + 608 (CFRunLoop.c:3420)
7   CFNetwork                     	0x000000019ba08c7c +[__CFN_CoreSchedulingSetRunnable _run:] + 384 (CoreSchedulingSet.mm:1473)
8   Foundation                    	0x000000019975f428 __NSThread__start__ + 732 (NSThread.m:991)
9   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
10  libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 9 name:
Thread 9:
0   libsystem_kernel.dylib        	0x00000001e34ad6c8 mach_msg2_trap + 8 (:-1)
1   libsystem_kernel.dylib        	0x00000001e34b0ec8 mach_msg2_internal + 80 (mach_msg.c:201)
2   libsystem_kernel.dylib        	0x00000001e34b0de0 mach_msg_overwrite + 436 (mach_msg.c:0)
3   libsystem_kernel.dylib        	0x00000001e34b0c20 mach_msg + 24 (mach_msg.c:323)
4   CoreFoundation                	0x000000019a828f5c __CFRunLoopServiceMachPort + 160 (CFRunLoop.c:2624)
5   CoreFoundation                	0x000000019a828600 __CFRunLoopRun + 1208 (CFRunLoop.c:3007)
6   CoreFoundation                	0x000000019a827cd8 CFRunLoopRunSpecific + 608 (CFRunLoop.c:3420)
7   CoreFoundation                	0x000000019a895f04 CFRunLoopRun + 64 (CFRunLoop.c:3446)
8                          	0x0000000103a2a5e0 kotlin::gc::FinalizerProcessor, kotlin::alloc::FinalizerQueueTraits>::ProcessingLoopWithCFImpl::body() + 64
9                          	0x0000000103a284c8 std::__1::invoke_result, kotlin::alloc::FinalizerQueueTraits>::StartFinalizerThreadIfNone()::'lambda'()>::t... + 124
10                         	0x0000000103a2855c void* std::__1::__thread_proxy>, void (*)(kotlin::ScopedThread::attributes, kotli... + 104
11  libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
12  libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 10 name:
Thread 10:
0   libsystem_kernel.dylib        	0x00000001e34ad424 kevent_id + 8 (:-1)
1   libdispatch.dylib             	0x00000001a27217d4 _dispatch_kq_poll + 228 (event_kevent.c:760)
2   libdispatch.dylib             	0x00000001a2720d18 _dispatch_event_loop_poke + 340 (event_kevent.c:1901)
3   RunningBoardServices          	0x00000001a994a130 -[RBSProcessHandle _keepAlive] + 168 (RBSProcessHandle.m:416)
4   RunningBoardServices          	0x00000001a994a064 +[RBSProcessHandle _cachedHandleForKey:] + 100 (RBSProcessHandle.m:373)
5   RunningBoardServices          	0x00000001a9949ed0 +[RBSProcessHandle handleForKey:fetchIfNeeded:] + 88 (RBSProcessHandle.m:354)
6   RunningBoardServices          	0x00000001a9949ba4 -[RBSProcessHandle initWithRBSXPCCoder:] + 112 (RBSProcessHandle.m:687)
7   RunningBoardServices          	0x00000001a99488ac _BSXPCDecodeObjectFromContext + 2628 (RBSXPCCoder.m:413)
8   RunningBoardServices          	0x00000001a9947c8c _BSXPCDecodeObjectForKey + 148 (RBSXPCCoder.m:401)
9   RunningBoardServices          	0x00000001a99545e4 -[RBSProcessState initWithRBSXPCCoder:] + 136 (RBSProcessState.m:450)
10  RunningBoardServices          	0x00000001a99488ac _BSXPCDecodeObjectFromContext + 2628 (RBSXPCCoder.m:413)
11  RunningBoardServices          	0x00000001a995bd80 ___BSXPCDecodeObject_block_invoke + 60 (RBSXPCCoder.m:500)
12  libxpc.dylib                  	0x00000001f72f191c xpc_array_apply + 96 (array.c:568)
13  RunningBoardServices          	0x00000001a9948228 _BSXPCDecodeObjectFromContext + 960 (RBSXPCCoder.m:413)
14  RunningBoardServices          	0x00000001a9947c8c _BSXPCDecodeObjectForKey + 148 (RBSXPCCoder.m:401)
15  RunningBoardServices          	0x00000001a99541e0 -[RBSXPCMessage decodeArgumentCollection:withClass:atIndex:allowNil:error:] + 112 (RBSXPCUtilities.m:362)
16  RunningBoardServices          	0x00000001a99540f0 __32-[RBSConnection _handleMessage:]_block_invoke.215 + 112 (RBSConnection.m:1200)
17  libsystem_trace.dylib         	0x00000001b497f94c _os_activity_initiate_impl + 64 (activity.c:131)
18  RunningBoardServices          	0x00000001a9953b38 -[RBSConnection _handleMessage:] + 1144 (RBSConnection.m:1200)
19  RunningBoardServices          	0x00000001a9953500 __37-[RBSConnection _lock_setConnection:]_block_invoke + 80 (RBSConnection.m:1284)
20  libxpc.dylib                  	0x00000001f72f9cbc _xpc_connection_call_event_handler + 144 (connection.c:830)
21  libxpc.dylib                  	0x00000001f72fb908 _xpc_connection_mach_event + 1404 (connection.c:2435)
22  libdispatch.dylib             	0x00000001a26fee94 _dispatch_client_callout4 + 20 (object.m:616)
23  libdispatch.dylib             	0x00000001a271b000 _dispatch_mach_msg_invoke + 468 (mach.c:2511)
24  libdispatch.dylib             	0x00000001a2706284 _dispatch_lane_serial_drain + 368 (queue.c:3900)
25  libdispatch.dylib             	0x00000001a271bd50 _dispatch_mach_invoke + 444 (mach.c:2861)
26  libdispatch.dylib             	0x00000001a2706284 _dispatch_lane_serial_drain + 368 (queue.c:3900)
27  libdispatch.dylib             	0x00000001a2706f64 _dispatch_lane_invoke + 432 (queue.c:3991)
28  libdispatch.dylib             	0x00000001a2711cb4 _dispatch_root_queue_drain_deferred_wlh + 288 (queue.c:6998)
29  libdispatch.dylib             	0x00000001a2711528 _dispatch_workloop_worker_thread + 404 (queue.c:6592)
30  libsystem_pthread.dylib       	0x00000001f72a8934 _pthread_wqthread + 288 (pthread.c:2696)
31  libsystem_pthread.dylib       	0x00000001f72a50cc start_wqthread + 8 (:-1)

Thread 11:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 12:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 13 name:
Thread 13:
0   libsystem_kernel.dylib        	0x00000001e34b308c __psynch_cvwait + 8 (:-1)
1   libsystem_pthread.dylib       	0x00000001f72a76e4 _pthread_cond_wait + 1228 (pthread_cond.c:862)
2   JavaScriptCore                	0x00000001b1ef42a4 scavenger_thread_main + 1512 (pas_scavenger.c:347)
3   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
4   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)

Thread 14:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 15:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 16:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 17:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 18:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 19:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 20:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 21:
0   libsystem_pthread.dylib       	0x00000001f72a50c4 start_wqthread + 0 (:-1)

Thread 22:
0   libsystem_kernel.dylib        	0x00000001e34b308c __psynch_cvwait + 8 (:-1)
1   libsystem_pthread.dylib       	0x00000001f72a76e4 _pthread_cond_wait + 1228 (pthread_cond.c:862)
2   libc++.1.dylib                	0x00000001aac15504 std::__1::condition_variable::wait(std::__1::unique_lock&) + 28 (condition_variable.cpp:45)
3   NewRelic                      	0x000000010572cc38 NewRelic::WorkQueue::task_thread() + 144
4   NewRelic                      	0x000000010572d618 std::__1::__async_assoc_state>::__execute() + 48
5   NewRelic                      	0x000000010572d788 void* std::__1::__thread_proxy[abi:v15006]>, void (std::__1::__async_assoc_state<... + 72
6   libsystem_pthread.dylib       	0x00000001f72aa06c _pthread_start + 136 (pthread.c:931)
7   libsystem_pthread.dylib       	0x00000001f72a50d8 thread_start + 8 (:-1)


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x00000003033233a0   x1: 0x0000000194fc3c29   x2: 0x000000019594edc9   x3: 0x00000002020f7d40
    x4: 0x0000000000000010   x5: 0x000000019ab31fa4   x6: 0x0000000000000600   x7: 0x0000000000000000
    x8: 0x0000000302b626d0   x9: 0x5c4823fb00000000  x10: 0x6ae10003033233a0  x11: 0x000000000000001f
   x12: 0x00000000008e9600  x13: 0x0000000000010000  x14: 0x00003f485b8a33a0  x15: 0x00003f485b8a33a0
   x16: 0x00003f485b8a33a0  x17: 0x00000001fd924c58  x18: 0x0000000000000000  x19: 0x00000003020a0040
   x20: 0x00000003037bdcb0  x21: 0x0000000000000000  x22: 0x0000000302b626c0  x23: 0x000000011000b078
   x24: 0x00000003000a8190  x25: 0x0000000000000004  x26: 0x0000000000000003  x27: 0x00000000211200d5
   x28: 0x0000000000000003   fp: 0x000000016d5f27f0   lr: 0x00000001997357b4
    sp: 0x000000016d5f27c0   pc: 0x00000001926c3c20 cpsr: 0x20001000
   esr: 0x92000005 (Data Abort) byte read Translation fault


Binary Images:
        0x10280c000 -         0x103dabfff  arm64  <0ecd27e3f3dc3078aa6efbb5352b41b0> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/
        0x104420000 -         0x10442bfff libobjc-trampolines.dylib arm64e   /private/preboot/Cryptexes/OS/usr/lib/libobjc-trampolines.dylib
        0x1044f4000 -         0x1044fffff CwlCatchException arm64  <37cef44ae39330368933a8338dc5988a> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/CwlCatchException.framework/CwlCatchException
        0x104524000 -         0x104567fff AdjustSigSdk arm64  <64878050178931598ce23942542c679d> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/AdjustSigSdk.framework/AdjustSigSdk
        0x104574000 -         0x10457bfff CwlCatchExceptionSupport arm64  <3df5045db57a3996983fcb3b3bd6cd51> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/CwlCatchExceptionSupport.framework/CwlCatchExceptionSupport
        0x104588000 -         0x10458ffff FirebaseCoreExtension arm64  <83535fcd374b30e6970c2540ac5c426d> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseCoreExtension.framework/FirebaseCoreExtension
        0x10459c000 -         0x1045effff AdjustSdk arm64  <4bc5732988113b8890e36ca5bf6d8d69> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/AdjustSdk.framework/AdjustSdk
        0x104664000 -         0x10466bfff nanopb arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/nanopb.framework/nanopb
        0x104690000 -         0x10469ffff FBLPromises arm64  <008e2d902b4339d58e79089309bd076e> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FBLPromises.framework/FBLPromises
        0x104b54000 -         0x104b73fff AppAuth arm64  <60ab69d29de63c5ca0f6270f8b1ce487> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/AppAuth.framework/AppAuth
        0x104ba8000 -         0x104bc7fff CocoaLumberjack arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/CocoaLumberjack.framework/CocoaLumberjack
        0x104bfc000 -         0x104c07fff FirebaseABTesting arm64  <3bddc5fe9226352285227bda7425983e> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseABTesting.framework/FirebaseABTesting
        0x104c20000 -         0x104c2bfff FirebaseRemoteConfigInterop arm64  <44efd0d56ce3307698434cd9a0ebbfd8> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseRemoteConfigInterop.framework/FirebaseRemoteConfigInterop
        0x104c4c000 -         0x104c6bfff Factory arm64  <91324b51274031568563dd04211f755e> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/Factory.framework/Factory
        0x104cd0000 -         0x104ce3fff FirebaseCore arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseCore.framework/FirebaseCore
        0x104d04000 -         0x104d17fff Promises arm64  <1bb0eae9363936d5a8a336ce789456e9> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/Promises.framework/Promises
        0x104d5c000 -         0x104d77fff FirebaseCoreInternal arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseCoreInternal.framework/FirebaseCoreInternal
        0x104db8000 -         0x104dcffff FirebaseInstallations arm64  <8aaacc27869c38db923e20dcc2a023a6> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseInstallations.framework/FirebaseInstallations
        0x104dfc000 -         0x104e1bfff GoogleUtilities arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/GoogleUtilities.framework/GoogleUtilities
        0x104e84000 -         0x104ecffff FirebaseCrashlytics arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseCrashlytics.framework/FirebaseCrashlytics
        0x104f54000 -         0x104f83fff FirebaseRemoteConfig arm64  <813c9fa82ba63a62b981964fe2d6a148> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseRemoteConfig.framework/FirebaseRemoteConfig
        0x104fc8000 -         0x104fe7fff FirebaseSessions arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseSessions.framework/FirebaseSessions
        0x105024000 -         0x105053fff FirebaseSharedSwift arm64  <5951e5800cfd39a58e8d632f0865d5ea> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/FirebaseSharedSwift.framework/FirebaseSharedSwift
        0x1050a8000 -         0x1050cffff GoogleDataTransport arm64  <504ed076afd4396cb58f750bf835bfbf> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/GoogleDataTransport.framework/GoogleDataTransport
        0x10516c000 -         0x105193fff Valet arm64  <4eca18a058c73b3abb9c043193cb33bb> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/Valet.framework/Valet
        0x1051dc000 -         0x10522ffff PromiseKit arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/PromiseKit.framework/PromiseKit
        0x1052fc000 -         0x1053bbfff Kingfisher arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/Kingfisher.framework/Kingfisher
        0x1054f0000 -         0x105577fff MovableInk arm64  <26e481a5de433c9e81852e96612691ee> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/MovableInk.framework/MovableInk
        0x105688000 -         0x105793fff NewRelic arm64  <29ebc4c87177304f881bda92793421fc> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/NewRelic.framework/NewRelic
        0x105818000 -         0x10585bfff SVGKit arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/SVGKit.framework/SVGKit
        0x1058c8000 -         0x1058f3fff SwipeCellKit arm64   /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/SwipeCellKit.framework/SwipeCellKit
        0x105984000 -         0x105b37fff Lottie arm64  <81ccfb79c894316eb6b5bd12b5031bd3> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/Lottie.framework/Lottie
        0x10652c000 -         0x106b6bfff OTPublishersHeadlessSDK arm64  <53e8b75bd8cb37b983787e78f257f27d> /private/var/containers/Bundle/Application/DD54A0E2-1CA6-4642-9E9F-8D1FECF85573/.app/Frameworks/OTPublishersHeadlessSDK.framework/OTPublishersHeadlessSDK
        0x1926c0000 -         0x192710cf3 libobjc.A.dylib arm64e   /usr/lib/libobjc.A.dylib
        0x199681000 -         0x19a1f6fff Foundation arm64e   /System/Library/Frameworks/Foundation.framework/Foundation
        0x19a7d5000 -         0x19ad02fff CoreFoundation arm64e  <76a3b1983c09323e83590d4978e156f5> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
        0x19b90b000 -         0x19bce7fff CFNetwork arm64e  <371394cd79f23216acb0a159c09c668d> /System/Library/Frameworks/CFNetwork.framework/CFNetwork
        0x19ca57000 -         0x19e578fff UIKitCore arm64e  <9da0d27355063712b73de0149d74c13c> /System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore
        0x1a26fb000 -         0x1a2741fff libdispatch.dylib arm64e  <5f66cdb608a936158c6a4e3b47005495> /usr/lib/system/libdispatch.dylib
        0x1a2742000 -         0x1a27bfff3 libsystem_c.dylib arm64e  <7135c2c8ba5836368b46a9e6226ead45> /usr/lib/system/libsystem_c.dylib
        0x1a9945000 -         0x1a99a2fff RunningBoardServices arm64e  <26d3a64bcaee39cdbe694816308ded43> /System/Library/PrivateFrameworks/RunningBoardServices.framework/RunningBoardServices
        0x1aac08000 -         0x1aac91fff libc++.1.dylib arm64e   /usr/lib/libc++.1.dylib
        0x1b098d000 -         0x1b20c9f3f JavaScriptCore arm64e  <2800076a7d5a38dcafa723fa080301b6> /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore
        0x1b497e000 -         0x1b4998fff libsystem_trace.dylib arm64e  <6ee3f96f95ed3925b10da74e4ac1931c> /usr/lib/system/libsystem_trace.dylib
        0x1bdfc2000 -         0x1be04f937 dyld arm64e  <52039c944da13638bd52020a0b5fa399> /usr/lib/dyld
        0x1c125f000 -         0x1c1283ffb libdyld.dylib arm64e  <5c264fe82efe358aa0bee27bb893594d> /usr/lib/system/libdyld.dylib
        0x1df274000 -         0x1df27cfff GraphicsServices arm64e  <3ebbd576e7d83f69bcb5b9810ddcc90e> /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices
        0x1e34ac000 -         0x1e34e5fef libsystem_kernel.dylib arm64e  <21ee5290d1193c31b948431865a67738> /usr/lib/system/libsystem_kernel.dylib
        0x1f71ee000 -         0x1f71f4ff3 libsystem_platform.dylib arm64e  <4b4e9e322e40357899c1cd1c907b8ce5> /usr/lib/system/libsystem_platform.dylib
        0x1f72a4000 -         0x1f72b0ff3 libsystem_pthread.dylib arm64e   /usr/lib/system/libsystem_pthread.dylib
        0x1f72e8000 -         0x1f7330fff libxpc.dylib arm64e   /usr/lib/system/libxpc.dylib

EOF

Any help would be greatly appreciated.

Answered by MattGApa in 816460022

Thanks for the response. We think we have a fix for this. It turns out this thread was more directly relevant than we realised: https://forums.developer.apple.com/forums/thread/67763

We found a variant of the crash which mentioned finishPlaying and attempts to call it on random types, e.g. CAShapeLayer here, but we also saw __NSDictionaryM and various others:

-[CAShapeLayer finishedPlaying:]: unrecognized selector sent to instance 0x30073a1e0

1  libobjc.A.dylib                0x172e4 objc_exception_throw
2  CoreFoundation                 0x1888c8 +[NSObject(NSObject) _copyDescription]
3  CoreFoundation                 0x20b08 ___forwarding___
4  CoreFoundation                 0x20430 _CF_forwarding_prep_0
5  Foundation                     0xa7e50 __NSThreadPerformPerform
6  CoreFoundation                 0x56328 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
7  CoreFoundation                 0x562bc __CFRunLoopDoSource0
8  CoreFoundation                 0x53e24 __CFRunLoopDoSources0
9  CoreFoundation                 0x52fbc __CFRunLoopRun
10 CoreFoundation                 0x52830 CFRunLoopRunSpecific
11 GraphicsServices               0x11c4 GSEventRunModal
12 UIKitCore                      0x3d2eb0 -[UIApplication _run]
13 UIKitCore                      0x4815b4 UIApplicationMain
14 <redacted>                     0x74d9c main + 16 (AppDelegate.swift:16)
15 ???                            0x1b7b36ec8 (Missing)

This seems to happen if an AVAudioPlayer is deallocated the split second it has finished playing.

This is the code we had:

let audioPlayer = try AVAudioPlayer(data: audioData)
audioPlayer.prepareToPlay()
audioPlayer.play(atTime: audioPlayer.deviceCurrentTime + delay)
self.audioPlayer = audioPlayer

It was possible for this to be called just after a previous sound had finished and deallocate the current self.audioPlayer (and we have a large enough user base (in the millions) for this to happen in the wild).

Our fix was to add this to stop any existing audio player before reassigning it and we have not see the crash since we released this yesterday:

+ self.audioPlayer?.stop()
let audioPlayer = try AVAudioPlayer(data: audioData)
audioPlayer.prepareToPlay()
audioPlayer.play(atTime: audioPlayer.deviceCurrentTime + delay)
self.audioPlayer = audioPlayer

Easy to reproduce

Incidentally, it is pretty trivial to force this crash to happen, if it's something that could be worked on and prevented by Apple:

let audioPlayer = try AVAudioPlayer(data: audioData)
audioPlayer.prepareToPlay()
audioPlayer.play(atTime: audioPlayer.deviceCurrentTime + delay)
self.audioPlayer = audioPlayer
while audioPlayer.isPlaying {
    // Wait
}
self.audioPlayer = nil // deallocation immediately after isPlaying becomes false causes crash
Replies  4
Boosts  2
Views  550
Participants  2
DTS Engineer OP
Apple
Dec ’24

Focusing on this:

0   libobjc.A.dylib … objc_msgSend + 32 (:-1)
1   Foundation      … __NSThreadPerformPerform + 264 (NSThread.m:1084)

Internally, the NSThread perform subsystem bundles the various perform arguments — the target, selector, arguments, run loop modes, and other bookkeeping stuff — up into an internal object and puts that on a queue. The run loop then pulls items off that queue and runs them. It does that by calling an -invoke method on that internal object.

AFAICT the callsite in frame 1 is the run loop calling that -invoke method, which means that somehow this object managed to get corrupted, either going into the queue, while on the queue, or coming out of the queue.

I can’t see any obvious way of that happening. This brings us back to the standard memory debugging tools, where the goal is to try to make the program more reproducible, and hence debuggable. Sadly, that doesn’t seem to have worked in this case.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
MattGApa OP
Dec ’24
Accepted Answer
Recommended

Thanks for the response. We think we have a fix for this. It turns out this thread was more directly relevant than we realised: https://forums.developer.apple.com/forums/thread/67763

We found a variant of the crash which mentioned finishPlaying and attempts to call it on random types, e.g. CAShapeLayer here, but we also saw __NSDictionaryM and various others:

-[CAShapeLayer finishedPlaying:]: unrecognized selector sent to instance 0x30073a1e0

1  libobjc.A.dylib                0x172e4 objc_exception_throw
2  CoreFoundation                 0x1888c8 +[NSObject(NSObject) _copyDescription]
3  CoreFoundation                 0x20b08 ___forwarding___
4  CoreFoundation                 0x20430 _CF_forwarding_prep_0
5  Foundation                     0xa7e50 __NSThreadPerformPerform
6  CoreFoundation                 0x56328 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
7  CoreFoundation                 0x562bc __CFRunLoopDoSource0
8  CoreFoundation                 0x53e24 __CFRunLoopDoSources0
9  CoreFoundation                 0x52fbc __CFRunLoopRun
10 CoreFoundation                 0x52830 CFRunLoopRunSpecific
11 GraphicsServices               0x11c4 GSEventRunModal
12 UIKitCore                      0x3d2eb0 -[UIApplication _run]
13 UIKitCore                      0x4815b4 UIApplicationMain
14 <redacted>                     0x74d9c main + 16 (AppDelegate.swift:16)
15 ???                            0x1b7b36ec8 (Missing)

This seems to happen if an AVAudioPlayer is deallocated the split second it has finished playing.

This is the code we had:

let audioPlayer = try AVAudioPlayer(data: audioData)
audioPlayer.prepareToPlay()
audioPlayer.play(atTime: audioPlayer.deviceCurrentTime + delay)
self.audioPlayer = audioPlayer

It was possible for this to be called just after a previous sound had finished and deallocate the current self.audioPlayer (and we have a large enough user base (in the millions) for this to happen in the wild).

Our fix was to add this to stop any existing audio player before reassigning it and we have not see the crash since we released this yesterday:

+ self.audioPlayer?.stop()
let audioPlayer = try AVAudioPlayer(data: audioData)
audioPlayer.prepareToPlay()
audioPlayer.play(atTime: audioPlayer.deviceCurrentTime + delay)
self.audioPlayer = audioPlayer

Easy to reproduce

Incidentally, it is pretty trivial to force this crash to happen, if it's something that could be worked on and prevented by Apple:

let audioPlayer = try AVAudioPlayer(data: audioData)
audioPlayer.prepareToPlay()
audioPlayer.play(atTime: audioPlayer.deviceCurrentTime + delay)
self.audioPlayer = audioPlayer
while audioPlayer.isPlaying {
    // Wait
}
self.audioPlayer = nil // deallocation immediately after isPlaying becomes false causes crash
1
DTS Engineer OP
Apple
Dec ’24

I’m glad to hear you’re making progress.

Written by MattGApa in 816460022
Incidentally, it is pretty trivial to force this crash to happen, if it's something that could be worked on and prevented by Apple:

While I’m not particularly au fait with AVFoundation, I think it’s worth you filing a bug about that. Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
MattGApa OP
Dec ’24

Thanks again for responding. As suggested, I've filed a bug: FB16038126

0
objc_msgSend crash
First post date Last post date
 
 
Q